Better headers

2025-10-29 18:00:23 +00:00 · 2019-03-21 20:16:39 +01:00
parent c8614bef52
commit dc3bd12f69
2 changed files with 121 additions and 121 deletions
--- a/server/apps/admin.js
+++ b/server/apps/admin.js
@@ -5,9 +5,9 @@ const path = require('path');
 const publicPath = path.join(__dirname + "", '../public');
 var exphbs = require('express-handlebars');
 var hbs = exphbs.create({
-   defaultLayout: publicPath + '/layouts/admin/main',
-   layoutsDir: publicPath + '/layouts',
-   partialsDir: publicPath + '/partials'
+    defaultLayout: publicPath + '/layouts/admin/main',
+    layoutsDir: publicPath + '/layouts',
+    partialsDir: publicPath + '/partials'
 });

 var passport = require('passport');
@@ -34,13 +34,13 @@ app.set('view engine', 'handlebars');
 app.use(compression({filter: shouldCompress}))

 function shouldCompress (req, res) {
-  if (req.headers['x-no-compression']) {
-    // don't compress responses with this request header
-    return false;
-  }
+    if (req.headers['x-no-compression']) {
+        // don't compress responses with this request header
+        return false;
+    }

-  // fallback to standard filter function
-  return compression.filter(req, res);
+    // fallback to standard filter function
+    return compression.filter(req, res);
 }
 app.set('trust proxy', '127.0.0.1');

@@ -51,36 +51,36 @@ var helmet = require('helmet');
 var featurePolicy = require('feature-policy');
 app.use(featurePolicy({
    features: {
-        fullscreen: ["'*'"],
-        vibrate: ["'none'"],
+        fullscreen: ["*"],
+        //vibrate: ["'none'"],
        payment: ["'none'"],
        microphone: ["'none'"],
        camera: ["'none'"],
        speaker: ["*"],
        syncXhr: ["'self'"],
-        notifications: ["'self'"]
+        //notifications: ["'self'"]
    }
 }));
 app.use(helmet({
-  frameguard: false,
+    frameguard: false,
 }));
 app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
 app.enable('view cache');
 app.set('views', publicPath);
 app.use( bodyParser.json() );       // to support JSON-encoded bodies
 app.use(bodyParser.urlencoded({
-  extended: true
+    extended: true
 }));
 app.use(session({
-  secret: mongo_db_cred.secret,
-  resave: true,
-  saveUninitialized: true,
-  store: new MongoStore({
-       url: url,
-       useNewUrlParser: true,
-       collection: 'sessions',
-       ttl: mongo_db_cred.expire
-   })
+    secret: mongo_db_cred.secret,
+    resave: true,
+    saveUninitialized: true,
+    store: new MongoStore({
+        url: url,
+        useNewUrlParser: true,
+        collection: 'sessions',
+        ttl: mongo_db_cred.expire
+    })
 })); // session secret
 app.use(passport.initialize());
 app.use(passport.session()); // persistent login sessions
@@ -88,133 +88,133 @@ app.use(passport.session()); // persistent login sessions
 //app.use('/assets', express.static(publicPath + '/assets'));

 passport.serializeUser(function(user, done) {
-   done(null, user.id);
+    done(null, user.id);
 });



 // used to deserialize the user
 passport.deserializeUser(function(id, done) {
-   User.findById(id, function(err, user) {
-      done(err, user);
-   });
+    User.findById(id, function(err, user) {
+        done(err, user);
+    });
 });

 passport.use('local-signup', new LocalStrategy({
-   // by default, local strategy uses username and password, we will override with username
-   usernameField : 'username',
-   passwordField : 'password',
-   passReqToCallback : true // allows us to pass back the entire request to the callback
+    // by default, local strategy uses username and password, we will override with username
+    usernameField : 'username',
+    passwordField : 'password',
+    passReqToCallback : true // allows us to pass back the entire request to the callback
 },
 function(req, username, password, done) {
-   // asynchronous
-   // User.findOne wont fire unless data is sent back
-   process.nextTick(function() {
+    // asynchronous
+    // User.findOne wont fire unless data is sent back
+    process.nextTick(function() {

-      // find a user whose username is the same as the forms username
-      // we are checking to see if the user trying to login already exists
-      var token = req.body.token;
-      token_db.collection("tokens").find({token: token}, function(err, docs){
-         if(docs.length == 1){
-            token_db.collection("tokens").remove({token: token}, function(err, docs){
-               User.findOne({ 'username' :  username }, function(err, user) {
-                  // if there are any errors, return the error
-                  if (err)
-                  return done(err);
-
-                  // check to see if theres already a user with that username
-                  if (user) {
-                     return done(null, false);
-                  } else {
-
-                     // if there is no user with that username
-                     // create the user
-                     var newUser            = new User();
-
-                     // set the user's local credentials
-                     newUser.username    = username;
-                     newUser.password = newUser.generateHash(password);
-
-                     // save the user
-                     newUser.save(function(err) {
+        // find a user whose username is the same as the forms username
+        // we are checking to see if the user trying to login already exists
+        var token = req.body.token;
+        token_db.collection("tokens").find({token: token}, function(err, docs){
+            if(docs.length == 1){
+                token_db.collection("tokens").remove({token: token}, function(err, docs){
+                    User.findOne({ 'username' :  username }, function(err, user) {
+                        // if there are any errors, return the error
                        if (err)
-                        throw err;
-                        return done(null, newUser);
-                     });
-                  }
+                        return done(err);

-               });
-            });
-         } else {
-            return done(null, false);
-         }
-      });
-   });
+                        // check to see if theres already a user with that username
+                        if (user) {
+                            return done(null, false);
+                        } else {
+
+                            // if there is no user with that username
+                            // create the user
+                            var newUser            = new User();
+
+                            // set the user's local credentials
+                            newUser.username    = username;
+                            newUser.password = newUser.generateHash(password);
+
+                            // save the user
+                            newUser.save(function(err) {
+                                if (err)
+                                throw err;
+                                return done(null, newUser);
+                            });
+                        }
+
+                    });
+                });
+            } else {
+                return done(null, false);
+            }
+        });
+    });

 }));

 passport.use('local-login', new LocalStrategy({
-   // by default, local strategy uses username and password, we will override with email
-   usernameField : 'username',
-   passwordField : 'password',
-   passReqToCallback : true // allows us to pass back the entire request to the callback
+    // by default, local strategy uses username and password, we will override with email
+    usernameField : 'username',
+    passwordField : 'password',
+    passReqToCallback : true // allows us to pass back the entire request to the callback
 },    function(req, username, password, done) { // callback with email and password from our form

-   // find a user whose email is the same as the forms email
-   // we are checking to see if the user trying to login already exists
-   User.findOne({ 'username' :  username }, function(err, user) {
-      // if there are any errors, return the error before anything else
-      if (err)
-      return done(err);
+    // find a user whose email is the same as the forms email
+    // we are checking to see if the user trying to login already exists
+    User.findOne({ 'username' :  username }, function(err, user) {
+        // if there are any errors, return the error before anything else
+        if (err)
+        return done(err);

-      // if no user is found, return the message
-      if (!user)
-      return done(null, false); // req.flash is the way to set flashdata using connect-flash
+        // if no user is found, return the message
+        if (!user)
+        return done(null, false); // req.flash is the way to set flashdata using connect-flash

-      // if the user is found but the password is wrong
-      if (!user.validPassword(password))
-      return done(null, false); // create the loginMessage and save it to session as flashdata
+        // if the user is found but the password is wrong
+        if (!user.validPassword(password))
+        return done(null, false); // create the loginMessage and save it to session as flashdata

-      // all is well, return successful user
+        // all is well, return successful user

-      return done(null, user);
-   });
+        return done(null, user);
+    });

 }));

 app.post('/signup', passport.authenticate('local-signup', {
-   successRedirect : '/', // redirect to the secure profile section
-   failureRedirect : '/signup', // redirect back to the signup page if there is an error
-   failureFlash : true // allow flash messages
+    successRedirect : '/', // redirect to the secure profile section
+    failureRedirect : '/signup', // redirect back to the signup page if there is an error
+    failureFlash : true // allow flash messages
 }));

 app.post('/login', passport.authenticate('local-login', {
-   successRedirect : '/', // redirect to the secure profile section
-   failureRedirect : '/login#failed', // redirect back to the signup page if there is an error
-   failureFlash : true // allow flash messages
+    successRedirect : '/', // redirect to the secure profile section
+    failureRedirect : '/login#failed', // redirect back to the signup page if there is an error
+    failureFlash : true // allow flash messages
 }));

 app.use('/login', isLoggedInTryingToLogIn, function(req, res) {
-   var data = {
-      where_get: "not_authenticated"
-   };
+    var data = {
+        where_get: "not_authenticated"
+    };

-   res.render('layouts/admin/not_authenticated', data);
+    res.render('layouts/admin/not_authenticated', data);
 });

 app.use('/signup', isLoggedInTryingToLogIn, function(req, res) {
-   var data = {
-      where_get: "not_authenticated"
-   };
+    var data = {
+        where_get: "not_authenticated"
+    };

-   res.render('layouts/admin/not_authenticated', data);
+    res.render('layouts/admin/not_authenticated', data);
 });

 app.use('/', api);

 app.use('/logout', function(req, res) {
-   req.logout();
-   res.redirect('/login');
+    req.logout();
+    res.redirect('/login');
 });

 app.use('/assets/admin/authenticated', function(req, res, next) {
@@ -228,25 +228,25 @@ app.use('/assets/admin/authenticated', function(req, res, next) {
 app.use('/assets', express.static(publicPath + '/assets'));

 app.use('/', isLoggedIn, function(req, res) {
-   var data = {
-      where_get: "authenticated",
-      year: new Date().getYear()+1900,
-   };
+    var data = {
+        where_get: "authenticated",
+        year: new Date().getYear()+1900,
+    };

-   res.render('layouts/admin/authenticated', data);
+    res.render('layouts/admin/authenticated', data);
 });

 function isLoggedInTryingToLogIn(req, res, next){
-   if(!req.isAuthenticated()){
-      return next();
-   }
-   res.redirect("/");
+    if(!req.isAuthenticated()){
+        return next();
+    }
+    res.redirect("/");
 }

 function isLoggedIn(req, res, next) {
-   if (req.isAuthenticated())
-   return next();
-   res.redirect('/login');
+    if (req.isAuthenticated())
+    return next();
+    res.redirect('/login');
 }

 //app.listen(default_port);
--- a/server/apps/client.js
+++ b/server/apps/client.js
@@ -68,14 +68,14 @@ var helmet = require('helmet');
 var featurePolicy = require('feature-policy');
 app.use(featurePolicy({
    features: {
-        fullscreen: ["'*'"],
-        vibrate: ["'none'"],
+        fullscreen: ["*"],
+        //vibrate: ["'none'"],
        payment: ["'none'"],
        microphone: ["'none'"],
        camera: ["'none'"],
        speaker: ["*"],
        syncXhr: ["'self'"],
-        notifications: ["'self'"]
+        //notifications: ["'self'"]
    }
 }));
 app.use(helmet({