KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c57dfaf9871f44a1402b92bb8e2571e387660d7
zoff/server/apps/client.js
Kasper Rynning-Tønnesen 7c57dfaf98 Added more security headers
2019-03-21 20:01:56 +01:00

173 lines
5.4 KiB
JavaScript
Executable File
Raw Blame History

VERSION = require(pathThumbnails + '/VERSION.js');
var secure = false;
var path = require('path');
try {
var cert_config = require(path.join(path.join(__dirname, '../config/'), 'cert_config.js'));
var fs = require('fs');
var privateKey = fs.readFileSync(cert_config.privateKey).toString();
var certificate = fs.readFileSync(cert_config.certificate).toString();
var ca = fs.readFileSync(cert_config.ca).toString();
var credentials = {
key: privateKey,
cert: certificate,
ca: ca
};
secure = true;
} catch(err){}
var add = "";
var express = require('express');
var app = express();
var compression = require('compression');
var exphbs = require('express-handlebars');
var cors = require('cors');
var Functions = require(pathThumbnails + '/handlers/functions.js');
var hbs = exphbs.create({
defaultLayout: publicPath + '/layouts/client/main',
layoutsDir: publicPath + '/layouts/client',
partialsDir: publicPath + '/partials',
helpers: {
if_equal: function(a, b, opts) {
if (a == b) {
return opts.fn(this)
} else {
return opts.inverse(this)
}
},
decodeString: function(s) {
if(s == undefined) return s;
return Functions.decodeChannelName(s);
}
}
});
var uniqid = require('uniqid');
app.use(compression({filter: shouldCompress}))
function shouldCompress (req, res) {
if (req.headers['x-no-compression']) {
// don't compress responses with this request header
return false;
}
// fallback to standard filter function
return compression.filter(req, res);
}
app.engine('handlebars', hbs.engine);
app.set('view engine', 'handlebars');
app.enable('view cache');
app.set('views', publicPath);
app.set('trust proxy', '127.0.0.1');
var bodyParser = require('body-parser');
var cookieParser = require("cookie-parser");
var referrerPolicy = require('referrer-policy');
var helmet = require('helmet');
app.use(helmet({
frameguard: false
}));
app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
app.use( bodyParser.json() ); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
app.use(cookieParser());
//app.set('json spaces', 2);
io = require('socket.io')({
pingTimeout: 25000,
//path: '/zoff',
//"origins": ("https://zoff.me:443*,https://zoff.me:8080*,zoff.me:8080*,https://remote.zoff.me:443*,https://remote.zoff.me:8080*,https://fb.zoff.me:443*,https://fb.zoff.me:8080*,https://admin.zoff.me:443*,https://admin.zoff.me:8080*, http://localhost:8080*")});
});
var socketIO = require(pathThumbnails +'/handlers/io.js');
socketIO();
app.socketIO = io;
/* Globally needed "libraries" and files */
var router = require(pathThumbnails + '/routing/client/router.js');
var api_file = require(pathThumbnails + '/routing/client/api.js');
var api = api_file.router;
api_file.sIO = app.socketIO;
var ico_router = require(pathThumbnails + '/routing/client/icons_routing.js');
app.get('/robots.txt', function (req, res) {
res.type('text/plain');
res.send("User-agent: *\nAllow: /$\nDisallow: /");
});
app.use(function (req, res, next) {
var cookie = req.cookies._uI;
var skipElements = ["/_embed", "/assets/manifest.json", "/apple-touch-icon.png"];
if(skipElements.indexOf(req.originalUrl) > -1) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
} else {
if(req.originalUrl.split("/").length > 3) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
} else {
if (cookie === undefined) {
try {
//console.error((new Date), "originalUrl", req.originalUrl);
//console.error((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req.get('origin'), "couldn't fetch cookie for some reason, maybe no cookie exists?");
} catch(e) {
//console.error((new Date), "couldn't fetch origin");
}
var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
res.cookie('_uI', user_name, {
maxAge: 365 * 10000 * 3600000,
httpOnly: true,
secure: secure,
//sameSite: true,
});
} else {
//process.stderr.write((new Date), "couldn't fetch cookie for some reason, maybe no cookie exists?", req, "couldn't fetch cookie for some reason, maybe no cookie exists?");
res.cookie('_uI', cookie, {
maxAge: 365 * 10000 * 3600000,
httpOnly: true,
secure: secure,
//sameSite: true,
});
}
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
}
}
});
app.use('/service-worker.js', function(req, res) {
res.sendFile(publicPath + '/service-worker.js');
});
app.use('/', ico_router);
app.use('/', api);
app.use('/', cors(), router);
app.use('/assets/js', function(req, res, next) {
res.sendStatus(403);
return;
});
app.use('/assets/admin', function(req, res, next) {
res.sendStatus(403);
return;
});
app.use('/assets', express.static(publicPath + '/assets'));
app.use(function (req, res, next) {
res.status(404);
res.redirect("/404");
})
module.exports = app;
Reference in New Issue View Git Blame Copy Permalink