Add some default (security) headers / remove unmaintained deps
This commit is contained in:
@ -1,6 +1,7 @@
|
||||
import ConfigManager from '../libs/configManager.js';
|
||||
import __path from "./path.js";
|
||||
import _ from 'lodash';
|
||||
import log from './log.js';
|
||||
|
||||
|
||||
// Create a new config instance.
|
||||
@ -8,7 +9,12 @@ const config = new ConfigManager(__path + '/config.json', true, {
|
||||
db_connection_string: 'mysql://USER:PASSWORD@HOST:3306/DATABASE',
|
||||
http_listen_address: '0.0.0.0',
|
||||
http_port: 3000,
|
||||
debug: true,
|
||||
http_domain: 'example.org',
|
||||
http_enable_hsts: false,
|
||||
devmode: true,
|
||||
|
||||
|
||||
|
||||
auth: {
|
||||
cookie_secret: 'gen',
|
||||
cookie_secure: true,
|
||||
@ -30,4 +36,6 @@ if (_.isEqual(config.global.auth.local.users, {})) {
|
||||
config.save_config();
|
||||
}
|
||||
|
||||
!config.global.devmode && log.core.error('devmode active! Do NOT use this in prod!');
|
||||
|
||||
export default config;
|
||||
|
||||
61
src/index.ts
61
src/index.ts
@ -1,17 +1,18 @@
|
||||
// MARK: Imports
|
||||
import path from 'node:path';
|
||||
import __path from "./handlers/path.js";
|
||||
import log from "./handlers/log.js";
|
||||
import db from "./handlers/db.js";
|
||||
import __path from './handlers/path.js';
|
||||
import log from './handlers/log.js';
|
||||
import db from './handlers/db.js';
|
||||
import config from './handlers/config.js';
|
||||
|
||||
// Express & more
|
||||
import express from 'express';
|
||||
import cors from 'cors'
|
||||
import cors from 'cors';
|
||||
import helmet from 'helmet';
|
||||
import session from 'express-session';
|
||||
import fileUpload from 'express-fileupload';
|
||||
import bodyParser, { Options } from 'body-parser';
|
||||
import { Eta } from "eta";
|
||||
import { Eta } from 'eta';
|
||||
import passport from 'passport';
|
||||
|
||||
import ChildProcess from 'child_process';
|
||||
@ -20,28 +21,26 @@ import routes from './routes/index.js';
|
||||
|
||||
import fs from 'node:fs';
|
||||
|
||||
log.core.trace("Running from path: " + __path);
|
||||
|
||||
log.core.trace('Running from path: ' + __path);
|
||||
|
||||
// MARK: Express
|
||||
const app = express();
|
||||
|
||||
// Versioning
|
||||
try {
|
||||
const rawPkg = fs.readFileSync("package.json", 'utf8');
|
||||
const rawPkg = fs.readFileSync('package.json', 'utf8');
|
||||
const pkgJson = JSON.parse(rawPkg);
|
||||
app.locals.version = pkgJson.version;
|
||||
} catch (error) {
|
||||
log.core.error("Failed to get version from package.json.");
|
||||
app.locals.version = "0.0.0";
|
||||
log.core.error('Failed to get version from package.json.');
|
||||
app.locals.version = '0.0.0';
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
try {
|
||||
app.locals.versionRevLong = ChildProcess.execSync('git rev-parse HEAD').toString().trim();
|
||||
app.locals.versionRev = app.locals.versionRevLong.substring(0, 7);
|
||||
} catch (error) {
|
||||
log.core.error("Failed to get git revision hash.");
|
||||
log.core.error('Failed to get git revision hash.');
|
||||
app.locals.versionRev = '0';
|
||||
app.locals.versionRevLong = '0';
|
||||
}
|
||||
@ -49,7 +48,7 @@ try {
|
||||
try {
|
||||
app.locals.versionRevLatest = ChildProcess.execSync('git ls-remote --refs -q').toString().trim().split('\t')[0];
|
||||
} catch (error) {
|
||||
log.core.error("Failed to get latest git revision hash.");
|
||||
log.core.error('Failed to get latest git revision hash.');
|
||||
app.locals.versionRevLatest = '0';
|
||||
}
|
||||
|
||||
@ -61,19 +60,31 @@ if (app.locals.versionRevLong === app.locals.versionRevLatest) {
|
||||
app.locals.versionUpdateAvailable = true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// ETA Init
|
||||
const eta = new Eta({ views: path.join(__path, "views") })
|
||||
app.engine("eta", buildEtaEngine())
|
||||
app.set("view engine", "eta")
|
||||
|
||||
const eta = new Eta({ views: path.join(__path, 'views') });
|
||||
app.engine('eta', buildEtaEngine());
|
||||
app.set('view engine', 'eta');
|
||||
|
||||
// MARK: Express Middleware & Config
|
||||
app.set('x-powered-by', false);
|
||||
app.set('x-powered-by', false); // helmet does this too. But not in devmode
|
||||
if (!config.global.devmode) {
|
||||
app.use(
|
||||
helmet({
|
||||
strictTransportSecurity: config.global.http_enable_hsts,
|
||||
contentSecurityPolicy: {
|
||||
useDefaults: false,
|
||||
directives: {
|
||||
defaultSrc: ["'self'"],
|
||||
scriptSrc: ["'self'", config.global.http_domain],
|
||||
objectSrc: ["'none'"],
|
||||
upgradeInsecureRequests: config.global.devmode ? null : []
|
||||
}
|
||||
}
|
||||
})
|
||||
); // Add headers
|
||||
}
|
||||
|
||||
app.use(fileUpload());
|
||||
//app.use(cors());
|
||||
app.use(bodyParser.urlencoded({ extended: false }));
|
||||
app.use(bodyParser.json());
|
||||
|
||||
@ -90,16 +101,13 @@ app.use(
|
||||
app.use(passport.authenticate('session'));
|
||||
app.use(routes);
|
||||
|
||||
|
||||
app.listen(config.global.http_port, config.global.http_listen_address, () => {
|
||||
log.web.info(`Listening at http://${config.global.http_listen_address}:${config.global.http_port}`);
|
||||
});
|
||||
|
||||
|
||||
|
||||
// MARK: Helper Functions
|
||||
function buildEtaEngine() {
|
||||
return (path:string, opts:Options, callback: CallableFunction) => {
|
||||
return (path: string, opts: Options, callback: CallableFunction) => {
|
||||
try {
|
||||
const fileContent = eta.readFile(path);
|
||||
const renderedTemplate = eta.renderString(fileContent, opts);
|
||||
@ -109,4 +117,3 @@ function buildEtaEngine() {
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user