Project-Name-Here/atas
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add some default (security) headers / remove unmaintained deps

Browse Source
This commit is contained in:
Leon Meier 2025-02-09 16:07:29 +01:00
parent 5a583a94ff
commit 64d317115c
9 changed files with 158 additions and 32836 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29346
docs/index.html
View File

File diff suppressed because one or more lines are too long

98
docs/schema.dbml
View File

@ -1,98 +0,0 @@
//// ------------------------------------------------------
//// THIS FILE WAS AUTOMATICALLY GENERATED (DO NOT MODIFY)
//// ------------------------------------------------------
Project "ATAS" {
database_type: ''
Note: ''
}
Table alerts {
id Int [pk, increment]
type alertType [not null]
state alertState [not null]
description String
date DateTime [not null]
actionplan actionPlan
actionplanId Int
acknowledged_by alertContacts [not null]
acknowledged_at DateTime
}
Table alertContacts {
id Int [pk, increment]
name String [not null]
phone String [unique, not null]
comment String
prios priorities [not null]
alerts alerts [not null]
}
Table actionPlan {
id Int [pk, increment]
name String [unique, not null]
comment String
alerthook String [unique, not null]
prio priorities [not null]
content content [not null]
alerts alerts [not null]
}
Table priorities {
id Int [pk, increment]
Contact alertContacts [not null]
contactId Int [not null]
priority Int [not null]
actionplan actionPlan [not null]
actionplanId Int [not null]
indexes {
(priority, actionplanId) [unique]
}
}
Table content {
id Int [pk, increment]
type contentType [not null]
name String [not null]
filename String [not null]
actionplan actionPlan [not null]
}
Table alertContactsToalerts {
acknowledged_byId Int [ref: > alertContacts.id]
alertsId Int [ref: > alerts.id]
}
Table actionPlanTocontent {
contentId Int [ref: > content.id]
actionplanId Int [ref: > actionPlan.id]
}
Enum contentType {
voice_alarm
voice_explainer
voice_acknowledgement
voice_ending
}
Enum alertType {
generic
fire
fault
intrusion
clear
}
Enum alertState {
incoming
running
failed
acknowledged
}
Ref: alerts.actionplanId > actionPlan.id
Ref: priorities.contactId > alertContacts.id
Ref: priorities.actionplanId > actionPlan.id

1
docs/styles/main.css
View File

File diff suppressed because one or more lines are too long

3456
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

3
package.json
View File

@ -33,8 +33,6 @@
"eslint": "^9.18.0", "eslint": "^9.18.0",
"eslint-config-prettier": "^9.1.0", "eslint-config-prettier": "^9.1.0",
"prisma": "^6.2.1", "prisma": "^6.2.1",
"prisma-dbml-generator": "^0.12.0",
"prisma-docs-generator": "^0.8.0",
"tsx": "^4.19.2", "tsx": "^4.19.2",
"typescript": "^5.7.3" "typescript": "^5.7.3"
}, },
@ -46,6 +44,7 @@
"express": "^4.21.2", "express": "^4.21.2",
"express-fileupload": "^1.5.1", "express-fileupload": "^1.5.1",
"express-session": "^1.18.1", "express-session": "^1.18.1",
"helmet": "^8.0.0",
"joi": "^17.13.3", "joi": "^17.13.3",
"jquery": "^3.7.1", "jquery": "^3.7.1",
"lodash": "^4.17.21", "lodash": "^4.17.21",

17
prisma/schema.prisma
View File

@ -13,23 +13,6 @@ datasource db {
url = env("DATABASE_URL") url = env("DATABASE_URL")
} }
// https://github.com/pantharshit00/prisma-docs-generator
generator docs {
provider = "node node_modules/prisma-docs-generator"
output = "../docs"
}
// https://github.com/notiz-dev/prisma-dbml-generator
// Viewer: https://dbdiagram.io/d
generator dbml {
provider = "prisma-dbml-generator"
output = "../docs"
outputName = "schema.dbml"
projectName = "ATAS"
}
enum contentType { enum contentType {
voice_alarm voice_alarm
voice_explainer voice_explainer

10
src/handlers/config.ts
View File

@ -1,6 +1,7 @@
import ConfigManager from '../libs/configManager.js'; import ConfigManager from '../libs/configManager.js';
import __path from "./path.js"; import __path from "./path.js";
import _ from 'lodash'; import _ from 'lodash';
import log from './log.js';
// Create a new config instance. // Create a new config instance.
@ -8,7 +9,12 @@ const config = new ConfigManager(__path + '/config.json', true, {
db_connection_string: 'mysql://USER:PASSWORD@HOST:3306/DATABASE', db_connection_string: 'mysql://USER:PASSWORD@HOST:3306/DATABASE',
http_listen_address: '0.0.0.0', http_listen_address: '0.0.0.0',
http_port: 3000, http_port: 3000,
debug: true, http_domain: 'example.org',
http_enable_hsts: false,
devmode: true,
auth: { auth: {
cookie_secret: 'gen', cookie_secret: 'gen',
cookie_secure: true, cookie_secure: true,
@ -30,4 +36,6 @@ if (_.isEqual(config.global.auth.local.users, {})) {
config.save_config(); config.save_config();
} }
!config.global.devmode && log.core.error('devmode active! Do NOT use this in prod!');
export default config; export default config;

59
src/index.ts
View File

@ -1,17 +1,18 @@
// MARK: Imports // MARK: Imports
import path from 'node:path'; import path from 'node:path';
import __path from "./handlers/path.js"; import __path from './handlers/path.js';
import log from "./handlers/log.js"; import log from './handlers/log.js';
import db from "./handlers/db.js"; import db from './handlers/db.js';
import config from './handlers/config.js'; import config from './handlers/config.js';
// Express & more // Express & more
import express from 'express'; import express from 'express';
import cors from 'cors' import cors from 'cors';
import helmet from 'helmet';
import session from 'express-session'; import session from 'express-session';
import fileUpload from 'express-fileupload'; import fileUpload from 'express-fileupload';
import bodyParser, { Options } from 'body-parser'; import bodyParser, { Options } from 'body-parser';
import { Eta } from "eta"; import { Eta } from 'eta';
import passport from 'passport'; import passport from 'passport';
import ChildProcess from 'child_process'; import ChildProcess from 'child_process';
@ -20,28 +21,26 @@ import routes from './routes/index.js';
import fs from 'node:fs'; import fs from 'node:fs';
log.core.trace("Running from path: " + __path); log.core.trace('Running from path: ' + __path);
// MARK: Express // MARK: Express
const app = express(); const app = express();
// Versioning // Versioning
try { try {
const rawPkg = fs.readFileSync("package.json", 'utf8'); const rawPkg = fs.readFileSync('package.json', 'utf8');
const pkgJson = JSON.parse(rawPkg); const pkgJson = JSON.parse(rawPkg);
app.locals.version = pkgJson.version; app.locals.version = pkgJson.version;
} catch (error) { } catch (error) {
log.core.error("Failed to get version from package.json."); log.core.error('Failed to get version from package.json.');
app.locals.version = "0.0.0"; app.locals.version = '0.0.0';
} }
try { try {
app.locals.versionRevLong = ChildProcess.execSync('git rev-parse HEAD').toString().trim(); app.locals.versionRevLong = ChildProcess.execSync('git rev-parse HEAD').toString().trim();
app.locals.versionRev = app.locals.versionRevLong.substring(0, 7); app.locals.versionRev = app.locals.versionRevLong.substring(0, 7);
} catch (error) { } catch (error) {
log.core.error("Failed to get git revision hash."); log.core.error('Failed to get git revision hash.');
app.locals.versionRev = '0'; app.locals.versionRev = '0';
app.locals.versionRevLong = '0'; app.locals.versionRevLong = '0';
} }
@ -49,7 +48,7 @@ try {
try { try {
app.locals.versionRevLatest = ChildProcess.execSync('git ls-remote --refs -q').toString().trim().split('\t')[0]; app.locals.versionRevLatest = ChildProcess.execSync('git ls-remote --refs -q').toString().trim().split('\t')[0];
} catch (error) { } catch (error) {
log.core.error("Failed to get latest git revision hash."); log.core.error('Failed to get latest git revision hash.');
app.locals.versionRevLatest = '0'; app.locals.versionRevLatest = '0';
} }
@ -61,19 +60,31 @@ if (app.locals.versionRevLong === app.locals.versionRevLatest) {
app.locals.versionUpdateAvailable = true; app.locals.versionUpdateAvailable = true;
} }
// ETA Init // ETA Init
const eta = new Eta({ views: path.join(__path, "views") }) const eta = new Eta({ views: path.join(__path, 'views') });
app.engine("eta", buildEtaEngine()) app.engine('eta', buildEtaEngine());
app.set("view engine", "eta") app.set('view engine', 'eta');
// MARK: Express Middleware & Config // MARK: Express Middleware & Config
app.set('x-powered-by', false); app.set('x-powered-by', false); // helmet does this too. But not in devmode
if (!config.global.devmode) {
app.use(
helmet({
strictTransportSecurity: config.global.http_enable_hsts,
contentSecurityPolicy: {
useDefaults: false,
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", config.global.http_domain],
objectSrc: ["'none'"],
upgradeInsecureRequests: config.global.devmode ? null : []
}
}
})
); // Add headers
}
app.use(fileUpload()); app.use(fileUpload());
//app.use(cors());
app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json()); app.use(bodyParser.json());
@ -90,16 +101,13 @@ app.use(
app.use(passport.authenticate('session')); app.use(passport.authenticate('session'));
app.use(routes); app.use(routes);
app.listen(config.global.http_port, config.global.http_listen_address, () => { app.listen(config.global.http_port, config.global.http_listen_address, () => {
log.web.info(`Listening at http://${config.global.http_listen_address}:${config.global.http_port}`); log.web.info(`Listening at http://${config.global.http_listen_address}:${config.global.http_port}`);
}); });
// MARK: Helper Functions // MARK: Helper Functions
function buildEtaEngine() { function buildEtaEngine() {
return (path:string, opts:Options, callback: CallableFunction) => { return (path: string, opts: Options, callback: CallableFunction) => {
try { try {
const fileContent = eta.readFile(path); const fileContent = eta.readFile(path);
const renderedTemplate = eta.renderString(fileContent, opts); const renderedTemplate = eta.renderString(fileContent, opts);
@ -109,4 +117,3 @@ function buildEtaEngine() {
} }
}; };
} }

2
tsconfig.json
View File

@ -96,7 +96,7 @@
// "strictBuiltinIteratorReturn": true, /* Built-in iterators are instantiated with a 'TReturn' type of 'undefined' instead of 'any'. */ // "strictBuiltinIteratorReturn": true, /* Built-in iterators are instantiated with a 'TReturn' type of 'undefined' instead of 'any'. */
// "noImplicitThis": true, /* Enable error reporting when 'this' is given the type 'any'. */ // "noImplicitThis": true, /* Enable error reporting when 'this' is given the type 'any'. */
// "useUnknownInCatchVariables": true, /* Default catch clause variables as 'unknown' instead of 'any'. */ // "useUnknownInCatchVariables": true, /* Default catch clause variables as 'unknown' instead of 'any'. */
// "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */ "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */
// "noUnusedLocals": true, /* Enable error reporting when local variables aren't read. */ // "noUnusedLocals": true, /* Enable error reporting when local variables aren't read. */
// "noUnusedParameters": true, /* Raise an error when a function parameter isn't read. */ // "noUnusedParameters": true, /* Raise an error when a function parameter isn't read. */
// "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */ // "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */