Compare commits

...

3 Commits

20 changed files with 66 additions and 57 deletions

View File

@ -6,6 +6,7 @@ const helper = require("./helpers.js");
const loggy = require("./logging") const loggy = require("./logging")
const Eta = require("eta"); const Eta = require("eta");
const _ = require("underscore") const _ = require("underscore")
const path = require("path")
loggy.init(true) loggy.init(true)
@ -24,6 +25,26 @@ app.use(
}) })
); );
// Allowed urls for requests to /assets/
const allowsURLs = [
'bootstrap-icons/font/bootstrap-icons.css',
'js-cookie/dist/js.cookie.min.js',
'bootstrap/dist/css/bootstrap.min.css',
'mdbootstrap/css/style.css',
'bootstrap/dist/js/bootstrap.bundle.min.js',
'jquery/dist/jquery.min.js',
'darkreader/darkreader.js',
'bootstrap-duration-picker/dist/bootstrap-duration-picker.css',
'flatpickr/dist/flatpickr.min.css',
'bootstrap-duration-picker/dist/bootstrap-duration-picker-debug.js',
'flatpickr/dist/flatpickr.js',
'bootstrap-icons/font/fonts/bootstrap-icons.woff2',
'bootstrap/dist/css/bootstrap.min.css.map',
'less/dist/less.min.js',
'less/dist/less.min.js.map',
'mdbootstrap/js/mdb.min.js'
];
let loadedData = {} let loadedData = {}
loggy.log("Loading config", "info", "Config"); loggy.log("Loading config", "info", "Config");
@ -391,6 +412,16 @@ app.get("/api/ui/v1/lang/set", function (req, res) {
}); });
app.use("/assets/*", function handleModuleFiles(req, res) {
if(allowsURLs.indexOf(req.params[0]) > -1){
res.sendFile(path.join(__dirname, "node_modules", req.params[0]));
} else {
loggy.log("Attempt to access restricted asset file " + req.params[0], "error", "Security")
res.status(403).json({ status: "error", reason: "Access to restricted asset file denied" });
}
// console.log(recordedURLs)
})
app.use(function (req, res, next) { app.use(function (req, res, next) {
res.status(404); res.status(404);
loggy.log("Server responded with 404 error", "warn", "Server", true); loggy.log("Server responded with 404 error", "warn", "Server", true);
@ -415,6 +446,8 @@ app.use(function (req, res, next) {
/*app.use(function(err, req, res, next) { /*app.use(function(err, req, res, next) {
console.error(err.stack); console.error(err.stack);
if(String(err.stack).includes("TypeError: Cannot read properties of undefined")) { if(String(err.stack).includes("TypeError: Cannot read properties of undefined")) {

View File

@ -1 +1 @@
[{"timestamp":"2022-07-23 12:23:17.692","level":"info","module":"Logging","message":"2022-07-23 12:23:17.692 [info] [Logging] Logging initialized"},{"timestamp":"2022-07-23 12:23:17.694","level":"info","module":"Server","message":"2022-07-23 12:23:17.694 [info] [Server] Preparing server"},{"timestamp":"2022-07-23 12:23:17.695","level":"info","module":"Server","message":"2022-07-23 12:23:17.695 [info] [Server] Preparing static routes"},{"timestamp":"2022-07-23 12:23:17.696","level":"info","module":"Server","message":"2022-07-23 12:23:17.696 [info] [Server] Preparing middlewares"},{"timestamp":"2022-07-23 12:23:17.696","level":"info","module":"Config","message":"2022-07-23 12:23:17.696 [info] [Config] Loading config"},{"timestamp":"2022-07-23 12:23:17.698","level":"info","module":"Language","message":"2022-07-23 12:23:17.698 [info] [Language] Searching for languages"},{"timestamp":"2022-07-23 12:23:17.699","level":"info","module":"Language","message":"2022-07-23 12:23:17.699 [info] [Language] Found 3 languages"},{"timestamp":"2022-07-23 12:23:17.699","level":"info","module":"Language","message":"2022-07-23 12:23:17.699 [info] [Language] Reading language file"},{"timestamp":"2022-07-23 12:23:17.699","level":"info","module":"Websocket","message":"2022-07-23 12:23:17.699 [info] [Websocket] Preparing websocket"},{"timestamp":"2022-07-23 12:23:17.700","level":"info","module":"Server","message":"2022-07-23 12:23:17.700 [info] [Server] Preparing routes"},{"timestamp":"2022-07-23 12:23:17.701","level":"info","module":"Server","message":"2022-07-23 12:23:17.701 [info] [Server] Starting server"},{"timestamp":"2022-07-23 13:34:09.137","level":"info","module":"Shutdown","message":"2022-07-23 13:34:09.137 [info] [Shutdown] Caught interrupt signal and shutting down gracefully"}] [{"timestamp":"2022-08-18 16:11:01.607","level":"info","module":"Logging","message":"2022-08-18 16:11:01.607 [info] [Logging] Logging initialized"},{"timestamp":"2022-08-18 16:11:01.608","level":"info","module":"Server","message":"2022-08-18 16:11:01.608 [info] [Server] Preparing server"},{"timestamp":"2022-08-18 16:11:01.609","level":"info","module":"Server","message":"2022-08-18 16:11:01.609 [info] [Server] Preparing static routes"},{"timestamp":"2022-08-18 16:11:01.610","level":"info","module":"Server","message":"2022-08-18 16:11:01.610 [info] [Server] Preparing middlewares"},{"timestamp":"2022-08-18 16:11:01.611","level":"info","module":"Config","message":"2022-08-18 16:11:01.611 [info] [Config] Loading config"},{"timestamp":"2022-08-18 16:11:01.612","level":"info","module":"Language","message":"2022-08-18 16:11:01.612 [info] [Language] Searching for languages"},{"timestamp":"2022-08-18 16:11:01.612","level":"info","module":"Language","message":"2022-08-18 16:11:01.612 [info] [Language] Found 3 languages"},{"timestamp":"2022-08-18 16:11:01.612","level":"info","module":"Language","message":"2022-08-18 16:11:01.612 [info] [Language] Reading language file"},{"timestamp":"2022-08-18 16:11:01.612","level":"info","module":"Websocket","message":"2022-08-18 16:11:01.612 [info] [Websocket] Preparing websocket"},{"timestamp":"2022-08-18 16:11:01.613","level":"info","module":"Server","message":"2022-08-18 16:11:01.613 [info] [Server] Preparing routes"},{"timestamp":"2022-08-18 16:11:01.614","level":"info","module":"Server","message":"2022-08-18 16:11:01.614 [info] [Server] Starting server"},{"timestamp":"2022-08-18 16:13:27.222","level":"error","module":"Security","message":"2022-08-18 16:13:27.222 [error] [Security] Attempt to access restricted asset file mdbootstrap/js/mdb.min.js"},{"timestamp":"2022-08-18 16:13:27.674","level":"error","module":"Security","message":"2022-08-18 16:13:27.674 [error] [Security] Attempt to access restricted asset file mdbootstrap/js/mdb.min.js"},{"timestamp":"2022-08-18 16:13:46.931","level":"info","module":"Shutdown","message":"2022-08-18 16:13:46.931 [info] [Shutdown] Caught interrupt signal and shutting down gracefully"}]

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{ {
"name": "opencountdown", "name": "opencountdown",
"version": "1.0.1", "version": "1.0.2",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "opencountdown", "name": "opencountdown",
"version": "1.0.1", "version": "1.0.2",
"license": "LGPL-3.0", "license": "LGPL-3.0",
"dependencies": { "dependencies": {
"body-parser": "^1.19.2", "body-parser": "^1.19.2",

View File

@ -1 +0,0 @@
../node_modules/bootstrap-duration-picker/dist/

View File

@ -1 +0,0 @@
../../node_modules/bootstrap/dist

View File

@ -1 +0,0 @@
../../node_modules/bootstrap-colorpicker/dist/css

View File

@ -1 +0,0 @@
../../node_modules/bootstrap-colorpicker/dist/js

View File

@ -1 +0,0 @@
../../node_modules/bootstrap-icons/font/bootstrap-icons.css

View File

@ -1 +0,0 @@
../../../node_modules/bootstrap-icons/font/fonts/bootstrap-icons.woff

View File

@ -1 +0,0 @@
../../../node_modules/bootstrap-icons/font/fonts/bootstrap-icons.woff2

View File

@ -1 +0,0 @@
../../node_modules/flatpickr/dist/

View File

@ -1 +0,0 @@
../../node_modules/js-cookie/dist/js.cookie.min.js

View File

@ -1 +0,0 @@
../../node_modules/darkreader/darkreader.js

View File

@ -1 +0,0 @@
../../node_modules/jquery/dist/jquery.min.js

View File

@ -1 +0,0 @@
../../node_modules/less/dist/less.min.js

View File

@ -1 +0,0 @@
../../node_modules/mdbootstrap/css/

View File

@ -1 +0,0 @@
../../node_modules/mdbootstrap/js

View File

@ -10,26 +10,27 @@
<meta name="author" content="TheGreydiamond"> <meta name="author" content="TheGreydiamond">
<link rel="stylesheet" href="/css/bootstrap-icons.css"> <link rel="stylesheet" href="/assets/bootstrap-icons/font/bootstrap-icons.css">
<link rel="stylesheet" href="/mdbootstrap/css/style.css"> <link rel="stylesheet" href="/assets/mdbootstrap/css/style.css">
<script src="/bootstrap/dist/js/bootstrap.bundle.min.js"></script> <script src="/assets/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery.min.js"></script> <script src="/assets/jquery/dist/jquery.min.js"></script>
<script type="text/javascript" src="/mdbootstrap/js/mdb.min.js"></script> <script type="text/javascript" src="/mdbootstrap/js/mdb.min.js"></script>
<script type="text/javascript" src="/js/darkreader.js"></script> <script type="text/javascript" src="/js/darkreader.js"></script>
<script type="text/javascript" src="/js/cookie.js"></script> <script type="text/javascript" src="/assets/js-cookie/dist/js.cookie.min.js"></script>
<link href="/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> <link href="/assets/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="/css/mainStyle.css" rel="stylesheet"> <link href="/css/mainStyle.css" rel="stylesheet">
<link rel="stylesheet" href="/coloris/coloris.min.css" /> <link rel="stylesheet" href="/coloris/coloris.min.css" />
<link rel="stylesheet" href="/bootstrap-duration-picker/bootstrap-duration-picker.css" /> <link rel="stylesheet" href="/assets/bootstrap-duration-picker/dist/bootstrap-duration-picker.css" />
<link rel="stylesheet" href="/flatpickr/dist/flatpickr.min.css" /> <link rel="stylesheet" href="/assets/flatpickr/dist/flatpickr.min.css" />
<script src="/bootstrap-duration-picker/bootstrap-duration-picker-debug.js"></script> <script src="/assets/bootstrap-duration-picker/dist/bootstrap-duration-picker-debug.js"></script>
<script src="/coloris/coloris.min.js"></script> <script src="/coloris/coloris.min.js"></script>
<script type="text/javascript" src="/flatpickr/dist/flatpickr.js"> </script> <script type="text/javascript" src="/assets/flatpickr/dist/flatpickr.js"> </script>
<link rel="stylesheet" href="/css/bootstrap-icons.css">
<link rel="icon" href="/logo/favicon.svg" type="image/svg+xml">
</head> </head>
<body> <body>
@ -115,17 +116,9 @@
</page> </page>
</pages> </pages>
</main> </main>
<script type="text/javascript" src="js/jsonview.js"></script> <script type="text/javascript" src="/js/jsonview.js"></script>
<script type="text/javascript" src="/js/interface.js"> </script> <script type="text/javascript" src="/js/interface.js"> </script>
<script type="text/javascript"> <script type="text/javascript">
Coloris({
el: '.coloris',
alpha: false,
});
$(function () {
$('[data-toggle="tooltip"]').tooltip({ container: "body" })
})
$("#applyLang").on("click", function (event) { $("#applyLang").on("click", function (event) {
const lang = $("#lang").val() const lang = $("#lang").val()
saveOption("/api/ui/v1/lang/set?lang=" + lang, function handleLangSelect(event, xmlHttp) { saveOption("/api/ui/v1/lang/set?lang=" + lang, function handleLangSelect(event, xmlHttp) {

View File

@ -9,8 +9,8 @@
<meta name="description" content="openCountdown"> <meta name="description" content="openCountdown">
<meta name="author" content="TheGreydiamond"> <meta name="author" content="TheGreydiamond">
<script type="text/javascript" src="/js/cookie.js"></script> <script type="text/javascript" src="/assets/js-cookie/dist/js.cookie.min.js"></script>
<link rel="stylesheet" href="/assets/bootstrap-icons/font/bootstrap-icons.css">
<link rel="stylesheet/less" type="text/css" href="/css/errorPage/styles.less" /> <link rel="stylesheet/less" type="text/css" href="/css/errorPage/styles.less" />
@ -19,11 +19,9 @@
javascriptEnabled: true javascriptEnabled: true
}; };
</script> </script>
<script src="/js/less.min.js"></script> <script src="/assets/less/dist/less.min.js"></script>
<link rel="stylesheet" href="/css/errorPage/style.css"> <link rel="stylesheet" href="/css/errorPage/style.css">
<link rel="stylesheet" href="/css/bootstrap-icons.css">
</head> </head>
<body> <body>

View File

@ -10,28 +10,27 @@
<meta name="author" content="TheGreydiamond"> <meta name="author" content="TheGreydiamond">
<link rel="stylesheet" href="/css/bootstrap-icons.css"> <link rel="stylesheet" href="/assets/bootstrap-icons/font/bootstrap-icons.css">
<link rel="stylesheet" href="/mdbootstrap/css/style.css"> <link rel="stylesheet" href="/assets/mdbootstrap/css/style.css">
<script src="/bootstrap/dist/js/bootstrap.bundle.min.js"></script> <script src="/assets/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
<script src="/js/jquery.min.js"></script> <script src="/assets/jquery/dist/jquery.min.js"></script>
<script type="text/javascript" src="/mdbootstrap/js/mdb.min.js"></script> <script type="text/javascript" src="/assets/mdbootstrap/js/mdb.min.js"></script>
<script type="text/javascript" src="/js/darkreader.js"></script> <script type="text/javascript" src="/assets/darkreader/darkreader.js"></script>
<script type="text/javascript" src="/js/cookie.js"></script> <script type="text/javascript" src="/assets/js-cookie/dist/js.cookie.min.js"></script>
<link href="/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> <link href="/assets/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="/css/mainStyle.css" rel="stylesheet"> <link href="/css/mainStyle.css" rel="stylesheet">
<link rel="stylesheet" href="/coloris/coloris.min.css" /> <link rel="stylesheet" href="/coloris/coloris.min.css" />
<link rel="stylesheet" href="/bootstrap-duration-picker/bootstrap-duration-picker.css" /> <link rel="stylesheet" href="/assets/bootstrap-duration-picker/dist/bootstrap-duration-picker.css" />
<link rel="stylesheet" href="/flatpickr/dist/flatpickr.min.css" /> <link rel="stylesheet" href="/assets/flatpickr/dist/flatpickr.min.css" />
<script src="/bootstrap-duration-picker/bootstrap-duration-picker-debug.js"></script> <script src="/assets/bootstrap-duration-picker/dist/bootstrap-duration-picker-debug.js"></script>
<script src="/coloris/coloris.min.js"></script> <script src="/coloris/coloris.min.js"></script>
<script type="text/javascript" src="/flatpickr/dist/flatpickr.js"> </script> <script type="text/javascript" src="/assets/flatpickr/dist/flatpickr.js"> </script>
<link rel="stylesheet" href="/css/bootstrap-icons.css">
<link rel="icon" href="/favicon.svg" type="image/svg+xml"> <link rel="icon" href="/logo/faviconLogo.svg" type="image/svg+xml">
</head> </head>
<body> <body>
@ -429,7 +428,7 @@
</page> </page>
</pages> </pages>
</main> </main>
<script type="text/javascript" src="js/jsonview.js"></script> <script type="text/javascript" src="/js/jsonview.js"></script>
<script type="text/javascript" src="/js/interface.js"> </script> <script type="text/javascript" src="/js/interface.js"> </script>
<script type="text/javascript"> <script type="text/javascript">