summaryrefslogtreecommitdiff
path: root/app/app.js
diff options
context:
space:
mode:
Diffstat (limited to 'app/app.js')
-rw-r--r--app/app.js57
1 files changed, 36 insertions, 21 deletions
diff --git a/app/app.js b/app/app.js
index d9cd39c..23bf0ab 100644
--- a/app/app.js
+++ b/app/app.js
@@ -1,9 +1,9 @@
"use strict";
-const http = require("http");
const fs = require("fs");
-
-const argon2 = require("argon2");
+const http = require("http");
+const crypto = require("crypto");
+const {sj, cors} = require("./utils");
const Router = require("./lib/router");
const Static = require("./lib/static");
@@ -11,40 +11,55 @@ const Static = require("./lib/static");
//const pipe = require("./lib/pipe");
//const otp = require("./lib/otp");
+const config = require("./config");
+const {HOST, PORT} = config;
+
if (!fs.existsSync("./logs")) fs.mkdirSync("./logs");
if (!fs.existsSync("./users")) fs.mkdirSync("./users");
if (!fs.existsSync("./private")) fs.mkdirSync("./private");
-Math.clamp = Math.clamp || ((x,l,h) => Math.max(l,Math.min(x,h)));
-const PORT = Math.clamp(+process.env.PORT||8080, 1, 65535);
-const HOST = process.env.HOST||"0.0.0.0";
-
const server = http.createServer();
const stat = new Static("./public");
//const wss = new Socket(server);
const app = new Router();
-const cors = fn => (req, res, ...rest) => {
- res.setHeader("Access-Control-Allow-Origin", "*");
- res.setHeader("Access-Control-Allow-Methods", "GET, POST");
- fn(req, res, ...rest); };
+const auth = require("./auth")(config);
+const authed = auth.authed;
+auth.attach(app);
-const sj = (res, data) => {
- res.setHeader("Content-Type", "application/json");
- res.end(JSON.stringify(data)); };
+const noteStore = require("./note-store");
+noteStore.attach(app, auth);
-//app.get("/", (req, res) => {
-// res.writeHead(302, {"Location":"https://alexishovorka.com/"});
-// res.end();
-//});
+app.get("/user", authed((req, res) => {
+ console.log(Date.now()+" Getting user data for "+req.uid);
+ sj(res, {uid: req.uid, username: auth.getUsername(req.uid)});
+ // TODO avatar etc
+}));
-//await argon2.hash(password, {type: argon2.argon2id});
-//await argon2.verify(hash, password);
+// TODO https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
server.on("request", (req, res) => {
console.log(`${Date.now()} ${req.method} ${req.url}`);
+ //const scriptNonce = crypto.randomBytes(24).toString("hex");
+ //const styleNonce = crypto.randomBytes(24).toString("hex");
+ //res.setHeader("Strict-Transport-Security", "max-age=86400; includeSubDomains");
+ res.setHeader("Content-Security-Policy", ""
+ //+ `script-src 'nonce-${scriptNonce}' 'strict-dynamic'; ` // TODO
+ //+ `style-src 'nonce-${styleNonce}' 'strict-dynamic'; `
+ + "manifest-src 'self'; "
+ + "connect-src 'self'; "
+ + "worker-src 'self'; "
+ + "media-src 'self'; "
+ + "img-src 'self'; "
+ + "base-uri 'none'; "
+ + "object-src 'none'; "
+ + "form-action 'none'; "
+ + "frame-ancestors 'none'; "
+ );
+ res.setHeader("Cache-Control", 'no-cache="Set-Cookie"');
+ // TODO look into more cache headers
app.route(req, res) || stat.route(req, res);
});
server.listen(PORT, HOST);
-console.log(`${Date.now()} Running on http://${HOST}:${PORT}`);
+console.log(Date.now()+` Running on http://${HOST}:${PORT}`);