import fs from "node:fs"; import http from "node:http"; import crypto from "node:crypto"; import {sj, cors} from "./utils.js"; import Router from "./lib/router.js"; import Static from "./lib/static.js"; //import Socket from "./lib/Socket.js"; //import pipe from "./lib/pipe.js"; //import otp from "./lib/otp.js"; import {HOST, PORT} from "./config.js"; import * as auth from "./auth.js"; import * as noteStore from "./note-store.js"; if (!fs.existsSync("./logs")) fs.mkdirSync("./logs"); if (!fs.existsSync("./users")) fs.mkdirSync("./users"); if (!fs.existsSync("./private")) fs.mkdirSync("./private"); const server = http.createServer(); const stat = new Static("./public"); //const wss = new Socket(server); const app = new Router(); auth.attach(app); noteStore.attach(app); const authed = auth.authed; app.get("/user", authed((req, res) => { console.log(Date.now()+" Getting user data for "+req.uid); sj(res, {uid: req.uid, username: auth.getUsername(req.uid)}); // TODO avatar etc })); // TODO https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html server.on("request", (req, res) => { console.log(`${Date.now()} ${req.method} ${req.url}`); //const scriptNonce = crypto.randomBytes(24).toString("hex"); //const styleNonce = crypto.randomBytes(24).toString("hex"); //res.setHeader("Strict-Transport-Security", "max-age=86400; includeSubDomains"); res.setHeader("Content-Security-Policy", "" //+ `script-src 'nonce-${scriptNonce}' 'strict-dynamic'; ` // TODO //+ `style-src 'nonce-${styleNonce}' 'strict-dynamic'; ` + "manifest-src 'self'; " + "connect-src 'self'; " + "worker-src 'self'; " + "media-src 'self'; " + "img-src 'self'; " + "base-uri 'none'; " + "object-src 'none'; " + "form-action 'none'; " + "frame-ancestors 'none'; " ); res.setHeader("Cache-Control", 'no-cache="Set-Cookie"'); // TODO look into more cache headers app.route(req, res) || stat.route(req, res); }); server.listen(PORT, HOST); console.log(Date.now()+` Running on http://${HOST}:${PORT}`);