"use strict"; const fs = require("fs"); const http = require("http"); const crypto = require("crypto"); const {sj, cors} = require("./utils"); const Router = require("./lib/router"); const Static = require("./lib/static"); //const Socket = require("./lib/socket"); //const pipe = require("./lib/pipe"); //const otp = require("./lib/otp"); const config = require("./config"); const {HOST, PORT} = config; if (!fs.existsSync("./logs")) fs.mkdirSync("./logs"); if (!fs.existsSync("./users")) fs.mkdirSync("./users"); if (!fs.existsSync("./private")) fs.mkdirSync("./private"); const server = http.createServer(); const stat = new Static("./public"); //const wss = new Socket(server); const app = new Router(); const auth = require("./auth")(config); const authed = auth.authed; auth.attach(app); const noteStore = require("./note-store"); noteStore.attach(app, auth); app.get("/user", authed((req, res) => { console.log(Date.now()+" Getting user data for "+req.uid); sj(res, {uid: req.uid, username: auth.getUsername(req.uid)}); // TODO avatar etc })); // TODO https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html server.on("request", (req, res) => { console.log(`${Date.now()} ${req.method} ${req.url}`); //const scriptNonce = crypto.randomBytes(24).toString("hex"); //const styleNonce = crypto.randomBytes(24).toString("hex"); //res.setHeader("Strict-Transport-Security", "max-age=86400; includeSubDomains"); res.setHeader("Content-Security-Policy", "" //+ `script-src 'nonce-${scriptNonce}' 'strict-dynamic'; ` // TODO //+ `style-src 'nonce-${styleNonce}' 'strict-dynamic'; ` + "manifest-src 'self'; " + "connect-src 'self'; " + "worker-src 'self'; " + "media-src 'self'; " + "img-src 'self'; " + "base-uri 'none'; " + "object-src 'none'; " + "form-action 'none'; " + "frame-ancestors 'none'; " ); res.setHeader("Cache-Control", 'no-cache="Set-Cookie"'); // TODO look into more cache headers app.route(req, res) || stat.route(req, res); }); server.listen(PORT, HOST); console.log(Date.now()+` Running on http://${HOST}:${PORT}`);