summaryrefslogtreecommitdiff
path: root/app/app.js
blob: 23bf0abecacce0dc4aebd2bdb1de3fb1f35cacf5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

"use strict";

const fs = require("fs");
const http = require("http");
const crypto = require("crypto");
const {sj, cors} = require("./utils");

const Router = require("./lib/router");
const Static = require("./lib/static");
//const Socket = require("./lib/socket");
//const pipe = require("./lib/pipe");
//const otp = require("./lib/otp");

const config = require("./config");
const {HOST, PORT} = config;

if (!fs.existsSync("./logs")) fs.mkdirSync("./logs");
if (!fs.existsSync("./users")) fs.mkdirSync("./users");
if (!fs.existsSync("./private")) fs.mkdirSync("./private");

const server = http.createServer();
const stat = new Static("./public");
//const wss = new Socket(server);
const app = new Router();

const auth = require("./auth")(config);
const authed = auth.authed;
auth.attach(app);

const noteStore = require("./note-store");
noteStore.attach(app, auth);

app.get("/user", authed((req, res) => {
  console.log(Date.now()+" Getting user data for "+req.uid);
  sj(res, {uid: req.uid, username: auth.getUsername(req.uid)});
  // TODO avatar etc
}));

// TODO https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html

server.on("request", (req, res) => {
  console.log(`${Date.now()} ${req.method} ${req.url}`);
  //const scriptNonce = crypto.randomBytes(24).toString("hex");
  //const styleNonce = crypto.randomBytes(24).toString("hex");
  //res.setHeader("Strict-Transport-Security", "max-age=86400; includeSubDomains");
  res.setHeader("Content-Security-Policy", ""
    //+ `script-src 'nonce-${scriptNonce}' 'strict-dynamic'; ` // TODO
    //+ `style-src 'nonce-${styleNonce}' 'strict-dynamic'; `
    + "manifest-src 'self'; "
    + "connect-src 'self'; "
    + "worker-src 'self'; "
    + "media-src 'self'; "
    + "img-src 'self'; "
    + "base-uri 'none'; "
    + "object-src 'none'; "
    + "form-action 'none'; "
    + "frame-ancestors 'none'; "
  );
  res.setHeader("Cache-Control", 'no-cache="Set-Cookie"');
  // TODO look into more cache headers
  app.route(req, res) || stat.route(req, res);
});

server.listen(PORT, HOST);
console.log(Date.now()+` Running on http://${HOST}:${PORT}`);