summaryrefslogtreecommitdiff
path: root/app/app.js
blob: b4af44bfe0d39ff9d433fcdea53555aa12aec31f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

import fs from "node:fs";
import http from "node:http";
import crypto from "node:crypto";
import {sj, cors} from "./utils.js";

import Router from "./lib/router.js";
import Static from "./lib/static.js";
//import Socket from "./lib/Socket.js";
//import pipe from "./lib/pipe.js";
//import otp from "./lib/otp.js";

import {HOST, PORT} from "./config.js";

import * as auth from "./auth.js";
import * as noteStore from "./note-store.js";

if (!fs.existsSync("./logs")) fs.mkdirSync("./logs");
if (!fs.existsSync("./users")) fs.mkdirSync("./users");
if (!fs.existsSync("./private")) fs.mkdirSync("./private");

const server = http.createServer();
const stat = new Static("./public");
//const wss = new Socket(server);
const app = new Router();

auth.attach(app);
noteStore.attach(app);

const authed = auth.authed;
app.get("/user", authed((req, res) => {
  console.log(Date.now()+" Getting user data for "+req.uid);
  sj(res, {uid: req.uid, username: auth.getUsername(req.uid)});
  // TODO avatar etc
}));

// TODO https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html

server.on("request", (req, res) => {
  console.log(`${Date.now()} ${req.method} ${req.url}`);
  //const scriptNonce = crypto.randomBytes(24).toString("hex");
  //const styleNonce = crypto.randomBytes(24).toString("hex");
  //res.setHeader("Strict-Transport-Security", "max-age=86400; includeSubDomains");
  res.setHeader("Content-Security-Policy", ""
    //+ `script-src 'nonce-${scriptNonce}' 'strict-dynamic'; ` // TODO
    //+ `style-src 'nonce-${styleNonce}' 'strict-dynamic'; `
    + "manifest-src 'self'; "
    + "connect-src 'self'; "
    + "worker-src 'self'; "
    + "media-src 'self'; "
    + "img-src 'self'; "
    + "base-uri 'none'; "
    + "object-src 'none'; "
    + "form-action 'none'; "
    + "frame-ancestors 'none'; "
  );
  res.setHeader("Cache-Control", 'no-cache="Set-Cookie"');
  // TODO look into more cache headers
  app.route(req, res) || stat.route(req, res);
});

server.listen(PORT, HOST);
console.log(Date.now()+` Running on http://${HOST}:${PORT}`);