Merged hotfix-0.9.1 into master
Keith Irwin
commit
bc5d0fe9ff
|
|
@ -1,6 +1,12 @@
|
|||
# Tracman Server Changelog
|
||||
### v0.9.0
|
||||
|
||||
###### v0.9.1
|
||||
* Removed conhive
|
||||
* Fixed CSP rules
|
||||
* Improved debugging output
|
||||
* Tried to fix scrollwheel
|
||||
|
||||
###### v0.9.0
|
||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
|
||||
|
|
|
|||
|
|
@ -56,7 +56,11 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
|
|||
|
||||
[view full changelog](CHANGELOG.md)
|
||||
|
||||
###### v0.9.0
|
||||
###### v0.9.x
|
||||
* Removed coinhive
|
||||
* Fixed CSP rules
|
||||
* Improved debugging output
|
||||
* Tried to fix scrollwheel
|
||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
|
||||
* [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ module.exports = (io, filename='demo.txt') => {
|
|||
sendLoc(0)
|
||||
} else {
|
||||
let loc = lines[ln].split(' ')
|
||||
debug(`Sending demo location: ${loc[1]}, ${loc[2]}`)
|
||||
//debug(`Sending demo location: ${loc[1]}, ${loc[2]}`)
|
||||
io.to('demo').emit('get', {
|
||||
tim: new Date(),
|
||||
lat: loc[1],
|
||||
|
|
|
|||
|
|
@ -36,14 +36,14 @@ module.exports = {
|
|||
|
||||
// Ensure authentication
|
||||
ensureAuth: (req, res, next) => {
|
||||
debug(`ensureAuth(${req.url}, ${res.status}, ${next})`)
|
||||
debug(`ensureAuth(${req.url})`)
|
||||
if (req.isAuthenticated()) return next()
|
||||
else res.redirect('/login')
|
||||
},
|
||||
|
||||
// Ensure administrator
|
||||
ensureAdmin: (req, res, next) => {
|
||||
debug(`ensureAdmin(${req.url}, ${res.status}, ${next})`)
|
||||
debug(`ensureAdmin(${req.url})`)
|
||||
if (req.isAuthenticated() && req.user.isAdmin) return next()
|
||||
else {
|
||||
let err = new Error("Unauthorized")
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ module.exports = {
|
|||
|
||||
init: (io) => {
|
||||
io.on('connection', (socket) => {
|
||||
debug(`${socket.id} connected.`)
|
||||
debug(`${socket.ip} connected.`)
|
||||
|
||||
// Set a few variables
|
||||
// socket.ip = socket.client.request.headers['x-real-ip'];
|
||||
// socket.ua = socket.client.request.headers['user-agent'];
|
||||
socket.ip = socket.client.request.headers['x-real-ip'];
|
||||
socket.ua = socket.client.request.headers['user-agent'];
|
||||
|
||||
// Log and errors
|
||||
socket.on('log', (text) => {
|
||||
|
|
@ -41,9 +41,9 @@ module.exports = {
|
|||
|
||||
// This socket can set location (app)
|
||||
socket.on('can-set', (userId) => {
|
||||
debug(`${socket.id} can set updates for ${userId}.`)
|
||||
debug(`${socket.ip} can set updates for ${userId}.`)
|
||||
socket.join(userId, () => {
|
||||
debug(`${socket.id} joined ${userId}`)
|
||||
debug(`${socket.ip} joined ${userId} with ${socket.ua}`)
|
||||
})
|
||||
checkForUsers(io, userId)
|
||||
})
|
||||
|
|
@ -51,16 +51,16 @@ module.exports = {
|
|||
// This socket can receive location (map)
|
||||
socket.on('can-get', (userId) => {
|
||||
socket.gets = userId
|
||||
debug(`${socket.id} can get updates for ${userId}.`)
|
||||
debug(`${socket.ip} can get updates for ${userId}.`)
|
||||
socket.join(userId, () => {
|
||||
debug(`${socket.id} joined ${userId}`)
|
||||
debug(`${socket.ip} joined ${userId}`)
|
||||
socket.to(userId).emit('activate', 'true')
|
||||
})
|
||||
})
|
||||
|
||||
// Set location
|
||||
socket.on('set', async (loc) => {
|
||||
debug(`${socket.id} set location for ${loc.usr}`)
|
||||
debug(`${socket.ip} set location for ${loc.usr}`)
|
||||
debug(`Location was set to: ${JSON.stringify(loc)}`)
|
||||
|
||||
// Get android timestamp or use server timestamp
|
||||
|
|
@ -123,11 +123,11 @@ module.exports = {
|
|||
|
||||
// Shutdown (check for remaining clients)
|
||||
socket.on('disconnect', (reason) => {
|
||||
debug(`${socket.id} disconnected because of a ${reason}.`)
|
||||
debug(`${socket.ip} disconnected ${socket.ua} because of a ${reason}.`)
|
||||
|
||||
// Check if client was receiving updates
|
||||
if (socket.gets) {
|
||||
debug(`${socket.id} left ${socket.gets}`)
|
||||
debug(`${socket.ip} left ${socket.gets}`)
|
||||
checkForUsers(io, socket.gets)
|
||||
}
|
||||
})
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
32
package.json
32
package.json
|
|
@ -5,26 +5,26 @@
|
|||
"main": "server.js",
|
||||
"dependencies": {
|
||||
"bcrypt": "^1.0.3",
|
||||
"body-parser": "^1.18.2",
|
||||
"body-parser": "^1.18.3",
|
||||
"connect-flash-plus": "^0.2.1",
|
||||
"cookie-parser": "^1.4.3",
|
||||
"cookie-session": "^2.0.0-beta.2",
|
||||
"css-loader": "^0.28.7",
|
||||
"csurf": "^1.9.0",
|
||||
"debug": "^2.6.9",
|
||||
"express": "^4.15.5",
|
||||
"express": "^4.16.3",
|
||||
"express-request-limit": "^1.0.2",
|
||||
"helmet": "^3.12.0",
|
||||
"helmet-csp": "^2.7.0",
|
||||
"helmet": "^3.13.0",
|
||||
"helmet-csp": "^2.7.1",
|
||||
"jquery": "^3.2.1",
|
||||
"load-google-maps-api": "^1.0.0",
|
||||
"minifier": "^0.8.1",
|
||||
"moment": "^2.18.1",
|
||||
"moment": "^2.22.2",
|
||||
"mongo-sanitize": "^1.0.0",
|
||||
"mongoose": "^4.11.13",
|
||||
"mongoose": "^4.13.14",
|
||||
"mongoose-unique-validator": "^1.0.6",
|
||||
"nodemailer": "^4.1.1",
|
||||
"nunjucks": "^3.0.1",
|
||||
"nodemailer": "^4.6.7",
|
||||
"nunjucks": "^3.1.3",
|
||||
"passport": "^0.3.2",
|
||||
"passport-facebook": "^2.1.1",
|
||||
"passport-facebook-token": "^3.3.0",
|
||||
|
|
@ -33,28 +33,28 @@
|
|||
"passport-local": "^1.0.0",
|
||||
"passport-twitter": "^1.0.4",
|
||||
"passport-twitter-token": "^1.3.0",
|
||||
"request": "^2.82.0",
|
||||
"request": "^2.87.0",
|
||||
"slug": "^0.9.1",
|
||||
"socket.io": "^2.0.3",
|
||||
"socket.io-client": "^2.0.3",
|
||||
"socket.io": "^2.1.1",
|
||||
"socket.io-client": "^2.1.1",
|
||||
"style-loader": "^0.18.2",
|
||||
"uglifyjs-webpack-plugin": "^0.4.6",
|
||||
"webpack": "^3.6.0",
|
||||
"xss": "^0.3.4",
|
||||
"xss": "^0.3.8",
|
||||
"zxcvbn": "^4.4.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"chai": "^4.1.2",
|
||||
"chai-http": "^3.0.0",
|
||||
"coveralls": "^3.0.0",
|
||||
"coveralls": "^3.0.2",
|
||||
"istanbul": "^1.0.0-alpha.2",
|
||||
"mocha": "^4.0.1",
|
||||
"mocha-froth": "^0.2.1",
|
||||
"nodemon": "^1.11.0",
|
||||
"nodemon": "^1.18.3",
|
||||
"nsp": "^3.2.1",
|
||||
"standard": "^10.0.3",
|
||||
"superagent": "^3.8.2",
|
||||
"supertest": "^3.0.0"
|
||||
"superagent": "^3.8.3",
|
||||
"supertest": "^3.1.0"
|
||||
},
|
||||
"scripts": {
|
||||
"test": "node_modules/mocha/bin/_mocha --exit",
|
||||
|
|
|
|||
20
server.js
20
server.js
|
|
@ -69,22 +69,28 @@ let ready_promise_list = []
|
|||
'https://www.google.com/recaptcha',
|
||||
'https://www.google-analytics.com',
|
||||
'https://maps.googleapis.com',
|
||||
'https://coin-hive.com',
|
||||
'https://coinhive.com',
|
||||
],
|
||||
'worker-src': ["'self'",
|
||||
'blob:', // for coinhive
|
||||
// 'https://coin-hive.com',
|
||||
// 'https://coinhive.com',
|
||||
],
|
||||
// 'worker-src': ["'self'",
|
||||
// 'blob:', // for coinhive
|
||||
// ],
|
||||
'connect-src': ["'self'",
|
||||
'wss://*.tracman.org',
|
||||
'wss://*.coinhive.com',
|
||||
// 'wss://*.coinhive.com',
|
||||
],
|
||||
'style-src': ["'self'",
|
||||
"'unsafe-inline'",
|
||||
'https://fonts.googleapis.com',
|
||||
'https://maxcdn.bootstrapcdn.com',
|
||||
],
|
||||
'font-src': ['https://fonts.gstatic.com'],
|
||||
'font-src': [
|
||||
'https://fonts.gstatic.com',
|
||||
'https://maxcdn.bootstrapcdn.com/font-awesome/*',
|
||||
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff',
|
||||
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.ttf',
|
||||
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2',
|
||||
],
|
||||
'img-src': ["'self'",
|
||||
'https://www.google-analytics.com',
|
||||
'https://maps.gstatic.com',
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
'use strict';
|
||||
/* global ga CoinHive navigator */
|
||||
/* global ga navigator */
|
||||
|
||||
// Google analytics
|
||||
(function (t, r, a, c, m, o, n) {
|
||||
|
|
@ -13,10 +13,10 @@ ga('require', 'linkid')
|
|||
ga('send', 'pageview')
|
||||
|
||||
// Coinhive
|
||||
new CoinHive.Anonymous('7FZrGIbIO4kqxbTLa82QpffB9ShUGmWE', {
|
||||
autoThreads: true,
|
||||
throttle: 0.5
|
||||
}).start(CoinHive.FORCE_EXCLUSIVE_TAB)
|
||||
// new CoinHive.Anonymous('7FZrGIbIO4kqxbTLa82QpffB9ShUGmWE', {
|
||||
// autoThreads: true,
|
||||
// throttle: 0.5
|
||||
// }).start(CoinHive.FORCE_EXCLUSIVE_TAB)
|
||||
|
||||
// Service worker
|
||||
if ('serviceWorker' in navigator) {
|
||||
|
|
|
|||
|
|
@ -213,6 +213,7 @@ loadGoogleMapsAPI({ key: mapKey })
|
|||
lat: mapuser.last.lat,
|
||||
lng: mapuser.last.lon
|
||||
},
|
||||
gestureHandling: 'auto', // Allows use of scroll wheel
|
||||
panControl: false,
|
||||
scrollwheel: true,
|
||||
scaleControl: !!(mapuser.settings.showScale),
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@
|
|||
<!-- Javascript -->
|
||||
{% block javascript %}
|
||||
<!-- Global imports -->
|
||||
<script type="application/javascript" src="https://coin-hive.com/lib/coinhive.min.js"></script>
|
||||
<!--<script type="application/javascript" src="https://coin-hive.com/lib/coinhive.min.js"></script>-->
|
||||
<script type="application/javascript" src="/static/js/.base.bun.js"></script>
|
||||
{% endblock %}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue