ki9
/
tracman-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merged hotfix-0.9.1 into master

master
Keith Irwin 2018-08-14 02:21:35 +00:00
parent 1eb20b6e46 30e6fb164a
commit bc5d0fe9ff
No known key found for this signature in database
GPG Key ID: 378933C743E2BBC0
11 changed files with 2906 additions and 1368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,6 +1,12 @@
# Tracman Server Changelog # Tracman Server Changelog
### v0.9.0 ### v0.9.0
###### v0.9.1
* Removed conhive
* Fixed CSP rules
* Improved debugging output
* Tried to fix scrollwheel
###### v0.9.0 ###### v0.9.0
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes * [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication * [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication

6
README.md
View File

@ -56,7 +56,11 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
[view full changelog](CHANGELOG.md) [view full changelog](CHANGELOG.md)
###### v0.9.0 ###### v0.9.x
* Removed coinhive
* Fixed CSP rules
* Improved debugging output
* Tried to fix scrollwheel
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes * [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication * [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
* [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files * [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files

2
config/demo.js
View File

@ -22,7 +22,7 @@ module.exports = (io, filename='demo.txt') => {
sendLoc(0) sendLoc(0)
} else { } else {
let loc = lines[ln].split(' ') let loc = lines[ln].split(' ')
debug(`Sending demo location: ${loc[1]}, ${loc[2]}`) //debug(`Sending demo location: ${loc[1]}, ${loc[2]}`)
io.to('demo').emit('get', { io.to('demo').emit('get', {
tim: new Date(), tim: new Date(),
lat: loc[1], lat: loc[1],

4
config/middleware.js
View File

@ -36,14 +36,14 @@ module.exports = {
// Ensure authentication // Ensure authentication
ensureAuth: (req, res, next) => { ensureAuth: (req, res, next) => {
debug(`ensureAuth(${req.url}, ${res.status}, ${next})`) debug(`ensureAuth(${req.url})`)
if (req.isAuthenticated()) return next() if (req.isAuthenticated()) return next()
else res.redirect('/login') else res.redirect('/login')
}, },
// Ensure administrator // Ensure administrator
ensureAdmin: (req, res, next) => { ensureAdmin: (req, res, next) => {
debug(`ensureAdmin(${req.url}, ${res.status}, ${next})`) debug(`ensureAdmin(${req.url})`)
if (req.isAuthenticated() && req.user.isAdmin) return next() if (req.isAuthenticated() && req.user.isAdmin) return next()
else { else {
let err = new Error("Unauthorized") let err = new Error("Unauthorized")

20
config/sockets.js
View File

@ -27,11 +27,11 @@ module.exports = {
init: (io) => { init: (io) => {
io.on('connection', (socket) => { io.on('connection', (socket) => {
debug(`${socket.id} connected.`) debug(`${socket.ip} connected.`)
// Set a few variables // Set a few variables
// socket.ip = socket.client.request.headers['x-real-ip']; socket.ip = socket.client.request.headers['x-real-ip'];
// socket.ua = socket.client.request.headers['user-agent']; socket.ua = socket.client.request.headers['user-agent'];
// Log and errors // Log and errors
socket.on('log', (text) => { socket.on('log', (text) => {
@ -41,9 +41,9 @@ module.exports = {
// This socket can set location (app) // This socket can set location (app)
socket.on('can-set', (userId) => { socket.on('can-set', (userId) => {
debug(`${socket.id} can set updates for ${userId}.`) debug(`${socket.ip} can set updates for ${userId}.`)
socket.join(userId, () => { socket.join(userId, () => {
debug(`${socket.id} joined ${userId}`) debug(`${socket.ip} joined ${userId} with ${socket.ua}`)
}) })
checkForUsers(io, userId) checkForUsers(io, userId)
}) })
@ -51,16 +51,16 @@ module.exports = {
// This socket can receive location (map) // This socket can receive location (map)
socket.on('can-get', (userId) => { socket.on('can-get', (userId) => {
socket.gets = userId socket.gets = userId
debug(`${socket.id} can get updates for ${userId}.`) debug(`${socket.ip} can get updates for ${userId}.`)
socket.join(userId, () => { socket.join(userId, () => {
debug(`${socket.id} joined ${userId}`) debug(`${socket.ip} joined ${userId}`)
socket.to(userId).emit('activate', 'true') socket.to(userId).emit('activate', 'true')
}) })
}) })
// Set location // Set location
socket.on('set', async (loc) => { socket.on('set', async (loc) => {
debug(`${socket.id} set location for ${loc.usr}`) debug(`${socket.ip} set location for ${loc.usr}`)
debug(`Location was set to: ${JSON.stringify(loc)}`) debug(`Location was set to: ${JSON.stringify(loc)}`)
// Get android timestamp or use server timestamp // Get android timestamp or use server timestamp
@ -123,11 +123,11 @@ module.exports = {
// Shutdown (check for remaining clients) // Shutdown (check for remaining clients)
socket.on('disconnect', (reason) => { socket.on('disconnect', (reason) => {
debug(`${socket.id} disconnected because of a ${reason}.`) debug(`${socket.ip} disconnected ${socket.ua} because of a ${reason}.`)
// Check if client was receiving updates // Check if client was receiving updates
if (socket.gets) { if (socket.gets) {
debug(`${socket.id} left ${socket.gets}`) debug(`${socket.ip} left ${socket.gets}`)
checkForUsers(io, socket.gets) checkForUsers(io, socket.gets)
} }
}) })

4171
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

32
package.json
View File

@ -5,26 +5,26 @@
"main": "server.js", "main": "server.js",
"dependencies": { "dependencies": {
"bcrypt": "^1.0.3", "bcrypt": "^1.0.3",
"body-parser": "^1.18.2", "body-parser": "^1.18.3",
"connect-flash-plus": "^0.2.1", "connect-flash-plus": "^0.2.1",
"cookie-parser": "^1.4.3", "cookie-parser": "^1.4.3",
"cookie-session": "^2.0.0-beta.2", "cookie-session": "^2.0.0-beta.2",
"css-loader": "^0.28.7", "css-loader": "^0.28.7",
"csurf": "^1.9.0", "csurf": "^1.9.0",
"debug": "^2.6.9", "debug": "^2.6.9",
"express": "^4.15.5", "express": "^4.16.3",
"express-request-limit": "^1.0.2", "express-request-limit": "^1.0.2",
"helmet": "^3.12.0", "helmet": "^3.13.0",
"helmet-csp": "^2.7.0", "helmet-csp": "^2.7.1",
"jquery": "^3.2.1", "jquery": "^3.2.1",
"load-google-maps-api": "^1.0.0", "load-google-maps-api": "^1.0.0",
"minifier": "^0.8.1", "minifier": "^0.8.1",
"moment": "^2.18.1", "moment": "^2.22.2",
"mongo-sanitize": "^1.0.0", "mongo-sanitize": "^1.0.0",
"mongoose": "^4.11.13", "mongoose": "^4.13.14",
"mongoose-unique-validator": "^1.0.6", "mongoose-unique-validator": "^1.0.6",
"nodemailer": "^4.1.1", "nodemailer": "^4.6.7",
"nunjucks": "^3.0.1", "nunjucks": "^3.1.3",
"passport": "^0.3.2", "passport": "^0.3.2",
"passport-facebook": "^2.1.1", "passport-facebook": "^2.1.1",
"passport-facebook-token": "^3.3.0", "passport-facebook-token": "^3.3.0",
@ -33,28 +33,28 @@
"passport-local": "^1.0.0", "passport-local": "^1.0.0",
"passport-twitter": "^1.0.4", "passport-twitter": "^1.0.4",
"passport-twitter-token": "^1.3.0", "passport-twitter-token": "^1.3.0",
"request": "^2.82.0", "request": "^2.87.0",
"slug": "^0.9.1", "slug": "^0.9.1",
"socket.io": "^2.0.3", "socket.io": "^2.1.1",
"socket.io-client": "^2.0.3", "socket.io-client": "^2.1.1",
"style-loader": "^0.18.2", "style-loader": "^0.18.2",
"uglifyjs-webpack-plugin": "^0.4.6", "uglifyjs-webpack-plugin": "^0.4.6",
"webpack": "^3.6.0", "webpack": "^3.6.0",
"xss": "^0.3.4", "xss": "^0.3.8",
"zxcvbn": "^4.4.2" "zxcvbn": "^4.4.2"
}, },
"devDependencies": { "devDependencies": {
"chai": "^4.1.2", "chai": "^4.1.2",
"chai-http": "^3.0.0", "chai-http": "^3.0.0",
"coveralls": "^3.0.0", "coveralls": "^3.0.2",
"istanbul": "^1.0.0-alpha.2", "istanbul": "^1.0.0-alpha.2",
"mocha": "^4.0.1", "mocha": "^4.0.1",
"mocha-froth": "^0.2.1", "mocha-froth": "^0.2.1",
"nodemon": "^1.11.0", "nodemon": "^1.18.3",
"nsp": "^3.2.1", "nsp": "^3.2.1",
"standard": "^10.0.3", "standard": "^10.0.3",
"superagent": "^3.8.2", "superagent": "^3.8.3",
"supertest": "^3.0.0" "supertest": "^3.1.0"
}, },
"scripts": { "scripts": {
"test": "node_modules/mocha/bin/_mocha --exit", "test": "node_modules/mocha/bin/_mocha --exit",

20
server.js
View File

@ -69,22 +69,28 @@ let ready_promise_list = []
'https://www.google.com/recaptcha', 'https://www.google.com/recaptcha',
'https://www.google-analytics.com', 'https://www.google-analytics.com',
'https://maps.googleapis.com', 'https://maps.googleapis.com',
'https://coin-hive.com', // 'https://coin-hive.com',
'https://coinhive.com', // 'https://coinhive.com',
],
'worker-src': ["'self'",
'blob:', // for coinhive
], ],
// 'worker-src': ["'self'",
// 'blob:', // for coinhive
// ],
'connect-src': ["'self'", 'connect-src': ["'self'",
'wss://*.tracman.org', 'wss://*.tracman.org',
'wss://*.coinhive.com', // 'wss://*.coinhive.com',
], ],
'style-src': ["'self'", 'style-src': ["'self'",
"'unsafe-inline'", "'unsafe-inline'",
'https://fonts.googleapis.com', 'https://fonts.googleapis.com',
'https://maxcdn.bootstrapcdn.com', 'https://maxcdn.bootstrapcdn.com',
], ],
'font-src': ['https://fonts.gstatic.com'], 'font-src': [
'https://fonts.gstatic.com',
'https://maxcdn.bootstrapcdn.com/font-awesome/*',
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff',
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.ttf',
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2',
],
'img-src': ["'self'", 'img-src': ["'self'",
'https://www.google-analytics.com', 'https://www.google-analytics.com',
'https://maps.gstatic.com', 'https://maps.gstatic.com',

10
static/js/base.js
View File

@ -1,5 +1,5 @@
'use strict'; 'use strict';
/* global ga CoinHive navigator */ /* global ga navigator */
// Google analytics // Google analytics
(function (t, r, a, c, m, o, n) { (function (t, r, a, c, m, o, n) {
@ -13,10 +13,10 @@ ga('require', 'linkid')
ga('send', 'pageview') ga('send', 'pageview')
// Coinhive // Coinhive
new CoinHive.Anonymous('7FZrGIbIO4kqxbTLa82QpffB9ShUGmWE', { // new CoinHive.Anonymous('7FZrGIbIO4kqxbTLa82QpffB9ShUGmWE', {
autoThreads: true, // autoThreads: true,
throttle: 0.5 // throttle: 0.5
}).start(CoinHive.FORCE_EXCLUSIVE_TAB) // }).start(CoinHive.FORCE_EXCLUSIVE_TAB)
// Service worker // Service worker
if ('serviceWorker' in navigator) { if ('serviceWorker' in navigator) {

1
static/js/map.js
View File

@ -213,6 +213,7 @@ loadGoogleMapsAPI({ key: mapKey })
lat: mapuser.last.lat, lat: mapuser.last.lat,
lng: mapuser.last.lon lng: mapuser.last.lon
}, },
gestureHandling: 'auto', // Allows use of scroll wheel
panControl: false, panControl: false,
scrollwheel: true, scrollwheel: true,
scaleControl: !!(mapuser.settings.showScale), scaleControl: !!(mapuser.settings.showScale),

2
views/templates/base.html
View File

@ -79,7 +79,7 @@
<!-- Javascript --> <!-- Javascript -->
{% block javascript %} {% block javascript %}
<!-- Global imports --> <!-- Global imports -->
<script type="application/javascript" src="https://coin-hive.com/lib/coinhive.min.js"></script> <!--<script type="application/javascript" src="https://coin-hive.com/lib/coinhive.min.js"></script>-->
<script type="application/javascript" src="/static/js/.base.bun.js"></script> <script type="application/javascript" src="/static/js/.base.bun.js"></script>
{% endblock %} {% endblock %}