Merged hotfix-0.9.2 into develop
commit
e95db0eb2c
|
@ -6,6 +6,8 @@
|
|||
* Fixed CSP rules
|
||||
* Improved debugging output
|
||||
* Tried to fix scrollwheel
|
||||
* Fixed security audited npm packages
|
||||
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||
|
||||
###### v0.9.0
|
||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||
|
|
|
@ -6,7 +6,6 @@ node.js application to display a sharable map with user's location.
|
|||
[](https://travis-ci.org/Tracman-org/Server)
|
||||
[](https://coveralls.io/github/Tracman-org/Server?branch=master)
|
||||
[](https://standardjs.com)
|
||||
[](https://snyk.io/test/github/Tracman-org/Servr)
|
||||
|
||||
## Installation
|
||||
|
||||
|
@ -61,12 +60,14 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
|
|||
* Fixed CSP rules
|
||||
* Improved debugging output
|
||||
* Tried to fix scrollwheel
|
||||
* Fixed security audited npm packages
|
||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
|
||||
* [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files
|
||||
* Removed express validator and replaced with homegrown function
|
||||
* Fixed showing welcome message on every login
|
||||
* Removed naked domains
|
||||
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||
|
||||
###### v0.8.x
|
||||
* Hotfixed service worker bugs
|
||||
|
|
|
@ -5,10 +5,13 @@ const mail = require('../mail.js')
|
|||
const User = require('../models.js').user
|
||||
const crypto = require('crypto')
|
||||
const moment = require('moment')
|
||||
const slugify = require('slug')
|
||||
const sanitize = require('mongo-sanitize')
|
||||
const debug = require('debug')('tracman-routes-auth')
|
||||
const env = require('../env/env.js')
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slugify = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
module.exports = (app, passport) => {
|
||||
|
||||
|
@ -317,14 +320,14 @@ module.exports = (app, passport) => {
|
|||
to: mail.to(user),
|
||||
subject: 'Reset your Tracman password',
|
||||
text: mail.text(
|
||||
`Hi, \n\nDid you request to reset your Tracman password? \
|
||||
`Did you request to reset your Tracman password? \
|
||||
If so, follow this link to do so:\
|
||||
\n${env.url}/account/password/${token}\n\n\
|
||||
This link will expire at ${expiration_time_string}. \n\n\
|
||||
If you didn't initiate this request, just ignore this email. \n\n`
|
||||
),
|
||||
html: mail.html(
|
||||
`<p>Hi, </p><p>Did you request to reset your Tracman password? \
|
||||
`<p>Did you request to reset your Tracman password? \
|
||||
If so, follow this link to do so:<br>\
|
||||
<a href="${env.url}/account/password/${token}">\
|
||||
${env.url}/account/password/${token}</a>. \
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
'use strict'
|
||||
|
||||
const router = require('express').Router()
|
||||
const slug = require('slug')
|
||||
const xss = require('xss')
|
||||
const User = require('../models.js').user
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slug = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
module.exports = router
|
||||
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
'use strict'
|
||||
|
||||
const slug = require('slug')
|
||||
const xss = require('xss')
|
||||
const mw = require('../middleware.js')
|
||||
const User = require('../models.js').user
|
||||
const mail = require('../mail.js')
|
||||
const env = require('../env/env.js')
|
||||
const sanitize = require('mongo-sanitize')
|
||||
const debug = require('debug')('tracman-routes-settings')
|
||||
const router = require('express').Router()
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slug = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
// Settings form
|
||||
router.route('/')
|
||||
|
|
|
@ -27,7 +27,7 @@ module.exports = {
|
|||
|
||||
init: (io) => {
|
||||
io.on('connection', (socket) => {
|
||||
debug(`${socket.ip} connected.`)
|
||||
debug(`${socket.ip||socket.id} connected.`)
|
||||
|
||||
// Set a few variables
|
||||
socket.ip = socket.client.request.headers['x-real-ip'];
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -20,19 +20,19 @@
|
|||
"minifier": "^0.8.1",
|
||||
"moment": "^2.22.2",
|
||||
"mongo-sanitize": "^1.0.0",
|
||||
"mongoose": "^4.13.14",
|
||||
"mongoose": "^4.13.15",
|
||||
"mongoose-unique-validator": "^1.0.6",
|
||||
"nodemailer": "^4.6.7",
|
||||
"nunjucks": "^3.1.3",
|
||||
"passport": "^0.3.2",
|
||||
"passport-facebook": "^2.1.1",
|
||||
"passport-facebook-token": "^3.3.0",
|
||||
"passport-google-id-token": "^0.4.3",
|
||||
"passport-google-id-token": "^0.4.5",
|
||||
"passport-google-oauth20": "^1.0.0",
|
||||
"passport-local": "^1.0.0",
|
||||
"passport-twitter": "^1.0.4",
|
||||
"passport-twitter-token": "^1.3.0",
|
||||
"request": "^2.87.0",
|
||||
"request": "^2.88.0",
|
||||
"slug": "^0.9.1",
|
||||
"socket.io": "^2.1.1",
|
||||
"socket.io-client": "^2.1.1",
|
||||
|
@ -50,7 +50,7 @@
|
|||
"less": "^3.0.1",
|
||||
"less-plugin-clean-css": "^1.5.1",
|
||||
"mocha": "^4.0.1",
|
||||
"mocha-froth": "^0.2.1",
|
||||
"mocha-froth": "^0.2.10",
|
||||
"nodemon": "^1.18.3",
|
||||
"nsp": "^3.2.1",
|
||||
"standard": "^10.0.3",
|
||||
|
|
Loading…
Reference in New Issue