Merged hotfix-0.9.2 into develop
commit
e95db0eb2c
|
@ -6,6 +6,8 @@
|
||||||
* Fixed CSP rules
|
* Fixed CSP rules
|
||||||
* Improved debugging output
|
* Improved debugging output
|
||||||
* Tried to fix scrollwheel
|
* Tried to fix scrollwheel
|
||||||
|
* Fixed security audited npm packages
|
||||||
|
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||||
|
|
||||||
###### v0.9.0
|
###### v0.9.0
|
||||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||||
|
|
|
@ -6,7 +6,6 @@ node.js application to display a sharable map with user's location.
|
||||||
[![Travis Build Status](https://travis-ci.org/Tracman-org/Server.svg?branch=develop)](https://travis-ci.org/Tracman-org/Server)
|
[![Travis Build Status](https://travis-ci.org/Tracman-org/Server.svg?branch=develop)](https://travis-ci.org/Tracman-org/Server)
|
||||||
[![Coverage Status](https://coveralls.io/repos/github/Tracman-org/Server/badge.svg?branch=master)](https://coveralls.io/github/Tracman-org/Server?branch=master)
|
[![Coverage Status](https://coveralls.io/repos/github/Tracman-org/Server/badge.svg?branch=master)](https://coveralls.io/github/Tracman-org/Server?branch=master)
|
||||||
[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)
|
[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)
|
||||||
[![Snyk Vulnerabilities](https://snyk.io/test/github/Tracman-org/Server/badge.svg)](https://snyk.io/test/github/Tracman-org/Servr)
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
@ -61,12 +60,14 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
|
||||||
* Fixed CSP rules
|
* Fixed CSP rules
|
||||||
* Improved debugging output
|
* Improved debugging output
|
||||||
* Tried to fix scrollwheel
|
* Tried to fix scrollwheel
|
||||||
|
* Fixed security audited npm packages
|
||||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||||
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
|
* [#68](https://github.com/Tracman-org/Server/issues/68) Added tests, mostly for authentication
|
||||||
* [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files
|
* [#120](https://github.com/Tracman-org/Server/issues/120) Split config/routes/settings.js into two files
|
||||||
* Removed express validator and replaced with homegrown function
|
* Removed express validator and replaced with homegrown function
|
||||||
* Fixed showing welcome message on every login
|
* Fixed showing welcome message on every login
|
||||||
* Removed naked domains
|
* Removed naked domains
|
||||||
|
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||||
|
|
||||||
###### v0.8.x
|
###### v0.8.x
|
||||||
* Hotfixed service worker bugs
|
* Hotfixed service worker bugs
|
||||||
|
|
|
@ -5,10 +5,13 @@ const mail = require('../mail.js')
|
||||||
const User = require('../models.js').user
|
const User = require('../models.js').user
|
||||||
const crypto = require('crypto')
|
const crypto = require('crypto')
|
||||||
const moment = require('moment')
|
const moment = require('moment')
|
||||||
const slugify = require('slug')
|
|
||||||
const sanitize = require('mongo-sanitize')
|
const sanitize = require('mongo-sanitize')
|
||||||
const debug = require('debug')('tracman-routes-auth')
|
const debug = require('debug')('tracman-routes-auth')
|
||||||
const env = require('../env/env.js')
|
const env = require('../env/env.js')
|
||||||
|
// Trim slug to patch CVE-2017-16117
|
||||||
|
const slugify = function(s) {
|
||||||
|
return require('slug')(s.slice(0,99))
|
||||||
|
}
|
||||||
|
|
||||||
module.exports = (app, passport) => {
|
module.exports = (app, passport) => {
|
||||||
|
|
||||||
|
@ -317,14 +320,14 @@ module.exports = (app, passport) => {
|
||||||
to: mail.to(user),
|
to: mail.to(user),
|
||||||
subject: 'Reset your Tracman password',
|
subject: 'Reset your Tracman password',
|
||||||
text: mail.text(
|
text: mail.text(
|
||||||
`Hi, \n\nDid you request to reset your Tracman password? \
|
`Did you request to reset your Tracman password? \
|
||||||
If so, follow this link to do so:\
|
If so, follow this link to do so:\
|
||||||
\n${env.url}/account/password/${token}\n\n\
|
\n${env.url}/account/password/${token}\n\n\
|
||||||
This link will expire at ${expiration_time_string}. \n\n\
|
This link will expire at ${expiration_time_string}. \n\n\
|
||||||
If you didn't initiate this request, just ignore this email. \n\n`
|
If you didn't initiate this request, just ignore this email. \n\n`
|
||||||
),
|
),
|
||||||
html: mail.html(
|
html: mail.html(
|
||||||
`<p>Hi, </p><p>Did you request to reset your Tracman password? \
|
`<p>Did you request to reset your Tracman password? \
|
||||||
If so, follow this link to do so:<br>\
|
If so, follow this link to do so:<br>\
|
||||||
<a href="${env.url}/account/password/${token}">\
|
<a href="${env.url}/account/password/${token}">\
|
||||||
${env.url}/account/password/${token}</a>. \
|
${env.url}/account/password/${token}</a>. \
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
'use strict'
|
'use strict'
|
||||||
|
|
||||||
const router = require('express').Router()
|
const router = require('express').Router()
|
||||||
const slug = require('slug')
|
|
||||||
const xss = require('xss')
|
const xss = require('xss')
|
||||||
const User = require('../models.js').user
|
const User = require('../models.js').user
|
||||||
|
// Trim slug to patch CVE-2017-16117
|
||||||
|
const slug = function(s) {
|
||||||
|
return require('slug')(s.slice(0,99))
|
||||||
|
}
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,16 @@
|
||||||
'use strict'
|
'use strict'
|
||||||
|
|
||||||
const slug = require('slug')
|
|
||||||
const xss = require('xss')
|
const xss = require('xss')
|
||||||
const mw = require('../middleware.js')
|
const mw = require('../middleware.js')
|
||||||
const User = require('../models.js').user
|
const User = require('../models.js').user
|
||||||
const mail = require('../mail.js')
|
const mail = require('../mail.js')
|
||||||
const env = require('../env/env.js')
|
const env = require('../env/env.js')
|
||||||
const sanitize = require('mongo-sanitize')
|
|
||||||
const debug = require('debug')('tracman-routes-settings')
|
const debug = require('debug')('tracman-routes-settings')
|
||||||
const router = require('express').Router()
|
const router = require('express').Router()
|
||||||
|
// Trim slug to patch CVE-2017-16117
|
||||||
|
const slug = function(s) {
|
||||||
|
return require('slug')(s.slice(0,99))
|
||||||
|
}
|
||||||
|
|
||||||
// Settings form
|
// Settings form
|
||||||
router.route('/')
|
router.route('/')
|
||||||
|
|
|
@ -27,7 +27,7 @@ module.exports = {
|
||||||
|
|
||||||
init: (io) => {
|
init: (io) => {
|
||||||
io.on('connection', (socket) => {
|
io.on('connection', (socket) => {
|
||||||
debug(`${socket.ip} connected.`)
|
debug(`${socket.ip||socket.id} connected.`)
|
||||||
|
|
||||||
// Set a few variables
|
// Set a few variables
|
||||||
socket.ip = socket.client.request.headers['x-real-ip'];
|
socket.ip = socket.client.request.headers['x-real-ip'];
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -20,19 +20,19 @@
|
||||||
"minifier": "^0.8.1",
|
"minifier": "^0.8.1",
|
||||||
"moment": "^2.22.2",
|
"moment": "^2.22.2",
|
||||||
"mongo-sanitize": "^1.0.0",
|
"mongo-sanitize": "^1.0.0",
|
||||||
"mongoose": "^4.13.14",
|
"mongoose": "^4.13.15",
|
||||||
"mongoose-unique-validator": "^1.0.6",
|
"mongoose-unique-validator": "^1.0.6",
|
||||||
"nodemailer": "^4.6.7",
|
"nodemailer": "^4.6.7",
|
||||||
"nunjucks": "^3.1.3",
|
"nunjucks": "^3.1.3",
|
||||||
"passport": "^0.3.2",
|
"passport": "^0.3.2",
|
||||||
"passport-facebook": "^2.1.1",
|
"passport-facebook": "^2.1.1",
|
||||||
"passport-facebook-token": "^3.3.0",
|
"passport-facebook-token": "^3.3.0",
|
||||||
"passport-google-id-token": "^0.4.3",
|
"passport-google-id-token": "^0.4.5",
|
||||||
"passport-google-oauth20": "^1.0.0",
|
"passport-google-oauth20": "^1.0.0",
|
||||||
"passport-local": "^1.0.0",
|
"passport-local": "^1.0.0",
|
||||||
"passport-twitter": "^1.0.4",
|
"passport-twitter": "^1.0.4",
|
||||||
"passport-twitter-token": "^1.3.0",
|
"passport-twitter-token": "^1.3.0",
|
||||||
"request": "^2.87.0",
|
"request": "^2.88.0",
|
||||||
"slug": "^0.9.1",
|
"slug": "^0.9.1",
|
||||||
"socket.io": "^2.1.1",
|
"socket.io": "^2.1.1",
|
||||||
"socket.io-client": "^2.1.1",
|
"socket.io-client": "^2.1.1",
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
"less": "^3.0.1",
|
"less": "^3.0.1",
|
||||||
"less-plugin-clean-css": "^1.5.1",
|
"less-plugin-clean-css": "^1.5.1",
|
||||||
"mocha": "^4.0.1",
|
"mocha": "^4.0.1",
|
||||||
"mocha-froth": "^0.2.1",
|
"mocha-froth": "^0.2.10",
|
||||||
"nodemon": "^1.18.3",
|
"nodemon": "^1.18.3",
|
||||||
"nsp": "^3.2.1",
|
"nsp": "^3.2.1",
|
||||||
"standard": "^10.0.3",
|
"standard": "^10.0.3",
|
||||||
|
|
|
@ -93,6 +93,7 @@ let ready_promise_list = []
|
||||||
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2',
|
'https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2',
|
||||||
],
|
],
|
||||||
'img-src': ["'self'",
|
'img-src': ["'self'",
|
||||||
|
'data:', // For icons on map
|
||||||
'https://www.google-analytics.com',
|
'https://www.google-analytics.com',
|
||||||
'https://maps.gstatic.com',
|
'https://maps.gstatic.com',
|
||||||
'https://*.googleapis.com',
|
'https://*.googleapis.com',
|
||||||
|
|
Loading…
Reference in New Issue