From 88236e036c1ec4a33d1e329641efdd13ef5342d5 Mon Sep 17 00:00:00 2001
From: calzoneman <calzoneman@gmail.com>
Date: Tue, 27 Oct 2015 20:44:40 -0700
Subject: [PATCH] Add better error pages

---
 src/web/httpstatus.js     |  1 +
 src/web/routes/channel.js |  2 +-
 src/web/webserver.js      | 20 +++++++++++++++++---
 templates/csrferror.jade  |  3 ++-
 templates/httperror.jade  | 36 ++++++++++++++++++++++++++++++++++++
 5 files changed, 57 insertions(+), 5 deletions(-)
 create mode 100644 templates/httperror.jade

diff --git a/src/web/httpstatus.js b/src/web/httpstatus.js
index eaba24d3..b2e2430d 100644
--- a/src/web/httpstatus.js
+++ b/src/web/httpstatus.js
@@ -1,3 +1,4 @@
 export const BAD_REQUEST = 400;
 export const FORBIDDEN = 403;
+export const NOT_FOUND = 404;
 export const INTERNAL_SERVER_ERROR = 500;
diff --git a/src/web/routes/channel.js b/src/web/routes/channel.js
index 4a185f3e..8fcf1dea 100644
--- a/src/web/routes/channel.js
+++ b/src/web/routes/channel.js
@@ -7,7 +7,7 @@ import { HTTPError } from '../../errors';
 export default function initialize(app, ioConfig) {
     app.get('/r/:channel', (req, res) => {
         if (!req.params.channel || !CyTubeUtil.isValidChannelName(req.params.channel)) {
-            throw new HTTPError(`"${sanitizeText(req.params.channel)} is not a valid ` +
+            throw new HTTPError(`"${sanitizeText(req.params.channel)}" is not a valid ` +
                     'channel name.', { status: HTTPStatus.BAD_REQUEST });
         }
 
diff --git a/src/web/webserver.js b/src/web/webserver.js
index 0b4bdc0a..c0c4b586 100644
--- a/src/web/webserver.js
+++ b/src/web/webserver.js
@@ -17,7 +17,7 @@ var session = require("../session");
 var csrf = require("./csrf");
 var XSS = require("../xss");
 import * as HTTPStatus from './httpstatus';
-import { CSRFError } from '../errors';
+import { CSRFError, HTTPError } from '../errors';
 
 const LOG_FORMAT = ':real-address - :remote-user [:date] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent"';
 morgan.token('real-address', function (req) { return req._ip; });
@@ -211,11 +211,19 @@ module.exports = {
         app.use(serveStatic(path.join(__dirname, "..", "..", "www"), {
             maxAge: Config.get("http.max-age") || Config.get("http.cache-ttl")
         }));
+        app.use((req, res, next) => {
+            return next(new HTTPError(`No route for ${req.path}`, {
+                status: HTTPStatus.NOT_FOUND
+            }));
+        });
         app.use(function (err, req, res, next) {
             if (err) {
                 if (err instanceof CSRFError) {
                     res.status(HTTPStatus.FORBIDDEN);
-                    return sendJade(res, 'csrferror', { path: req.path });
+                    return sendJade(res, 'csrferror', {
+                        path: req.path,
+                        referer: req.header('referer')
+                    });
                 }
 
                 let { message, status } = err;
@@ -226,11 +234,17 @@ module.exports = {
                     message = 'An unknown error occurred.';
                 }
 
+                // Log 5xx (server) errors
                 if (Math.floor(status / 100) === 5) {
                     Logger.errlog.log(err.stack);
                 }
 
-                return res.status(status).send(message);
+                res.status(status);
+                return sendJade(res, 'httperror', {
+                    path: req.path,
+                    status: status,
+                    message: message
+                });
             } else {
                 next();
             }
diff --git a/templates/csrferror.jade b/templates/csrferror.jade
index b67bd428..a3a8add3 100644
--- a/templates/csrferror.jade
+++ b/templates/csrferror.jade
@@ -24,7 +24,8 @@ html(lang="en")
                 li A malicious user has attempted to tamper with your session
                 li Your browser does not support cookies, or they are not enabled
               | If the problem persists, please contact an administrator.
-            a(href=path) Return to previous page
+            if referer
+              a(href=referer) Return to previous page
 
     include footer
     mixin footer()
diff --git a/templates/httperror.jade b/templates/httperror.jade
new file mode 100644
index 00000000..5ac23c71
--- /dev/null
+++ b/templates/httperror.jade
@@ -0,0 +1,36 @@
+mixin notfound()
+  h1 Not Found
+  p The page you were looking for doesn't seem to exist.  Please check that you typed the URL correctly.
+mixin forbidden()
+  h1 Forbidden
+  p You don't have permission to access <code>#{path}</code>
+mixin genericerror()
+  h1 Oops
+  p Your request could not be processed.  Status code: <code>#{status}</code>, message: <code>#{message}</code>
+doctype html
+html(lang="en")
+  head
+    include head
+    mixin head()
+  body
+    #wrap
+      nav.navbar.navbar-inverse.navbar-fixed-top(role="navigation")
+        include nav
+        mixin navheader()
+        #nav-collapsible.collapse.navbar-collapse
+          ul.nav.navbar-nav
+            mixin navdefaultlinks(path)
+          mixin navloginlogout(path)
+
+      section#mainpage.container
+        .col-md-12
+          .alert.alert-danger
+            if status == 404
+              mixin notfound()
+            else if status == 403
+              mixin forbidden()
+            else
+              mixin genericerror()
+
+    include footer
+    mixin footer()