diff --git a/config.template.yaml b/config.template.yaml index f148a5ca..64afd7a3 100644 --- a/config.template.yaml +++ b/config.template.yaml @@ -97,7 +97,6 @@ io: # see https://github.com/andris9/Nodemailer mail: enabled: false - transport: 'SMTP' config: service: 'Gmail' auth: diff --git a/lib/config.js b/lib/config.js index 24fe7888..d489c302 100644 --- a/lib/config.js +++ b/lib/config.js @@ -59,7 +59,6 @@ var defaults = { }, mail: { enabled: false, - transport: "SMTP", /* the key "config" is omitted because the format depends on the service the owner is configuring for nodemailer */ "from-address": "some.user@gmail.com" @@ -215,7 +214,6 @@ function preprocessConfig(cfg) { // Setup nodemailer cfg.mail.nodemailer = nodemailer.createTransport( - cfg.mail.transport, cfg.mail.config ); diff --git a/lib/io/ioserver.js b/lib/io/ioserver.js index 8c8b2b94..09cb12b4 100644 --- a/lib/io/ioserver.js +++ b/lib/io/ioserver.js @@ -1,5 +1,5 @@ var sio = require("socket.io"); -var parseCookie = require("cookie").parse; +var cookieParser = require("cookie-parser")(); var Logger = require("../logger"); var db = require("../database"); var User = require("../user"); @@ -29,16 +29,17 @@ var ipCount = {}; function handleAuth(data, accept) { data.user = false; if (data.headers.cookie) { - data.cookie = parseCookie(data.headers.cookie); - var auth = data.cookie.auth; - db.users.verifyAuth(auth, function (err, user) { - if (!err) { - data.user = { - name: user.name, - global_rank: user.global_rank - }; - } - accept(null, true); + cookieParser(data, null, function () { + var auth = data.cookies.auth; + db.users.verifyAuth(auth, function (err, user) { + if (!err) { + data.user = { + name: user.name, + global_rank: user.global_rank + }; + } + accept(null, true); + }); }); } else { accept(null, true); diff --git a/lib/server.js b/lib/server.js index 1282145b..86a44dcb 100644 --- a/lib/server.js +++ b/lib/server.js @@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -const VERSION = "3.4.0"; +const VERSION = "3.5.0"; var singleton = null; var Config = require("./config"); @@ -53,7 +53,6 @@ var Server = function () { self.db = null; self.api = null; self.announcement = null; - self.httplog = null; self.infogetter = null; self.servers = {}; self.ioServers = {}; @@ -64,8 +63,6 @@ var Server = function () { self.db.init(); // webserver init ----------------------------------------------------- - self.httplog = new Logger.Logger(path.join(__dirname, - "../httpaccess.log")); self.express = express(); require("./web/webserver").init(self.express); diff --git a/lib/web/account.js b/lib/web/account.js index 1b2e0860..1d502dca 100644 --- a/lib/web/account.js +++ b/lib/web/account.js @@ -5,7 +5,6 @@ */ var webserver = require("./webserver"); -var logRequest = webserver.logRequest; var sendJade = require("./jade").sendJade; var Logger = require("../logger"); var db = require("../database"); @@ -21,7 +20,6 @@ function handleAccountEditPage(req, res) { return; } - logRequest(req); var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -45,7 +43,6 @@ function handleAccountEditPage(req, res) { * Handles a POST request to edit a user"s account */ function handleAccountEdit(req, res) { - logRequest(req); var action = req.body.action; switch(action) { case "change_password": @@ -187,7 +184,6 @@ function handleAccountChannelPage(req, res) { return; } - logRequest(req); var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -221,7 +217,6 @@ function handleAccountChannelPage(req, res) { * Handles a POST request to modify a user"s channels */ function handleAccountChannel(req, res) { - logRequest(req); var action = req.body.action; switch(action) { case "new_channel": @@ -240,7 +235,6 @@ function handleAccountChannel(req, res) { * Handles a request to register a new channel */ function handleNewChannel(req, res) { - logRequest(req); var name = req.body.name; if (typeof name !== "string") { @@ -338,8 +332,6 @@ function handleNewChannel(req, res) { * Handles a request to delete a new channel */ function handleDeleteChannel(req, res) { - logRequest(req); - var name = req.body.name; if (typeof name !== "string") { res.send(400); @@ -429,8 +421,6 @@ function handleAccountProfilePage(req, res) { return; } - logRequest(req); - var loginName = false; if (!req.cookies.auth) { return sendJade(res, "account-profile", { @@ -475,8 +465,6 @@ function handleAccountProfilePage(req, res) { * Handles a POST request to edit a profile */ function handleAccountProfile(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -535,8 +523,6 @@ function handlePasswordResetPage(req, res) { return; } - logRequest(req); - sendJade(res, "account-passwordreset", { reset: false, resetEmail: "", @@ -548,8 +534,6 @@ function handlePasswordResetPage(req, res) { * Handles a POST request to reset a user's password */ function handlePasswordReset(req, res) { - logRequest(req); - var name = req.body.name, email = req.body.email; @@ -668,8 +652,6 @@ function handlePasswordReset(req, res) { * Handles a request for /account/passwordrecover/ */ function handlePasswordRecover(req, res) { - logRequest(req); - var hash = req.params.hash; if (typeof hash !== "string") { res.send(400); diff --git a/lib/web/acp.js b/lib/web/acp.js index b9dbea9e..9a6ba158 100644 --- a/lib/web/acp.js +++ b/lib/web/acp.js @@ -8,7 +8,6 @@ var Config = require("../config"); function checkAdmin(cb) { return function (req, res) { - webserver.logRequest(req); var auth = req.cookies.auth; if (!auth) { res.send(403); diff --git a/lib/web/auth.js b/lib/web/auth.js index 210efde2..939badd1 100644 --- a/lib/web/auth.js +++ b/lib/web/auth.js @@ -201,7 +201,7 @@ function handleLogout(req, res) { ref = ""; } - var host = req.host; + var host = req.hostname; if (host.indexOf(Config.get("http.root-domain")) !== -1) { res.clearCookie("auth", { domain: Config.get("http.root-domain-dotted") }); res.clearCookie("rank", { domain: Config.get("http.root-domain-dotted") }); diff --git a/lib/web/webserver.js b/lib/web/webserver.js index 61d1332d..43df732e 100644 --- a/lib/web/webserver.js +++ b/lib/web/webserver.js @@ -9,26 +9,10 @@ var $util = require("../utilities"); var Logger = require("../logger"); var Config = require("../config"); var db = require("../database"); - -var httplog = new Logger.Logger(path.join(__dirname, "..", "..", "http.log")); - -var suspiciousPath = (/admin|adm|\.\.|\/etc\/passwd|\\x5c|%5c|0x5c|setup|install|php|pma|blog|sql|scripts|aspx?|database/ig); -/** - * Determines whether a request is suspected of being illegitimate - */ -function isSuspicious(req) { - // ZmEu is a penetration script - if (req.header("user-agent") && - req.header("user-agent").toLowerCase() === "zmeu") { - return true; - } - - if (req.path.match(suspiciousPath)) { - return true; - } - - return false; -} +var bodyParser = require("body-parser"); +var cookieParser = require("cookie-parser"); +var static = require("serve-static"); +var morgan = require("morgan"); /** * Extracts an IP address from a request. Uses X-Forwarded-For if the IP is localhost @@ -53,22 +37,6 @@ function ipForRequest(req) { return ip; } -/** - * Logs an HTTP request - */ -function logRequest(req, status) { - if (status === undefined) { - status = 200; - } - - httplog.log([ - ipForRequest(req), - req.method, - req.path, - req.header("user-agent") - ].join(" ")); -} - /** * Redirects a request to HTTPS if the server supports it */ @@ -102,14 +70,11 @@ function handleChannel(req, res) { } if (!$util.isValidChannelName(req.params.channel)) { - logRequest(req, 404); res.status(404); res.send("Invalid channel name '" + req.params.channel + "'"); return; } - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -138,8 +103,6 @@ function handleChannel(req, res) { * Handles a request for the index page */ function handleIndex(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -165,8 +128,6 @@ function handleIndex(req, res) { * Handles a request for the socket.io information */ function handleSocketConfig(req, res) { - logRequest(req); - res.type("application/javascript"); var sioconfig = Config.get("sioconfig"); @@ -188,8 +149,6 @@ function handleSocketConfig(req, res) { } function handleUserAgreement(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -203,8 +162,6 @@ function handleUserAgreement(req, res) { } function handleContactPage(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -239,48 +196,20 @@ function handleContactPage(req, res) { }); } -function static(dir) { - dir = path.join(__dirname, dir); - return function (req, res) { - try { - if (isSuspicious(req)) { - logRequest(req, 403); - res.status(403); - if (typeof req.header("user-agent") === "string" && - req.header("user-agent").toLowerCase() === "zmeu") { - res.send("This server disallows requests from ZmEu."); - } else { - res.send("The request " + req.method.toUpperCase() + " " + - req.path + " looks pretty fishy to me. Double check that " + - "you typed it correctly."); - } - return; - } - - res.sendfile(req.path.replace(/^\//, ""), { - maxAge: Config.get("http.cache-ttl") * 1000, - root: dir - }, function (err) { - logRequest(req); - if (err) { - res.send(err.status); - } - }); - } catch (e) { - Logger.errlog.log(e); - Logger.errlog.log(e.trace); - } - }; -} - module.exports = { /** * Initializes webserver callbacks */ init: function (app) { - app.use(express.json()); - app.use(express.urlencoded()); - app.use(express.cookieParser()); + app.use(bodyParser.urlencoded({ extended: false })); + app.use(cookieParser()); + app.use(morgan("combined", { + stream: require("fs").createWriteStream(path.join(__dirname, "..", "..", + "http.log"), { + flags: "a", + encoding: "utf-8" + }) + })); if (Config.get("http.minify")) { var cache = path.join(__dirname, "..", "..", "www", "cache") @@ -292,12 +221,7 @@ module.exports = { })); Logger.syslog.log("Enabled express-minify for CSS and JS"); } - /* Order here is important - * Since I placed /r/:channel above *, the function will - * not apply to the /r/:channel route. This prevents - * duplicate logging, since /r/:channel"s callback does - * its own logging - */ + app.get("/r/:channel", handleChannel); app.get("/", handleIndex); app.get("/sioconfig", handleSocketConfig); @@ -306,7 +230,7 @@ module.exports = { require("./auth").init(app); require("./account").init(app); require("./acp").init(app); - app.use(static(path.join("..", "..", "www"))); + app.use(static(path.join(__dirname, "..", "..", "www"))); app.use(function (err, req, res, next) { if (err) { if (err.message && err.message.match(/failed to decode param/i)) { @@ -320,8 +244,6 @@ module.exports = { }); }, - logRequest: logRequest, - ipForRequest: ipForRequest, redirectHttps: redirectHttps, diff --git a/package.json b/package.json index c3aefe54..2ede3b54 100644 --- a/package.json +++ b/package.json @@ -2,22 +2,25 @@ "author": "Calvin Montgomery", "name": "CyTube", "description": "Online media synchronizer and chat", - "version": "3.4.0", + "version": "3.5.0", "repository": { "url": "http://github.com/calzoneman/sync" }, "dependencies": { - "express": "~3.4.8", - "bcrypt": "~0.7.7", - "mysql": "~2.0.1", - "jade": "~1.1.5", - "socket.io": "~0.9.16", - "nodemailer": "~0.6.0", - "cookie": "~0.1.0", - "yamljs": "~0.1.4", - "express-minify": "0.0.7", - "q": "^1.0.0", + "bcrypt": "^0.8.0", + "body-parser": "^1.6.5", + "cookie-parser": "^1.3.2", + "express": "^4.8.5", + "express-minify": "0.0.11", + "jade": "^1.5.0", "json-typecheck": "^0.1.0", - "oauth": "^0.9.11" + "morgan": "^1.2.3", + "mysql": "^2.4.2", + "nodemailer": "^1.2.0", + "oauth": "^0.9.12", + "q": "^1.0.1", + "serve-static": "^1.5.3", + "socket.io": "~0.9.16", + "yamljs": "^0.1.5" } } diff --git a/www/js/theme.js b/www/js/theme.js index e5588b0e..0d1e38be 100644 --- a/www/js/theme.js +++ b/www/js/theme.js @@ -11,7 +11,7 @@ } } - if (theme == null || !theme.match(/^\/css\/themes\/\w+.css$/)) { + if (theme == null || !theme.match(/^\/css\/themes\/.+?.css$/)) { return; }