working pre-update

2025-04-26 03:20:54 +02:00 · 2025-04-26 03:20:54 +02:00 · 27a1817595
commit 27a1817595
parent 2233b4a44c
20 changed files with 134 additions and 1175 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,11 @@
 node_modules
 npm-debug.log
 .git
 .gitignore
 .env
 *.md
 logs
 *.log
 cookiesecret.txt
 mysql_password.txt
 views/
--- a/18
+++ b/18
@ -0,0 +1,18 @@
 FROM node:slim
 WORKDIR /app
 # Copy package files
 COPY package*.json ./
 # Install dependencies
 RUN npm install
 # Copy application code
 COPY . .
 # Expose ports
 EXPOSE 80
 # Start the application
 CMD ["node", "server.js"] 
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,35 @@
 services:
  app:
    build: .
    ports:
      - "23080:80"
    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=ipost
      - MYSQL_PASSWORD=ipost_password
      - MYSQL_DATABASE=ipost
    depends_on:
      - db
    volumes:
      - ./logs:/app/logs
      - ./server_config.json:/app/server_config.json
      - ./cookiesecret.txt:/app/cookiesecret.txt
      - ./mysql_password.txt:/app/mysql_password.txt
    restart: unless-stopped
  db:
    image: mysql:8.0
    environment:
      - MYSQL_ROOT_PASSWORD=root_password
      - MYSQL_DATABASE=ipost
      - MYSQL_USER=ipost
      - MYSQL_PASSWORD=ipost_password
    volumes:
      - mysql_data:/var/lib/mysql
      - ./createSchema.sql:/docker-entrypoint-initdb.d/createSchema.sql
    ports:
      - "3306:3306"
    restart: unless-stopped
 volumes:
  mysql_data: 
--- a/js/warn_message.js
+++ b/js/warn_message.js
@ -1,6 +1,6 @@
 const warn_messages = [
  ["%cDo not paste any text in here","background: red; color: yellow; font-size: x-large"],
-  ["Pasting anything in here may give others access to your account.",""]
+  ["Pasting anything in here may give others access to your account."]
 ]
 function warnmessage() {
  for (let message of warn_messages) {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -10,11 +10,9 @@
    "express-useragent": "^1.0.15",
    "hcaptcha": "^0.1.1",
    "hsts": "^2.2.0",
    "newrelic": "^9.15.0",
    "html-minifier-terser": "^7.2.0",
    "lru-cache": "^9.1.2",
    "mysql2": "^3.3.5",
    "newrelic": "^9.11.0",
    "sharp": "^0.30.7",
    "spdy": "^4.0.2",
    "swagger-autogen": "^2.23.1",
--- a/routes/userfiles.js
+++ b/routes/userfiles.js
@ -1,17 +1,17 @@
 import ejs from "ejs"
-import { LRUCache as LRU} from "lru-cache"
+import { LRUCache as LRU } from "lru-cache"
-import {minify as min_js} from "uglify-js"
+import { minify as min_js } from "uglify-js"
 import Clean from 'clean-css';
 import Minifier from 'html-minifier-terser';
 import { web_version } from "unsafe_encrypt";
-import {existsSync, readFileSync, readFile} from "fs"
+import { existsSync, readFileSync, readFile } from "fs"
 export const setup = function (router, con, server) {
    const increaseUSERCall = server.increaseUSERCall
    const dir = server.dirname + "/"
-    ejs.cache = new LRU({max:20})
+    ejs.cache = new LRU({ max: 20 })
    const load_var_cache = new LRU({
        max: 20,
@ -27,64 +27,64 @@ export const setup = function (router, con, server) {
    function load_var(filePath) {
        if (load_var_cache.has(filePath)) {
-          return load_var_cache.get(filePath);
+            return load_var_cache.get(filePath);
        }
        if (!existsSync(filePath)) {
-          console.log(1,'Tried loading non-existent file', filePath);
+            console.log(1, 'Tried loading non-existent file', filePath);
-          load_var_cache.set(filePath, '');
+            load_var_cache.set(filePath, '');
-          return '';
+            return '';
        }
        let output = readFileSync(filePath);
        if (filePath.endsWith('.js')) {
-          output = min_js(output.toString()).code;
+            output = min_js(output.toString()).code;
        } else if (filePath.endsWith('.css')) {
-          const { styles } = new Clean({}).minify(output.toString());
+            const { styles } = new Clean({}).minify(output.toString());
-          output = styles;
+            output = styles;
        }
        load_var_cache.set(filePath, output);
        return output;
    }
-    function get_channels(){
+    function get_channels() {
-        return new Promise(function(resolve, reject) {
+        return new Promise(function (resolve, reject) {
            let sql = `select post_receiver_name from ipost.posts where post_is_private = '0' group by post_receiver_name;`;
            con.query(sql, [], function (err, result) {
-                if (err)reject(err)
+                if (err) reject(err)
-    
+
                let out = []
-    
+
-                for(let channel of result){
+                for (let channel of result) {
-                    if(channel.post_receiver_name === "")continue;
+                    if (channel.post_receiver_name === "") continue;
                    out[out.length] = channel.post_receiver_name
                }
-    
+
                resolve(out)
            });
        })
    }
-    const appId_Cache = new LRU({max:20,ttl: 1000 * 60 * 15}) //cache for 15 minutes
+    const appId_Cache = new LRU({ max: 20, ttl: 1000 * 60 * 15 }) //cache for 15 minutes
    function getAppWithId(appid) {
        appid = Number(appid)
-        return new Promise((res,rej) => {
+        return new Promise((res, rej) => {
-            if(isNaN(appid)) {
+            if (isNaN(appid)) {
                res({})
                return
            }
-            if(appId_Cache.has(appid)) {
+            if (appId_Cache.has(appid)) {
                res(appId_Cache.get(appid) || {})
                return
            }
-            con.query("SELECT * FROM ipost.application WHERE application_id=?",[appid],(err,result) => {
+            con.query("SELECT * FROM ipost.application WHERE application_id=?", [appid], (err, result) => {
-                if(err) {
+                if (err) {
                    console.error(err)
                    rej({})
                    return
                }
-                appId_Cache.set(appid,result[0])
+                appId_Cache.set(appid, result[0])
                res(result[0] || {})
            })
        })
@ -101,7 +101,6 @@ export const setup = function (router, con, server) {
        getChannels: get_channels,
        encryptJS: min_js(web_version().toString()).code,
        cookiebanner: `<script id="cookieyes" type="text/javascript" src="https://cdn-cookieyes.com/client_data/3cf33f6b631f3587bf83813b/script.js" async></script>`,
        newrelic: load_var("./extra_modules/newrelic_monitor.html"),
        getPID: server.global_page_variables.getPID,
        getDMPID: server.global_page_variables.getDMPID,
        unauthorized_description: "Chat now by creating an account on IPost",
@ -109,24 +108,24 @@ export const setup = function (router, con, server) {
        getAppWithId: getAppWithId
    }
-    
+
    async function handleUserFiles(request, response, overrideurl) {
-        if (!increaseUSERCall(request, response))return;
+        if (!increaseUSERCall(request, response)) return;
-        if(typeof overrideurl !== "string")overrideurl = undefined;
+        if (typeof overrideurl !== "string") overrideurl = undefined;
-    
+
        let originalUrl = overrideurl
            || request.params.file
            || request.originalUrl.split("?").shift(); //backup in case anything goes wrong
-    
+
        let path = ""
        if (existsSync(dir + "views/" + originalUrl)) {
            path = dir + "views/" + originalUrl
            //send .txt files as plaintext to help browsers interpret it correctly
-            if(originalUrl.endsWith(".txt")) {
+            if (originalUrl.endsWith(".txt")) {
                response.set('Content-Type', 'text/plain');
-                readFile(path,(err,data)=> {
+                readFile(path, (err, data) => {
-                    if(err)return
+                    if (err) return
                    response.send(data)
                })
                return
@ -141,26 +140,26 @@ export const setup = function (router, con, server) {
        if (existsSync(dir + "views" + originalUrl + ".html")) {
            path = dir + "views" + originalUrl + ".html"
        }
-    
+
-        if(path !== "" && originalUrl !== "favicon.ico" && originalUrl !== "api_documentation" && originalUrl !== "api_documentation.html") {
+        if (path !== "" && originalUrl !== "favicon.ico" && originalUrl !== "api_documentation" && originalUrl !== "api_documentation.html") {
            console.log(originalUrl)
            global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
            global_page_variables.query = request.query
-            if(originalUrl === "authorize") {
+            if (originalUrl === "authorize") {
                global_page_variables.application = await getAppWithId(request.query.id)
            }
-            ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
+            ejs.renderFile(path, global_page_variables, { async: true }, async function (err, str) {
                str = await str
                err = await err
-                if(err) {
+                if (err) {
-                    console.log(1,err)
+                    console.log(1, err)
                    response.status(500)
                    response.send("error")
                    //TODO: make error page
                    return
                }
                try {
-                    str = await Minifier.minify(str,{
+                    str = await Minifier.minify(str, {
                        removeComments: true,
                        removeCommentsFromCDATA: true,
                        removeCDATASectionsFromCDATA: true,
@ -171,36 +170,36 @@ export const setup = function (router, con, server) {
                        useShortDoctype: true,
                        removeEmptyAttributes: true
                    })
-                } catch(ignored){
+                } catch (ignored) {
-                    console.log(2,"error minifying",originalUrl);
+                    console.log(2, "error minifying", originalUrl);
                }
-    
+
                try {
                    response.send(str)
-                } catch(err) {
+                } catch (err) {
                    console.error(err)
                }
            })
            return;
        }
-        if(originalUrl === "api_documentation" || originalUrl === "api_documentation.html") {
+        if (originalUrl === "api_documentation" || originalUrl === "api_documentation.html") {
            response.set('Cache-Control', 'public, max-age=2592000');
            response.set('Content-Type', 'text/html')
            response.send(load_var("./views/api_documentation.html"))
            return
        }
-        if(originalUrl === "favicon.ico") {
+        if (originalUrl === "favicon.ico") {
            response.set('Cache-Control', 'public, max-age=2592000');
            response.sendFile(dir + "/views/favicon.ico")
            return
        }
-        console.log(5,"no file found",originalUrl);
+        console.log(5, "no file found", originalUrl);
        try {
            response.status(404).send("No file with that name found");
-        } catch(err) {
+        } catch (err) {
            console.error(err)
        }
    }
@ -210,12 +209,12 @@ export const setup = function (router, con, server) {
    */
    router.get("/", (req, res) => {
        req.params.file = "index"
-        handleUserFiles(req,res,"/index")
+        handleUserFiles(req, res, "/index")
    });
    router.get("/:file", handleUserFiles);
    router.get("/:folder/:file", (req, res) => {
-        req.params.file = req.params.folder+"/"+req.params.file
+        req.params.file = req.params.folder + "/" + req.params.file
-        handleUserFiles(req,res)
+        handleUserFiles(req, res)
    });
 }
--- a/server.js
+++ b/server.js
@ -1,5 +1,3 @@
 import "newrelic"
 import http from "http";
 import express,{Router} from "express";
 import useragent from "express-useragent";
@ -14,7 +12,6 @@ import { readFileSync, appendFile } from "fs";
 import { format } from "util";
 import { setup as SETUP_ROUTES} from "./routes/setup_all_routes.js"
 import { verify as verifyHCaptcha_int } from "hcaptcha"
 import hsts from "hsts"
 import { ensureExists } from "./extra_modules/ensureExists.js"
@ -263,24 +260,14 @@ app.use(fileUpload({
    }
 }));
-const hstsMiddleware = hsts({
+app.use((_req, res, next) => {
    maxAge: 31536000,
    includeSubDomains: true,
    preload: true
 })
 app.use((req, res, next) => {
    res.set("x-powered-by", "ipost");
    res.set("X-Frame-Options","DENY");
    res.set("X-XSS-Protection","1; mode=block");
    res.set("X-Content-Type-Options","nosniff");
    res.set("Referrer-Policy","no-referrer");
-    if (req.secure) {
+    next()
      hstsMiddleware(req, res, next)
    } else {
      next()
    }
 })
 app.use(bodyParser.default.json({ limit: "100mb" }));
@ -312,18 +299,6 @@ app.use(function (_req, res, next) {
    next();
 });
 //auto redirect to https
 app.use((req, res, next) => {
    if (req.secure) {
        //already secure
        next();
    }
    else {
        //redirect to https
        res.redirect('https://' + req.headers.host + req.url);
    }
 });
 app.use("/*", function (req, res, next) {
    for (let i = 0; i < blocked_headers.length; i++) {
        if (req.header(blocked_headers[i]) !== undefined) {
@ -394,21 +369,9 @@ const httpServer = http.createServer(app);
 httpServer.listen(config["ports"]["http"], function () {
    console.log(5, "HTTP Server is listening");
 });
 const privateKey = readFileSync(config["ssl"]["privateKey"]).toString();
 const certificate = readFileSync(config["ssl"]["certificate"]).toString();
 const credentials = { key: privateKey, cert: certificate };
 var httpsServer;
 import spdy from "spdy"
 httpsServer = spdy.createServer(credentials,app)
 //httpsServer = https.createServer(credentials, app);
 httpsServer.listen(config["ports"]["https"], function () {
    console.log(5, "HTTPS Server is listening");
 });
 wss = new WebSocket({
-    server: httpsServer,
+    server: httpServer,
    perMessageDeflate: {
        zlibDeflateOptions: {
            chunkSize: 1024,
--- a/server_config.json
+++ b/server_config.json
@ -4,8 +4,8 @@
  "only_prefer_when_ip": "::ffff:127.0.0.1",
  "mysql": {
    "connections":1000,
-    "host":"localhost",
+    "host":"db",
-    "user":"root",
+    "user":"ipost",
    "password_file":"mysql_password.txt"
  },
  "cookies": {
@ -159,8 +159,8 @@
    "certificate" : "/etc/letsencrypt/live/ipost.rocks-0002/fullchain.pem"
  },
  "ports": {
-    "http": 9999,
+    "http": 80,
-    "https": 9998
+    "https": 443
  },
  "disallow_proxies_by_headers": true,
  "hcaptcha_secret": "0x0000000000000000000000000000000000000000",
--- a/views/PrivacyPolicy.html
+++ b/views/PrivacyPolicy.html
@ -4,7 +4,7 @@
    <meta charset="utf-8">
    <title>IPost Privacy Policy</title>
    <meta name="description" content="IPosts PrivacyPolicy">
-    <%- newrelic %>
+
    <script>
      <%- warnmessagejs %>
    </script>
--- a/views/ToS.html
+++ b/views/ToS.html
@ -3,7 +3,7 @@
  <head>
    <meta charset="utf-8">
    <title>IPost Terms of Service</title>
-    <%- newrelic %>
+
    <meta name="description" content="IPosts Terms of Service">
    <script src="/js/addnavbar.js" charset="utf-8"></script>
    <script src="/js/warn_message.js" charset="utf-8"></script>
--- a/views/dms.html
+++ b/views/dms.html
@ -11,7 +11,7 @@
    <% if(user.username === undefined) { %>
      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
    <% } %>
-    <%- newrelic %>
+
    <style>
      <%- globalcss %>
      <%- loadfile("./css/posts.css") %>
--- a/views/index.html
+++ b/views/index.html
@ -4,7 +4,6 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
 	<title>IPost</title>
  <meta name="description" content="<%-unauthorized_description%>">
  <%- newrelic %>
  <style>
    <%- globalcss %>
    <%- loadfile("./css/logon.css") %>
--- a/views/login.html
+++ b/views/login.html
@ -4,7 +4,7 @@
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login | IPost</title>
    <meta name="description" content="Chat on IPost by logging in today">
-    <%- newrelic %>
+
    <link rel="stylesheet" href="/css/logon.css">
    <script src="/js/warn_message.js" charset="utf-8"></script>
    <script src="/js/addnavbar.js" charset="utf-8"></script>
--- a/views/otheruser.html
+++ b/views/otheruser.html
@ -6,7 +6,7 @@
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>USERS Page</title>
      <meta name="description" content="view other users pages on IPost today">
-      <%- newrelic %>
+  
      <link rel="stylesheet" href="/css/style.css">
      <link rel="stylesheet" href="/css/global.css">
      <script src="/js/addnavbar.js" charset="utf-8"></script>
--- a/views/posts.html
+++ b/views/posts.html
@ -9,7 +9,7 @@
      <meta name="description" content="Chat on IPost now">
    <% } %>
    <title>Posts | IPost</title>
-    <%- newrelic %>
+
    <style>
      <%- globalcss %>
      <%- loadfile("./css/posts.css") %>
--- a/views/register.html
+++ b/views/register.html
@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en" dir="ltr">
 <head>
-    <%- newrelic %>
+
    <link rel="stylesheet" href="/css/logon.css">
    <script src="/js/warn_message.js" charset="utf-8"></script>
    <script src="/js/addnavbar.js" charset="utf-8"></script>
--- a/views/search.html
+++ b/views/search.html
@ -10,7 +10,7 @@
    <% } else { %>
      <meta name="description" content="search IPost now">
    <% } %>
-    <%- newrelic %>
+
    <link rel="stylesheet" href="/css/search.css">
    <script type="text/javascript" src="/js/htmlescape.js"></script>
    <link rel="stylesheet" href="/css/global.css">
--- a/views/settings.html
+++ b/views/settings.html
@ -13,7 +13,7 @@
    <% if(user.username === undefined) { %>
      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
    <% } %>
-    <%- newrelic %>
+
    <link rel="stylesheet" href="/css/style.css">
    <link rel="stylesheet" href="/css/global.css">
    <script src="/js/addnavbar.js" charset="utf-8"></script>
--- a/views/user.html
+++ b/views/user.html
@ -13,7 +13,7 @@
    <% if(user.username === undefined) { %>
      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
    <% } %>
-    <%- newrelic %>
+
    <style>
      <%- globalcss %>
      <%- loadfile("./css/style.css") %>