From 72b78ebd1445f822186dbbe651d90da76d448f1f Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Wed, 20 Apr 2022 23:56:57 +0200
Subject: [PATCH] removed helmet added "x-powered-by" header with value
 "ZeroTwoHub" added "DID_I_FINALLY_ADD_HTTPS" which sets the secure value of
 the cookies

---
 server.js | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/server.js b/server.js
index 0de354f..2c5c26b 100644
--- a/server.js
+++ b/server.js
@@ -13,10 +13,11 @@ const cookieParser = require('cookie-parser');
 const signature = require('cookie-signature')
 const mysql = require('mysql');
 const csurf = require("csurf");
-const helmet = require("helmet");
 
 const csrfProtection = csurf({ cookie: true })
 
+const DID_I_FINALLY_ADD_HTTPS = false
+
 const con = mysql.createConnection({
   host: "localhost",
   user: fs.readFileSync("mysql_user.txt").toString(),
@@ -122,7 +123,6 @@ function increaseUSERCall(req,res,next) {
   return true
 }
 
-app.use(helmet());
 app.use(useragent.express());
 app.use(fileUpload())
 app.use(bodyParser.json({ limit: "100mb" }));
@@ -130,6 +130,11 @@ app.use(bodyParser.urlencoded({ limit: "100mb", extended: true }));
 app.use(clientErrorHandler);
 app.use(cookieParser(cookiesecret));
 
+app.use("/*",function(req,res,next){
+  res.set("x-powered-by","ZeroTwoHub")
+  next()
+})
+
 router.get("/",function(req,res) {
   if(!increaseUSERCall(req,res))return
   res.sendFile(dir+"views/index.html")
@@ -265,7 +270,7 @@ router.post("/register",async function(req,res) {
       let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
       let setTo = username + " " + SHA256(password)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
-      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true });
+      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
       res.redirect("/user?success=true")
     });
   })
@@ -310,7 +315,7 @@ router.post("/login",async function(req,res) {
       let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
       let setTo = username + " " + SHA256(password)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
-      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true });
+      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
       res.redirect("/user?success=true")
     } else {
       res.redirect("/login?success=false")