code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

removed helmet

Browse Source 
added "x-powered-by" header with value "ZeroTwoHub"
added "DID_I_FINALLY_ADD_HTTPS" which sets the secure value of the 
cookies
This commit is contained in:
Mystikfluu 2022-04-20 23:56:57 +02:00
parent 2c9f27b8de
commit 72b78ebd14
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server.js
View File

@ -13,10 +13,11 @@ const cookieParser = require('cookie-parser');
const signature = require('cookie-signature') const signature = require('cookie-signature')
const mysql = require('mysql'); const mysql = require('mysql');
const csurf = require("csurf"); const csurf = require("csurf");
const helmet = require("helmet");
const csrfProtection = csurf({ cookie: true }) const csrfProtection = csurf({ cookie: true })
const DID_I_FINALLY_ADD_HTTPS = false
const con = mysql.createConnection({ const con = mysql.createConnection({
host: "localhost", host: "localhost",
user: fs.readFileSync("mysql_user.txt").toString(), user: fs.readFileSync("mysql_user.txt").toString(),
@ -122,7 +123,6 @@ function increaseUSERCall(req,res,next) {
return true return true
} }
app.use(helmet());
app.use(useragent.express()); app.use(useragent.express());
app.use(fileUpload()) app.use(fileUpload())
app.use(bodyParser.json({ limit: "100mb" })); app.use(bodyParser.json({ limit: "100mb" }));
@ -130,6 +130,11 @@ app.use(bodyParser.urlencoded({ limit: "100mb", extended: true }));
app.use(clientErrorHandler); app.use(clientErrorHandler);
app.use(cookieParser(cookiesecret)); app.use(cookieParser(cookiesecret));
app.use("/*",function(req,res,next){
res.set("x-powered-by","ZeroTwoHub")
next()
})
router.get("/",function(req,res) { router.get("/",function(req,res) {
if(!increaseUSERCall(req,res))return if(!increaseUSERCall(req,res))return
res.sendFile(dir+"views/index.html") res.sendFile(dir+"views/index.html")
@ -265,7 +270,7 @@ router.post("/register",async function(req,res) {
let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
let setTo = username + " " + SHA256(password) let setTo = username + " " + SHA256(password)
let cookiesigned = signature.sign(setTo, cookiesecret+ip); let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
}); });
}) })
@ -310,7 +315,7 @@ router.post("/login",async function(req,res) {
let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
let setTo = username + " " + SHA256(password) let setTo = username + " " + SHA256(password)
let cookiesigned = signature.sign(setTo, cookiesecret+ip); let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
} else { } else {
res.redirect("/login?success=false") res.redirect("/login?success=false")