v2.1.0 (#293)

* Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com>
2025-06-18 10:06:26 +00:00 · 2020-02-19 15:55:06 +11:00
parent bf036cbb88
commit bb0f4bfa62
517 changed files with 26256 additions and 11724 deletions
--- a/backend/app.js
+++ b/backend/app.js
@ -0,0 +1,90 @@
+const express     = require('express');
+const bodyParser  = require('body-parser');
+const fileUpload  = require('express-fileupload');
+const compression = require('compression');
+const log         = require('./logger').express;
+
+/**
+ * App
+ */
+const app = express();
+app.use(fileUpload());
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({extended: true}));
+
+// Gzip
+app.use(compression());
+
+/**
+ * General Logging, BEFORE routes
+ */
+
+app.disable('x-powered-by');
+app.enable('trust proxy', ['loopback', 'linklocal', 'uniquelocal']);
+app.enable('strict routing');
+
+// pretty print JSON when not live
+if (process.env.NODE_ENV !== 'production') {
+	app.set('json spaces', 2);
+}
+
+// CORS for everything
+app.use(require('./lib/express/cors'));
+
+// General security/cache related headers + server header
+app.use(function (req, res, next) {
+	let x_frame_options = 'DENY';
+
+	if (typeof process.env.X_FRAME_OPTIONS !== 'undefined' && process.env.X_FRAME_OPTIONS) {
+		x_frame_options = process.env.X_FRAME_OPTIONS;
+	}
+
+	res.set({
+		'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
+		'X-XSS-Protection':          '1; mode=block',
+		'X-Content-Type-Options':    'nosniff',
+		'X-Frame-Options':           x_frame_options,
+		'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',
+		Pragma:                      'no-cache',
+		Expires:                     0
+	});
+	next();
+});
+
+app.use(require('./lib/express/jwt')());
+app.use('/', require('./routes/api/main'));
+
+// production error handler
+// no stacktraces leaked to user
+// eslint-disable-next-line
+app.use(function (err, req, res, next) {
+
+	let payload = {
+		error: {
+			code:    err.status,
+			message: err.public ? err.message : 'Internal Error'
+		}
+	};
+
+	if (process.env.NODE_ENV === 'development') {
+		payload.debug = {
+			stack:    typeof err.stack !== 'undefined' && err.stack ? err.stack.split('\n') : null,
+			previous: err.previous
+		};
+	}
+
+	// Not every error is worth logging - but this is good for now until it gets annoying.
+	if (typeof err.stack !== 'undefined' && err.stack) {
+		if (process.env.NODE_ENV === 'development') {
+			log.debug(err.stack);
+		} else if (typeof err.public == 'undefined' || !err.public) {
+			log.warn(err.message);
+		}
+	}
+
+	res
+		.status(err.status || 500)
+		.send(payload);
+});
+
+module.exports = app;