fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jschan - Anonymous imageboard software. Classic look, modern features and feel. Works without JavaScript and supports Tor, I2P, Lokinet, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
400 Commits
5 Branches
66 Tags
53 MiB
Tag: Branch: Tree: 686fe0d7b3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '686fe0d7b3'
${ noResults }
jschan/server.js

136 lines
3.3 KiB
Raw Normal View History Unescape

First commit
5 years ago
'use strict';
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
process
.on('uncaughtException', console.error)
.on('unhandledRejection', console.error);
First commit
5 years ago
backlinking refactor, remove helmet from server since its basically useless
5 years ago
const express = require('express')
, session = require('express-session')
First commit
5 years ago
, MongoStore = require('connect-mongo')(session)
backlinking refactor, remove helmet from server since its basically useless
5 years ago
, path = require('path')
, app = express()
First commit
5 years ago
, bodyParser = require('body-parser')
, cookieParser = require('cookie-parser')
, configs = require(__dirname+'/configs/main.json')
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
, refererRegex = new RegExp(configs.refererRegex)
ip hash and fix inaccessible ip in report/globalreport for actionhandler
5 years ago
, Mongo = require(__dirname+'/db/db.js')
separate ratelimits from captchas
5 years ago
, { createHash } = require('crypto');
First commit
5 years ago
(async () => {
disable useless x-powered header, and log node env on startup
5 years ago
console.log('Starting in mode:', process.env.NODE_ENV);
First commit
5 years ago
// let db connect
disable useless x-powered header, and log node env on startup
5 years ago
console.log('connecting to db');
First commit
5 years ago
await Mongo.connect();
disable useless x-powered header, and log node env on startup
5 years ago
// disable useless express header
app.disable('x-powered-by');
backlinking refactor, remove helmet from server since its basically useless
5 years ago
// parse forms
First commit
5 years ago
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
backlinking refactor, remove helmet from server since its basically useless
5 years ago
//parse cookies
app.use(cookieParser());
First commit
5 years ago
// session store
app.use(session({
secret: configs.sessionSecret,
store: new MongoStore({ db: Mongo.client.db('sessions') }),
resave: false,
samesite, secure and htponly for cookies
5 years ago
saveUninitialized: false,
cookie: {
httpOnly: true,
secure: true,
strict samesite instead of lax
5 years ago
sameSite: 'strict',
samesite, secure and htponly for cookies
5 years ago
}
First commit
5 years ago
}));
backlinking refactor, remove helmet from server since its basically useless
5 years ago
//trust proxy for nginx
app.set('trust proxy', 1);
First commit
5 years ago
referrer header POST check/rejection
5 years ago
//referer header check
app.use((req, res, next) => {
ip hash and fix inaccessible ip in report/globalreport for actionhandler
5 years ago
const ip = req.headers['x-real-ip'] || req.connection.remoteAddress
const ipHash = createHash('sha256').update(configs.ipHashSecret + ip).digest('base64');
res.locals.ip = ipHash;
referrer header POST check/rejection
5 years ago
if (req.method !== 'POST') {
return next();
}
config to disable referrer check for local dev environment
5 years ago
if (configs.refererCheck === true && (!req.headers.referer || !req.headers.referer.match(refererRegex))) {
referrer header POST check/rejection
5 years ago
return res.status(403).render('message', {
'title': 'Forbidden',
'message': 'Invalid or missing "Referer" header. Are you posting from the correct URL?'
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
});
referrer header POST check/rejection
5 years ago
}
next();
})
First commit
5 years ago
// use pug view engine
app.set('view engine', 'pug');
app.set('views', path.join(__dirname, 'views/pages'));
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
if (configs.cacheTemplates === true) {
app.enable('view cache');
}
First commit
5 years ago
// routes
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
app.use('/forms', require(__dirname+'/controllers/forms.js'));
app.use('/', require(__dirname+'/controllers/pages.js'));
First commit
5 years ago
gulp to minify, remove static file serving -- using nginx instead
5 years ago
//404 catchall
First commit
5 years ago
app.get('*', (req, res) => {
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
res.status(404).render('404');
First commit
5 years ago
})
correct recent sorting, no more class for Posts and fix 404 loop
5 years ago
// catch any unhandled errors
First commit
5 years ago
app.use((err, req, res, next) => {
if (err.code === 'EBADCSRFTOKEN') {
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
return res.status(403).send('Invalid CSRF token');
First commit
5 years ago
}
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
console.error(err.stack);
global and board IP bans, improved error handling, improved permissions checks
5 years ago
return res.status(500).render('message', {
'title': 'Internal Server Error',
referrer header POST check/rejection
5 years ago
'redirect': req.headers.referer || '/'
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
});
First commit
5 years ago
})
correct recent sorting, no more class for Posts and fix 404 loop
5 years ago
// listen
server graceful reload with PM2 and close on sigints
5 years ago
const server = app.listen(configs.port, '127.0.0.1', () => {
improve ecosystem file and only signal PM2 _after_ listening
5 years ago
backlinking refactor, remove helmet from server since its basically useless
5 years ago
console.log(`listening on port ${configs.port}`);
First commit
5 years ago
improve ecosystem file and only signal PM2 _after_ listening
5 years ago
//let PM2 know that this is ready (for graceful reloads)
if (typeof process.send === 'function') { //make sure we are a child process
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
console.info('sending ready signal to PM2');
improve ecosystem file and only signal PM2 _after_ listening
5 years ago
process.send('ready');
}
});
server graceful reload with PM2 and close on sigints
5 years ago
process.on('SIGINT', () => {
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
console.info('SIGINT signal received');
server graceful reload with PM2 and close on sigints
5 years ago
// Stops the server from accepting new connections and finishes existing connections.
server.close((err) => {
// if error, log and exit with error (1 code)
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
console.info('closing http server');
server graceful reload with PM2 and close on sigints
5 years ago
if (err) {
console.error(err);
process.exit(1);
}
// close database connection
improved configuration options -- settings for opengraph url/sitename and render template cache
5 years ago
console.info('closing db connection');
server graceful reload with PM2 and close on sigints
5 years ago
Mongo.client.close();
// now close without error
process.exit(0);
})
})
First commit
5 years ago
})();