mirror of https://gitgud.io/fatchan/jschan.git
parent
887ea41aec
commit
4e181ae712
6 changed files with 77 additions and 61 deletions
@ -0,0 +1,10 @@ |
||||
'use strict'; |
||||
|
||||
const configs = require(__dirname+'/../configs/main.json') |
||||
, { createHash } = require('crypto'); |
||||
|
||||
module.exports = (req, res, next) => { |
||||
const ip = req.headers['x-real-ip']; //need to consider forwarded-for, etc here and in nginx
|
||||
res.locals.ip = createHash('sha256').update(configs.ipHashSecret + ip).digest('base64'); |
||||
next(); |
||||
} |
@ -0,0 +1,17 @@ |
||||
'use strict'; |
||||
|
||||
const configs = require(__dirname+'/../configs/main.json') |
||||
, refererRegex = new RegExp(configs.refererRegex); |
||||
|
||||
module.exports = (req, res, next) => { |
||||
if (req.method !== 'POST') { |
||||
return next(); |
||||
} |
||||
if (configs.refererCheck === true && (!req.headers.referer || !req.headers.referer.match(refererRegex))) { |
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Invalid or missing "Referer" header. Are you posting from the correct URL?' |
||||
}); |
||||
} |
||||
next(); |
||||
} |
@ -0,0 +1,15 @@ |
||||
'use strict'; |
||||
|
||||
const { Accounts } = require(__dirname+'/../db/'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
if (req.session && req.session.authenticated === true) { |
||||
// keeping session updated incase user updated on global manage
|
||||
const account = await Accounts.findOne(req.session.user.username); |
||||
req.session.user = { |
||||
'username': account._id, |
||||
'authLevel': account.authLevel |
||||
}; |
||||
} |
||||
next(); |
||||
} |
Loading…
Reference in new issue