From 0683e319631f107f313958c90e372c5107a6599e Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Thu, 27 Jan 2022 15:49:25 +1100 Subject: [PATCH 1/4] update package-lock --- package-lock.json | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index dc39d37e..5616097d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6271,9 +6271,9 @@ "optional": true }, "node_modules/nanoid": { - "version": "3.1.30", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz", - "integrity": "sha512-zJpuPDwOv8D2zq2WRoMe1HsfZthVewpel9CAvTfc/2mBD1uUT/agc5f7GHGWXlYkFvi1mVxe4IjvP2HNrop7nQ==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.2.0.tgz", + "integrity": "sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA==", "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -6364,14 +6364,22 @@ "integrity": "sha512-mmcei9JghVNDYydghQmeDX8KoAm0FAiYyIcUt/N4nhyAipB17pllZQDOJD2fotxABnt4Mdz+dKTO7eftLg4d0A==" }, "node_modules/node-fetch": { - "version": "2.6.5", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.5.tgz", - "integrity": "sha512-mmlIVHJEu5rnIxgEgez6b9GgWXbkZj5YZ7fx+2r94a2E+Uirsp6HsPTPlomfdHtpt/B0cdKviwkoaM6pyvUOpQ==", + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", "dependencies": { "whatwg-url": "^5.0.0" }, "engines": { "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } } }, "node_modules/node-unzip-2": { @@ -15151,9 +15159,9 @@ "optional": true }, "nanoid": { - "version": "3.1.30", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz", - "integrity": "sha512-zJpuPDwOv8D2zq2WRoMe1HsfZthVewpel9CAvTfc/2mBD1uUT/agc5f7GHGWXlYkFvi1mVxe4IjvP2HNrop7nQ==" + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.2.0.tgz", + "integrity": "sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA==" }, "nanomatch": { "version": "1.2.13", @@ -15222,9 +15230,9 @@ "integrity": "sha512-mmcei9JghVNDYydghQmeDX8KoAm0FAiYyIcUt/N4nhyAipB17pllZQDOJD2fotxABnt4Mdz+dKTO7eftLg4d0A==" }, "node-fetch": { - "version": "2.6.5", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.5.tgz", - "integrity": "sha512-mmlIVHJEu5rnIxgEgez6b9GgWXbkZj5YZ7fx+2r94a2E+Uirsp6HsPTPlomfdHtpt/B0cdKviwkoaM6pyvUOpQ==", + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", "requires": { "whatwg-url": "^5.0.0" } From 4f5e996cc6ad541f7fb312f49112d223959882bd Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sat, 29 Jan 2022 00:42:14 +1100 Subject: [PATCH 2/4] actually, i think this is all it needs close #421 --- helpers/schema.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers/schema.js b/helpers/schema.js index 9baf07f6..da89be38 100644 --- a/helpers/schema.js +++ b/helpers/schema.js @@ -54,7 +54,7 @@ module.exports = { //the opposite kinda, check if the data includes any of the values in the array arrayInBody: (filters, data) => { - return filters.some(filter => data.includes(filter)); + return data && filters.some(filter => data.includes(filter)); }, //check the actual schema From 5e15e5cdd5285b8b672dfc2258d298aac7865030 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sat, 29 Jan 2022 00:53:35 +1100 Subject: [PATCH 3/4] csrf token only fetch, for API and will be added to jschan-docs --- configs/nginx/snippets/jschan_common_routes.conf | 2 +- controllers/pages.js | 3 ++- models/pages/csrf.js | 9 +++++++++ models/pages/index.js | 1 + 4 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 models/pages/csrf.js diff --git a/configs/nginx/snippets/jschan_common_routes.conf b/configs/nginx/snippets/jschan_common_routes.conf index 43c9859c..0203a2f7 100644 --- a/configs/nginx/snippets/jschan_common_routes.conf +++ b/configs/nginx/snippets/jschan_common_routes.conf @@ -29,7 +29,7 @@ location /captcha { } # authed, no cache pages -location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create)\.(html|json)$ { +location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create|csrf)\.(html|json)$ { expires 0; try_files /dev/null @backend-private; } diff --git a/controllers/pages.js b/controllers/pages.js index 81692217..1c87a4ff 100644 --- a/controllers/pages.js +++ b/controllers/pages.js @@ -22,7 +22,7 @@ const express = require('express') globalManageRecent, globalManageAccounts, globalManageNews, globalManageLogs } = require(__dirname+'/../models/pages/globalmanage/') , { changePassword, blockBypass, home, register, login, create, board, catalog, banners, randombanner, news, captchaPage, overboard, overboardCatalog, - captcha, thread, modlog, modloglist, account, boardlist, customPage } = require(__dirname+'/../models/pages/') + captcha, thread, modlog, modloglist, account, boardlist, customPage, csrfPage } = require(__dirname+'/../models/pages/') , threadParamConverter = paramConverter({ processThreadIdParam: true }) , logParamConverter = paramConverter({ processDateParam: true }) , newsParamConverter = paramConverter({ objectIdParams: ['newsid'] }) @@ -90,5 +90,6 @@ router.get('/login.html', login); router.get('/register.html', register); router.get('/changepassword.html', changePassword); router.get('/create.html', useSession, sessionRefresh, isLoggedIn, create); //create new board +router.get('/csrf.json', useSession, sessionRefresh, isLoggedIn, csrf, csrfPage); //just the token, for 3rd party stuff posting module.exports = router; diff --git a/models/pages/csrf.js b/models/pages/csrf.js new file mode 100644 index 00000000..c7a40ae0 --- /dev/null +++ b/models/pages/csrf.js @@ -0,0 +1,9 @@ +'use strict'; + +module.exports = async (req, res, next) => { + + res.json({ + token: req.csrfToken(), + }); + +} diff --git a/models/pages/index.js b/models/pages/index.js index 3db7b42b..6f7bcc30 100644 --- a/models/pages/index.js +++ b/models/pages/index.js @@ -12,6 +12,7 @@ module.exports = { catalog: require(__dirname+'/catalog.js'), banners: require(__dirname+'/banners.js'), customPage: require(__dirname+'/custompage.js'), + csrfPage: require(__dirname+'/csrf.js'), randombanner: require(__dirname+'/randombanner.js'), news: require(__dirname+'/news.js'), captchaPage: require(__dirname+'/captchapage.js'), From 816e7724842a232fc2c96e17dd204820a12330db Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sat, 29 Jan 2022 00:54:13 +1100 Subject: [PATCH 4/4] update installation updating instruction with small note about nginx --- INSTALLATION.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 47dfcb49..b7b5fa49 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -116,18 +116,28 @@ To enable the proxy, tick "Use Socks Proxy" in global management settings and se ## Updating ```bash -#stop the jschan backend +#first, stop the jschan backend $ pm2 stop ecosystem.config.js + #pull the latest changes $ git pull + #install dependencies again in case any have updated or changed $ npm install + +#check if anything nginx related changed between the old and new verison, e.g. +$ git diff v0.1.5 v0.1.6 configs/nginx +#If you use a completely standard jschan nginx, run configs/nginx/nginx.sh again. +#Otherwise, update your nginx config with the necessary changes. + #run the gulp migrate task. this will update things such as your database schema. $ gulp migrate #run the default gulp task to update, scripts, css, icons, images and delete old html $ gulp + #start the backend again $ pm2 restart ecosystem.config.js --env production + #if something breaks, check and read the logs, they will help figure out what went wrong $ pm2 logs ```