diff --git a/logs/debug/.gitkeep b/logs/debug/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/debug/.gitkeep diff --git a/logs/error/.gitkeep b/logs/error/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/error/.gitkeep diff --git a/logs/functions/.gitkeep b/logs/functions/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/functions/.gitkeep diff --git a/logs/info/.gitkeep b/logs/info/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/info/.gitkeep diff --git a/logs/notice/.gitkeep b/logs/notice/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/notice/.gitkeep diff --git a/logs/warn/.gitkeep b/logs/warn/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/logs/warn/.gitkeep diff --git a/nodemon.json b/nodemon.json index 44ce3e3..55aef40 100644 --- a/nodemon.json +++ b/nodemon.json @@ -1,3 +1,3 @@ { - "ignore": ["data/*"] + "ignore": ["data/*", "pids/*", "logs/*"] } diff --git a/package-lock.json b/package-lock.json index 6ef8330..bdf57a8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,6 +32,7 @@ "sqlite3": "^5.1.7", "winston": "^3.17.0", "winston-daily-rotate-file": "^5.0.0", + "xss": "^1.0.15", "xss-clean": "^0.1.4" }, "devDependencies": { @@ -1270,6 +1271,12 @@ "node": ">= 0.8" } }, + "node_modules/cssfilter": { + "version": "0.0.10", + "resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz", + "integrity": "sha512-FAaLDaplstoRsDR8XGYH51znUN0UY7nMc6Z9/fvE8EXGwvJE9hu7W2vHwx1+bd6gCYnln9nLbzxFTrcO9YQDZw==", + "license": "MIT" + }, "node_modules/csurf": { "version": "1.11.0", "resolved": "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz", @@ -5810,6 +5817,22 @@ "integrity": "sha512-huCv9IH9Tcf95zuYCsQraZtWnJvBtLVE0QHMOs8bWyZAFZNDcYjsPq1nEx8jKA9y+Beo9v+7OBPRisQTjinQMw==", "license": "MIT" }, + "node_modules/xss": { + "version": "1.0.15", + "resolved": "https://registry.npmjs.org/xss/-/xss-1.0.15.tgz", + "integrity": "sha512-FVdlVVC67WOIPvfOwhoMETV72f6GbW7aOabBC3WxN/oUdoEMDyLz4OgRv5/gck2ZeNqEQu+Tb0kloovXOfpYVg==", + "license": "MIT", + "dependencies": { + "commander": "^2.20.3", + "cssfilter": "0.0.10" + }, + "bin": { + "xss": "bin/xss" + }, + "engines": { + "node": ">= 0.10.0" + } + }, "node_modules/xss-clean": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/xss-clean/-/xss-clean-0.1.4.tgz", @@ -5825,6 +5848,12 @@ "resolved": "https://registry.npmjs.org/xss-filters/-/xss-filters-1.2.7.tgz", "integrity": "sha512-KzcmYT/f+YzcYrYRqw6mXxd25BEZCxBQnf+uXTopQDIhrmiaLwO+f+yLsIvvNlPhYvgff8g3igqrBxYh9k8NbQ==" }, + "node_modules/xss/node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "license": "MIT" + }, "node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", diff --git a/package.json b/package.json index 4bdc18b..7b2d1c8 100644 --- a/package.json +++ b/package.json @@ -41,6 +41,7 @@ "sqlite3": "^5.1.7", "winston": "^3.17.0", "winston-daily-rotate-file": "^5.0.0", + "xss": "^1.0.15", "xss-clean": "^0.1.4" }, "devDependencies": { diff --git a/src/middleware/index.js b/src/middleware/index.js index 35d683b..b4aea00 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -6,10 +6,11 @@ const compression = require("compression"); const helmet = require("helmet"); const hpp = require("hpp"); -const xss = require("xss-clean"); +// const xss = require("xss-clean"); const routes = require("../routes"); const formatHtml = require("./formatHtml"); const logEvent = require("./analytics.js"); +const xssSanitizer = require("./xssSanitizer"); const { loggingMiddleware, @@ -22,9 +23,14 @@ if (process.env.NODE_ENV === "production") { app.disable("x-powered-by"); app.set("trust proxy", true); + app.use((req, res, next) => { + console.log(req.ip); + next(); + }); + app.set("trust-proxy", false); app.use(hpp()); - app.use(xss()); - app.use(rateLimit({ windowMs: 1 * 60 * 1000, max: 100 })); + app.use(xssSanitizer); + // app.use(rateLimit({ windowMs: 1 * 60 * 1000, max: 100 })); app.use((req, res, next) => { const host = req.hostname; if (["127.0.0.1", "localhost"].includes(host)) { diff --git a/src/routes/analytics.js b/src/routes/analytics.js index 5b5d624..b8ff83a 100644 --- a/src/routes/analytics.js +++ b/src/routes/analytics.js @@ -16,6 +16,8 @@ // req.connection.remoteAddress || // ""; const ip = req.ip; + req.logger.debug("Ip Address", req.ip); + req.logger.debug("headers", req.headers); const timestamp = Date.now(); db.run( @@ -23,6 +25,6 @@ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`, [timestamp, url, referrer, userAgent, viewport, loadTime, event, ip, 1] ); - res.send("Tracked"); - //res.sendStatus(204); + + res.sendStatus(204); }; diff --git a/src/routes/blog_index.js b/src/routes/blog_index.js index d458fae..f227aee 100644 --- a/src/routes/blog_index.js +++ b/src/routes/blog_index.js @@ -19,7 +19,6 @@ // Prepare context compatible with the blog-index.hbs layout // Add `templateContent` as excerpt or limited content if needed here // For now, use a simple excerpt from markdown or placeholder - console.log(publishedPosts); const posts = publishedPosts.map((post) => ({ url: post.url, data: { diff --git a/src/services/newsletterService.js b/src/services/newsletterService.js index abaca37..84ba7e9 100644 --- a/src/services/newsletterService.js +++ b/src/services/newsletterService.js @@ -54,7 +54,6 @@ console.error("Failed to save email:", err); throw err; } - console.log("test2"); return await writeLock; } diff --git a/src/utils/sendNewsletterSubscriptionMail.js b/src/utils/sendNewsletterSubscriptionMail.js index b7f0bce..cff35fc 100644 --- a/src/utils/sendNewsletterSubscriptionMail.js +++ b/src/utils/sendNewsletterSubscriptionMail.js @@ -8,10 +8,8 @@ subject: "New Newsletter Subscription", text: `Please add this email to the newsletter list: ${process.env.MAIL_NEWSLETTER}`, }; - console.log(data); try { const result = await transporter.sendMail(data); - console.log(result); return result; } catch (e) { console.log(e); diff --git a/src/utils/transporter.js b/src/utils/transporter.js index b49466c..089cfcc 100644 --- a/src/utils/transporter.js +++ b/src/utils/transporter.js @@ -9,7 +9,6 @@ pass: process.env.MAIL_PASS, }; } -console.log(process.env.MAIL_PORT); const transporter = nodemailer.createTransport({ host: process.env.MAIL_HOST, port: parseInt(process.env.MAIL_PORT, 10), diff --git a/yarn.lock b/yarn.lock index 3ed3a55..2b29754 100644 --- a/yarn.lock +++ b/yarn.lock @@ -540,6 +540,11 @@ resolved "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz" integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== +commander@^2.20.3: + version "2.20.3" + resolved "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz" + integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== + commander@2.15.1: version "2.15.1" resolved "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz" @@ -646,6 +651,11 @@ tsscmp "1.0.6" uid-safe "2.1.5" +cssfilter@0.0.10: + version "0.0.10" + resolved "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz" + integrity sha512-FAaLDaplstoRsDR8XGYH51znUN0UY7nMc6Z9/fvE8EXGwvJE9hu7W2vHwx1+bd6gCYnln9nLbzxFTrcO9YQDZw== + csurf@^1.11.0: version "1.11.0" resolved "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz" @@ -3180,6 +3190,14 @@ resolved "https://registry.npmjs.org/xss-filters/-/xss-filters-1.2.7.tgz" integrity sha512-KzcmYT/f+YzcYrYRqw6mXxd25BEZCxBQnf+uXTopQDIhrmiaLwO+f+yLsIvvNlPhYvgff8g3igqrBxYh9k8NbQ== +xss@^1.0.15: + version "1.0.15" + resolved "https://registry.npmjs.org/xss/-/xss-1.0.15.tgz" + integrity sha512-FVdlVVC67WOIPvfOwhoMETV72f6GbW7aOabBC3WxN/oUdoEMDyLz4OgRv5/gck2ZeNqEQu+Tb0kloovXOfpYVg== + dependencies: + commander "^2.20.3" + cssfilter "0.0.10" + yallist@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz"