LBRYCommunity/spee.ch
1
0
Fork 0
Code Issues 95 Pull requests 2 Packages Projects Releases 4 Wiki Activity

Merge pull request #1040 from lbryio/master

Browse source 
cuts staging from master
This commit is contained in:
jessopb 2019-10-01 15:52:45 -04:00 committed by GitHub
parent 269a2c57a7 9e76553f0a
commit b1a9d8ee74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cli/defaults/siteConfig.json
View file

@ -18,7 +18,8 @@
"host": "https://www.example.com", "host": "https://www.example.com",
"description": "A decentralized hosting platform built on LBRY", "description": "A decentralized hosting platform built on LBRY",
"twitter": false, "twitter": false,
"blockListEndpoint": "https://api.lbry.com/file/list_blocked" "blockListEndpoint": "https://api.lbry.com/file/list_blocked",
"corsWhitelist": []
}, },
"publishing": { "publishing": {
"primaryClaimAddress": null, "primaryClaimAddress": null,

15
package-lock.json generated
View file

@ -3611,6 +3611,15 @@
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
"integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
}, },
"cors": {
"version": "2.8.5",
"resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
"integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
"requires": {
"object-assign": "^4",
"vary": "^1"
}
},
"cosmiconfig": { "cosmiconfig": {
"version": "5.0.7", "version": "5.0.7",
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.7.tgz", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.7.tgz",
@ -8605,9 +8614,9 @@
} }
}, },
"mixin-deep": { "mixin-deep": {
"version": "1.3.1", "version": "1.3.2",
"resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz",
"integrity": "sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ==", "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==",
"dev": true, "dev": true,
"requires": { "requires": {
"for-in": "^1.0.2", "for-in": "^1.0.2",

1
package.json
View file

@ -41,6 +41,7 @@
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"connect-multiparty": "^2.2.0", "connect-multiparty": "^2.2.0",
"cookie-session": "^2.0.0-beta.3", "cookie-session": "^2.0.0-beta.3",
"cors": "^2.8.5",
"express": "^4.16.4", "express": "^4.16.4",
"express-handlebars": "^3.0.0", "express-handlebars": "^3.0.0",
"express-http-context": "^1.2.0", "express-http-context": "^1.2.0",

43
server/index.js
View file

@ -3,6 +3,7 @@ const express = require('express');
const bodyParser = require('body-parser'); const bodyParser = require('body-parser');
const expressHandlebars = require('express-handlebars'); const expressHandlebars = require('express-handlebars');
const helmet = require('helmet'); const helmet = require('helmet');
const cors = require('cors');
const cookieSession = require('cookie-session'); const cookieSession = require('cookie-session');
const http = require('http'); const http = require('http');
const logger = require('winston'); const logger = require('winston');
@ -23,7 +24,7 @@ const processTrending = require('./utils/processTrending');
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware'); const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
const { const {
details: { port: PORT, blockListEndpoint }, details: { port: PORT, blockListEndpoint, corsWhitelist, host },
startup: { performChecks, performUpdates }, startup: { performChecks, performUpdates },
} = require('@config/siteConfig'); } = require('@config/siteConfig');
@ -82,7 +83,37 @@ function Server() {
// set HTTP headers to protect against well-known web vulnerabilties // set HTTP headers to protect against well-known web vulnerabilties
app.use(helmet()); app.use(helmet());
// open cors for site/config:host (current instance)
var originWhitelist = [
host
];
// whitelist is found in site/config:details:
// enter corsWhitelist: ["*"] to allow all
// enter your domains otherwise:["https://example.com", ...]
if ( corsWhitelist && corsWhitelist.length ) {
originWhitelist = originWhitelist.concat(corsWhitelist);
}
var corsOptions = originWhitelist && originWhitelist.includes('*')
? {
"origin": "*",
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
"preflightContinue": false,
"optionsSuccessStatus": 204
}
: {
origin: function(origin, callback) {
if ((origin === undefined) || originWhitelist.indexOf(origin) !== -1) {
callback(null, true);
} else {
let error = new Error(`CORS has blocked this website from access. Contact an administrator from ${host} if you feel this is in error.`);
error.code = "ECORS"
callback(error);
}
},
};
app.use(cors(corsOptions));
// Support per-request http-context // Support per-request http-context
app.use(httpContext.middleware); app.use(httpContext.middleware);
@ -148,6 +179,16 @@ function Server() {
); );
}); });
app.use( (error, req, res, next) => {
if (error.code === 'ECORS'){
res.status(403);
res.send({message: error})
} else {
res.status(520);
res.send({ message: error });
}
})
this.app = app; this.app = app;
}; };
this.createServer = () => { this.createServer = () => {