jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Fix broken shit after dep updates

Browse source
This commit is contained in:
Jonathan Cremin 2020-06-14 22:29:04 +01:00
parent 7878346910
commit d89c8872d2
15 changed files with 1169 additions and 713 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/lib/auth.js
View file

@ -12,7 +12,7 @@ export default async (ctx, next) => {
let user = false; let user = false;
const remoteIp = ctx.req.headers['x-forwarded-for'] || ctx.req.connection.remoteAddress; const remoteIp = ctx.req.headers['x-forwarded-for'] || ctx.req.connection.remoteAddress;
const login = await models.login.create({ const login = await models.login.create({
ip: remoteIp, ip: remoteIp.split(',')[0],
successful: false, successful: false,
}); });
if (ctx.req.headers.authorization && ctx.req.headers.authorization[0] === ':') { if (ctx.req.headers.authorization && ctx.req.headers.authorization[0] === ':') {
@ -30,7 +30,7 @@ export default async (ctx, next) => {
ctx.assert(authUser, 401, badLoginMsg); ctx.assert(authUser, 401, badLoginMsg);
const count = await models.login.count({ const count = await models.login.count({
where: { where: {
ip: remoteIp, ip: remoteIp.split(',')[0],
successful: false, successful: false,
createdAt: { createdAt: {
$gt: new Date(Date.now() - 600000), $gt: new Date(Date.now() - 600000),

1
app.js
View file

@ -76,6 +76,7 @@ app.on('error', (err, ctx) => {
Sentry.captureException(err); Sentry.captureException(err);
}); });
} }
debug(err);
}); });
if (!module.parent) { if (!module.parent) {

1
lib/uploader.js
View file

@ -26,6 +26,7 @@ export default class Uploader {
this.expectedSize = context.request.headers['content-length']; this.expectedSize = context.request.headers['content-length'];
this.tempGuid = context.request.headers['hostr-guid']; this.tempGuid = context.request.headers['hostr-guid'];
this.remoteIp = context.request.headers['x-forwarded-for'] || context.req.connection.remoteAddress; this.remoteIp = context.request.headers['x-forwarded-for'] || context.req.connection.remoteAddress;
this.remoteIp = this.remoteIp.split(',')[0];
this.md5sum = crypto.createHash('md5'); this.md5sum = crypto.createHash('md5');
this.lastPercent = 0; this.lastPercent = 0;

21
package.json
View file

@ -44,19 +44,20 @@
"co": "~4.6.0", "co": "~4.6.0",
"co-redis": "^2.1.0", "co-redis": "^2.1.0",
"co-views": "~2.1.0", "co-views": "~2.1.0",
"copy-webpack-plugin": "^5.1.1", "copy-webpack-plugin": "^6.0.2",
"debug": "~4.1.1", "debug": "~4.1.1",
"dropzone": "~5.7.0", "dropzone": "~5.7.0",
"ejs": "^3.1.3", "ejs": "^3.1.3",
"ejs-lint": "^1.1.0",
"form-data": "^3.0.0", "form-data": "^3.0.0",
"http-errors": "^1.7.3", "http-errors": "^1.7.3",
"image-size": "^0.8.3", "image-size": "^0.8.3",
"jimp": "^0.9.3", "jimp": "^0.13.0",
"jquery": "^3.5.0", "jquery": "^3.5.0",
"kcors": "^2.2.2", "kcors": "^2.2.2",
"koa": "^2.11.0", "koa": "^2.11.0",
"koa-bodyparser": "^4.3.0", "koa-bodyparser": "^4.3.0",
"koa-compress": "~3.0.0", "koa-compress": "~4.0.1",
"koa-csrf": "^3.0.8", "koa-csrf": "^3.0.8",
"koa-error": "^3.2.0", "koa-error": "^3.2.0",
"koa-favicon": "~2.1.0", "koa-favicon": "~2.1.0",
@ -64,8 +65,8 @@
"koa-helmet": "^5.2.0", "koa-helmet": "^5.2.0",
"koa-logger": "~3.2.1", "koa-logger": "~3.2.1",
"koa-redis": "^4.0.1", "koa-redis": "^4.0.1",
"koa-router": "^8.0.8", "koa-router": "^9.0.1",
"koa-session": "^5.13.1", "koa-session": "^6.0.0",
"koa-static": "^5.0.0", "koa-static": "^5.0.0",
"koa-views": "^6.2.1", "koa-views": "^6.2.1",
"koa-websocket": "^6.0.0", "koa-websocket": "^6.0.0",
@ -74,12 +75,12 @@
"moment": "^2.24.0", "moment": "^2.24.0",
"mz": "^2.7.0", "mz": "^2.7.0",
"node-fetch": "^2.3.0", "node-fetch": "^2.3.0",
"redis": "^3.0.2",
"sequelize": "^5.21.11",
"node-sass": "^4.14.0", "node-sass": "^4.14.0",
"node-uuid": "^1.4.8", "node-uuid": "^1.4.8",
"passwords": "^1.3.1", "passwords": "^1.3.1",
"pg": "^8.0.3", "pg": "^8.0.3",
"redis": "^3.0.2",
"sequelize": "^5.21.11",
"smooth-scroll": "https://github.com/cferdinandi/smooth-scroll#5.3.7", "smooth-scroll": "https://github.com/cferdinandi/smooth-scroll#5.3.7",
"statsy": "~0.2.0", "statsy": "~0.2.0",
"stripe": "^8.61.0", "stripe": "^8.61.0",
@ -90,12 +91,12 @@
"devDependencies": { "devDependencies": {
"babel-eslint": "^10.1.0", "babel-eslint": "^10.1.0",
"concurrently": "^5.1.0", "concurrently": "^5.1.0",
"eslint": "^5.13.0", "eslint": "^7.2.0",
"eslint-config-airbnb": "^17.1.0", "eslint-config-airbnb": "^18.1.0",
"eslint-plugin-import": "^2.20.2", "eslint-plugin-import": "^2.20.2",
"mocha": "^8.0.0", "mocha": "^8.0.0",
"nodemon": "^2.0.2", "nodemon": "^2.0.2",
"supertest": "^4.0.2", "supertest": "^4.0.2",
"tmp": "0.1.0" "tmp": "0.2.1"
} }
} }

5
web/lib/auth.js
View file

@ -23,7 +23,7 @@ export async function authenticate(email, password) {
} }
const count = await models.login.count({ const count = await models.login.count({
where: { where: {
ip: remoteIp, ip: remoteIp.split(',')[0],
successful: false, successful: false,
createdAt: { createdAt: {
$gt: Math.ceil(Date.now()) - 600000, $gt: Math.ceil(Date.now()) - 600000,
@ -43,7 +43,7 @@ export async function authenticate(email, password) {
}); });
const login = await models.login.create({ const login = await models.login.create({
ip: remoteIp, ip: remoteIp.split(',')[0],
successful: false, successful: false,
}); });
@ -65,6 +65,7 @@ export async function authenticate(email, password) {
export async function setupSession(user) { export async function setupSession(user) {
debug('Setting up session'); debug('Setting up session');
const token = uuid.v4(); const token = uuid.v4();
debug(user)
await this.redis.set(token, user.id, 'EX', 604800); await this.redis.set(token, user.id, 'EX', 604800);
const sessionUser = { const sessionUser = {

23
web/routes/user.js
View file

@ -10,7 +10,7 @@ const debug = debugname('hostr-web:user');
export async function signin(ctx) { export async function signin(ctx) {
if (!ctx.request.body.email) { if (!ctx.request.body.email) {
await ctx.render('signin', { csrf: ctx.csrf }); await ctx.render('signin', { csrf: ctx.csrf, async: true });
return; return;
} }
@ -18,14 +18,15 @@ export async function signin(ctx) {
const user = await authenticate.call(ctx, ctx.request.body.email, ctx.request.body.password); const user = await authenticate.call(ctx, ctx.request.body.email, ctx.request.body.password);
if (!user) { if (!user || !user.id) {
ctx.statsd.incr('auth.failure', 1); ctx.statsd.incr('auth.failure', 1);
await ctx.render('signin', { error: 'Invalid login details', csrf: ctx.csrf }); await ctx.render('signin', { error: 'Invalid login details', csrf: ctx.csrf, async: true });
return; return;
} else if (user.activationCode) { } else if (user.activationCode) {
await ctx.render('signin', { await ctx.render('signin', {
error: 'Your account hasn\'t been activated yet. Check for an activation email.', error: 'Your account hasn\'t been activated yet. Check for an activation email.',
csrf: ctx.csrf, csrf: ctx.csrf,
async: true,
}); });
return; return;
} }
@ -37,23 +38,25 @@ export async function signin(ctx) {
export async function signup(ctx) { export async function signup(ctx) {
if (!ctx.request.body.email) { if (!ctx.request.body.email) {
await ctx.render('signup', { csrf: ctx.csrf }); await ctx.render('signup', { csrf: ctx.csrf, async: true });
return; return;
} }
if (ctx.request.body.email !== ctx.request.body.confirm_email) { if (ctx.request.body.email !== ctx.request.body.confirm_email) {
await ctx.render('signup', { error: 'Emails do not match.', csrf: ctx.csrf }); await ctx.render('signup', { error: 'Emails do not match.', csrf: ctx.csrf, async: true });
return; return;
} else if (ctx.request.body.email && !ctx.request.body.terms) { } else if (ctx.request.body.email && !ctx.request.body.terms) {
await ctx.render('signup', { await ctx.render('signup', {
error: 'You must agree to the terms of service.', error: 'You must agree to the terms of service.',
csrf: ctx.csrf, csrf: ctx.csrf,
async: true,
}); });
return; return;
} else if (ctx.request.body.password && ctx.request.body.password.length < 7) { } else if (ctx.request.body.password && ctx.request.body.password.length < 7) {
await ctx.render('signup', { await ctx.render('signup', {
error: 'Password must be at least 7 characters long.', error: 'Password must be at least 7 characters long.',
csrf: ctx.csrf, csrf: ctx.csrf,
async: true,
}); });
return; return;
} }
@ -62,13 +65,14 @@ export async function signup(ctx) {
try { try {
await signupUser.call(ctx, email, password, ip); await signupUser.call(ctx, email, password, ip);
} catch (e) { } catch (e) {
await ctx.render('signup', { error: e.message, csrf: ctx.csrf }); await ctx.render('signup', { error: e.message, csrf: ctx.csrf, async: true });
return; return;
} }
ctx.statsd.incr('auth.signup', 1); ctx.statsd.incr('auth.signup', 1);
await ctx.render('signup', { await ctx.render('signup', {
message: 'Thanks for signing up, we\'ve sent you an email to activate your account.', message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',
csrf: ctx.csrf, csrf: ctx.csrf,
async: true,
}); });
} }
@ -82,6 +86,7 @@ export async function forgot(ctx) {
error: 'Password needs to be at least 7 characters long.', error: 'Password needs to be at least 7 characters long.',
csrf: ctx.csrf, csrf: ctx.csrf,
token, token,
async: true,
}); });
return; return;
} }
@ -103,10 +108,11 @@ export async function forgot(ctx) {
error: 'Invalid password reset token. It might be expired, or has already been used.', error: 'Invalid password reset token. It might be expired, or has already been used.',
csrf: ctx.csrf, csrf: ctx.csrf,
token: null, token: null,
async: true,
}); });
return; return;
} }
await ctx.render('forgot', { csrf: ctx.csrf, token }); await ctx.render('forgot', { csrf: ctx.csrf, token, async: true });
} else if (ctx.request.body.email) { } else if (ctx.request.body.email) {
try { try {
@ -118,13 +124,14 @@ export async function forgot(ctx) {
Be sure to check your spam folder if you it doesn't appear within a few minutes`, Be sure to check your spam folder if you it doesn't appear within a few minutes`,
csrf: ctx.csrf, csrf: ctx.csrf,
token: null, token: null,
async: true,
}); });
return; return;
} catch (error) { } catch (error) {
debug(error); debug(error);
} }
} else { } else {
await ctx.render('forgot', { csrf: ctx.csrf, token: null }); await ctx.render('forgot', { csrf: ctx.csrf, token: null, async: true });
} }
} }

2
web/views/apps.ejs
View file

@ -36,7 +36,7 @@
</div> </div>
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
var mac = document.getElementById("mac"); var mac = document.getElementById("mac");
var windows = document.getElementById("windows"); var windows = document.getElementById("windows");

2
web/views/forgot.ejs
View file

@ -47,7 +47,7 @@
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
web/views/pricing.ejs
View file

@ -90,7 +90,7 @@
</div> </div>
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
web/views/privacy.ejs
View file

@ -67,7 +67,7 @@
</div> </div>
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
web/views/signin.ejs
View file

@ -52,7 +52,7 @@
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
web/views/signup.ejs
View file

@ -56,7 +56,7 @@
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
web/views/terms.ejs
View file

@ -51,7 +51,7 @@
</div> </div>
</section> </section>
<% include footer.ejs %> <%- await include('footer') -%>
<script> <script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

2
webpack.config.js
View file

@ -8,6 +8,6 @@ module.exports = {
path: path.resolve(__dirname, 'web', 'public', 'build') path: path.resolve(__dirname, 'web', 'public', 'build')
}, },
plugins: [ plugins: [
new CopyWebpackPlugin([{ from: './web/public/src/partials', to: 'partials' }]) new CopyWebpackPlugin({patterns: [{ from: './web/public/src/partials', to: 'partials' }]})
] ]
}; };

1811
yarn.lock
View file

File diff suppressed because it is too large Load diff