Skip to content

Commit

Permalink
Merge pull request #4 from dgargdipin/master
Browse files Browse the repository at this point in the history 
 Cleaned code by moving csp headers to another file and deleting redundant files
  • Loading branch information
@pineapple45
pineapple45 authored Oct 15, 2020
2 parents 1d51132 + 110ba48 commit 2f2b928
Show file tree
Hide file tree
Showing 78 changed files with 1,963 additions and 94 deletions.
75 changes: 10 additions & 65 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ const bodyParser = require("body-parser");
const helmet = require("helmet");
const cors = require("cors");
const path = require("path");

const csp_header_dict = require("./config/csp-headers");
//Passport config
require("./config/passport-google")(passport);
//passport is for authenticating only
Expand All @@ -41,84 +41,28 @@ app.use(
extended: true,
})
);
const {
cloudinaryConfig
} = require('./config/cloudinary_support')

app.use(bodyParser.json());

app.use(cors());
app.use(
expressCspHeader({
directives: {
"default-src": [
SELF,
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",

...csp_header_dict.defaultSrc,
SELF,
INLINE,
],
"script-src": [
...csp_header_dict.scriptSrc,
SELF,
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
"data: *",
INLINE,
],
"img-src": ["data:image/svg+xml", SELF,
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",

"img-src": [
...csp_header_dict.imgSrc,
SELF,
INLINE,
],
Expand Down Expand Up @@ -158,6 +102,7 @@ app.use(passport.initialize());
// app.use((req, res, next) => [
// res.setHeader("default-src 'self'; script-src 'report-sample' 'self' https://apis.google.com/js/api.js https://kit.fontawesome.com/5a3d56a40e.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://kit-free.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com https://kit-free.fontawesome.com; frame-src 'self' https://accounts.google.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://5f4b9f5fb641482c3e7cfaaa.endpoint.csper.io/; worker-src 'self';")
// ])
app.use(cloudinaryConfig)
app.use("/public", express.static("public"));

//Routes
Expand Down
Binary file removed config/.passport-google.js.un~
View file
Binary file not shown.
27 changes: 27 additions & 0 deletions config/cloudinary_support.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
const {
config,
uploader
} = require('cloudinary');
const cloudinaryConfig = () => config({
cloud_name: process.env.CLOUDINARY_CLOUD_NAME,
api_key: process.env.CLOUDINARY_API_KEY,
api_secret: process.env.CLOUDINARY_API_SECRET,
});

function parseImage(req, res, next) {
if (req.file) {
const Datauri = require('datauri');
const datauri = new Datauri();
datauri.format(path.extname(req.file.originalname).toString(), req.file.buffer);
req.file.encodedUri = datauri.content;
} else {
res.status(400).json({
error: 'Please include image in the request'
});
}
}
module.exports = {
cloudinaryConfig,
uploader,
parseImage
};
67 changes: 67 additions & 0 deletions config/csp-headers.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
module.exports = {
"defaultSrc": [
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
],
"scriptSrc": ["*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
"data: *",
],
"imgSrc": ["data:image/svg+xml",
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
],
}
4 changes: 2 additions & 2 deletions config/keys.js
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module.exports = {
MongoURI: 'mongodb+srv://dipin:[email protected]/TestDB?retryWrites=true&w=majority'
}
MongoURI: process.env.MONGO_URI
}
5 changes: 4 additions & 1 deletion config/multer_support.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
const multer = require('multer');
const Datauri = require("datauri");

const storage = multer.diskStorage({
destination: (req, file, cb) => {
cb(null, "public/images");
Expand All @@ -11,8 +13,9 @@ const imageFileFilter = (req, file, cb) => {
cb(null, true);
};
const upload = multer({
storage: storage,
storage: multer.memoryStorage(),
fileFilter: imageFileFilter
});


module.exports = upload
56 changes: 56 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@
"dependencies": {
"bcryptjs": "^2.4.3",
"body-parser": "^1.19.0",
"cloudinary": "^1.23.0",
"concurrently": "^5.3.0",
"cors": "^2.8.5",
"datauri": "^3.0.0",
"dotenv": "^8.2.0",
"express": "^4.17.1",
"express-csp-header": "^4.0.0",
Expand Down
Loading

0 comments on commit 2f2b928

Please sign in to comment.