From ffe12ebee76e289352ec29b367606ae26f1cbbbc Mon Sep 17 00:00:00 2001 From: David Bolack Date: Tue, 7 Nov 2023 20:21:19 -0600 Subject: [PATCH 1/9] Add local statics for images and typefaces This solves issue #1958. Add static paths /staticImages and /staticFonts If a local environment is detected ( per existing loginc for login ) paths are added using the values in HB_IMAGES and HB_FONTS or the default values of /staticImages and /staticFonts respectively. --- package-lock.json | 6 ++++++ package.json | 3 ++- server/app.js | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index eac72a7c5..67b44cbf5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24,6 +24,7 @@ "express": "^4.18.2", "express-async-handler": "^1.2.0", "express-static-gzip": "2.1.7", + "fs": "^0.0.1-security", "fs-extra": "11.1.1", "js-yaml": "^4.1.0", "jwt-simple": "^0.5.6", @@ -6466,6 +6467,11 @@ "node": ">= 0.6" } }, + "node_modules/fs": { + "version": "0.0.1-security", + "resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz", + "integrity": "sha512-3XY9e1pP0CVEUCdj5BmfIZxRBTSDycnbqhIOGec9QYtmVH2fbLpj86CFWkrNOkt/Fvty4KZG5lTglL9j/gJ87w==" + }, "node_modules/fs-extra": { "version": "11.1.1", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.1.tgz", diff --git a/package.json b/package.json index 08992aff4..5e5d263eb 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "description": "Create authentic looking D&D homebrews using only markdown", "version": "3.10.0", "engines": { - "npm": "^10.2.x", + "npm": "^10.2.x", "node": ">=20.8.x" }, "repository": { @@ -93,6 +93,7 @@ "express": "^4.18.2", "express-async-handler": "^1.2.0", "express-static-gzip": "2.1.7", + "fs": "^0.0.1-security", "fs-extra": "11.1.1", "js-yaml": "^4.1.0", "jwt-simple": "^0.5.6", diff --git a/server/app.js b/server/app.js index a19030b3a..9ef4518bc 100644 --- a/server/app.js +++ b/server/app.js @@ -8,6 +8,7 @@ const express = require('express'); const yaml = require('js-yaml'); const app = express(); const config = require('./config.js'); +const fs = require('fs'); const { homebrewApi, getBrew } = require('./homebrew.api.js'); const GoogleActions = require('./googleActions.js'); @@ -416,6 +417,9 @@ if(isLocalEnvironment){ const payload = jwt.encode({ username: username, issued: new Date }, config.get('secret')); return res.json(payload); }); + // Add Static Local Paths + app.use('/staticImages', express.static(config.get('hb_images') && fs.existsSync(config.get('hb_images')) ? config.get('hb_images') :'staticImages')); + app.use(express.static(config.get('hb_fonts') && fs.existsSync(config.get('hb_fonts')) ? config.get('hb_fonts'):'staticFonts')); } //Render the page From 1b855108bf5a634ee9d269c0973de9d8b8852bc2 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Tue, 7 Nov 2023 21:26:11 -0600 Subject: [PATCH 2/9] Correct omitted static path --- server/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/app.js b/server/app.js index 9ef4518bc..6ee2d5da0 100644 --- a/server/app.js +++ b/server/app.js @@ -419,7 +419,7 @@ if(isLocalEnvironment){ }); // Add Static Local Paths app.use('/staticImages', express.static(config.get('hb_images') && fs.existsSync(config.get('hb_images')) ? config.get('hb_images') :'staticImages')); - app.use(express.static(config.get('hb_fonts') && fs.existsSync(config.get('hb_fonts')) ? config.get('hb_fonts'):'staticFonts')); + app.use('/staticFonts', express.static(config.get('hb_fonts') && fs.existsSync(config.get('hb_fonts')) ? config.get('hb_fonts'):'staticFonts')); } //Render the page From e9a76dd018f9a11a47f5f2e193e380ce7c1bb39d Mon Sep 17 00:00:00 2001 From: Trevor Buckner Date: Mon, 4 Dec 2023 22:28:48 -0500 Subject: [PATCH 3/9] Use existing dependency fs-extra instead of adding new one --- server/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/app.js b/server/app.js index 6ee2d5da0..4c9899d80 100644 --- a/server/app.js +++ b/server/app.js @@ -8,7 +8,7 @@ const express = require('express'); const yaml = require('js-yaml'); const app = express(); const config = require('./config.js'); -const fs = require('fs'); +const fs = require('fs-extra'); const { homebrewApi, getBrew } = require('./homebrew.api.js'); const GoogleActions = require('./googleActions.js'); From 2e459118aaa9d0a5f60060eeb9c04c7b91942fc6 Mon Sep 17 00:00:00 2001 From: "G.Ambatte" Date: Thu, 5 Sep 2024 16:45:07 +1200 Subject: [PATCH 4/9] Update content-negotiation.js --- server/middleware/content-negotiation.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 201e64a25..823da94e7 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -2,11 +2,11 @@ module.exports = (req, res, next)=>{ const isImageRequest = req.get('Accept')?.split(',') ?.filter((h)=>!h.includes('q=')) ?.every((h)=>/image\/.*/.test(h)); - if(isImageRequest) { + if(isImageRequest && !req.url?.startsWith('/staticImages/') { return res.status(406).send({ message : 'Request for image at this URL is not supported' }); } next(); -}; \ No newline at end of file +}; From 235969a485de06feae3ac7189ae1b0bf5ade7b4f Mon Sep 17 00:00:00 2001 From: "G.Ambatte" Date: Thu, 5 Sep 2024 16:50:19 +1200 Subject: [PATCH 5/9] Fix a dropped bracket --- server/middleware/content-negotiation.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 823da94e7..a0c91c81f 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -2,7 +2,7 @@ module.exports = (req, res, next)=>{ const isImageRequest = req.get('Accept')?.split(',') ?.filter((h)=>!h.includes('q=')) ?.every((h)=>/image\/.*/.test(h)); - if(isImageRequest && !req.url?.startsWith('/staticImages/') { + if(isImageRequest && !req.url?.startsWith('/staticImages/')) { return res.status(406).send({ message : 'Request for image at this URL is not supported' }); From d19aaf6c780a8a8584ca4af5bbcc35bd5cdf8df1 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Fri, 6 Sep 2024 11:50:46 -0500 Subject: [PATCH 6/9] Except staticImages and staticFonts paths from middleware evaluation if in a local ENV. --- config/default.json | 2 +- server/middleware/content-negotiation.js | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/config/default.json b/config/default.json index 12b35e6cf..7d36368f6 100644 --- a/config/default.json +++ b/config/default.json @@ -7,4 +7,4 @@ "enable_themes" : true, "local_environments" : ["docker", "local"], "publicUrl" : "https://homebrewery.naturalcrit.com" -} + } diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 201e64a25..4eb9137ba 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -1,12 +1,17 @@ -module.exports = (req, res, next)=>{ - const isImageRequest = req.get('Accept')?.split(',') - ?.filter((h)=>!h.includes('q=')) - ?.every((h)=>/image\/.*/.test(h)); - if(isImageRequest) { - return res.status(406).send({ - message : 'Request for image at this URL is not supported' - }); - } +const config = require('../config.js'); +const nodeEnv = config.get('node_env'); +const isLocalEnvironment = config.get('local_environments').includes(nodeEnv); +module.exports = (req, res, next)=>{ + if((!isLocalEnvironment) && (!req.url?.startsWith('/staticImages') && !req.url?.startsWith('/staticFonts'))) { + const isImageRequest = req.get('Accept')?.split(',') + ?.filter((h)=>!h.includes('q=')) + ?.every((h)=>/image\/.*/.test(h)); + if(isImageRequest) { + return res.status(406).send({ + message : 'Request for image at this URL is not supported' + }); + } + } next(); }; \ No newline at end of file From 67e265b23f95c4686debce6adf631988560bbf83 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Sun, 15 Sep 2024 21:55:18 -0500 Subject: [PATCH 7/9] Set default values for hb_images and hb_fonts in the config. Remove stray tab. --- config/default.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/default.json b/config/default.json index 7d36368f6..bea3b2663 100644 --- a/config/default.json +++ b/config/default.json @@ -6,5 +6,7 @@ "enable_v3" : true, "enable_themes" : true, "local_environments" : ["docker", "local"], - "publicUrl" : "https://homebrewery.naturalcrit.com" - } + "publicUrl" : "https://homebrewery.naturalcrit.com", + "hb_images" : null, + "hb_fonts" : null +} From ffaca4ec1095a7379302e95b83b9aa7001d9dff8 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Wed, 18 Sep 2024 16:21:31 -0500 Subject: [PATCH 8/9] Update server/middleware/content-negotiation.js Co-authored-by: Trevor Buckner --- server/middleware/content-negotiation.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 120b707f5..113d6ba34 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -6,9 +6,7 @@ module.exports = (req, res, next)=>{ const isImageRequest = req.get('Accept')?.split(',') ?.filter((h)=>!h.includes('q=')) ?.every((h)=>/image\/.*/.test(h)); - if(isImageRequest && - (!isLocalEnvironment && !req.url?.startsWith('/staticImages')) - ) { + if(isImageRequest && !isLocalEnvironment && !req.url?.startsWith('/staticImages') { return res.status(406).send({ message : 'Request for image at this URL is not supported' }); From c4b754e4670489a1eb5c398061fb6a3c69f4a309 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Mon, 7 Oct 2024 14:45:33 -0500 Subject: [PATCH 9/9] Lost a stray ) on update --- server/middleware/content-negotiation.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 113d6ba34..a5bc7dc83 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -6,7 +6,7 @@ module.exports = (req, res, next)=>{ const isImageRequest = req.get('Accept')?.split(',') ?.filter((h)=>!h.includes('q=')) ?.every((h)=>/image\/.*/.test(h)); - if(isImageRequest && !isLocalEnvironment && !req.url?.startsWith('/staticImages') { + if(isImageRequest && !isLocalEnvironment && !req.url?.startsWith('/staticImages')) { return res.status(406).send({ message : 'Request for image at this URL is not supported' });