Spaces:
Runtime error
Runtime error
| var fs = require('fs'); | |
| var app = require('express')(); | |
| var https = require('https').Server( | |
| { | |
| key: fs.readFileSync(__dirname + '/../ssl/server.key'), | |
| cert: fs.readFileSync(__dirname + '/../ssl/server.cert'), | |
| // TLS Versions | |
| maxVersion: 'TLSv1.3', | |
| minVersion: 'TLSv1.2', | |
| // Hardened configuration | |
| ciphers: | |
| 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', | |
| honorCipherOrder: false, | |
| }, | |
| app, | |
| ); | |
| app.disable('x-powered-by'); | |
| var io = require('socket.io')(https, { | |
| cors: { | |
| origin: '*', | |
| }, | |
| }); | |
| var bodyParser = require('body-parser'); | |
| var cookieParser = require('cookie-parser'); | |
| var utils = require('./lib/utils'); | |
| // Get configuration | |
| var env = process.env.NODE_ENV || 'dev'; | |
| var config = require('./config/config.json')[env]; | |
| global.__basedir = __dirname; | |
| // Database connection | |
| var mongoose = require('mongoose'); | |
| // Use native promises | |
| mongoose.Promise = global.Promise; | |
| // Trim all Strings | |
| mongoose.Schema.Types.String.set('trim', true); | |
| mongoose.connect( | |
| `mongodb://${config.database.server}:${config.database.port}/${config.database.name}`, | |
| {}, | |
| ); | |
| // Models import | |
| require('./models/user'); | |
| require('./models/audit'); | |
| require('./models/client'); | |
| require('./models/company'); | |
| require('./models/template'); | |
| require('./models/vulnerability'); | |
| require('./models/vulnerability-update'); | |
| require('./models/language'); | |
| require('./models/audit-type'); | |
| require('./models/vulnerability-type'); | |
| require('./models/vulnerability-category'); | |
| require('./models/custom-section'); | |
| require('./models/custom-field'); | |
| require('./models/image'); | |
| require('./models/settings'); | |
| // Socket IO configuration | |
| io.on('connection', socket => { | |
| socket.on('join', data => { | |
| console.log( | |
| `user ${data.username.replace(/\n|\r/g, '')} joined room ${data.room.replace(/\n|\r/g, '')}`, | |
| ); | |
| socket.username = data.username; | |
| do { | |
| socket.color = | |
| '#' + (0x1000000 + Math.random() * 0xffffff).toString(16).substr(1, 6); | |
| } while (socket.color === '#77c84e'); | |
| socket.join(data.room); | |
| io.to(data.room).emit('updateUsers'); | |
| }); | |
| socket.on('leave', data => { | |
| console.log( | |
| `user ${data.username.replace(/\n|\r/g, '')} left room ${data.room.replace(/\n|\r/g, '')}`, | |
| ); | |
| socket.leave(data.room); | |
| io.to(data.room).emit('updateUsers'); | |
| }); | |
| socket.on('updateUsers', data => { | |
| var userList = [ | |
| ...new Set( | |
| utils.getSockets(io, data.room).map(s => { | |
| var user = {}; | |
| user.username = s.username; | |
| user.color = s.color; | |
| user.menu = s.menu; | |
| if (s.finding) user.finding = s.finding; | |
| if (s.section) user.section = s.section; | |
| return user; | |
| }), | |
| ), | |
| ]; | |
| io.to(data.room).emit('roomUsers', userList); | |
| }); | |
| socket.on('menu', data => { | |
| socket.menu = data.menu; | |
| data.finding ? (socket.finding = data.finding) : delete socket.finding; | |
| data.section ? (socket.section = data.section) : delete socket.section; | |
| io.to(data.room).emit('updateUsers'); | |
| }); | |
| socket.on('disconnect', () => { | |
| socket.broadcast.emit('updateUsers'); | |
| }); | |
| }); | |
| // CORS | |
| app.use(function (req, res, next) { | |
| res.header('Access-Control-Allow-Origin', req.headers.origin); | |
| res.header('Access-Control-Allow-Methods', 'GET,POST,DELETE,PUT,OPTIONS'); | |
| res.header( | |
| 'Access-Control-Allow-Headers', | |
| 'Origin, X-Requested-With, Content-Type, Accept', | |
| ); | |
| res.header('Access-Control-Expose-Headers', 'Content-Disposition'); | |
| res.header('Access-Control-Allow-Credentials', 'true'); | |
| next(); | |
| }); | |
| // CSP | |
| app.use(function (req, res, next) { | |
| res.header( | |
| 'Content-Security-Policy', | |
| "default-src 'none'; form-action 'none'; base-uri 'self'; frame-ancestors 'none'; sandbox; require-trusted-types-for 'script';", | |
| ); | |
| next(); | |
| }); | |
| app.use(bodyParser.json({ limit: '100mb' })); | |
| app.use( | |
| bodyParser.urlencoded({ | |
| limit: '10mb', | |
| extended: false, // do not need to take care about images, videos -> false: only strings | |
| }), | |
| ); | |
| app.use(cookieParser()); | |
| // Routes import | |
| require('./routes/user')(app); | |
| require('./routes/audit')(app, io); | |
| require('./routes/client')(app); | |
| require('./routes/company')(app); | |
| require('./routes/vulnerability')(app); | |
| require('./routes/template')(app); | |
| require('./routes/vulnerability')(app); | |
| require('./routes/data')(app); | |
| require('./routes/image')(app); | |
| require('./routes/settings')(app); | |
| require('./routes/cwe')(app); | |
| require('./routes/cvss')(app); | |
| require('./routes/check-cwe-update')(app); | |
| require('./routes/update-cwe-model')(app); | |
| app.get('*', function (req, res) { | |
| res.status(404).json({ status: 'error', data: 'Route undefined' }); | |
| }); | |
| // Start server | |
| https.listen(config.port, config.host); | |
| module.exports = app; | |