From 9b51fcc5c03add770c30a242a34b3ff29bb5c904 Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Tue, 29 Mar 2022 11:39:07 -0700 Subject: [PATCH] minor updates --- server.js | 6 +-- src/logger.js | 74 ---------------------------------- src/logger/data-sanitizers.js | 25 ++++++++++++ src/logger/index.js | 13 ++++++ src/manager.js | 3 +- src/service.js | 24 ++++++----- src/template/root-html.js | 20 +++++---- static/index.html | 2 +- static/muRL.png | Bin 0 -> 7373 bytes static/theme.css | 4 ++ 10 files changed, 74 insertions(+), 97 deletions(-) delete mode 100644 src/logger.js create mode 100644 src/logger/data-sanitizers.js create mode 100644 src/logger/index.js create mode 100644 static/muRL.png diff --git a/server.js b/server.js index 404a7c5..17302b7 100644 --- a/server.js +++ b/server.js @@ -9,7 +9,7 @@ const Service = require('./src/service'); const { fileScope } = require('./src/common'); const { version } = require('./package.json'); -const _fileScope = fileScope(__filename)('main'); +const _scope = fileScope(__filename)('main'); const PORT = process.env.PORT || 3001; const ADDR = process.env.LISTEN_ADDR || '127.0.0.1'; @@ -32,8 +32,8 @@ http.createServer((req, res) => { service.dispatch(req, res); }).listen(PORT, ADDR, (err) => { if (err) { - logger.error(_fileScope, 'error starting server:', err); + logger.error(_scope, 'error starting server:', err); throw err; } - logger.info(_fileScope, `server (version ${version}) started on ${ADDR}:${PORT}`); + logger.info(_scope, 'server started', { version, listenAddress: ADDR, listenPort: PORT }); }); diff --git a/src/logger.js b/src/logger.js deleted file mode 100644 index 7c8e3cb..0000000 --- a/src/logger.js +++ /dev/null @@ -1,74 +0,0 @@ -'use strict'; - -/** - * Log as JSON to stdout/stderr. - */ - -const common = require('./common'); - -// This is uncomfortable, but is the simplest way to let logging work for BigInts. -// TODO: revisit with better solution -BigInt.prototype.toJSON = function() { - return this.toString(); -} - -// Also uncomfortable -Object.defineProperty(Error.prototype, 'toJSON', { - configurable: true, - value: function () { - const result = {}; - const dupKey = function (key) { - // eslint-disable-next-line security/detect-object-injection - result[key] = this[key]; - }; - Object.getOwnPropertyNames(this).forEach(dupKey, this); - return result; - }, -}); - -const defaultOptions = { - ignoreBelowLevel: 'debug', - backend: console, -}; - -class Logger { - constructor(options = {}) { - common.setOptions(this, defaultOptions, options); - - this.logLevels = [ - 'error', - 'warn', - 'info', - 'log', - 'debug', - ]; - - const ignoreLevelIdx = this.logLevels.indexOf(this.ignoreBelowLevel); - this.logLevels.forEach((level) => { - // eslint-disable-next-line security/detect-object-injection - this[level] = (this.logLevels.indexOf(level) > ignoreLevelIdx) ? - () => {} : - Logger.levelTemplateFn(this.backend, level); - }); - } - - static levelTemplateFn(backend, level) { - return function (...args) { - // eslint-disable-next-line security/detect-object-injection - backend[level](Logger.payload(level, ...args)); - }; - } - - static payload(level, scope, message, data, ...other) { - return JSON.stringify({ - timestamp: Date.now(), - level: level, - scope: scope || '[unknown]', - message: message || '', - data: data || {}, - ...(other.length && { other }), - }); - } -} - -module.exports = Logger; diff --git a/src/logger/data-sanitizers.js b/src/logger/data-sanitizers.js new file mode 100644 index 0000000..a6b444b --- /dev/null +++ b/src/logger/data-sanitizers.js @@ -0,0 +1,25 @@ +'use strict'; + +/** + * Scrub credential from POST login body data. + * @param {Object} data + * @param {Boolean} sanitize + * @returns {Boolean} + */ +function sanitizePostCredential(data, sanitize = true) { + let unclean = false; + + const credentialLength = data && data.ctx && data.ctx.parsedBody && data.ctx.parsedBody.credential && data.ctx.parsedBody.credential.length; + if (credentialLength) { + unclean = true; + } + if (unclean && sanitize) { + data.ctx.parsedBody.credential = '*'.repeat(credentialLength); + } + + return unclean; +} + +module.exports = { + sanitizePostCredential, +}; \ No newline at end of file diff --git a/src/logger/index.js b/src/logger/index.js new file mode 100644 index 0000000..7944cf6 --- /dev/null +++ b/src/logger/index.js @@ -0,0 +1,13 @@ +'use strict'; + +const BaseLogger = require('@squeep/logger-json-console'); +const dataSanitizers = require('./data-sanitizers'); + +class Logger extends BaseLogger { + constructor(options, ...args) { + super(options, ...args); + Array.prototype.push.apply(this.dataSanitizers, Object.values(dataSanitizers)); + } +} + +module.exports = Logger; \ No newline at end of file diff --git a/src/manager.js b/src/manager.js index a5035cd..a46db55 100644 --- a/src/manager.js +++ b/src/manager.js @@ -11,6 +11,7 @@ const _fileScope = common.fileScope(__filename); const defaultOptions = { pageTitle: require('../package.json').name, + logoUrl: '/static/muRL.png', selfBaseUrl: '', staticDirectory: '/static/', }; @@ -44,7 +45,7 @@ class Manager { case Enum.ContentType.TextHTML: default: - return Template.rootHTML(ctx, this.pageTitle); + return Template.rootHTML(ctx, this.pageTitle, this.logoUrl); } } diff --git a/src/service.js b/src/service.js index 1b09d2d..97ed85e 100644 --- a/src/service.js +++ b/src/service.js @@ -68,13 +68,13 @@ class Service extends Dingus { * @param {string} contentType * @param {object} ctx */ - parseBody(contentType, ctx) { + parseBody(contentType, ctx, rawBody) { // eslint-disable-next-line sonarjs/no-small-switch switch (contentType) { // Handle any additional content types here default: - super.parseBody(contentType, ctx); + super.parseBody(contentType, ctx, rawBody); } } @@ -107,10 +107,12 @@ class Service extends Dingus { */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.ingestBody(req, res, ctx); + await this.ingestBody(req, res, ctx, { + maximumBodySize: 1024 * 8, + }); await this._postRootAuth(req, res, ctx); await this.manager.postRoot(res, ctx); @@ -127,7 +129,7 @@ class Service extends Dingus { const responseTypes = [ Enum.ContentType.TextHTML, ]; - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); @@ -146,7 +148,7 @@ class Service extends Dingus { */ async handlerGetId(req, res, ctx) { const _scope = _fileScope('handlerGetId'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); @@ -172,7 +174,7 @@ class Service extends Dingus { */ async handlerDeleteId(req, res, ctx) { const _scope = _fileScope('handlerDeleteId'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); await this.authenticator.required(req, res, ctx); @@ -188,7 +190,7 @@ class Service extends Dingus { */ async handlerPutId(req, res, ctx) { const _scope = _fileScope('handlerPutId'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); await this.ingestBody(req, res, ctx); @@ -205,7 +207,7 @@ class Service extends Dingus { */ async handlerGetIdInfo(req, res, ctx) { const _scope = _fileScope('handlerGetIdInfo'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); @@ -223,7 +225,7 @@ class Service extends Dingus { */ async handlerGetStatic(req, res, ctx) { const _scope = _fileScope('handlerGetStatic'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); @@ -242,7 +244,7 @@ class Service extends Dingus { */ async handlerGetAdminReport(req, res, ctx) { const _scope = _fileScope('handlerAdminReport'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); diff --git a/src/template/root-html.js b/src/template/root-html.js index 65e34c7..c7550c5 100644 --- a/src/template/root-html.js +++ b/src/template/root-html.js @@ -1,6 +1,7 @@ 'use strict'; -module.exports = (ctx, pageTitle) => { +module.exports = (ctx, pageTitle, logoUrl) => { + const logoImg = logoUrl ? `` : ''; return ` @@ -10,21 +11,26 @@ module.exports = (ctx, pageTitle) => { - + });`) + ` +
-

${pageTitle}

+

${logoImg}${pageTitle}

` + (!ctx.createdLink ? '' : `
diff --git a/static/index.html b/static/index.html index f1c14e1..9437f20 100644 --- a/static/index.html +++ b/static/index.html @@ -3,7 +3,7 @@ Static Assets - +
diff --git a/static/muRL.png b/static/muRL.png new file mode 100644 index 0000000000000000000000000000000000000000..49752f13cb95ea7b9aa4c86072ddb2e8c3e267de GIT binary patch literal 7373 zcmd5=^;gti6aFmSE!`j>($d}C4T6-kODG7Ei?k>yEiJWlNXOD3(#--Z-JlXn^X~V* zc+Z)8XMVbK?#$eIp1HC5x@v@Yw0Hmj5NfC^8=^GizlDQ^+WTbfMo|jaOWoof0N|7V zw?IJFH);UD({oi)(${zK^znS>;_1b#p`^s@_14qL^^GF{_%G)eIU5`8Q_3LM&K0#{ zAYZjS4WHmJ8!E;@D3Un1S#U`-V^|87o*49ys;FSl4d=(8$HzlHKQZ7T_=LBJy~R=( zA6^vm>F4cwV3GTL2XbfZ;m3mPZsl1{!vr=AhagS;g@Fi!pj?rW^mq7B|KR!-pL`e| zyB9!$)9{+*-8~x!xC)V$e$EQR?gBvmGx#_FOeY&AKp*``e4v_D;1wnE$IE;XN48V5O!G06a=LKvzLw9BXNX}JeAP9K*mE{R2KM7zacZ^X6 zT%>@?3DZw1fVlub;iT0s0W9(Y0vcvc>OgHX02?R4uLp1l00D!T$Y%gXAYePp#^w)1 zWC9eb|IDQSKCdR(zvLIkLFlLZAP@s?RTpkHcnl9>CzHjn`D zuidj}mJ0_R;u5|-;rDndcdwTJ6o5EsBzptED`j>*A}CV6^&42@9$M4QN()ztUQA-%)lio#fylq*QA9= z#*6sI4kx#Vt0N2-Ltz+)+>T{A24w%qoGl)QDl_tmrAHluERLOdB!VYH65lAvOcw$`)~y*>8A zVWQ3tgDgx1hAWEUr^sx_sGx4HZLYhhUdBw%E=;V zBp7Y3&cilOmO#!=5*VY@FUC$5t0ctPnuw-R_uY7!Y+7~N!;o#Cr#xF&ot7C& z8tPo;X)O0W#Ns{{%c4)aPfzK)L4KXhX2&2iz5`8zKM#vLVMUa0m`FcI-Plsld+zp( zdxrKn8EAQdgwhMm7iJBHXJ4J-H!;$;j<`1KDI%u`Yz6l-#4;FD?ajZVI+@ zwx@D#9;og+N$E@pZVUc$FM~}Oy+l;OV95~juJJ8}q^aau*7&y*x!{5Gw0(YO^9hoP z#TT1RKO(a4ol90QwV#Bc6${N#L^uvCkc1FtY11-_?+LW@I)cuW7Ws)o+=iX;iJSV7UXWmc+$8l zQKWvz-uxuC-Hu&cUkCwbWOSrilw7=5j5+O;V7iFk)QZwOgz}AYn(|tsM zw=9&;O?p|ZO}I^Nkk85D*PMBdxyBnUdI>)6YEh3jU5LBmv*?YS4gAeOsto>NYp)Ll zUT0SRDbcBzMI|e4M%{nv z+&TftM@bzbAJ_+86!UDiMsSuVc4!l7uVzc;Qf9qp1`EkZb_#|kCnb6-LRoZDnw$@u zcbwjjRys!3KMZ)pHS;s3Vvo2tBvxWt@ZvQomh2f@axHLU*E>6!IdzZ4{**|o$bCL` z{Hx(7JW=f1Y2M>8Sufdoa#L}XmKiUD`A%o0n?${|_XjxM<`c~4QKndx(k-8wxWRLJ z6~|`j)ghf60XptsuX=ud?D+w5Kg2h|+l~xATv<4_)-&g~K>V<~iOQjqeG>brngULh z{v>pfYsG(?F52^Fcjn61#`22(*4GnG(@y(4YrMHHiPE6yJLyCogiFhfgb35d-MGn%Qn4VvQzU1YXNs^a3}Wkweu{%6FGpqKv1rRyyd(fA8lXq z<2IU=6Kbu-nLt;gSPdp@DBoHfMCS)dzMiE9G z=8DToNNmWxz2CnpRhoD`!I4Y#Q1~!fO-0Ecay56jFg}$rRgnHKJ*68QRD6E`JEWi>>?+j4 z!u2(Zz!m#7jS5R2g%}Mp3xn5WV{vAbq6RHZ>5SdcV!gdu)6$G3Y-fv3l- zrOoZ0em@kSBM`shk5+?`tDU=k6Eete?xY$GpZ|ZTMvJ57S?yJm8bL{b^S5G#+z?=3PtxufTO&Z-! z)GbZYEfo|wM3XObB%CBfdD(tTa~;G8)YjLdsTeG3C9@CL6Ii5?;zioRMR`U)x@K{u zYHGWn4)e9Xy!R6S_3G{-&CzbdVWFpz}d9XEcn_F?Ye z@ZUcnwhTuLu5{FdV`5U^O6z0ojP#sE8kR>`@kJY!H+pNyi{T)ez+W|=iuzOWzls3E z6WMX0P*&P6tdwyqWU=ze>>Q9cqH)IDm@~rYu9@aMSk?;#TzJ`aP2kPnV`g@D*y$U@ zj{-ElM!`e`hYt6$GvtY83CDhFx=?{D?YQcu1G}?N;0)ew!6qXXyl1tc-QV8QfP}! zWAmHk7GfvP2^l4^sFVlE+7zdaNYX5(X%ri(m(J{+o<Yg>!4o}+Ge-9NWeTwunV8z&f4sizvrcVhH5(Zu# zOGUd6Bc1~Pni@bKPbh_T98@!iZ$Rd+a~eV7fY;6N6cgx*6mVV0X+Fx$@M`0BRT=ut%t_f4W9Dh1}d~c=B&`%mQui za_BU;&8#HQV{Lzyw{|L1B(P?`|aDq$;zLrMLnSQ zVP^HCGffL7EFGv65$L+=`nfjJ3<~zU0{<={g-9xO1lnsP=X2p1n>g~XEv;V!7(CBL zHX0;Y@RCWNO(Vp!N;2ztviqp&!LxbSU#19s%+n3HKLfyrU~PlfVn+uWrI#38Ly zmvPjw9Dvb`aKF8vOBR+z+LSJW?wCY$0OuT!ivmxi3-j&1+frU#!guF8c3Unp{8e zcZ3*gnmRl5vw~)#>GH|!Q966GNH+4E}!mZduN~DCj&}2Vwvev6sWd+Dy^ANXt}7>(>9)IaD=uCgDW) z=~G~$f(>@2#xi;Q%Z5CvzOvN_>WaE)1}I|FxP>>P5r$gwRUkK#0$O%%%k3|D%(s4S zB%<*5?R;*GsBSnZ{AK&kfW2TD^po6mduaA|grE+2ta2|hpzuK}w-`D*hG9-+U8FjR z71osCBK-3`bx!>r-47XIVGNy_#pN0(_nO>8xCZdI^fZv4XH=0p6)JYi!1_lRLc#qP zsK~~ZXVV3^Nul~&vo6H+E;(ORi%gDF$aU>aW`BH z)pA)fwKtBI8ZMl=RU&d(*|~gE=oS-zG1UdMnjihpl4DPE_=R-9m;6IXkK2uI(+|(O zA6t=v>viUv2fdrW zE4z;|Do?eF$qdUW#&e{ab)`tx^Kt{A0UFY8OCEAq=8N-kQ zYZ7dEnN}#1ARr*XoRVnuFkSO0I~gtyKff8S+&icBt8&kvQ*rLDki_FPJcIl6Hs4E6 zcS8NqCN9c2lxPn}*~u^XHnII357ND&C4HNV^C)8c_KeT(@Cdt2jyK3AW;6;$ zx3?X6czNwUd}uuo7<^bK2?)J7I1D|GmpNs|dW8m)FisY*!K{`4ELZVzNVC-tN1xvp zx&|^!MmFQa8kB#Z0ep#>c_970`K9ivbfEinG73v_KXNv&wZABfY(Bb$>2NZIzW-)+ zyBNV$Y>u`(iKdVka!mO0r2tkF?r)87e)}on0Hb2(QqN{J;3TKK+z{cub@H^}L^J_uk4~&A3|hZFwYK0}`*)hC+d{mV)c|!VB??WPfR` zy1D2BZQnNH^8T@Hb_E3-xPie{+#S5&s6Vd1tQUNhSxEug5Pyy2+9#TGIurC>O%0U) zC5HlU*s0-7hchwbLAoUGojQB3(C4BluEE?ZrZo47(rA3%Nec=*OiJwaKRYlC7ghbc zUt$E|DhMBI>|quP$y>48bG_%5usBOg+viD3_}oEys|AO}`Mtz9oBr!FFT#ZXU9PLy zWNb0;HZmeiKju-EVaoB=nrPT&aeNvmL>{}NxkH#~L|?7XEVfr4w%jM}a)SE1gHHp^ zk8)IZn#h)?(5%hh`w7%y;V1&!=L}NsZHM9+DrcATg7*;?g^sOOPJ`-v>1R?T({q-# zZ0aP+ap&jf`K6_tUfGS~3R>~``dnKt+nrE=f3ow~{ccy6fRNB`cRYuho<72k`f4UR zbU4C>hZ5BalhoN0Q8MxxjWg1)8#KoMy&cbb!SzRCNicp;)yMaZFyFj~;UZ)FKWe{R zEIX?Yc`m-;jSCRGS00BWnNz?nE;vd`N@2M26-m`>sufxQZpy3C?uCVgA&d>3y7ApJ zb#}6rplhM}r8hH6FyrC##Sc7`;dazVI8^#0!c9E*X^skM+ffprPldCUif@m?MyBY9 zQ2(wdzO&so@TxEMa~~Lx#bjn8iq_%Qwn(cOmd90V9;oMOXmUY-;Y72@uCA_8yl?S-z384=1jEj8b9BB<$Q%ia_+AoDDOh9#66Mi>pBc0#JfjNo>1dT1KFE)3j zaI-AZQADy~`H4!8^V(drTCU#X$$tz4R9WGBb{>4HB9z(R+l$6$-G*TsY_B?5#ccBE zqfgi;&rW6+E%t1bcN9+>0+^`t4DrbIxPykg-CX?EJh6%(~_X8X)tQoDA30# zHjFJcnW;ahJ}lJdVop-OVl20O*>bLUbWpLjG~Dvfs@V?=KIUt4LXUae%tQ1KoARaC zH8n-O7K$BB=f5Qzuh9YgFt7I09F`JLjQ5tdINlq4+Py7y!W8^4i;!xpfkI79n4G_) z+&o^~=&m-GxT1!NdQHABccSN6+8p7<#l`dKK!D3fT92<)1NNll#-C`!g?}s)8((oU z2Hq5-;MPyn9UV1Op%}zqP}ZDQBvWH$!1ItWQrkyV#=1E8O_E2xYusu&FrG^QjbyY{ zkBGg9uX#?3I2iN5Mf}^dNM<)&IpocBXzsU=ou^(Z$=PA0_Bec2Ef5p~NP8~f@+5gb z6MfuMMqE+^RkEHNxX+{>ubSoZK#;TDi9X>mSmw`c+-GH2F53i%*~++b3#z5-GyXi( zY33EZrD6ES2mfein>#_?7+pG!Mc!jM=J-M$;BH6i>>?Q3-)U_>UA9QG1q6{$&z z?|B<^vMycfJukx#D@t;|=p;8Me1ksgAJfx(0Hzo3aW;^UZ&k)}2qQ?0()^IhGfySw z@r3B1+hbyoE+UX)uV4~W5i8%2#V2Q}G4*DR6z%F4SBL>0`8r2T?L^Vr#N?bZ7J>7T?tKp=leW&Zt}sRN_PRs3-|V%uJ>rV?HFZ967z!4x5i=kNW*n)tXQ~c>bjzSj(0iCvnWlfQw=>awHy&P5~l`nT#1h z$jpqxTw9e6Y18Yx3^Y`24>Sy`QUPuV!W4{IeY?XiNTtG#-(Zj#O9V>iRV5>Je3nv# zFg}v!zv{0_b;*)XC;iXbM_EXewN)|ak_DqwQ1`#CeshNaob3PFQA}{6{(t~LLq%7) JTG967{{SM8*v0?= literal 0 HcmV?d00001 diff --git a/static/theme.css b/static/theme.css index a0de35d..f880e72 100644 --- a/static/theme.css +++ b/static/theme.css @@ -7,6 +7,10 @@ body { header { background: linear-gradient(0deg, rgba(255,255,255,0) 0%, rgb(160, 82, 45) 100%); } +.logo { + vertical-align: bottom; + height: 2em; +} h1 { margin: 0; padding: 2em 1em .5em 1em; -- 2.43.2