Commit 2308331b authored by Aral Balkan's avatar Aral Balkan
Browse files

Added helmet to harden the security a bit. Removed some log statements.

parent 0b127449
......@@ -3,9 +3,13 @@ multer = require 'multer'
fs = require 'fs'
uuid = require 'node-uuid'
shorthash = require 'shorthash'
helmet = require 'helmet'
app = express()
# Enable helmet security library with default settings.
app.use(helmet())
#
# Read the video file. We can by synchronous here since we’re
# just doing this when the server first starts and then caching this
......@@ -36,17 +40,17 @@ app.use '/upload', multer {
# and isn’t intimidating when the user sees the URL for sharing.
#
uniqueName = uuid.v4() + '-' + Date.now()
console.log 'Unique name = ' + uniqueName
# console.log 'Unique name = ' + uniqueName
shortUniqueName = shorthash.unique(uniqueName)
console.log 'Short unique name = ' + shortUniqueName
# console.log 'Short unique name = ' + shortUniqueName
return shortUniqueName
onFileUploadStart: (file) ->
#
# Run a few security checks before file upload starts.
#
console.log file.fieldname + ' is about to start uploading…'
console.log file
# console.log file.fieldname + ' is about to start uploading…'
# console.log file
fieldnameIsWrong = (file.fieldname != 'video-message')
mimetypeIsWrong = (/^video.*/.test(file.mimetype) == false)
......@@ -73,14 +77,14 @@ app.get '/video/:videoName', (request, response) ->
#
# Display a video page.
#
console.log 'About to display video: ' + request.params.videoName
# console.log 'About to display video: ' + request.params.videoName
# For dev — remove from production.
videoTemplate = (fs.readFileSync 'templates/video.html').toString()
videoHTML = videoTemplate.replace /\{\{VIDEO\}\}/g, request.params.videoName
console.log videoHTML
# console.log videoHTML
response.send videoHTML
......@@ -88,7 +92,7 @@ app.get '/video/:videoName', (request, response) ->
# Upload route.
#
app.post '/upload', (request, response) ->
console.log 'POST /upload called.'
# console.log 'POST /upload called.'
console.dir(request.files)
# The URL of the video is the file name portion of the video name
......
......@@ -10,14 +10,15 @@
"author": "Aral Balkan",
"license": "GPL-3.0",
"dependencies": {
"coffee-script": "^1.8.0",
"express": "^4.9.7",
"helmet": "^0.4.2",
"moment": "^2.8.3",
"multer": "^0.1.6",
"node-uuid": "^1.4.1",
"shorthash": "0.0.2",
"coffee-script": "^1.8.0"
"shorthash": "0.0.2"
},
"engines": {
"node": "0.11.x"
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment