Next update

femdevs · Mar 18, 2024 · 582a793 · 582a793
1 parent 745a9ab
commit 582a793
Show file tree

Hide file tree

Showing 8 changed files with 113 additions and 6 deletions.
diff --git a/web/api/routes/crypto.js b/web/api/routes/crypto.js
@@ -3,6 +3,7 @@ const CCrypto = require('../../../modules/CCrypto')
 
 router
     .get('/enc', async (req, res) => {
+        if (!req.query) return res.sendError(4)
         const { query: { data } } = req;
         if (!data) return res.sendError(4)
         try {
@@ -12,6 +13,7 @@ router
         }
     })
     .get('/dec', async (req, res) => {
+        if (!req.query) return res.sendError(4)
         const { query: { data } } = req;
         if (!data) return res.sendError(4)
         try {

diff --git a/web/pages/routes/alex.js b/web/pages/routes/alex.js
@@ -4,6 +4,21 @@ router
     .get('/', (_, res) => res.render('pages/alex/index.pug'))
     .get('/cdn/img/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/alex/imgs/${req.params.file}`))
     .get('/cdn/js/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/alex/js/${req.params.file}.js`))
-    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/alex/css/${req.params.file}.css`));
+    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/alex/css/${req.params.file}.css`))
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/pages/routes/ben.js b/web/pages/routes/ben.js
@@ -14,6 +14,21 @@ router
     ))
     .get('/cdn/img/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/ben/imgs/${req.params.file}`))
     .get('/cdn/js/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/ben/js/${req.params.file}.js`))
-    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/ben/css/${req.params.file}.css`));
+    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/ben/css/${req.params.file}.css`))
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/pages/routes/oblong.js b/web/pages/routes/oblong.js
@@ -14,6 +14,21 @@ router
     ))
     .get('/cdn/img/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/oblong/imgs/${req.params.file}`))
     .get('/cdn/js/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/oblong/js/${req.params.file}.js`))
-    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/oblong/css/${req.params.file}.css`));
+    .get('/cdn/css/:file', (req, res) => res.sendFile(`${process.cwd()}/web/pages/assets/oblong/css/${req.params.file}.css`))
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/security/routes/csp.js b/web/security/routes/csp.js
@@ -28,5 +28,20 @@ router
                 break;
         }
     })
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/security/routes/doc.js b/web/security/routes/doc.js
@@ -3,6 +3,21 @@ const router = require('express').Router();
 router
     .post('/new', (req, res) => {
         res.status(204).end();
-    });
+    })
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/security/routes/report.js b/web/security/routes/report.js
@@ -3,6 +3,21 @@ const router = require('express').Router();
 router
     .post('/new', (req, res) => {
         res.status(204).end();
-    });
+    })
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    })
 
 module.exports = router;
diff --git a/web/security/routes/router.js b/web/security/routes/router.js
@@ -7,6 +7,21 @@ const Report = require('./report');
 router
     .use('/doc', Doc)
     .use('/report', Report)
-    .use('/csp', CSP);
+    .use('/csp', CSP)
+    .use((req, res, next) => {
+        const { path } = req;
+        const methodUsed = req.method.toUpperCase();
+        let allowedMethods = router.stack.filter(r => r.route && r.route.path === path)
+        if (allowedMethods.length == 0) return next();
+        allowedMethods.map(r => r.route.stack[0])
+        allowedMethods = { ...allowedMethods[0] }
+        allowedMethods = allowedMethods.route.methods;
+        if (req.method === 'OPTIONS') return res.setHeader('Allow', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).setHeader('Access-Control-Allow-Methods', Object.keys(allowedMethods).map(m => m.toUpperCase()).join(', ')).status(204).send();
+        if (allowedMethods[methodUsed]) return next();
+        res.status(405).render(
+            `misc/405.pug`,
+            req.getErrPage(405, { path, allowedMethods, methodUsed })
+        );
+    });
 
 module.exports = router;