VersaWhiteboard/scripts/server-backend.js

const path = require("path");

const config = require("./config/config");
const ReadOnlyBackendService = require("./services/ReadOnlyBackendService");
const WhiteboardInfoBackendService = require("./services/WhiteboardInfoBackendService");

function startBackendServer(port) {
    var fs = require("fs-extra");
    var express = require("express");
    var formidable = require("formidable"); //form upload processing

    const createDOMPurify = require("dompurify"); //Prevent xss
    const { JSDOM } = require("jsdom");
    const window = new JSDOM("").window;
    const DOMPurify = createDOMPurify(window);

    const { createClient } = require("webdav");

    var s_whiteboard = require("./s_whiteboard.js");

    var app = express();
    app.use(express.static(path.join(__dirname, "..", "dist")));
    app.use("/uploads", express.static(path.join(__dirname, "..", "public", "uploads")));
    var server = require("http").Server(app);
    server.listen(port);
    var io = require("socket.io")(server, { path: "/ws-api" });
    WhiteboardInfoBackendService.start(io);

    console.log("Webserver & socketserver running on port:" + port);

    const { accessToken, enableWebdav } = config.backend;

    app.get("/api/loadwhiteboard", function (req, res) {
        const wid = req["query"]["wid"];
        const at = req["query"]["at"]; //accesstoken
        if (accessToken === "" || accessToken == at) {
            const widForData = ReadOnlyBackendService.isReadOnly(wid)
                ? ReadOnlyBackendService.getIdFromReadOnlyId(wid)
                : wid;
            const ret = s_whiteboard.loadStoredData(widForData);
            res.send(ret);
            res.end();
        } else {
            res.status(401); //Unauthorized
            res.end();
        }
    });

    app.post("/api/upload", function (req, res) {
        //File upload
        var form = new formidable.IncomingForm(); //Receive form
        var formData = {
            files: {},
            fields: {},
        };

        form.on("file", function (name, file) {
            formData["files"][file.name] = file;
        });

        form.on("field", function (name, value) {
            formData["fields"][name] = value;
        });

        form.on("error", function (err) {
            console.log("File uplaod Error!");
        });

        form.on("end", function () {
            if (accessToken === "" || accessToken == formData["fields"]["at"]) {
                progressUploadFormData(formData, function (err) {
                    if (err) {
                        if (err == "403") {
                            res.status(403);
                        } else {
                            res.status(500);
                        }
                        res.end();
                    } else {
                        res.send("done");
                    }
                });
            } else {
                res.status(401); //Unauthorized
                res.end();
            }
            //End file upload
        });
        form.parse(req);
    });

    function progressUploadFormData(formData, callback) {
        console.log("Progress new Form Data");
        const fields = escapeAllContentStrings(formData.fields);
        const wid = fields["whiteboardId"];
        if (ReadOnlyBackendService.isReadOnly(wid)) return;

        const readOnlyWid = ReadOnlyBackendService.getReadOnlyId(wid);

        const name = fields["name"] || "";
        const date = fields["date"] || +new Date();
        const filename = `${readOnlyWid}_${date}.png`;
        let webdavaccess = fields["webdavaccess"] || false;
        try {
            webdavaccess = JSON.parse(webdavaccess);
        } catch (e) {
            webdavaccess = false;
        }

        const savingDir = path.join("./public/uploads", readOnlyWid);
        fs.ensureDir(savingDir, function (err) {
            if (err) {
                console.log("Could not create upload folder!", err);
                return;
            }
            let imagedata = fields["imagedata"];
            if (imagedata && imagedata != "") {
                //Save from base64 data
                imagedata = imagedata
                    .replace(/^data:image\/png;base64,/, "")
                    .replace(/^data:image\/jpeg;base64,/, "");
                console.log(filename, "uploaded");
                const savingPath = path.join(savingDir, filename);
                fs.writeFile(savingPath, imagedata, "base64", function (err) {
                    if (err) {
                        console.log("error", err);
                        callback(err);
                    } else {
                        if (webdavaccess) {
                            //Save image to webdav
                            if (enableWebdav) {
                                saveImageToWebdav(savingPath, filename, webdavaccess, function (
                                    err
                                ) {
                                    if (err) {
                                        console.log("error", err);
                                        callback(err);
                                    } else {
                                        callback();
                                    }
                                });
                            } else {
                                callback("Webdav is not enabled on the server!");
                            }
                        } else {
                            callback();
                        }
                    }
                });
            } else {
                callback("no imagedata!");
                console.log("No image Data found for this upload!", name);
            }
        });
    }

    function saveImageToWebdav(imagepath, filename, webdavaccess, callback) {
        if (webdavaccess) {
            const webdavserver = webdavaccess["webdavserver"] || "";
            const webdavpath = webdavaccess["webdavpath"] || "/";
            const webdavusername = webdavaccess["webdavusername"] || "";
            const webdavpassword = webdavaccess["webdavpassword"] || "";

            const client = createClient(webdavserver, {
                username: webdavusername,
                password: webdavpassword,
            });
            client
                .getDirectoryContents(webdavpath)
                .then((items) => {
                    const cloudpath = webdavpath + "" + filename;
                    console.log("webdav saving to:", cloudpath);
                    fs.createReadStream(imagepath).pipe(client.createWriteStream(cloudpath));
                    callback();
                })
                .catch((error) => {
                    callback("403");
                    console.log("Could not connect to webdav!");
                });
        } else {
            callback("Error: no access data!");
        }
    }

    io.on("connection", function (socket) {
        let whiteboardId = null;
        socket.on("disconnect", function () {
            WhiteboardInfoBackendService.leave(socket.id, whiteboardId);
            socket.compress(false).broadcast.to(whiteboardId).emit("refreshUserBadges", null); //Removes old user Badges
        });

        socket.on("drawToWhiteboard", function (content) {
            if (!whiteboardId || ReadOnlyBackendService.isReadOnly(whiteboardId)) return;

            content = escapeAllContentStrings(content);
            if (accessToken === "" || accessToken == content["at"]) {
                const broadcastTo = (wid) =>
                    socket.compress(false).broadcast.to(wid).emit("drawToWhiteboard", content);
                // broadcast to current whiteboard
                broadcastTo(whiteboardId);
                // broadcast the same content to the associated read-only whiteboard
                const readOnlyId = ReadOnlyBackendService.getReadOnlyId(whiteboardId);
                broadcastTo(readOnlyId);
                s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server
            } else {
                socket.emit("wrongAccessToken", true);
            }
        });

        socket.on("joinWhiteboard", function (content) {
            content = escapeAllContentStrings(content);
            if (accessToken === "" || accessToken == content["at"]) {
                whiteboardId = content["wid"];

                socket.emit("whiteboardConfig", {
                    common: config.frontend,
                    whiteboardSpecific: {
                        correspondingReadOnlyWid: ReadOnlyBackendService.getReadOnlyId(
                            whiteboardId
                        ),
                        isReadOnly: ReadOnlyBackendService.isReadOnly(whiteboardId),
                    },
                });

                socket.join(whiteboardId); //Joins room name=wid
                const screenResolution = content["windowWidthHeight"];
                WhiteboardInfoBackendService.join(socket.id, whiteboardId, screenResolution);
            } else {
                socket.emit("wrongAccessToken", true);
            }
        });

        socket.on("updateScreenResolution", function (content) {
            content = escapeAllContentStrings(content);
            if (accessToken === "" || accessToken == content["at"]) {
                const screenResolution = content["windowWidthHeight"];
                WhiteboardInfoBackendService.setScreenResolution(
                    socket.id,
                    whiteboardId,
                    screenResolution
                );
            }
        });
    });

    //Prevent cross site scripting (xss)
    function escapeAllContentStrings(content, cnt) {
        if (!cnt) cnt = 0;

        if (typeof content === "string") {
            return DOMPurify.sanitize(content);
        }
        for (var i in content) {
            if (typeof content[i] === "string") {
                content[i] = DOMPurify.sanitize(content[i]);
            }
            if (typeof content[i] === "object" && cnt < 10) {
                content[i] = escapeAllContentStrings(content[i], ++cnt);
            }
        }
        return content;
    }

    process.on("unhandledRejection", (error) => {
        // Will print "unhandledRejection err is not defined"
        console.log("unhandledRejection", error.message);
    });
}

module.exports = startBackendServer;
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`const path = require("path");`
basic whiteboard with no btns 2018-02-08 17:45:07 +01:00
refacto(backend): regrouped config related handling 2020-05-11 14:18:59 +02:00			`const config = require("./config/config");`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`const ReadOnlyBackendService = require("./services/ReadOnlyBackendService");`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`const WhiteboardInfoBackendService = require("./services/WhiteboardInfoBackendService");`
feat: 'new websocket' to share whiteboard info * share whiteboard info only on change and at specific frequency * front update to track nb user connected 2020-05-10 15:34:19 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`function startBackendServer(port) {`
			`var fs = require("fs-extra");`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`var express = require("express");`
			`var formidable = require("formidable"); //form upload processing`

			`const createDOMPurify = require("dompurify"); //Prevent xss`
			`const { JSDOM } = require("jsdom");`
			`const window = new JSDOM("").window;`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`const DOMPurify = createDOMPurify(window);`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`const { createClient } = require("webdav");`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`var s_whiteboard = require("./s_whiteboard.js");`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`var app = express();`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`app.use(express.static(path.join(__dirname, "..", "dist")));`
			`app.use("/uploads", express.static(path.join(__dirname, "..", "public", "uploads")));`
			`var server = require("http").Server(app);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`server.listen(port);`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`var io = require("socket.io")(server, { path: "/ws-api" });`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`WhiteboardInfoBackendService.start(io);`

refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`console.log("Webserver & socketserver running on port:" + port);`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
feat(config): cleaned & doc 2020-05-11 16:00:45 +02:00			`const { accessToken, enableWebdav } = config.backend;`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`app.get("/api/loadwhiteboard", function (req, res) {`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`const wid = req["query"]["wid"];`
			`const at = req["query"]["at"]; //accesstoken`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`if (accessToken === "" \|\| accessToken == at) {`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`const widForData = ReadOnlyBackendService.isReadOnly(wid)`
			`? ReadOnlyBackendService.getIdFromReadOnlyId(wid)`
			`: wid;`
			`const ret = s_whiteboard.loadStoredData(widForData);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`res.send(ret);`
			`res.end();`
add accessToken function to client and server 2019-02-11 12:43:23 +01:00			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`res.status(401); //Unauthorized`
add accessToken function to client and server 2019-02-11 12:43:23 +01:00			`res.end();`
			`}`
fix drag and drop functions 2018-02-08 23:16:28 +01:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`app.post("/api/upload", function (req, res) {`
			`//File upload`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`var form = new formidable.IncomingForm(); //Receive form`
			`var formData = {`
			`files: {},`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`fields: {},`
			`};`

			`form.on("file", function (name, file) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`formData["files"][file.name] = file;`
			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`form.on("field", function (name, value) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`formData["fields"][name] = value;`
			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`form.on("error", function (err) {`
			`console.log("File uplaod Error!");`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`form.on("end", function () {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`if (accessToken === "" \|\| accessToken == formData["fields"]["at"]) {`
			`progressUploadFormData(formData, function (err) {`
			`if (err) {`
			`if (err == "403") {`
			`res.status(403);`
first version of webdav save 2019-07-01 13:15:11 +02:00			`} else {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`res.status(500);`
first version of webdav save 2019-07-01 13:15:11 +02:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`res.end();`
first version of webdav save 2019-07-01 13:15:11 +02:00			`} else {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`res.send("done");`
first version of webdav save 2019-07-01 13:15:11 +02:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`});`
			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`res.status(401); //Unauthorized`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`res.end();`
first version of webdav save 2019-07-01 13:15:11 +02:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`//End file upload`
first version of webdav save 2019-07-01 13:15:11 +02:00			`});`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`form.parse(req);`
add user and whiteboard by get parameters and fix bugs 2018-02-08 23:38:41 +01:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`function progressUploadFormData(formData, callback) {`
			`console.log("Progress new Form Data");`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`const fields = escapeAllContentStrings(formData.fields);`
			`const wid = fields["whiteboardId"];`
			`if (ReadOnlyBackendService.isReadOnly(wid)) return;`

			`const readOnlyWid = ReadOnlyBackendService.getReadOnlyId(wid);`

			`const name = fields["name"] \|\| "";`
			`const date = fields["date"] \|\| +new Date();`
			const filename = `${readOnlyWid}_${date}.png`;
			`let webdavaccess = fields["webdavaccess"] \|\| false;`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`try {`
			`webdavaccess = JSON.parse(webdavaccess);`
			`} catch (e) {`
			`webdavaccess = false;`
replace own xss prevention with DOMPurify 2019-03-12 11:41:04 +01:00			`}`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00
			`const savingDir = path.join("./public/uploads", readOnlyWid);`
			`fs.ensureDir(savingDir, function (err) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`if (err) {`
			`console.log("Could not create upload folder!", err);`
			`return;`
			`}`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`let imagedata = fields["imagedata"];`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`if (imagedata && imagedata != "") {`
			`//Save from base64 data`
			`imagedata = imagedata`
			`.replace(/^data:image\/png;base64,/, "")`
			`.replace(/^data:image\/jpeg;base64,/, "");`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`console.log(filename, "uploaded");`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`const savingPath = path.join(savingDir, filename);`
			`fs.writeFile(savingPath, imagedata, "base64", function (err) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`if (err) {`
			`console.log("error", err);`
			`callback(err);`
			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`if (webdavaccess) {`
			`//Save image to webdav`
feat(config): cleaned & doc 2020-05-11 16:00:45 +02:00			`if (enableWebdav) {`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`saveImageToWebdav(savingPath, filename, webdavaccess, function (`
			`err`
			`) {`
			`if (err) {`
			`console.log("error", err);`
			`callback(err);`
			`} else {`
			`callback();`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`}`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`});`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`} else {`
			`callback("Webdav is not enabled on the server!");`
			`}`
			`} else {`
			`callback();`
			`}`
			`}`
			`});`
			`} else {`
			`callback("no imagedata!");`
			`console.log("No image Data found for this upload!", name);`
			`}`
			`});`
			`}`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`function saveImageToWebdav(imagepath, filename, webdavaccess, callback) {`
			`if (webdavaccess) {`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`const webdavserver = webdavaccess["webdavserver"] \|\| "";`
			`const webdavpath = webdavaccess["webdavpath"] \|\| "/";`
			`const webdavusername = webdavaccess["webdavusername"] \|\| "";`
			`const webdavpassword = webdavaccess["webdavpassword"] \|\| "";`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`const client = createClient(webdavserver, {`
			`username: webdavusername,`
			`password: webdavpassword,`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`client`
			`.getDirectoryContents(webdavpath)`
			`.then((items) => {`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`const cloudpath = webdavpath + "" + filename;`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`console.log("webdav saving to:", cloudpath);`
			`fs.createReadStream(imagepath).pipe(client.createWriteStream(cloudpath));`
			`callback();`
			`})`
			`.catch((error) => {`
			`callback("403");`
			`console.log("Could not connect to webdav!");`
			`});`
add accessToken function to client and server 2019-02-11 12:43:23 +01:00			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`callback("Error: no access data!");`
add accessToken function to client and server 2019-02-11 12:43:23 +01:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`}`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`io.on("connection", function (socket) {`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`let whiteboardId = null;`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`socket.on("disconnect", function () {`
feat(backend): sync whiteboard info for readonly and non-readonly whiteboards 2020-05-12 22:59:15 +02:00			`WhiteboardInfoBackendService.leave(socket.id, whiteboardId);`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`socket.compress(false).broadcast.to(whiteboardId).emit("refreshUserBadges", null); //Removes old user Badges`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`socket.on("drawToWhiteboard", function (content) {`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`if (!whiteboardId \|\| ReadOnlyBackendService.isReadOnly(whiteboardId)) return;`

refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`content = escapeAllContentStrings(content);`
			`if (accessToken === "" \|\| accessToken == content["at"]) {`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`const broadcastTo = (wid) =>`
			`socket.compress(false).broadcast.to(wid).emit("drawToWhiteboard", content);`
			`// broadcast to current whiteboard`
			`broadcastTo(whiteboardId);`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`// broadcast the same content to the associated read-only whiteboard`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`const readOnlyId = ReadOnlyBackendService.getReadOnlyId(whiteboardId);`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`broadcastTo(readOnlyId);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server`
			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`socket.emit("wrongAccessToken", true);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`}`
			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`socket.on("joinWhiteboard", function (content) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`content = escapeAllContentStrings(content);`
			`if (accessToken === "" \|\| accessToken == content["at"]) {`
			`whiteboardId = content["wid"];`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00
			`socket.emit("whiteboardConfig", {`
			`common: config.frontend,`
			`whiteboardSpecific: {`
feat: restored image upload * only use readonly id when storing image to prevent leaking of the editable id 2020-05-12 21:55:43 +02:00			`correspondingReadOnlyWid: ReadOnlyBackendService.getReadOnlyId(`
			`whiteboardId`
			`),`
feat(backend): main handling of readonly sharing * Saving works as before * Don't broadcast drawevents from readonly whiteboard (prevents malicious use) 2020-05-12 21:32:46 +02:00			`isReadOnly: ReadOnlyBackendService.isReadOnly(whiteboardId),`
			`},`
			`});`

refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`socket.join(whiteboardId); //Joins room name=wid`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`const screenResolution = content["windowWidthHeight"];`
			`WhiteboardInfoBackendService.join(socket.id, whiteboardId, screenResolution);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`} else {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`socket.emit("wrongAccessToken", true);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`}`
			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`socket.on("updateScreenResolution", function (content) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`content = escapeAllContentStrings(content);`
refacto: handling of smallest screen size as a whiteboard info * Also started a bit of config handling cleaning 2020-05-10 16:43:11 +02:00			`if (accessToken === "" \|\| accessToken == content["at"]) {`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`const screenResolution = content["windowWidthHeight"];`
			`WhiteboardInfoBackendService.setScreenResolution(`
refacto: handling of smallest screen size as a whiteboard info * Also started a bit of config handling cleaning 2020-05-10 16:43:11 +02:00			`socket.id,`
refacto(backend): new backend WhiteboardInfoBackendService * WhiteboardInfo set private inside this module 2020-05-12 22:33:33 +02:00			`whiteboardId,`
			`screenResolution`
refacto: handling of smallest screen size as a whiteboard info * Also started a bit of config handling cleaning 2020-05-10 16:43:11 +02:00			`);`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`}`
			`});`
Add indicator to show the smallest screen participating 2019-05-07 08:36:42 +02:00			`});`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`//Prevent cross site scripting (xss)`
			`function escapeAllContentStrings(content, cnt) {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`if (!cnt) cnt = 0;`

			`if (typeof content === "string") {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`return DOMPurify.sanitize(content);`
Add indicator to show the smallest screen participating 2019-05-07 08:36:42 +02:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`for (var i in content) {`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`if (typeof content[i] === "string") {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`content[i] = DOMPurify.sanitize(content[i]);`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`}`
			`if (typeof content[i] === "object" && cnt < 10) {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`content[i] = escapeAllContentStrings(content[i], ++cnt);`
			`}`
prevent cross site scripting 2018-02-08 23:43:14 +01:00			`}`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`return content;`
prevent cross site scripting 2018-02-08 23:43:14 +01:00			`}`
style: formatted entire repo 2020-05-09 15:40:26 +02:00
			`process.on("unhandledRejection", (error) => {`
refacto(scipts): reorganized & support dev server 2020-04-19 16:38:07 +02:00			`// Will print "unhandledRejection err is not defined"`
style: formatted entire repo 2020-05-09 15:40:26 +02:00			`console.log("unhandledRejection", error.message);`
			`});`
first version of webdav save 2019-07-01 13:15:11 +02:00			`}`

style: formatted entire repo 2020-05-09 15:40:26 +02:00			`module.exports = startBackendServer;`