VersaWhiteboard/server.js

170 lines
5.1 KiB
JavaScript
Raw Normal View History

2018-02-08 17:45:07 +01:00
var PORT = 8080; //Set port for the app
var accessToken = ""; //Can be set here or as start parameter (node server.js --accesstoken=MYTOKEN)
2018-02-08 17:45:07 +01:00
2018-02-08 23:16:28 +01:00
fs = require("fs-extra");
2018-02-08 17:45:07 +01:00
var express = require('express');
2018-02-08 23:16:28 +01:00
var formidable = require('formidable'); //form upload processing
const createDOMPurify = require('dompurify'); //Prevent xss
const { JSDOM } = require('jsdom');
const window = (new JSDOM('')).window;
const DOMPurify = createDOMPurify(window);
2018-02-08 17:45:07 +01:00
var s_whiteboard = require("./s_whiteboard.js");
var app = express();
app.use(express.static(__dirname + '/public'));
var server = require('http').Server(app);
server.listen(PORT);
var io = require('socket.io')(server);
console.log("Webserver & socketserver running on port:" + PORT);
2018-02-08 17:45:07 +01:00
if (process.env.accesstoken) {
accessToken = process.env.accesstoken;
}
var startArgs = getArgs();
if (startArgs["accesstoken"]) {
accessToken = startArgs["accesstoken"];
}
if (accessToken !== "") {
console.log("AccessToken set to: " + accessToken);
}
app.get('/loadwhiteboard', function (req, res) {
2018-02-08 17:45:07 +01:00
var wid = req["query"]["wid"];
var at = req["query"]["at"]; //accesstoken
if (accessToken === "" || accessToken == at) {
var ret = s_whiteboard.loadStoredData(wid);
res.send(ret);
res.end();
} else {
res.status(401); //Unauthorized
res.end();
}
2018-02-08 17:45:07 +01:00
});
app.post('/upload', function (req, res) { //File upload
2018-02-08 23:16:28 +01:00
var form = new formidable.IncomingForm(); //Receive form
var formData = {
files: {},
fields: {}
2018-02-08 23:16:28 +01:00
}
form.on('file', function (name, file) {
formData["files"][file.name] = file;
2018-02-08 23:16:28 +01:00
});
form.on('field', function (name, value) {
2018-02-08 23:16:28 +01:00
formData["fields"][name] = value;
});
form.on('error', function (err) {
console.log('File uplaod Error!');
2018-02-08 23:16:28 +01:00
});
form.on('end', function () {
if (accessToken === "" || accessToken == formData["fields"]["at"]) {
progressUploadFormData(formData);
res.send("done");
} else {
res.status(401); //Unauthorized
res.end();
}
2018-02-08 23:16:28 +01:00
//End file upload
});
form.parse(req);
});
function progressUploadFormData(formData) {
console.log("Progress new Form Data");
var fields = formData.fields;
var files = formData.files;
var whiteboardId = fields["whiteboardId"];
var name = fields["name"] || "";
var date = fields["date"] || (+new Date());
var filename = whiteboardId + "_" + date + ".png";
2018-02-08 23:16:28 +01:00
fs.ensureDir("./public/uploads", function (err) {
if (err) {
2019-01-11 10:33:32 +01:00
console.log("Could not create upload folder!", err);
return;
}
2018-02-08 23:16:28 +01:00
var imagedata = fields["imagedata"];
if (imagedata && imagedata != "") { //Save from base64 data
2018-02-08 23:16:28 +01:00
imagedata = imagedata.replace(/^data:image\/png;base64,/, "").replace(/^data:image\/jpeg;base64,/, "");
console.log(filename, "uploaded");
fs.writeFile('./public/uploads/' + filename, imagedata, 'base64', function (err) {
if (err) {
2018-02-08 23:16:28 +01:00
console.log("error", err);
}
});
}
});
}
io.on('connection', function (socket) {
2018-02-09 02:04:50 +01:00
socket.on('disconnect', function () {
2019-01-11 10:55:37 +01:00
socket.broadcast.emit('refreshUserBadges', null); //Removes old user Badges
});
socket.on('drawToWhiteboard', function (content) {
2018-02-08 23:43:14 +01:00
content = escapeAllContentStrings(content);
if (accessToken === "" || accessToken == content["at"]) {
socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket)
s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server
} else {
socket.emit('wrongAccessToken', true);
}
2018-02-08 17:45:07 +01:00
});
2018-02-09 02:04:50 +01:00
socket.on('joinWhiteboard', function (content) {
content = escapeAllContentStrings(content);
if (accessToken === "" || accessToken == content["at"]) {
socket.join(content["wid"]); //Joins room name=wid
} else {
socket.emit('wrongAccessToken', true);
}
2018-02-09 02:04:50 +01:00
});
2018-02-08 23:43:14 +01:00
});
//Prevent cross site scripting (xss)
2018-02-08 23:43:14 +01:00
function escapeAllContentStrings(content, cnt) {
if (!cnt)
2018-02-08 23:43:14 +01:00
cnt = 0;
if (typeof (content) === "string") {
return DOMPurify.sanitize(content);
2018-02-08 23:43:14 +01:00
}
for (var i in content) {
if (typeof (content[i]) === "string") {
content[i] = DOMPurify.sanitize(content[i]);
} if (typeof (content[i]) === "object" && cnt < 10) {
2018-02-08 23:43:14 +01:00
content[i] = escapeAllContentStrings(content[i], ++cnt);
}
}
return content;
}
function getArgs() {
const args = {}
process.argv
.slice(2, process.argv.length)
.forEach(arg => {
// long arg
if (arg.slice(0, 2) === '--') {
const longArg = arg.split('=')
args[longArg[0].slice(2, longArg[0].length)] = longArg[1]
}
// flags
else if (arg[0] === '-') {
const flags = arg.slice(1, arg.length).split('')
flags.forEach(flag => {
args[flag] = true
})
}
})
return args
}