2018-02-08 17:45:07 +01:00
|
|
|
var PORT = 8080; //Set port for the app
|
2019-02-11 12:43:23 +01:00
|
|
|
var accessToken = ""; //Can be set here or as start parameter (node server.js --accesstoken=MYTOKEN)
|
2018-02-08 17:45:07 +01:00
|
|
|
|
2018-02-08 23:16:28 +01:00
|
|
|
fs = require("fs-extra");
|
2018-02-08 17:45:07 +01:00
|
|
|
var express = require('express');
|
2018-02-08 23:16:28 +01:00
|
|
|
var formidable = require('formidable'); //form upload processing
|
2019-03-12 11:41:04 +01:00
|
|
|
|
|
|
|
const createDOMPurify = require('dompurify'); //Prevent xss
|
|
|
|
const { JSDOM } = require('jsdom');
|
|
|
|
const window = (new JSDOM('')).window;
|
|
|
|
const DOMPurify = createDOMPurify(window);
|
|
|
|
|
2018-02-08 17:45:07 +01:00
|
|
|
var s_whiteboard = require("./s_whiteboard.js");
|
|
|
|
|
|
|
|
var app = express();
|
|
|
|
app.use(express.static(__dirname + '/public'));
|
|
|
|
var server = require('http').Server(app);
|
|
|
|
server.listen(PORT);
|
|
|
|
var io = require('socket.io')(server);
|
2019-03-12 11:41:04 +01:00
|
|
|
console.log("Webserver & socketserver running on port:" + PORT);
|
2018-02-08 17:45:07 +01:00
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
if (process.env.accesstoken) {
|
2019-02-11 13:11:07 +01:00
|
|
|
accessToken = process.env.accesstoken;
|
|
|
|
}
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
var startArgs = getArgs();
|
|
|
|
if (startArgs["accesstoken"]) {
|
2019-02-11 12:43:23 +01:00
|
|
|
accessToken = startArgs["accesstoken"];
|
|
|
|
}
|
2019-03-12 11:41:04 +01:00
|
|
|
if (accessToken !== "") {
|
|
|
|
console.log("AccessToken set to: " + accessToken);
|
2019-02-11 12:43:23 +01:00
|
|
|
}
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
app.get('/loadwhiteboard', function (req, res) {
|
2018-02-08 17:45:07 +01:00
|
|
|
var wid = req["query"]["wid"];
|
2019-02-11 12:43:23 +01:00
|
|
|
var at = req["query"]["at"]; //accesstoken
|
2019-03-12 11:41:04 +01:00
|
|
|
if (accessToken === "" || accessToken == at) {
|
2019-02-11 12:43:23 +01:00
|
|
|
var ret = s_whiteboard.loadStoredData(wid);
|
|
|
|
res.send(ret);
|
|
|
|
res.end();
|
|
|
|
} else {
|
|
|
|
res.status(401); //Unauthorized
|
|
|
|
res.end();
|
|
|
|
}
|
2018-02-08 17:45:07 +01:00
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
app.post('/upload', function (req, res) { //File upload
|
2018-02-08 23:16:28 +01:00
|
|
|
var form = new formidable.IncomingForm(); //Receive form
|
|
|
|
var formData = {
|
2019-03-12 11:41:04 +01:00
|
|
|
files: {},
|
|
|
|
fields: {}
|
2018-02-08 23:16:28 +01:00
|
|
|
}
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
form.on('file', function (name, file) {
|
|
|
|
formData["files"][file.name] = file;
|
2018-02-08 23:16:28 +01:00
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
form.on('field', function (name, value) {
|
2018-02-08 23:16:28 +01:00
|
|
|
formData["fields"][name] = value;
|
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
form.on('error', function (err) {
|
|
|
|
console.log('File uplaod Error!');
|
2018-02-08 23:16:28 +01:00
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
form.on('end', function () {
|
|
|
|
if (accessToken === "" || accessToken == formData["fields"]["at"]) {
|
2019-02-11 12:43:23 +01:00
|
|
|
progressUploadFormData(formData);
|
|
|
|
res.send("done");
|
|
|
|
} else {
|
|
|
|
res.status(401); //Unauthorized
|
|
|
|
res.end();
|
|
|
|
}
|
2018-02-08 23:16:28 +01:00
|
|
|
//End file upload
|
|
|
|
});
|
|
|
|
form.parse(req);
|
|
|
|
});
|
|
|
|
|
|
|
|
function progressUploadFormData(formData) {
|
|
|
|
console.log("Progress new Form Data");
|
|
|
|
var fields = formData.fields;
|
|
|
|
var files = formData.files;
|
|
|
|
var whiteboardId = fields["whiteboardId"];
|
|
|
|
|
|
|
|
var name = fields["name"] || "";
|
|
|
|
var date = fields["date"] || (+new Date());
|
2019-03-12 11:41:04 +01:00
|
|
|
var filename = whiteboardId + "_" + date + ".png";
|
2018-02-08 23:16:28 +01:00
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
fs.ensureDir("./public/uploads", function (err) {
|
|
|
|
if (err) {
|
2019-01-11 10:33:32 +01:00
|
|
|
console.log("Could not create upload folder!", err);
|
|
|
|
return;
|
|
|
|
}
|
2018-02-08 23:16:28 +01:00
|
|
|
var imagedata = fields["imagedata"];
|
2019-03-12 11:41:04 +01:00
|
|
|
if (imagedata && imagedata != "") { //Save from base64 data
|
2018-02-08 23:16:28 +01:00
|
|
|
imagedata = imagedata.replace(/^data:image\/png;base64,/, "").replace(/^data:image\/jpeg;base64,/, "");
|
|
|
|
console.log(filename, "uploaded");
|
2019-03-12 11:41:04 +01:00
|
|
|
fs.writeFile('./public/uploads/' + filename, imagedata, 'base64', function (err) {
|
|
|
|
if (err) {
|
2018-02-08 23:16:28 +01:00
|
|
|
console.log("error", err);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
io.on('connection', function (socket) {
|
2018-02-09 02:04:50 +01:00
|
|
|
|
2018-02-08 23:38:41 +01:00
|
|
|
socket.on('disconnect', function () {
|
2019-01-11 10:55:37 +01:00
|
|
|
socket.broadcast.emit('refreshUserBadges', null); //Removes old user Badges
|
2018-02-08 23:38:41 +01:00
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
socket.on('drawToWhiteboard', function (content) {
|
2018-02-08 23:43:14 +01:00
|
|
|
content = escapeAllContentStrings(content);
|
2019-03-12 11:41:04 +01:00
|
|
|
if (accessToken === "" || accessToken == content["at"]) {
|
2019-02-11 12:43:23 +01:00
|
|
|
socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket)
|
|
|
|
s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server
|
|
|
|
} else {
|
|
|
|
socket.emit('wrongAccessToken', true);
|
2019-03-12 11:41:04 +01:00
|
|
|
}
|
2018-02-08 17:45:07 +01:00
|
|
|
});
|
2018-02-09 02:04:50 +01:00
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
socket.on('joinWhiteboard', function (content) {
|
2019-02-11 12:43:23 +01:00
|
|
|
content = escapeAllContentStrings(content);
|
2019-03-12 11:41:04 +01:00
|
|
|
if (accessToken === "" || accessToken == content["at"]) {
|
2019-02-11 12:43:23 +01:00
|
|
|
socket.join(content["wid"]); //Joins room name=wid
|
|
|
|
} else {
|
|
|
|
socket.emit('wrongAccessToken', true);
|
|
|
|
}
|
2018-02-09 02:04:50 +01:00
|
|
|
});
|
2018-02-08 23:43:14 +01:00
|
|
|
});
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
//Prevent cross site scripting (xss)
|
2018-02-08 23:43:14 +01:00
|
|
|
function escapeAllContentStrings(content, cnt) {
|
2019-03-12 11:41:04 +01:00
|
|
|
if (!cnt)
|
2018-02-08 23:43:14 +01:00
|
|
|
cnt = 0;
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
if (typeof (content) === "string") {
|
|
|
|
return DOMPurify.sanitize(content);
|
2018-02-08 23:43:14 +01:00
|
|
|
}
|
2019-03-12 11:41:04 +01:00
|
|
|
for (var i in content) {
|
|
|
|
if (typeof (content[i]) === "string") {
|
|
|
|
content[i] = DOMPurify.sanitize(content[i]);
|
|
|
|
} if (typeof (content[i]) === "object" && cnt < 10) {
|
2018-02-08 23:43:14 +01:00
|
|
|
content[i] = escapeAllContentStrings(content[i], ++cnt);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return content;
|
2019-02-11 12:43:23 +01:00
|
|
|
}
|
|
|
|
|
2019-03-12 11:41:04 +01:00
|
|
|
function getArgs() {
|
2019-02-11 12:43:23 +01:00
|
|
|
const args = {}
|
|
|
|
process.argv
|
2019-03-12 11:41:04 +01:00
|
|
|
.slice(2, process.argv.length)
|
|
|
|
.forEach(arg => {
|
|
|
|
// long arg
|
|
|
|
if (arg.slice(0, 2) === '--') {
|
|
|
|
const longArg = arg.split('=')
|
|
|
|
args[longArg[0].slice(2, longArg[0].length)] = longArg[1]
|
|
|
|
}
|
|
|
|
// flags
|
|
|
|
else if (arg[0] === '-') {
|
|
|
|
const flags = arg.slice(1, arg.length).split('')
|
|
|
|
flags.forEach(flag => {
|
|
|
|
args[flag] = true
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
2019-02-11 12:43:23 +01:00
|
|
|
return args
|
2019-03-12 11:41:04 +01:00
|
|
|
}
|