forked from freeCodeCamp/boilerplate-infosec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
73 lines (64 loc) · 1.96 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/********************************************
* DO NOT EDIT THIS FILE
* the verification process may break
*******************************************/
var express = require("express");
var app = express();
app.disable("x-powered-by");
var fs = require("fs");
var path = require("path");
app.use(function (req, res, next) {
res.set({
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers":
"Origin, X-Requested-With, content-type, Accept",
});
app.disable("x-powered-by");
next();
});
app.get("/file/*?", function (req, res, next) {
if (req.params[0] === ".env") {
return next({ status: 401, message: "ACCESS DENIED" });
}
fs.readFile(path.join(__dirname, req.params[0]), function (err, data) {
if (err) {
return next(err);
}
res.type("txt").send(data.toString());
});
});
var main = require("./myApp.js");
app.get("/app-info", function (req, res) {
// list middlewares mounted on the '/' camper's app
var appMainRouteStack = main._router.stack
.filter((s) => s.path === "")
.map((l) => l.name)
// filter out express default middlewares
.filter(
(n) => !(n === "query" || n === "expressInit" || n === "serveStatic")
);
// filter out CORS Headers
var hs = Object.keys(res.getHeaders()).filter(
(h) => !h.match(/^access-control-\w+/)
);
var hObj = {};
hs.forEach((h) => {
hObj[h] = res.getHeaders()[h];
});
delete res.get("strict-transport-security");
res.json({ headers: hObj, appStack: appMainRouteStack });
});
app.get("/package.json", function (req, res, next) {
fs.readFile(__dirname + "/package.json", function (err, data) {
if (err) return next(err);
res.type("txt").send(data.toString());
});
});
app.use(function (req, res, next) {
res.status(404).type("txt").send("Not Found");
});
module.exports = app;
/********************************************
* DO NOT EDIT THIS FILE
* the verification process may break
*******************************************/