@reldens/server-utils 0.12.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/app-server-factory.js +24 -14
  2. package/lib/uploader-factory.js +31 -36
  3. package/package.json +2 -2
package/lib/app-server-factory.js CHANGED
@@ -13,7 +13,7 @@ const session = require('express-session');
13
13
  const rateLimit = require('express-rate-limit');
14
14
  const cors = require('cors');
15
15
  const helmet = require('helmet');
16
- const xss = require('xss-clean');
16
+ const sanitizeHtml = require('sanitize-html');
17
17
 
18
18
  class AppServerFactory
19
19
  {
@@ -51,9 +51,7 @@ class AppServerFactory
51
51
  process.env.RELDENS_TOO_MANY_REQUESTS_MESSAGE || 'Too many requests, please try again later.'
52
52
  );
53
53
  this.error = {};
54
- this.processErrorResponse = function(status, message, req, res) {
55
- return { status, message, handled: false };
56
- };
54
+ this.processErrorResponse = false;
57
55
  }
58
56
 
59
57
  createAppServer(appServerConfig)
@@ -88,7 +86,19 @@ class AppServerFactory
88
86
  this.app.use(this.rateLimit(limiterParams));
89
87
  }
90
88
  if(this.useXssProtection){
91
- this.app.use(xss());
89
+ this.app.use((req, res, next) => {
90
+ if(!req.body){
91
+ return next();
92
+ }
93
+ if(typeof req.body === 'object'){
94
+ for(let key in req.body){
95
+ if(typeof req.body[key] === 'string'){
96
+ req.body[key] = sanitizeHtml(req.body[key]);
97
+ }
98
+ }
99
+ }
100
+ next();
101
+ });
92
102
  }
93
103
  if(this.useExpressJson){
94
104
  this.app.use(this.applicationFramework.json({
@@ -174,21 +184,21 @@ class AppServerFactory
174
184
  app.get('/', async (req, res, next) => {
175
185
  if('/' === req._parsedUrl.pathname){
176
186
  if('function' !== typeof homePageLoadCallback){
177
- let result = this.processErrorResponse(500, 'Homepage contents could not be loaded.', req, res);
178
- if(result.handled){
179
- return;
187
+ let errorMessage = 'Homepage contents could not be loaded.';
188
+ if('function' === typeof this.processErrorResponse){
189
+ return this.processErrorResponse(500, errorMessage, req, res);
180
190
  }
181
- return res.status(result.status).send(result.message);
191
+ return res.status(500).send(errorMessage);
182
192
  }
183
193
  try {
184
194
  return res.send(await homePageLoadCallback(req));
185
195
  } catch(error){
186
- this.error = {message: 'Error loading homepage.', error};
187
- let result = this.processErrorResponse(500, 'Error loading homepage.', req, res);
188
- if(result.handled){
189
- return;
196
+ let message = 'Error loading homepage.';
197
+ this.error = {message, error};
198
+ if('function' === typeof this.processErrorResponse){
199
+ return this.processErrorResponse(500, message, req, res);
190
200
  }
191
- return res.status(result.status).send(result.message);
201
+ return res.status(500).send(message);
192
202
  }
193
203
  }
194
204
  next();
package/lib/uploader-factory.js CHANGED
@@ -18,9 +18,7 @@ class UploaderFactory
18
18
  this.fileLimit = props.fileLimit || 0;
19
19
  this.allowedExtensions = props.allowedExtensions;
20
20
  this.applySecureFileNames = props.applySecureFileNames;
21
- this.processErrorResponse = props.processErrorResponse || function(status, message, req, res) {
22
- return { status, message, handled: false };
23
- };
21
+ this.processErrorResponse = props.processErrorResponse || false;
24
22
  }
25
23
 
26
24
  createUploader(fields, buckets, allowedFileTypes)
@@ -65,34 +63,34 @@ class UploaderFactory
65
63
  }
66
64
  });
67
65
  return (req, res, next) => {
68
- upload.fields(fields)(req, res, async (err) => {
69
- if(err){
70
- if(err instanceof multer.MulterError){
71
- if(err.code === 'LIMIT_FILE_SIZE'){
72
- let result = this.processErrorResponse(413, 'File too large.', req, res);
73
- if(result.handled){
74
- return;
66
+ upload.fields(fields)(req, res, async (multerError) => {
67
+ if(multerError){
68
+ if(multerError instanceof multer.MulterError){
69
+ if(multerError.code === 'LIMIT_FILE_SIZE'){
70
+ let messageFile = 'File too large.';
71
+ if('function' === typeof this.processErrorResponse){
72
+ return this.processErrorResponse(413, messageFile, req, res);
75
73
  }
76
- return res.status(result.status).send(result.message);
74
+ return res.status(413).send(messageFile);
77
75
  }
78
- if(err.code === 'LIMIT_FILE_COUNT'){
79
- let result = this.processErrorResponse(413, 'Too many files.', req, res);
80
- if(result.handled){
81
- return;
76
+ if(multerError.code === 'LIMIT_FILE_COUNT'){
77
+ let messageTooMany = 'Too many files.';
78
+ if('function' === typeof this.processErrorResponse){
79
+ return this.processErrorResponse(413, messageTooMany, req, res);
82
80
  }
83
- return res.status(result.status).send(result.message);
81
+ return res.status(413).send(messageTooMany);
84
82
  }
85
- let result = this.processErrorResponse(400, 'File upload error: ' + err.message, req, res);
86
- if(result.handled){
87
- return;
83
+ let messageUpload = 'File upload error.';
84
+ if('function' === typeof this.processErrorResponse){
85
+ return this.processErrorResponse(400, messageUpload, multerError, req, res);
88
86
  }
89
- return res.status(result.status).send(result.message);
87
+ return res.status(400).send(messageUpload);
90
88
  }
91
- let result = this.processErrorResponse(500, 'Server error during file upload.', req, res);
92
- if(result.handled){
93
- return;
89
+ let messageServer = 'Server error during file upload.';
90
+ if('function' === typeof this.processErrorResponse){
91
+ return this.processErrorResponse(500, messageServer, req, res);
94
92
  }
95
- return res.status(result.status).send(result.message);
93
+ return res.status(500).send(messageServer);
96
94
  }
97
95
  if(!req.files){
98
96
  return next();
@@ -104,26 +102,23 @@ class UploaderFactory
104
102
  if(FileHandler.exists(file.path)){
105
103
  FileHandler.remove(file.path);
106
104
  }
107
- let result = this.processErrorResponse(
108
- 415,
109
- 'File contents do not match declared type.', req, res
110
- );
111
- if(result.handled){
112
- return;
105
+ let messageContents = 'File contents do not match declared type.';
106
+ if('function' === typeof this.processErrorResponse){
107
+ return this.processErrorResponse(415, messageContents, req, res);
113
108
  }
114
- return res.status(result.status).send(result.message);
109
+ return res.status(415).send(messageContents);
115
110
  }
116
111
  }
117
112
  }
118
113
  next();
119
114
  } catch(error){
120
- this.error = {message: 'File validation error.', error};
115
+ let messageProcessing = 'Error processing uploaded files.';
116
+ this.error = {message: messageProcessing, error};
121
117
  this.cleanupFiles(req.files);
122
- let result = this.processErrorResponse(500, 'Error processing uploaded files.', req, res);
123
- if(result.handled){
124
- return;
118
+ if('function' === typeof this.processErrorResponse){
119
+ return this.processErrorResponse(500, messageProcessing, req, res);
125
120
  }
126
- return res.status(result.status).send(result.message);
121
+ return res.status(500).send(messageProcessing);
127
122
  }
128
123
  });
129
124
  };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@reldens/server-utils",
3
3
  "scope": "@reldens",
4
- "version": "0.12.0",
4
+ "version": "0.14.0",
5
5
  "description": "Reldens - Server Utils",
6
6
  "author": "Damian A. Pastorini",
7
7
  "license": "MIT",
@@ -42,6 +42,6 @@
42
42
  "express-session": "1.18.1",
43
43
  "helmet": "8.1.0",
44
44
  "multer": "^1.4.5-lts.2",
45
- "xss-clean": "0.1.4"
45
+ "sanitize-html": "^2.16.0"
46
46
  }
47
47
  }