@websy/websy-designs 1.11.18 → 1.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -432,6 +432,7 @@ class PGHelper {
432
432
  })
433
433
  }
434
434
  execute (query) {
435
+ console.log(query)
435
436
  return new Promise((resolve, reject) => {
436
437
  // console.log(query)
437
438
  if (query !== null) {
@@ -2,6 +2,7 @@ const express = require('express')
2
2
  const bodyParser = require('body-parser')
3
3
  const cookieParser = require('cookie-parser')
4
4
  const expressSession = require('express-session')
5
+ const sanitizer = require('perfect-express-sanitizer')
5
6
 
6
7
  module.exports = function (options) {
7
8
  return new Promise((resolve, reject) => {
@@ -46,9 +47,24 @@ module.exports = function (options) {
46
47
  res.header('Access-Control-Allow-Credentials', true)
47
48
  res.header('Access-Control-Allow-Headers', 'Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Content-Type, Authorization, X-Requested-With, Set-Cookie')
48
49
  next()
49
- }
50
+ }
51
+ const checkReferrer = (req, res, next) => {
52
+ if (typeof req.headers.referer === 'undefined') {
53
+ res.status(403)
54
+ res.send('Forbidden')
55
+ return
56
+ }
57
+ next()
58
+ }
50
59
  // IMPLEMENT SESSION LOGIC HERE
51
60
  app.use(allowCrossDomain)
61
+ // app.use(
62
+ // sanitizer.clean({
63
+ // xss: true,
64
+ // noSql: true,
65
+ // sql: true
66
+ // })
67
+ // )
52
68
  app.get('/health', (req, res) => {
53
69
  res.json('OK')
54
70
  })
@@ -180,7 +196,11 @@ module.exports = function (options) {
180
196
  }
181
197
  app.use(protectedRoutes)
182
198
  if (options.useAPI === true) {
183
- app.use('/api', protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
199
+ app.use('/api', sanitizer.clean({
200
+ xss: true,
201
+ noSql: true,
202
+ sql: true
203
+ }), checkReferrer, protectedRoutes, require(`./routes/${version}/api`)(dbHelper, app.authHelper))
184
204
  }
185
205
  if (options.useShop === true) {
186
206
  app.use('/shop', protectedRoutes, require(`./routes/${version}/shop`)(dbHelper, options.dbEngine, app))
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@websy/websy-designs",
3
- "version": "1.11.18",
3
+ "version": "1.12.1",
4
4
  "main": "index.js",
5
5
  "scripts": {
6
6
  "test": "echo \"Error: no test specified\" && exit 1"
@@ -23,6 +23,7 @@
23
23
  "md5": "^2.3.0",
24
24
  "mysql": "^2.18.1",
25
25
  "passport-local": "^1.0.0",
26
+ "perfect-express-sanitizer": "^2.0.2",
26
27
  "pg": "^8.3.3",
27
28
  "puppeteer": "^19.8.3",
28
29
  "puppeteer-report": "3.1.0",