npm - snakeia-server - Versions diffs - 1.1.3-6 → 1.1.4 - Mend

snakeia-server 1.1.3-6 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/Dockerfile CHANGED Viewed

@@ -1,4 +1,4 @@
-FROM node:20-alpine
+FROM node:22-alpine
 RUN addgroup -S snakeia-server && adduser -S snakeia-server -G snakeia-server && chown -R snakeia-server:snakeia-server /home/snakeia-server
 RUN apk add git
 WORKDIR /home/snakeia-server/server

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ A server for my [SnakeIA](https://github.com/Eliastik/snakeia) game, written in
 ## About this server
-* Version 1.1.3.6 (7/25/2024)
+* Version 1.1.4 (11/23/2024)
 * Made in France by Eliastik - [eliastiksofts.com](http://eliastiksofts.com) - Contact : [eliastiksofts.com/contact](http://eliastiksofts.com/contact)
 * License: GNU GPLv3 (see LICENCE.txt file)
@@ -74,9 +74,10 @@ You can create another configuration file in the **config** directory named **lo
 ````
 {
     "ServerConfig": {
-        "version": "1.1.3.6", // The server version
+        "version": "1.1.4", // The server version
         "port": 3000, // The port where the server runs
-        "proxyMode": false, // Set this value to true if your server is behind a proxy - defaults to false
+        "proxyMode": false, // Sets this value to true if your server is behind a proxy - defaults to false
+        "numberOfProxies": 1, // Sets the number of reverse proxies in front of the server. Default to 1. See: https://expressjs.com/en/guide/behind-proxies.html / https://express-rate-limit.mintlify.app/guides/troubleshooting-proxy-issues
         "enableMultithreading": true, // Enabling the use of different threads for the game engine, improves performance / requires a version of Nodejs that supports Worker Threads
         "maxPlayers": 20, // The maximum number of players for each room
         "maxRooms": 20, // The maximum number of room
@@ -119,6 +120,17 @@ You can create another configuration file in the **config** directory named **lo
 ## Changelog
+* Version 1.1.4 (11/23/2024):
+    - Switched to csrf-csrf library instead of csurf (no longer maintained) for CSRF protection
+    - Added "numberOfProxies" parameter (default 1) to server configuration file
+    - Updated dependencies
+* Version 1.1.3.8 (9/29/2024) :
+    - Updated dependencies
+* Version 1.1.3.7 (9/19/2024) :
+    - Updated dependencies
 * Version 1.1.3.6 (7/25/2024) :
     - Updated dependencies
@@ -167,7 +179,7 @@ Un serveur pour mon jeu [SnakeIA](https://github.com/Eliastik/snakeia), écrit e
 ## À propos de ce serveur
-* Version 1.1.3.6 (25/07/2024)
+* Version 1.1.4 (23/11/2024)
 * Made in France by Eliastik - [eliastiksofts.com](http://eliastiksofts.com) - Contact : [eliastiksofts.com/contact](http://eliastiksofts.com/contact)
 * Licence : GNU GPLv3 (voir le fichier LICENCE.txt)
@@ -233,9 +245,10 @@ Vous pouvez créer un fichier de configuration **local.json** dans le dossier **
 ````
 {
     "ServerConfig": {
-        "version": "1.1.3.6", // La version du serveur
+        "version": "1.1.4", // La version du serveur
         "port": 3000, // Le port sur lequel lancer le server
         "proxyMode": false, // Mettez à true si votre serveur est derrière un proxy - par défaut false
+        "numberOfProxies": 1, // Configure le nombre de proxies devant votre serveur. Par défaut 1. Voir : https://expressjs.com/en/guide/behind-proxies.html / https://express-rate-limit.mintlify.app/guides/troubleshooting-proxy-issues
         "enableMultithreading": true, // Activer l'utilisation de threads différents pour le moteur de jeu, améliore les performances / nécessite une version de Nodejs qui supporte les Worker Threads
         "maxPlayers": 20, // Le nombre maximal d'utilisateurs par salle
         "maxRooms": 20, // Le nombre maximal de salles
@@ -278,6 +291,17 @@ Vous pouvez créer un fichier de configuration **local.json** dans le dossier **
 ## Journal des changements
+* Version 1.1.4 (23/11/2024) :
+    - Passage à la bibliothèque logicielle csrf-csrf au lieu de csurf (qui n'était plus maintenue) pour la protection CSRF
+    - Ajout du paramètre "numberOfProxies" (par défaut à 1) dans le fichier de configuration du serveur
+    - Mise à jour des dépendences
+* Version 1.1.3.8 (29/09/2024) :
+    - Mise à jour des dépendences
+* Version 1.1.3.7 (19/09/2024) :
+    - Mise à jour des dépendences
 * Version 1.1.3.6 (25/07/2024) :
     - Mise à jour des dépendences

package/config/default.json CHANGED Viewed

@@ -1,8 +1,9 @@
 {
     "ServerConfig": {
-        "version": "1.1.3.6",
+        "version": "1.1.4",
         "port": 3000,
         "proxyMode": false,
+        "numberOfProxies": 1,
         "enableMultithreading": true,
         "maxPlayers": 20,
         "maxRooms": 20,

package/docker-compose.yml CHANGED Viewed

@@ -3,6 +3,7 @@ version: "3.4"
 services:
   snakeia-server:
     image: eliastik/snakeia-server:latest
+    container_name: snakeia-server
     restart: unless-stopped
     # uncomment to build the image
     # build:
@@ -12,5 +13,8 @@ services:
       NODE_ENV: production
     volumes:
       - ./config/default.json:/home/snakeia-server/server/config/default.json
+      # - ./config/local.json:/home/snakeia-server/server/config/local.json
+      - ./error.log:/home/snakeia-server/server/logs/error.log
+      - ./server.log:/home/snakeia-server/server/logs/server.log
     ports:
       - "3000:3000"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "snakeia-server",
-  "version": "1.1.3-6",
+  "version": "1.1.4",
   "description": "Server for multiplaying in SnakeIA (https://github.com/Eliastik/snakeia)",
   "main": "server.js",
   "scripts": {
@@ -18,21 +18,21 @@
   },
   "homepage": "https://github.com/Eliastik/snakeia-server#readme",
   "dependencies": {
-    "body-parser": "^1.20.2",
+    "body-parser": "^1.20.3",
     "config": "^3.3.12",
-    "cookie-parser": "^1.4.6",
-    "csurf": "^1.11.0",
-    "ejs": "^3.1.9",
-    "express": "^4.19.2",
-    "express-rate-limit": "^7.4.0",
+    "cookie-parser": "^1.4.7",
+    "csrf-csrf": "^3.0.8",
+    "ejs": "^3.1.10",
+    "express": "^4.21.1",
+    "express-rate-limit": "^7.4.1",
     "html-entities": "^2.5.2",
     "i18n": "^0.15.1",
     "jsonwebtoken": "^9.0.2",
     "node-fetch": "^3.3.2",
     "seedrandom": "^3.0.5",
-    "snakeia": "git+https://git@github.com/Eliastik/snakeia.git#2.2",
-    "socket.io": "^4.7.5",
+    "snakeia": "^2.2.0-0",
+    "socket.io": "^4.8.1",
     "socket.io-cookie-parser": "^1.0.0",
-    "winston": "^3.13.1"
+    "winston": "^3.17.0"
   }
 }

package/server.js CHANGED Viewed

@@ -36,7 +36,7 @@ const ioCookieParser = require("socket.io-cookie-parser");
 const i18n           = require("i18n");
 const rateLimit      = require("express-rate-limit");
 const winston        = require("winston");
-const csrf           = require("csurf");
+const { doubleCsrf } = require("csrf-csrf");
 const bodyParser     = require("body-parser");
 const node_config    = require("config");
@@ -55,6 +55,8 @@ config.port = process.env.PORT || config.port;
 const jsonWebTokenSecretKey = config.jsonWebTokenSecretKey && config.jsonWebTokenSecretKey.trim() != "" ? config.jsonWebTokenSecretKey : generateRandomJsonWebTokenSecretKey();
 const jsonWebTokenSecretKeyAdmin = config.jsonWebTokenSecretKeyAdmin && config.jsonWebTokenSecretKeyAdmin.trim() != "" ? config.jsonWebTokenSecretKeyAdmin : generateRandomJsonWebTokenSecretKey(jsonWebTokenSecretKey);
+const productionMode = process.env.NODE_ENV === "production";
 // Update config to file
 function updateConfigToFile() {
   fs.writeFileSync(configFile, JSON.stringify({ "ServerConfig": config }, null, 4), "UTF-8");
@@ -73,14 +75,14 @@ const logger = winston.createLogger({
   exceptionHandlers: config.enableLoggingFile ? [new winston.transports.File({ filename: config.errorLogFile })] : []
 });
-if(process.env.NODE_ENV !== "production") {
+if(!productionMode) {
   logger.add(new winston.transports.Console({
     format: winston.format.colorize()
   }));
 }
 if(config.proxyMode) {
-  app.enable("trust proxy");
+  app.enable("trust proxy", config.numberOfProxies);
 }
 // Internationalization
@@ -1165,9 +1167,18 @@ function verifyFormAuthenticationAdmin(body) {
   });
 }
-const csrfProtection = csrf({ cookie: true });
+const csrfSecret = generateRandomJsonWebTokenSecretKey(jsonWebTokenSecretKeyAdmin);
+const { doubleCsrfProtection, generateToken } = doubleCsrf({
+  getSecret: () => csrfSecret,
+  cookieName: productionMode ? "__Host-snakeia-server.x-csrf-token" : "snakeia-server.x-csrf-token",
+  cookieOptions: {
+    sameSite: productionMode ? "strict" : "lax",
+    path: "/",
+    secure: productionMode
+  }
+});
-app.get("/admin", csrfProtection, function(req, res) {
+app.get("/admin", doubleCsrfProtection, function(req, res) {
   if(req.cookies) {
     jwt.verify(req.cookies.tokenAdmin, jsonWebTokenSecretKeyAdmin, function(err, data) {
       if(invalidatedAdminTokens.includes(req.cookies.tokenAdmin)) err = true;
@@ -1195,7 +1206,7 @@ app.get("/admin", csrfProtection, function(req, res) {
             games: games,
             io: io,
             config: config,
-            csrfToken: req.csrfToken(),
+            csrfToken: generateToken(req, res, true),
             serverLog: logFile,
             errorLog: errorLogFile,
             getIPSocketIO: getIPSocketIO
@@ -1288,14 +1299,14 @@ function adminAction(req, res, action) {
 const jsonParser = bodyParser.json();
-app.post("/admin/:action", jsonParser, csrfProtection, function(req, res) {
+app.post("/admin/:action", jsonParser, doubleCsrfProtection, function(req, res) {
   adminAction(req, res, req.params.action);
 });
 app.use(function (err, req, res, next) {
   if(err.code !== "EBADCSRFTOKEN") return next(err);
   res.status(403);
-  res.send("Error");
+  res.send("Error: invalid CSRF token");
 });
 const adminRateLimiter = rateLimit({

package/views/admin.html CHANGED Viewed

@@ -251,13 +251,13 @@
     </div>
     <% if(authent && games) { %>
     <script type="text/javascript">
-      var token = document.querySelector("meta[name='csrf-token']").getAttribute("content");
+      const token = document.querySelector("meta[name='csrf-token']").getAttribute("content");
       function requestAction(action, data, element) {
         fetch("/admin/" + action, {
           credentials: "same-origin",
           headers: {
-            "CSRF-Token": token,
+            "x-csrf-token": token,
             "Content-Type": "application/json",
           },
           method: "POST",
@@ -273,19 +273,19 @@
         });
       }
-      var elements = document.querySelectorAll("[data-action]");
+      const elements = document.querySelectorAll("[data-action]");
       elements.forEach(function(element) {
-        var action = element.dataset.action;
-        var form = element.dataset.form;
-        var data = {};
-        var confirmAction = element.dataset.confirmAction;
+        const action = element.dataset.action;
+        const form = element.dataset.form;
+        const data = {};
+        const confirmAction = element.dataset.confirmAction;
         if(form) {
           form.split("&").forEach(function(element) {
             if(element) {
-              var key = element.split("=")[0];
-              var value = element.split("=")[1];
+              const key = element.split("=")[0];
+              const value = element.split("=")[1];
               data[key] = value;
             }
           });