kuba/fm-dx-webserver
1
0
Fork 0
mirror of https://github.com/KubaPro010/fm-dx-webserver.git synced 2026-02-26 22:13:53 +01:00
Code Issues Activity

security fixes, bugfixes

Browse Source
This commit is contained in:
Marek Farkaš
2025-01-16 21:38:54 +01:00
parent d0a8fbaf81
commit 20864c572b
10 changed files with 67 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server/index.js
View File

@@ -5,6 +5,7 @@ const session = require('express-session');
const bodyParser = require('body-parser');
const http = require('http');
const httpProxy = require('http-proxy');
const readline = require('readline');
const app = express();
const httpServer = http.createServer(app);
const WebSocket = require('ws');
@@ -72,6 +73,10 @@ if (plugins.length > 0) {
}, 3000); // Initial delay of 3 seconds for the first plugin
}
const terminalWidth = readline.createInterface({
input: process.stdin,
output: process.stdout
}).output.columns;
console.log(`\x1b[32m
@@ -81,8 +86,9 @@ console.log(`\x1b[32m
| _| | | | |_____| |_| / \\ \\ V V / __/ |_) \\__ \\ __/ | \\ V / __/ |
|_| |_| |_| |____/_/\\_\\ \\_/\\_/ \\___|_.__/|___/\\___|_| \\_/ \\___|_|
`);
console.log('\x1b[0mFM-DX Webserver', pjson.version);
console.log('\x1b[90m―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――');
console.log('\x1b[32m\x1b[2mby Noobish @ \x1b[4mFMDX.org\x1b[0m');
console.log("v" + pjson.version)
console.log('\x1b[90m' + '─'.repeat(terminalWidth - 1) + '\x1b[0m');
// Start ffmpeg
require('./stream/index');
@@ -446,9 +452,9 @@ wss.on('connection', (ws, request) => {
const { isAdminAuthenticated, isTuneAuthenticated } = request.session || {};
if (serverConfig.publicTuner || (serverConfig.lockToAdmin && isAdminAuthenticated) || (!serverConfig.lockToAdmin && isTuneAuthenticated)) {
if ((serverConfig.publicTuner && !serverConfig.lockToAdmin) || isAdminAuthenticated || (!serverConfig.publicTuner && !serverConfig.lockToAdmin && isTuneAuthenticated)) {
output.write(`${command}\n`);
}
}
});
@@ -528,6 +534,11 @@ chatWss.on('connection', (ws, request) => {
return;
}
// Escape nickname and other potentially unsafe fields
if (messageData.nickname) {
messageData.nickname = helpers.escapeHtml(messageData.nickname);
}
messageData.ip = clientIp;
const currentTime = new Date();