From 7f14bc11e784bdf9d2c461f8184f0fd5d27e9391 Mon Sep 17 00:00:00 2001 From: William Brawner Date: Tue, 15 Sep 2020 07:31:58 -0700 Subject: [PATCH] Add static file routing Signed-off-by: William Brawner --- package-lock.json | 9 +++++++++ package.json | 1 + server/event.js | 23 +++++++++++++---------- server/index.js | 20 +++++++++----------- server/static/flayre.js | 23 +++++++++++++++++++++++ 5 files changed, 55 insertions(+), 21 deletions(-) create mode 100644 server/static/flayre.js diff --git a/package-lock.json b/package-lock.json index eddbeed..26fe22a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -550,6 +550,15 @@ "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" }, + "cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "requires": { + "object-assign": "^4", + "vary": "^1" + } + }, "cross-spawn": { "version": "7.0.3", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", diff --git a/package.json b/package.json index 0b433f0..234faa3 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "license": "ISC", "dependencies": { "bcrypt": "^5.0.0", + "cors": "^2.8.5", "express": "^4.17.1", "express-basic-auth": "^1.2.0", "mysql": "^2.18.1" diff --git a/server/event.js b/server/event.js index ea6e544..170717e 100644 --- a/server/event.js +++ b/server/event.js @@ -6,13 +6,14 @@ const pool = require('./db.js'); const express = require('express'); const basicAuth = require('express-basic-auth'); const basicAuthConfig = require('./config.js') +const cors = require('cors'); class Event { static types = [ - 'view', - 'click', - 'error', - 'crash', + 'VIEW', + 'CLICK', + 'ERROR', + 'CRASH', ]; id = randomId(32); @@ -167,16 +168,18 @@ router.get('/', basicAuth(basicAuthConfig), (req, res) => { // events will be coming from all over the place, I don't think it makes // sense to try to put auth in front of this. Even some kind of client // "secret" would be trivial to deduce by examining the requests. -router.post('/', (req, res) => { +router.post('/', cors({origin: true, methods: ['POST']}), (req, res) => { + console.log(req.body); if (typeof req.body.appId === "undefined") { res.status(400).json({ message: 'Invalid appId' }); return; } - if (typeof req.body.sessionId === "undefined") { - res.status(400).json({ message: 'Invalid sessionId' }); - return; - } + // Without Cookies, websites can't consistently send the same sessionId + // if (typeof req.body.sessionId === "undefined") { + // res.status(400).json({ message: 'Invalid sessionId' }); + // return; + // } if (Event.types.indexOf(req.body.type) === -1) { res.status(400).json({ message: 'Invalid event type' }); @@ -192,7 +195,7 @@ router.post('/', (req, res) => { EventRepository.createEvent(new Event( req.body.appId, new Date(req.body.date), - req.body.userAgent, + req.headers['User-Agent'], req.body.platform, req.body.manufacturer, req.body.model, diff --git a/server/index.js b/server/index.js index fedd8e2..ed177a8 100644 --- a/server/index.js +++ b/server/index.js @@ -1,23 +1,21 @@ const express = require('express'); const eventRouter = require('./event.js').router; const port = require('./config.js').port; -const randomId = require('./util.js').randomId; const appRouter = require('./app.js').router; +const cors = require('cors'); const app = express(); app.use(express.json()); +app.use(cors()); // TODO: Enable this for event creation only -app.get('/', (req, res) => { - res.send('Hello, world!'); -}); +// app.get('/id', (req, res) => { +// const length = Number.parseInt(req.query['length']) || 32; +// res.send(require('./util.js').randomId(length)); +// }); -app.get('/id', (req, res) => { - const length = Number.parseInt(req.query['length']) || 32; - res.send(randomId(length)); -}); - -app.use('/api/apps', appRouter) -app.use('/api/events', eventRouter) +app.use(express.static('server/static')); +app.use('/api/apps', appRouter); +app.use('/api/events', eventRouter); app.listen(port, () => { console.log(`Started Flayre server on port ${port}`); diff --git a/server/static/flayre.js b/server/static/flayre.js new file mode 100644 index 0000000..bb49594 --- /dev/null +++ b/server/static/flayre.js @@ -0,0 +1,23 @@ +(function () { + if (window.navigator.doNotTrack === '1') { + console.log('Flayre respects DNT'); + return; + } + const flayreDomain = document.currentScript.src.split('/').slice(0, 3).join('/'); + const app = document.currentScript.dataset.app; + + fetch(`${flayreDomain}/api/events`, { + method: 'POST', + headers: { + 'Content-type': 'application/json', + }, + body: JSON.stringify({ + appId: app, + date: new Date().toISOString(), + platform: window.navigator.platform, + locale: window.navigator.language, + data: window.location.pathname, + type: 'VIEW' + }) + }); +})(); \ No newline at end of file