From d7a403828803d5817e901d61c4dce5d29d9489cf Mon Sep 17 00:00:00 2001 From: joates Date: Sat, 20 Sep 2014 10:54:53 +0100 Subject: [PATCH] separate email client-side validation code --- .gitignore | 1 + package.json | 5 +-- server.js | 52 +++++++++++++++++++------------ src/{email.js => email-client.js} | 0 4 files changed, 36 insertions(+), 22 deletions(-) rename src/{email.js => email-client.js} (100%) diff --git a/.gitignore b/.gitignore index f4e3dcc..fb280fe 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ lib-cov *.pid *.gz +db pids logs results diff --git a/package.json b/package.json index aee6ee8..0e35afc 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "server.js", "scripts": { "start": "echo -n 'building.. '; npm run build && node server.js", - "build": "browserify src/email.js -o html/assets/js/email.js", + "build": "browserify src/email-client.js -o html/assets/js/email.js", "test": "echo \"Error: no test specified\" && exit 1" }, "repository": { @@ -26,6 +26,7 @@ "browserify": "^5.11.2", "domready": "^1.0.7", "nodemailer": "^1.3.0", - "valid-email": "0.0.1" + "valid-email": "0.0.1", + "xss-escape": "0.0.5" } } diff --git a/server.js b/server.js index b20f6dd..0548b92 100644 --- a/server.js +++ b/server.js @@ -1,9 +1,7 @@ #!/usr/bin/env node -var nodemailer = require('nodemailer') - , transporter = nodemailer.createTransport() - , server = require('http').createServer(handler) - , email = require('./config.json').email +var server = require('http').createServer(handler) + , sanitize = require('xss-escape') , rn = require('./src/rng') , fs = require('fs') , re = new RegExp('\.js$', 'i') @@ -29,29 +27,42 @@ function handler(req, res) { if (/^\/email\?/.test(req.url)) { var params = require('url').parse(req.url, true) if (params && params.query.email) { + //console.log('got email:', params.query) - /* - var to_addr = params.query.email // @NOTE: - // Q: do we trust the user input ? - // A: FUCK NO !! + var obj = {} + , email = sanitize(params.query.email) + obj.token = rn() + obj.verified = false + obj.events = { paris: params.query.paris ? true : false } + obj.trace = (req.headers['x-forwarded-for'] || '').split(',') + || [ req.connection.remoteAddress ] + + var db = require('level')('./db/squatconf', { valueEncoding: 'json' }) + db.put(email, obj, function(err) { + if (err) cb(err) + // else.. db updated OK + }) + + var nodemailer = require('nodemailer') + , transporter = nodemailer.createTransport() + , config = require('./config.json') , url = 'http://squatconf.eu/confirm' - , link = url +'?email='+ to_addr +'&token='+ rn() +'\n\n' + , link = url +'?email='+ email +'&token='+ obj.token +'\n\n' var opts = { - from : email.from - , to : to_addr - , subject: email.subject - , text : email.bodyText.replace(/\%link\%/, link) + from : config.email.from + , to : email + , subject: config.email.subject + , text : config.email.bodyText.replace(/\%link\%/, link) } transporter.sendMail(opts, function(err, data) { - if (err) return console.error('email problem !', err) - console.log('email sent', data) + if (err) throw err + // validation email sent + console.log('email sent..', data) }) - */ - - console.log(' got email:', params.query) } + res.statusCode = 302 res.setHeader('Location', '/') return res.end() @@ -68,5 +79,6 @@ process.on('uncaughtException', function (err) { }) server.listen(port) -console.error('['+ process.pid +'] server started on port '+ port) -console.error('(use ctrl+c to stop server)') +console.log('['+ process.pid +'] server started on port '+ port) +console.log('(use Ctrl+c to stop the server)') + diff --git a/src/email.js b/src/email-client.js similarity index 100% rename from src/email.js rename to src/email-client.js