diff --git a/src/server.js b/src/server.js index cb2adf9..da28a0b 100644 --- a/src/server.js +++ b/src/server.js @@ -30,6 +30,7 @@ globalThis.crypto = require('node:crypto').webcrypto; //Application const channelManager = require('./app/channel/channelManager'); //Util +const configCheck = require('./utils/configCheck'); const scheduler = require('./utils/scheduler'); //DB Model const statModel = require('./schemas/statSchema'); @@ -60,6 +61,9 @@ const config = require('../config.json'); const port = config.port; const dbUrl = `mongodb://${config.db.user}:${config.db.pass}@${config.db.address}:${config.db.port}/${config.db.database}`; +//Check for insecure config +configCheck.securityCheck(); + //Define express const app = express(); @@ -78,10 +82,6 @@ const sessionMiddleware = session({ const httpServer = createServer(app); const io = new Server(httpServer, {}); -if(config.protocol == 'http'){ - console.warn("Starting in HTTP mode. This server should be used for development purposes only!"); -} - //Connect mongoose to the database mongoose.set("sanitizeFilter", true).connect(dbUrl).then(() => { console.log("Connected to DB"); diff --git a/src/utils/configCheck.js b/src/utils/configCheck.js new file mode 100644 index 0000000..96bef32 --- /dev/null +++ b/src/utils/configCheck.js @@ -0,0 +1,60 @@ +/*Canopy - The next generation of stoner streaming software +Copyright (C) 2024 Rainbownapkin and the TTN Community + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see .*/ + +//Config +const config = require('../../config.json'); + +//Local +const loggerUtil = require('./loggerUtils'); + +//NPM Imports +const validator = require('validator');//We need validators for express-less code too! + + +module.exports.securityCheck = function(){ + //Check Protocol + if(config.protocol == 'http'){ + //If it's insecure then warn the admin + loggerUtil.consoleWarn("Starting in HTTP mode. This server should be used for development purposes only!"); + } + + //Check mail protocol + if(!config.mail.secure){ + //If it's insecure then warn the admin + loggerUtil.consoleWarn("Mail transport security disabled! THis server should be used for development purposes only!"); + } + + //check session secret + if(!validator.isStrongPassword(config.sessionSecret) || config.sessionSecret == "CHANGE_ME"){ + loggerUtil.consoleWarn("Insecure Session Secret! Change Session Secret!"); + } + + //check altcha secret + if(!validator.isStrongPassword(config.altchaSecret) || config.altchaSecret == "CHANGE_ME"){ + loggerUtil.consoleWarn("Insecure Altcha Secret! Change Altcha Secret!"); + } + + //check DB pass + if(!validator.isStrongPassword(config.db.pass) || config.db.pass == "CHANGE_ME" || config.db.pass == config.db.user){ + loggerUtil.consoleWarn("Insecure Database Password! Change Database password!"); + } + + //check email pass + if(!validator.isStrongPassword(config.mail.pass) || config.mail.pass == "CHANGE_ME"){ + loggerUtil.consoleWarn("Insecure Email Password! Change Email password!"); + } + +} \ No newline at end of file diff --git a/src/utils/loggerUtils.js b/src/utils/loggerUtils.js index fa7dc4e..5d4f913 100644 --- a/src/utils/loggerUtils.js +++ b/src/utils/loggerUtils.js @@ -34,4 +34,8 @@ module.exports.socketCriticalExceptionHandler = function(socket, err){ //if not yell at the browser for fucking up, and tell it what it did wrong. socket.emit("kick", {type: "Disconnected", reason: `Server Error: ${err.message}`}); return socket.disconnect(); +} + +module.exports.consoleWarn = function(string){ + console.warn('\x1b[31m\x1b[4m%s\x1b[0m',string); } \ No newline at end of file