add additional logging for CSRF errors, redirect to 404 for invalid embed path

2017-11-27 16:58:53 -05:00 · 2017-11-27 16:58:53 -05:00 · d03b433cfe
parent 28c2bda663
commit d03b433cfe
2 changed files with 12 additions and 0 deletions
--- a/server/controllers/embed.controller.js
+++ b/server/controllers/embed.controller.js
@ -5,10 +5,14 @@ import {
  resolvePathsForElementsWithAttribute,
  resolveScripts,
  resolveStyles } from '../utils/previewGeneration';
+import { get404Sketch } from '../views/404Page';

 export function serveProject(req, res) {
  Project.findById(req.params.project_id)
    .exec((err, project) => {
+      if (err || !project) {
+        return get404Sketch(html => res.send(html));
+      }
      // TODO this does not parse html
      const files = project.files;
      const htmlFile = files.find(file => file.name.match(/\.html$/i)).content;
--- a/server/server.js
+++ b/server/server.js
@ -131,6 +131,14 @@ app.get('*', (req, res) => {
  res.type('txt').send('Not found.');
 });

+// error handler
+app.use((err, req, res, next)  => {
+  if (err.code !== 'EBADCSRFTOKEN') return next(err);
+
+  console.error('Invalid CSRF token for: ' + req.url);
+  return next(err);
+});
+
 // start app
 app.listen(serverConfig.port, (error) => {
  if (!error) {