add additional logging for CSRF errors, redirect to 404 for invalid embed path

This commit is contained in:
Cassie Tarakajian 2017-11-27 16:58:53 -05:00
parent 28c2bda663
commit d03b433cfe
2 changed files with 12 additions and 0 deletions

View File

@ -5,10 +5,14 @@ import {
resolvePathsForElementsWithAttribute,
resolveScripts,
resolveStyles } from '../utils/previewGeneration';
import { get404Sketch } from '../views/404Page';
export function serveProject(req, res) {
Project.findById(req.params.project_id)
.exec((err, project) => {
if (err || !project) {
return get404Sketch(html => res.send(html));
}
// TODO this does not parse html
const files = project.files;
const htmlFile = files.find(file => file.name.match(/\.html$/i)).content;

View File

@ -131,6 +131,14 @@ app.get('*', (req, res) => {
res.type('txt').send('Not found.');
});
// error handler
app.use((err, req, res, next) => {
if (err.code !== 'EBADCSRFTOKEN') return next(err);
console.error('Invalid CSRF token for: ' + req.url);
return next(err);
});
// start app
app.listen(serverConfig.port, (error) => {
if (!error) {