add additional logging for CSRF errors, redirect to 404 for invalid embed path

This commit is contained in:
Cassie Tarakajian 2017-11-27 16:58:53 -05:00
parent 28c2bda663
commit d03b433cfe
2 changed files with 12 additions and 0 deletions

View file

@ -5,10 +5,14 @@ import {
resolvePathsForElementsWithAttribute, resolvePathsForElementsWithAttribute,
resolveScripts, resolveScripts,
resolveStyles } from '../utils/previewGeneration'; resolveStyles } from '../utils/previewGeneration';
import { get404Sketch } from '../views/404Page';
export function serveProject(req, res) { export function serveProject(req, res) {
Project.findById(req.params.project_id) Project.findById(req.params.project_id)
.exec((err, project) => { .exec((err, project) => {
if (err || !project) {
return get404Sketch(html => res.send(html));
}
// TODO this does not parse html // TODO this does not parse html
const files = project.files; const files = project.files;
const htmlFile = files.find(file => file.name.match(/\.html$/i)).content; const htmlFile = files.find(file => file.name.match(/\.html$/i)).content;

View file

@ -131,6 +131,14 @@ app.get('*', (req, res) => {
res.type('txt').send('Not found.'); res.type('txt').send('Not found.');
}); });
// error handler
app.use((err, req, res, next) => {
if (err.code !== 'EBADCSRFTOKEN') return next(err);
console.error('Invalid CSRF token for: ' + req.url);
return next(err);
});
// start app // start app
app.listen(serverConfig.port, (error) => { app.listen(serverConfig.port, (error) => {
if (!error) { if (!error) {