Commit graph

49 commits

Author SHA1 Message Date
Francis Li
2f29d6add1 Fixes #500 removes CSRF token setting in cookie and validation on request (#501) 2018-01-08 16:12:55 -05:00
Francis Li
aadd533061 Fixes #491 adds support for a configurable cache-control max-age setting for serving static assets, with a default of 1d on production and 0 elsewhere (#492) 2017-12-08 15:01:39 -05:00
Cassie Tarakajian
03eae2f1ef fixes #479 and fixes #449 2017-11-28 14:48:50 -05:00
Cassie Tarakajian
e38474ce40 fix linting errors 2017-11-27 17:32:03 -05:00
Cassie Tarakajian
44f02d1159 add csrf token debugging 2017-11-27 17:26:32 -05:00
Cassie Tarakajian
d03b433cfe add additional logging for CSRF errors, redirect to 404 for invalid embed path 2017-11-27 16:58:53 -05:00
Andrew Nicolaou
6cbc376d6e CSRF/XSS protection (#374)
* /api endpoints only allows requests with application/json Content-Type

Otherwise sends 406 Unacceptable

* Uses CSRF token

The CSRF token is sent as the cookie 'XSRF-TOKEN' on all HTML page
requests. This token is  picked up automatically by axios
and sent to the API with all requests as an 'X-XSRF-TOKEN' header.
The middleware runs on all routes and verifies that the token matches
what's stored in the session.
2017-06-26 13:58:58 -04:00
Cassie Tarakajian
66833d22b6 fix #351, increase limit for body-parser 2017-05-10 15:07:40 -04:00
Andrew Nicolaou
a1121e2e6b Enable CORS for all origins and requests on API (#324)
* Enable CORS for all origins and requests on API

* Whitelist CORS origins: *.p5js.org in production and also localhost in development
2017-03-23 14:53:16 -04:00
Cassie Tarakajian
e87390adb9 update eslint to latest version, fix lots of linting errors (#308)
* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* fix some accessibility linting errors

* fix a lot of linting errors

* fix a billion more linting errors

* hopefully fix all linting errors, still need to test

* fix bugs that fixing linting had caused
2017-02-22 14:29:35 -05:00
Enrique Piqueras
5e4b076b93 Fixed #158 and #100 (#198)
* Changed unsaved changes asterisk to an svg circle. #158

* Fixed #100
Unmatched routes are handled by react-router on the client side
and a single wildcard route on server.routes.js renders the index
html.
When the /:username/sketches route is matched and the username is not
valid, the user will be redirected to the index route and a toast
will explain what happened. When the username is 'p5' (default when
logged out) it will show all sketches. Maybe this should be changed
to just public or 'local' sketches?

* Moved unsaved changes SVG to a separate file.

* User not found is now a 404 error.

* Added server rendered 404 page.

* Removed console.log

* 404 Page now renders a random p5 sketch. TODO: make 404 sketches.

* Added 404 header
404 page now fetches a random example sketch

* Moved circle closer to file name

* Render 404 page in SketchList route if !user
2017-01-06 13:08:03 -05:00
Cassie Tarakajian
f40ecebfba #142 add webpack configuration to decrease loading speed 2016-11-08 18:11:12 -05:00
catarak
207bab20eb add embed route, fix path parsing in PreviewFrame 2016-09-06 16:54:16 -04:00
catarak
29571e4764 login with github works if not already registered 2016-08-31 12:57:47 -04:00
catarak
c677c37597 get dropzone to render 2016-07-19 18:27:27 -04:00
catarak
4d6e4857ba add files, server side, only css and js files 2016-07-13 18:53:56 -04:00
mathuramg
0942378812 remove dev changes 2016-07-11 09:06:43 -04:00
mathuramg
1b56f8ce54 add more preferences 2016-07-06 11:27:39 -04:00
catarak
4f82a8fd31 add production build 2016-06-28 14:41:15 -04:00
catarak
248744b186 start to add production webpack 2016-06-27 18:46:08 -04:00
catarak
2bdd682771 fix some minor eslint errors 2016-06-27 13:09:18 -04:00
catarak
e18a5e0941 fix some linting errors 2016-06-24 18:18:22 -04:00
catarak
3d42da18a8 fix a ton of eslint errors 2016-06-23 18:29:55 -04:00
catarak
c25d669fe9 move ajax requests to /api 2016-06-20 18:00:40 -04:00
catarak
e1a79ba7a6 start to add create project 2016-06-20 18:00:40 -04:00
catarak
d672166b87 add login view 2016-06-20 17:50:45 -04:00
catarak
4908dc1e0b change authentication to cookies 2016-06-20 17:47:47 -04:00
catarak
9e366fdc17 fix merge conflict, for real this time 2016-06-20 17:47:47 -04:00
catarak
b2a4eacc52 add dotenv, start to add signup 2016-06-20 17:47:47 -04:00
catarak
38accbaa1d sign up view renders, not tested if functional 2016-06-20 17:47:47 -04:00
catarak
eec7987c70 add a lot of server side libraries, preemptively, still hooking everything up 2016-06-20 17:47:46 -04:00
catarak
06ff0e3e31 add framework for sessions 2016-06-20 17:47:46 -04:00
catarak
62ef5556bd add session and cookie and passport config for server 2016-06-20 17:47:46 -04:00
catarak
341158579f add dotenv, start to add signup 2016-06-20 17:47:46 -04:00
catarak
0919cacc52 sign up view renders, not tested if functional 2016-06-20 17:47:46 -04:00
catarak
ea83c2ba0b add a lot of server side libraries, preemptively, still hooking everything up 2016-06-20 17:47:46 -04:00
catarak
33fcafb483 add framework for sessions 2016-06-20 17:47:46 -04:00
catarak
2b99122f30 add session and cookie and passport config for server 2016-06-20 17:47:46 -04:00
catarak
c496f20699 add dotenv, start to add signup 2016-06-20 17:47:17 -04:00
catarak
1136ac3f16 add a lot of server side libraries, preemptively, still hooking everything up 2016-06-20 17:47:16 -04:00
catarak
4c8684877e add framework for sessions 2016-06-20 17:47:16 -04:00
catarak
d8bdc9a232 add session and cookie and passport config for server 2016-06-20 17:47:16 -04:00
catarak
1f75b4d390 add dotenv, start to add signup 2016-06-20 17:46:42 -04:00
catarak
4e1ea2d1fc sign up view renders, not tested if functional 2016-06-20 17:46:23 -04:00
catarak
c22ae1724a add login route 2016-06-20 17:46:23 -04:00
catarak
47491f63ba add a lot of server side libraries, preemptively, still hooking everything up 2016-06-20 17:44:36 -04:00
catarak
dfe54dd784 add framework for sessions 2016-06-20 17:44:36 -04:00
catarak
65c02922c7 add session and cookie and passport config for server 2016-06-20 17:44:36 -04:00
catarak
5e2a57d9eb initial commit 2016-05-03 00:09:16 -04:00