Update v1.2.0-beta - Dynamic context menu & permissions
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
✨ New Features: - Dynamic permission-based context menus for files and folders - Support for collaborative folder access control - Upload to specific folders including shared folders - Changelog modal for version updates - Improved dark mode synchronization 🐛 Bug Fixes: - Fixed context menu displaying incorrect options - Fixed CSS !important override preventing dynamic menu behavior - Fixed folder collaboration permission checks - Fixed breadcrumb navigation with empty segments - Fixed "Premature close" error loop in attachments - Fixed missing user variable in admin routes - Fixed avatar loading COEP policy issues 🔒 Security: - Added security middleware (CSRF, rate limiting, input validation) - Fixed collaboration folder access validation - Improved shared folder permission handling 🎨 UI/UX Improvements: - Removed Actions column from folder view - Context menu now properly hides/shows based on permissions - Better visual feedback for collaborative folders - Improved upload flow with inline modals 🧹 Code Quality: - Added collaboration data to folder routes - Refactored context menu logic for better maintainability - Added debug logging for troubleshooting - Improved file upload handling with chunking support
This commit is contained in:
28
server.js
28
server.js
@@ -17,6 +17,11 @@ const routes = require('./routes/routes.js');
|
||||
const fileCleanup = require('./services/fileCleanupService');
|
||||
const reportManager = require('./services/reportService.js');
|
||||
|
||||
// Import des middlewares de sécurité
|
||||
const securityHeadersMiddleware = require('./Middlewares/securityHeadersMiddleware');
|
||||
const { inputValidationMiddleware } = require('./Middlewares/inputValidationMiddleware');
|
||||
const { generalLimiter } = require('./Middlewares/rateLimitMiddleware');
|
||||
|
||||
// Configuration de l'application
|
||||
const app = express();
|
||||
const PORT = process.env.PORT || 5053;
|
||||
@@ -60,17 +65,28 @@ const loadSetup = async () => {
|
||||
(req, res) => res.status(403).json({ error: 'Access Denied' }));
|
||||
|
||||
// Configuration des middlewares
|
||||
// Désactiver le header X-Powered-By
|
||||
app.disable('x-powered-by');
|
||||
|
||||
// Middlewares de sécurité
|
||||
app.use(securityHeadersMiddleware);
|
||||
app.use(generalLimiter);
|
||||
app.use(inputValidationMiddleware);
|
||||
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
app.use('/public', express.static(path.join(__dirname, 'public')));
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
app.use(bodyParser.json());
|
||||
app.use('/public', express.static(path.join(__dirname, 'public')));
|
||||
app.use(express.urlencoded({ extended: true, limit: '10mb' }));
|
||||
app.use(bodyParser.json({ limit: '10mb' }));
|
||||
app.use(session({
|
||||
secret: crypto.randomBytes(64).toString('hex'),
|
||||
resave: false,
|
||||
saveUninitialized: true,
|
||||
cookie: {
|
||||
saveUninitialized: false, // Plus sécurisé
|
||||
name: 'sessionId', // Nom personnalisé pour ne pas révéler la stack
|
||||
cookie: {
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
maxAge: 24 * 60 * 60 * 1000
|
||||
httpOnly: true, // Protection XSS
|
||||
maxAge: 24 * 60 * 60 * 1000,
|
||||
sameSite: 'strict' // Protection CSRF
|
||||
}
|
||||
}));
|
||||
app.use(passport.initialize());
|
||||
|
||||
Reference in New Issue
Block a user