Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
Files
76dc23c8619e7c8680107a1ba4fb30c0d65be46b
CDN-APP-INSIDER/routes/BuildMetaData.js
dinawo 76dc23c861 security: fix vulnerabilities and update security hardening (2026-03-12) 
Code security fixes:
- Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes
- Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection
- Added path traversal protection in Upload.js (resolved path boundary check)
- Removed unsafe-eval from CSP script-src directive
- Removed information disclosure in BuildMetaData error responses
- Removed unused child_process import in BuildMetaData.js

Version bump: 1.2.1-beta → 1.2.2-beta
2026-03-12 17:16:16 +01:00

70 lines
1.8 KiB
JavaScript
Raw Blame History

const express = require('express');
const router = express.Router();
const os = require('os');
const packageJson = require('../package.json');
const fs = require('fs');
const path = require('path');
const crypto = require('crypto');
function getAllFiles(dirPath, arrayOfFiles) {
const files = fs.readdirSync(dirPath);
arrayOfFiles = arrayOfFiles || [];
files.forEach(function(file) {
if (fs.statSync(dirPath + "/" + file).isDirectory()) {
arrayOfFiles = getAllFiles(dirPath + "/" + file, arrayOfFiles);
} else {
arrayOfFiles.push(path.join(dirPath, "/", file));
}
});
return arrayOfFiles;
}
function bytesToSize(bytes) {
const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB'];
if (bytes == 0) return '0 Byte';
const i = parseInt(Math.floor(Math.log(bytes) / Math.log(1024)));
return Math.round(bytes / Math.pow(1024, i), 2) + ' ' + sizes[i];
}
function calculateBuildSize(files) {
let totalSize = 0;
files.forEach(file => {
const stats = fs.statSync(file);
totalSize += stats.size;
});
return totalSize;
}
router.get('/', async (req, res) => {
try {
const clientIp = req.headers['cf-connecting-ip'] || req.ip;
const version = packageJson.version;
const expressVersion = require('express/package.json').version;
const buildMetadata = {
build_version: version,
node_version: process.version,
express_version: expressVersion,
build_sha: '',
os_type: os.type(),
os_release: os.release(),
};
const hash = crypto.createHash('md5');
hash.update(buildMetadata.build_version);
buildMetadata.build_sha = hash.digest('hex').substring(0, 32);
res.json(buildMetadata);
} catch (error) {
console.error('Error in /build-metadata: ', error);
res.status(500).send('Internal server error');
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink