npm: Updated packages for fixing audit

ping: Added endpoint for register new fqdn's
- Added environment variable REGISTER_PASS for authorize register - Added endpoint /:fqdn/:code/:pass for register new fqdn's
5 changed files with 1819 additions and 2390 deletions
--- a/app.js
+++ b/app.js
@ -12,7 +12,7 @@ let hbs = require('hbs');
 //let sessionMySQL = require("connect-mysql")(expressSession);
 let compression = require("compression");
 //let expressMinify = require('express-minify');
-//let expressMinifyHtml = require('express-minify-html');
+//let expressMinifyHtml = require('express-minify-html-2');

 let app = express();

--- a/libs/configuration.js
+++ b/libs/configuration.js
@ -6,4 +6,5 @@ module.exports = {
        password: process.env.DATABASE_PASSWORD,
        database: process.env.DATABASE_NAME,
    },
+    registerPass: process.env.REGISTER_PASS,
 };
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -15,11 +15,11 @@
    "express": "~4.16.0",
    "express-layout": "^0.1.0",
    "express-minify": "^1.0.0",
-    "express-minify-html": "^0.12.0",
+    "express-minify-html-2": "^1.0.1",
    "express-session": "^1.15.6",
    "express-validator": "^5.3.0",
    "handlebars": "^4.1.0",
-    "hbs": "^4.0.3",
+    "hbs": "^4.0.5",
    "http-errors": "~1.6.2",
    "ical-generator": "^1.0.4",
    "ipaddr.js": "^1.8.1",
--- a/routes/ping.js
+++ b/routes/ping.js
@ -1,9 +1,12 @@
 let express = require("express");
 let ipaddr = require("ipaddr.js");
+let moment = require("moment");
+let conf = require("../libs/configuration");
 let db = require("../libs/Database").instance();
 let router = express.Router();

 const IP_TYPES = ["ipv4", "ipv6"];
+const REGISTER_PASS = conf.registerPass;

 function combineToList(a, b) {
    return a + "\n" + b;
@ -14,36 +17,54 @@ function toList(array) {
 }

 function testIP(req, res, next) {
-	let addr = ipaddr.parse(req.ip);
+    let addr = ipaddr.parse(req.ip);
    if (!IP_TYPES.includes(addr.kind())) return res.status(400).send("Invalid ip address");
-	req.params.addr = addr;
-	next();
+    req.params.addr = addr;
+    next();
 }

 router.use((req, res, next) => {
    res.type('text/plain');
-	next();
+    next();
 });

 router.get("/", testIP, (req, res) => {
-	res.send(req.params.addr.toString());
+    res.send(req.params.addr.toString());
 });

 router.get("/:fqdn", (req, res) => {
-    db.q.select(IP_TYPES).from("addresses").filter("fqdn", req.params.fqdn).first((e, d) => {
-		if (e) return res.status(400).send("Error");
-		if (!d) return res.status(404).send("Unknown FQDN");
-		res.send(d.ipv4 ? (d.ipv6 ? d.ipv4 + "\n" + d.ipv6 : d.ipv4) : (d.ipv6 ? d.ipv6 : ""));
-	});
+    db.q.select(IP_TYPES.concat(IP_TYPES.map(e => e + "LastPing"))).from("addresses").filter("fqdn", req.params.fqdn).first((e, d) => {
+        if (e) return res.status(400).send("Error");
+        if (!d) return res.status(404).send("Unknown FQDN");
+        res.send([
+            d.ipv4 ? d.ipv4 : "0.0.0.0",
+            moment(d.ipv4LastPing).toISOString(),
+            d.ipv6 ? d.ipv6 : "::",
+            moment(d.ipv6LastPing).toISOString(),
+        ].reduce((a, b) => a + "\n" + b));
+    });
 });

 router.get("/:fqdn/:code", testIP, (req, res) => {
-	let addr = req.params.addr;
+    let addr = req.params.addr;
    db.query("UPDATE addresses SET " + addr.kind() + " = ?, " + addr.kind() + "LastPing = CURRENT_TIMESTAMP WHERE fqdn = ? AND code = ?", [addr.toString(), req.params.fqdn, req.params.code], (e, d) => {
-		if (e) return res.status(400).send("Error");
-		if (d.affectedRows <= 0) return res.status(400).send("Invalid token");
-		res.send(addr.toString());
-	});
+        if (e) return res.status(400).send("Error");
+        if (d.affectedRows <= 0) return res.status(403).send("Invalid token");
+        res.send(addr.toString());
+    });
+});
+
+router.get("/:fqdn/:code/:pass", (req, res) => {
+    const pass = req.params.pass;
+    const fqdn = req.params.fqdn;
+    const code = req.params.code;
+    if (REGISTER_PASS === "" || pass !== REGISTER_PASS) return res.status(403).send("Invalid token");
+    db.query("INSERT INTO addresses SET fqdn = ?, code = ? ON DUPLICATE KEY UPDATE code = ?", [fqdn, code, code], (e, d) => {
+        if (e) return res.status(400).send("Error");
+        if (d.insertId <= 0) return res.send("Already registered");
+        if (d.affectedRows >= 2) return res.send("Successful changed code");
+        res.send("Successful registered");
+    })
 });

 module.exports = router;
Author	SHA1	Message	Date
Felix Stupp	447431f180	npm: Updated packages for fixing audit	5 years ago
Felix Stupp	f108987bf6	ping: Added endpoint for register new fqdn's - Added environment variable REGISTER_PASS for authorize register - Added endpoint /:fqdn/:code/:pass for register new fqdn's	5 years ago
Felix Stupp	4d2266e8a7	ping: Changed status code for invalid token to 403	5 years ago
Felix Stupp	9af27ac110	ping.js: Changed tabs to spaces	5 years ago
Felix Stupp	b0d3fcc672	ping: Changed date output format to ISO	5 years ago
Felix Stupp	f31e78fd9d	ping: SQL Select missing rows	5 years ago
Felix Stupp	2abbd05bf6	ping: Added missing comma for array	5 years ago
Felix Stupp	d5cefd6edc	ping: Reworked get request output for ip addresses - Rewrote code - Replaced missing addresses with empty addresses - Added timestamps of last update	5 years ago
Felix Stupp	c5515410ae	npm: Exchanged express-minify-html with fork To fix vulnerability	5 years ago
Felix Stupp	c3d4b224a8	npm: Updated packages	5 years ago