corsica - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

lib/config.js

@@ -10,2 +10,4 @@ var fs = require('fs');
   STATE_PATH: './state.json',
+  force_https: false,
+  hsts_time: 60 * 24 * 60 * 60,  // 60 days in seconds
 };
@@ -12,0 +14,0 @@

lib/server.js

@@ -6,2 +6,4 @@ var fs = require('fs');
 var express = require('express');
+var helmet = require('helmet');
+var express_enforces_ssl = require('express-enforces-ssl');
 
@@ -16,4 +18,5 @@ var utils = require('./utils');
 
+
+app.use(helmet.hidePoweredBy());
 app.use(express.compress());
-app.use(express.static(staticPath));
 app.use(express.json());
@@ -62,2 +65,12 @@
   core = core_;
+
+  if (core.config.force_https) {
+    console.log("Forcing HTTPS. Setting HSTS to " + core.config.hsts_time + " seconds");
+    app.enable('trust proxy');
+    app.use(helmet.hsts({maxAge: core.config.hsts_time}));
+    app.use(express_enforces_ssl());
+  }
+
+  app.use(express.static(staticPath));
+
   app.set('port', core.config.PORT);
@@ -71,3 +84,3 @@ server = http.createServer(app);
   server.listen(app.get('port'), function() {
-    console.log('Listening on https://0.0.0.0:{0}'.format(app.get('port')));
+    console.log('Listening on http://0.0.0.0:{0}'.format(app.get('port')));
   });
@@ -74,0 +87,0 @@ }

package.json

 {
   "name": "corsica",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Ephemeral screens for the masses.",
@@ -22,2 +22,4 @@ "main": "index.js",
     "express": "3.4.8",
+    "express-enforces-ssl": "^1.1.0",
+    "helmet": "^3.5.0",
     "minimatch": "^3.0.3",
@@ -24,0 +26,0 @@ "request": "^2.80.0",

plugins/tags.js

@@ -86,15 +86,15 @@ /* Description:
 
-          var from;
-          var to;
+          var start;
+          var end;
 
-          if (c.from) {
-            from = Date.parse(c.from);
+          if (c.start) {
+            start = Date.parse(c.start);
           } else {
-            from = 0;
+            start = 0;
           }
 
-          if (c.to) {
-            to = Date.parse(c.to);
+          if (c.end) {
+            end = Date.parse(c.end);
           } else {
-            to = Infinity;
+            end = Infinity;
           }
@@ -104,3 +104,3 @@
 
-          return from < now && now < to;
+          return start < now && now < end;
         });
@@ -107,0 +107,0 @@

static/js/app.js

@@ -25,3 +25,3 @@ console.log(
 if (!config.tags) {
-  config.tags = [];
+  config.tags = ['default'];
   writeConfig();
@@ -28,0 +28,0 @@ }

No alert changes

Improved metrics

Total package byte prevSize

119824

increased by0.36%

Lines of code

1718

increased by0.64%

Worsened metrics

Dependency count

7

increased by40%

Number of package files

45

decreased by-2.17%

Dependency changes

• + Addedexpress-enforces-ssl@^1.1.0

• + Addedhelmet@^3.5.0

• + Addedbowser@2.9.0(transitive)

• + Addedcamelize@1.0.0(transitive)

• + Addedcontent-security-policy-builder@2.1.0(transitive)

• + Addeddasherize@2.0.0(transitive)

• + Addeddepd@2.0.0(transitive)

• + Addeddont-sniff-mimetype@1.1.0(transitive)

• + Addedexpress-enforces-ssl@1.1.0(transitive)

• + Addedfeature-policy@0.3.0(transitive)

• + Addedhelmet@3.23.3(transitive)

• + Addedhelmet-crossdomain@0.4.0(transitive)

• + Addedhelmet-csp@2.10.0(transitive)

• + Addedhide-powered-by@1.1.0(transitive)

• + Addedhpkp@2.0.0(transitive)

• + Addedhsts@2.2.0(transitive)

• + Addednocache@2.1.0(transitive)

• + Addedreferrer-policy@1.2.0(transitive)

• + Addedx-xss-protection@1.3.0(transitive)