ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-12 23:35:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log e-mail if not sending it

Browse Source
This commit is contained in:
Wolfgang Huß 2022-06-24 10:04:35 +02:00
parent 1ecf5f2965
commit f92cec3749
5 changed files with 117 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
backend/src/middleware/helpers/cleanHtml.js Normal file
View File

@ -0,0 +1,86 @@
import sanitizeHtml from 'sanitize-html'
import linkifyHtml from 'linkifyjs/html'
const standardSanitizeHtmlOptions = {
allowedTags: [
'img',
'p',
'h3',
'h4',
'br',
'hr',
'b',
'i',
'u',
'em',
'strong',
'a',
'pre',
'ul',
'li',
'ol',
's',
'strike',
'span',
'blockquote',
],
allowedAttributes: {
a: ['href', 'class', 'target', 'data-*', 'contenteditable'],
span: ['contenteditable', 'class', 'data-*'],
img: ['src'],
},
allowedIframeHostnames: ['www.youtube.com', 'player.vimeo.com'],
parser: {
lowerCaseTags: true,
},
transformTags: {
h1: 'h3',
h2: 'h3',
h3: 'h3',
h4: 'h4',
h5: 'strong',
i: 'em',
a: (tagName, attribs) => {
return {
tagName: 'a',
attribs: {
...attribs,
href: attribs.href || '',
target: '_blank',
rel: 'noopener noreferrer nofollow',
},
}
},
b: 'strong',
s: 'strike',
},
}
export function cleanHtml(dirty, sanitizeHtmlOptions = standardSanitizeHtmlOptions) {
if (!dirty) {
return dirty
}
dirty = linkifyHtml(dirty)
dirty = sanitizeHtml(dirty, sanitizeHtmlOptions)
// remove empty html tags and duplicated linebreaks and returns
dirty = dirty
// remove all tags with "space only"
.replace(/<[a-z-]+>[\s]+<\/[a-z-]+>/gim, '')
.replace(/[\n]{3,}/gim, '\n\n')
.replace(/(\r\n|\n\r|\r|\n)/g, '<br>$1')
// replace all p tags with line breaks (and spaces) only by single linebreaks
// limit linebreaks to max 2 (equivalent to html "br" linebreak)
.replace(/(<br ?\/?>\s*){2,}/gim, '<br>')
// remove additional linebreaks after p tags
.replace(/<\/(p|div|th|tr)>\s*(<br ?\/?>\s*)+\s*<(p|div|th|tr)>/gim, '</p><p>')
// remove additional linebreaks inside p tags
.replace(/<[a-z-]+>(<[a-z-]+>)*\s*(<br ?\/?>\s*)+\s*(<\/[a-z-]+>)*<\/[a-z-]+>/gim, '')
// remove additional linebreaks when first child inside p tags
.replace(/<p>(\s*<br ?\/?>\s*)+/gim, '<p>')
// remove additional linebreaks when last child inside p tags
.replace(/(\s*<br ?\/?>\s*)+<\/p+>/gim, '</p>')
return dirty
}

22
backend/src/middleware/helpers/email/sendMail.js
View File

@ -1,4 +1,5 @@
import CONFIG from '../../../config'
import { cleanHtml } from '../../../middleware/helpers/cleanHtml.js'
import nodemailer from 'nodemailer'
import { htmlToText } from 'nodemailer-html-to-text'
@ -10,6 +11,27 @@ if (!hasEmailConfig) {
if (!CONFIG.TEST) {
// eslint-disable-next-line no-console
console.log('Warning: Middlewares will not try to send mails.')
// TODO: disable e-mail logging on database seeding?
// TODO: implement general logging like 'log4js', see Gradido project: https://github.com/gradido/gradido/blob/master/backend/log4js-config.json
sendMailCallback = async (templateArgs) => {
// eslint-disable-next-line no-console
console.log('--- Send E-Mail ---')
// eslint-disable-next-line no-console
console.log('To: ' + templateArgs.to)
// eslint-disable-next-line no-console
console.log('From: ' + templateArgs.from)
// eslint-disable-next-line no-console
console.log('Subject: ' + templateArgs.subject)
// eslint-disable-next-line no-console
console.log('Content:')
// eslint-disable-next-line no-console
console.log(
cleanHtml(templateArgs.html, {
allowedTags: ['a'],
allowedAttributes: { a: ['href'] },
}).replace(/&amp;/g, '&'),
)
}
}
} else {
sendMailCallback = async (templateArgs) => {

91
backend/src/middleware/xssMiddleware.js
View File

@ -1,100 +1,15 @@
import walkRecursive from '../helpers/walkRecursive'
// import { getByDot, setByDot, getItems, replaceItems } from 'feathers-hooks-common'
import sanitizeHtml from 'sanitize-html'
// import { isEmpty, intersection } from 'lodash'
import linkifyHtml from 'linkifyjs/html'
function clean(dirty) {
if (!dirty) {
return dirty
}
dirty = linkifyHtml(dirty)
dirty = sanitizeHtml(dirty, {
allowedTags: [
'img',
'p',
'h3',
'h4',
'br',
'hr',
'b',
'i',
'u',
'em',
'strong',
'a',
'pre',
'ul',
'li',
'ol',
's',
'strike',
'span',
'blockquote',
],
allowedAttributes: {
a: ['href', 'class', 'target', 'data-*', 'contenteditable'],
span: ['contenteditable', 'class', 'data-*'],
img: ['src'],
},
allowedIframeHostnames: ['www.youtube.com', 'player.vimeo.com'],
parser: {
lowerCaseTags: true,
},
transformTags: {
h1: 'h3',
h2: 'h3',
h3: 'h3',
h4: 'h4',
h5: 'strong',
i: 'em',
a: (tagName, attribs) => {
return {
tagName: 'a',
attribs: {
...attribs,
href: attribs.href || '',
target: '_blank',
rel: 'noopener noreferrer nofollow',
},
}
},
b: 'strong',
s: 'strike',
},
})
// remove empty html tags and duplicated linebreaks and returns
dirty = dirty
// remove all tags with "space only"
.replace(/<[a-z-]+>[\s]+<\/[a-z-]+>/gim, '')
.replace(/[\n]{3,}/gim, '\n\n')
.replace(/(\r\n|\n\r|\r|\n)/g, '<br>$1')
// replace all p tags with line breaks (and spaces) only by single linebreaks
// limit linebreaks to max 2 (equivalent to html "br" linebreak)
.replace(/(<br ?\/?>\s*){2,}/gim, '<br>')
// remove additional linebreaks after p tags
.replace(/<\/(p|div|th|tr)>\s*(<br ?\/?>\s*)+\s*<(p|div|th|tr)>/gim, '</p><p>')
// remove additional linebreaks inside p tags
.replace(/<[a-z-]+>(<[a-z-]+>)*\s*(<br ?\/?>\s*)+\s*(<\/[a-z-]+>)*<\/[a-z-]+>/gim, '')
// remove additional linebreaks when first child inside p tags
.replace(/<p>(\s*<br ?\/?>\s*)+/gim, '<p>')
// remove additional linebreaks when last child inside p tags
.replace(/(\s*<br ?\/?>\s*)+<\/p+>/gim, '</p>')
return dirty
}
import { cleanHtml } from '../middleware/helpers/cleanHtml.js'
const fields = ['content', 'contentExcerpt', 'reasonDescription']
export default {
Mutation: async (resolve, root, args, context, info) => {
args = walkRecursive(args, fields, clean)
args = walkRecursive(args, fields, cleanHtml)
return resolve(root, args, context, info)
},
Query: async (resolve, root, args, context, info) => {
const result = await resolve(root, args, context, info)
return walkRecursive(result, fields, clean)
return walkRecursive(result, fields, cleanHtml)
},
}

6
cypress/integration/Notification.Mention.feature
View File

@ -5,9 +5,9 @@ Feature: Notification for a mention
Background:
Given the following "users" are in the database:
| slug | email | password | id | name | termsAndConditionsAgreedVersion |
| wolle-aus-hamburg | wolle@example.org | 1234 | wolle | Wolle aus Hamburg | 0.0.4 |
| matt-rider | matt@example.org | 4321 | matt | Matt Rider | 0.0.4 |
| slug | email | password | id | name | termsAndConditionsAgreedVersion |
| wolle-aus-hamburg | wolle@example.org | 1234 | wolle | Wolfgang aus Hamburg | 0.0.4 |
| matt-rider | matt@example.org | 4321 | matt | Matt Rider | 0.0.4 |
Scenario: Mention another user, re-login as this user and see notifications
Given I am logged in as "wolle-aus-hamburg"

6
webapp/components/Registration/RegistrationSlider.story.js
View File

@ -97,7 +97,7 @@ storiesOf('RegistrationSlider', module)
email: 'wolle.huss@pjannto.com',
emailSend: false,
nonce: '47539',
name: 'Wolle',
name: 'Wolfgang',
password: 'Hello',
passwordConfirmation: 'Hello',
termsAndConditionsConfirmed: true,
@ -127,7 +127,7 @@ storiesOf('RegistrationSlider', module)
email: 'wolle.huss@pjannto.com',
emailSend: false,
nonce: '47539',
name: 'Wolle',
name: 'Wolfgang',
password: 'Hello',
passwordConfirmation: 'Hello',
termsAndConditionsConfirmed: true,
@ -171,7 +171,7 @@ storiesOf('RegistrationSlider', module)
email: 'wolle.huss@pjannto.com',
emailSend: true,
nonce: '47539',
name: 'Wolle',
name: 'Wolfgang',
password: 'Hello',
passwordConfirmation: 'Hello',
termsAndConditionsConfirmed: true,