Replace doT with ejs

doT had a security vulnerability and ejs has even fewer dependencies: https://www.npmjs.com/advisories/798
2019-11-19 23:41:34 -03:00 · 2019-11-19 23:41:34 -03:00 · a828b1570d
commit a828b1570d
parent 639e3b1d19
8 changed files with 45 additions and 66 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -2376,6 +2376,12 @@
      "integrity": "sha512-Q1y515GcOdTHgagaVFhHnIFQ38ygs/kmxdNpvpou+raI9UO3YZcHDngBSYKQklcKlvA7iuQlmIKbzvmxcOE9CQ==",
      "dev": true
    },
+    "@types/ejs": {
+      "version": "2.6.3",
+      "resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-2.6.3.tgz",
+      "integrity": "sha512-/F+qQ0Fr0Dr1YvHjX+FCvbba4sQ27RdCPDqmP/si0e1v1GOkbQ3VRBvZPSQM7NoQ3iz3SyiJVscCP2f0vKuIhQ==",
+      "dev": true
+    },
    "@types/eslint-visitor-keys": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/@types/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
@ -5173,11 +5179,6 @@
        "webidl-conversions": "^4.0.2"
      }
    },
-    "dot": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/dot/-/dot-1.1.2.tgz",
-      "integrity": "sha1-xzdwGfxOVQeYkosrmv62ar+h8vk="
-    },
    "dot-prop": {
      "version": "4.2.0",
      "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz",
@ -5217,6 +5218,11 @@
      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
    },
+    "ejs": {
+      "version": "2.7.4",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz",
+      "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA=="
+    },
    "electron-to-chromium": {
      "version": "1.3.306",
      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.306.tgz",
@ -5977,16 +5983,6 @@
        }
      }
    },
-    "express-dot-engine": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/express-dot-engine/-/express-dot-engine-1.0.8.tgz",
-      "integrity": "sha512-Unl8RNSxL/7ZKV/PvhVVKxO7xg6+gh4tCrdnMBjahvIC+P7SO+qmfTcffLQTZLRvZ3Z/8E7OcA7asIRK85iKbA==",
-      "requires": {
-        "dot": "^1.1.2",
-        "js-yaml": "^3.13.1",
-        "lodash": "^4.17.15"
-      }
-    },
    "extend": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
--- a/package.json
+++ b/package.json
@ -50,8 +50,8 @@
  "license": "MIT",
  "dependencies": {
    "debug": "^4.1.1",
+    "ejs": "^2.7.4",
    "express": "^4.17.1",
-    "express-dot-engine": "^1.0.8",
    "js-yaml": "^3.13.1",
    "lodash": "^4.17.15",
    "socket.io": "^2.3.0",
@ -63,6 +63,7 @@
    "@babel/preset-env": "^7.7.1",
    "@types/classnames": "^2.2.9",
    "@types/debug": "^4.1.5",
+    "@types/ejs": "^2.6.3",
    "@types/express": "^4.17.2",
    "@types/jest": "^24.0.23",
    "@types/js-yaml": "^3.12.1",
--- a/src/@types/express-dot-engine.d.ts
+++ b/src/@types/express-dot-engine.d.ts
@ -1,10 +0,0 @@
-declare module 'express-dot-engine' {
-  function render(path: string, options: object, callback: (e: any, rendered: string) => void): void
-
-  interface ExpressDotEngine {
-    __express: typeof render
-  }
-
-  declare const engine: ExpressDotEngine
-  export = engine
-}
--- a/src/server/app.ts
+++ b/src/server/app.ts
@ -1,4 +1,3 @@
-/// <reference path="../@types/express-dot-engine.d.ts" />
 import { config } from './config'
 import _debug from 'debug'
 import express from 'express'
@ -8,7 +7,7 @@ import { createServer } from './server'
 import SocketIO from 'socket.io'
 import call from './routes/call'
 import index from './routes/index'
-import dot from 'express-dot-engine'
+import ejs from 'ejs'

 const debug = _debug('peercalls')
 const logRequest = _debug('peercalls:requests')
@ -25,7 +24,8 @@ export const io = SocketIO(server, { path: SOCKET_URL })
 app.set('x-powered-by', false)
 app.locals.version = require('../../package.json').version
 app.locals.baseUrl = BASE_URL
-app.engine('html', dot.__express)
+// eslint-disable-next-line
+app.engine('html', ejs.renderFile as any)

 app.set('view engine', 'html')
 app.set('views', path.join(__dirname, '../../views'))
--- a/views/_header.html
+++ b/views/_header.html
@ -0,0 +1,8 @@
+<meta charset="utf-8"><meta>
+<meta name="description" content="Make video calls to anybody in the world with a private connection. Share the conversation by sharing url."><meta>
+<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><meta>
+<meta name="mobile-web-app-capable" content="yes"><meta>
+<meta name="apple-mobile-web-app-capable" content="yes"><meta>
+<link rel="apple-touch-icon" href="<%= baseUrl + 'res/icon.png' %>"><link>
+<link rel="icon" sizes="256x256" href="<%= baseUrl + 'res/icon.png' %>"><link>
+<link rel="stylesheet" type="text/css" href="<%= baseUrl + '/static/style.css' %>"><link>
--- a/views/_layout.html
+++ b/views/_layout.html
@ -1,15 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <title>[[= layout.title ]]</title>
-    <meta charset="utf-8"><meta>
-    <meta name="description" content="Make video calls to anybody in the world with a private connection. Share the conversation by sharing url."><meta>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><meta>
-    <meta name="mobile-web-app-capable" content="yes"><meta>
-    <meta name="apple-mobile-web-app-capable" content="yes"><meta>
-    <link rel="apple-touch-icon" href="[[=model.baseUrl + 'res/icon.png']]"><link>
-    <link rel="icon" sizes="256x256" href="[[=model.baseUrl + 'res/icon.png']]"><link>
-    <link rel="stylesheet" type="text/css" href="[[=model.baseUrl + '/static/style.css']]"><link>
-  </head>
-  [[= layout.body]]
-</html>
--- a/views/call.html
+++ b/views/call.html
@ -1,15 +1,15 @@
---
-layout: _layout.html
-title: Peer Call
---
-
-[[##body:
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Peer Call</title>
+  <%- include('./_header.html') %>
+</head>
 <body class="call">
-  <input type="hidden" id="baseUrl" value="[[=model.baseUrl]]">
-  <input type="hidden" id="callId" value="[[!model.callId]]">
-  <input type="hidden" id="iceServers" value='[[!JSON.stringify(model.iceServers)]]'>
+  <input type="hidden" id="baseUrl" value="<%= baseUrl %>">
+  <input type="hidden" id="callId" value="<%= callId %>">
+  <input type="hidden" id="iceServers" value='<%- JSON.stringify(iceServers) %>'>
  <div id="container"></div>

-  <script src="[[=model.baseUrl + '/static/index.js']]"></script>
+  <script src="<%= baseUrl + '/static/index.js' %>"></script>
 </body>
-#]]
+</html>
--- a/views/index.html
+++ b/views/index.html
@ -1,18 +1,18 @@
---
-layout: _layout.html
-title: Peer Calls - Video calls to anybody in the world with a private direct connection
---
-
-[[##body:
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Peer Calls - Video calls to anybody in the world with a private direct connection</title>
+  <%- include('./_header.html') %>
+</head>
 <body>
  <a id="github-ribbon" href="https://github.com/jeremija/peer-calls" target="_blank">
-    <img src="[[=model.baseUrl + '/res/fork.png']]" alt="Fork me on GitHub">
+    <img src="<%= baseUrl + '/res/fork.png' %>" alt="Fork me on GitHub">
  </a>

  <div id="container">
-    <form id="form" method="get" action="[[=model.baseUrl + '/call']]">
+    <form id="form" method="get" action="<%= baseUrl + '/call' %>">
      <h1>
-        <img src="[[=model.baseUrl + '/res/peer-calls.svg']]" width="100%" alt="Peer Calls">
+        <img src="<%= baseUrl + '/res/peer-calls.svg' %>" width="100%" alt="Peer Calls">
      </h1>
      <p>Group peer-to-peer calls for everyone. Create a private room. Share the link.</p>
      <input type="submit" value="New Session">
@ -20,7 +20,6 @@ title: Peer Calls - Video calls to anybody in the world with a private direct co
  </div>

  <footer>
-    <div>v[[=model.version]]</div>
+    <div>v<%= version %></div>
  </footer>
 </body>
-#]]