From a828b1570d7b460630c13bcf2d09245358df9933 Mon Sep 17 00:00:00 2001 From: Jerko Steiner Date: Tue, 19 Nov 2019 23:41:34 -0300 Subject: [PATCH] Replace doT with ejs doT had a security vulnerability and ejs has even fewer dependencies: https://www.npmjs.com/advisories/798 --- package-lock.json | 26 +++++++++++--------------- package.json | 3 ++- src/@types/express-dot-engine.d.ts | 10 ---------- src/server/app.ts | 6 +++--- views/_header.html | 8 ++++++++ views/_layout.html | 15 --------------- views/call.html | 22 +++++++++++----------- views/index.html | 21 ++++++++++----------- 8 files changed, 45 insertions(+), 66 deletions(-) delete mode 100644 src/@types/express-dot-engine.d.ts create mode 100644 views/_header.html delete mode 100644 views/_layout.html diff --git a/package-lock.json b/package-lock.json index 02b4e00..1b31a3e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2376,6 +2376,12 @@ "integrity": "sha512-Q1y515GcOdTHgagaVFhHnIFQ38ygs/kmxdNpvpou+raI9UO3YZcHDngBSYKQklcKlvA7iuQlmIKbzvmxcOE9CQ==", "dev": true }, + "@types/ejs": { + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-2.6.3.tgz", + "integrity": "sha512-/F+qQ0Fr0Dr1YvHjX+FCvbba4sQ27RdCPDqmP/si0e1v1GOkbQ3VRBvZPSQM7NoQ3iz3SyiJVscCP2f0vKuIhQ==", + "dev": true + }, "@types/eslint-visitor-keys": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/@types/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz", @@ -5173,11 +5179,6 @@ "webidl-conversions": "^4.0.2" } }, - "dot": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/dot/-/dot-1.1.2.tgz", - "integrity": "sha1-xzdwGfxOVQeYkosrmv62ar+h8vk=" - }, "dot-prop": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz", @@ -5217,6 +5218,11 @@ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, + "ejs": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", + "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==" + }, "electron-to-chromium": { "version": "1.3.306", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.306.tgz", @@ -5977,16 +5983,6 @@ } } }, - "express-dot-engine": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/express-dot-engine/-/express-dot-engine-1.0.8.tgz", - "integrity": "sha512-Unl8RNSxL/7ZKV/PvhVVKxO7xg6+gh4tCrdnMBjahvIC+P7SO+qmfTcffLQTZLRvZ3Z/8E7OcA7asIRK85iKbA==", - "requires": { - "dot": "^1.1.2", - "js-yaml": "^3.13.1", - "lodash": "^4.17.15" - } - }, "extend": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", diff --git a/package.json b/package.json index 8f2611e..96f7c01 100644 --- a/package.json +++ b/package.json @@ -50,8 +50,8 @@ "license": "MIT", "dependencies": { "debug": "^4.1.1", + "ejs": "^2.7.4", "express": "^4.17.1", - "express-dot-engine": "^1.0.8", "js-yaml": "^3.13.1", "lodash": "^4.17.15", "socket.io": "^2.3.0", @@ -63,6 +63,7 @@ "@babel/preset-env": "^7.7.1", "@types/classnames": "^2.2.9", "@types/debug": "^4.1.5", + "@types/ejs": "^2.6.3", "@types/express": "^4.17.2", "@types/jest": "^24.0.23", "@types/js-yaml": "^3.12.1", diff --git a/src/@types/express-dot-engine.d.ts b/src/@types/express-dot-engine.d.ts deleted file mode 100644 index 950ba72..0000000 --- a/src/@types/express-dot-engine.d.ts +++ /dev/null @@ -1,10 +0,0 @@ -declare module 'express-dot-engine' { - function render(path: string, options: object, callback: (e: any, rendered: string) => void): void - - interface ExpressDotEngine { - __express: typeof render - } - - declare const engine: ExpressDotEngine - export = engine -} diff --git a/src/server/app.ts b/src/server/app.ts index 1443dbe..d25fb95 100644 --- a/src/server/app.ts +++ b/src/server/app.ts @@ -1,4 +1,3 @@ -/// import { config } from './config' import _debug from 'debug' import express from 'express' @@ -8,7 +7,7 @@ import { createServer } from './server' import SocketIO from 'socket.io' import call from './routes/call' import index from './routes/index' -import dot from 'express-dot-engine' +import ejs from 'ejs' const debug = _debug('peercalls') const logRequest = _debug('peercalls:requests') @@ -25,7 +24,8 @@ export const io = SocketIO(server, { path: SOCKET_URL }) app.set('x-powered-by', false) app.locals.version = require('../../package.json').version app.locals.baseUrl = BASE_URL -app.engine('html', dot.__express) +// eslint-disable-next-line +app.engine('html', ejs.renderFile as any) app.set('view engine', 'html') app.set('views', path.join(__dirname, '../../views')) diff --git a/views/_header.html b/views/_header.html new file mode 100644 index 0000000..b44850f --- /dev/null +++ b/views/_header.html @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/views/_layout.html b/views/_layout.html deleted file mode 100644 index 3017535..0000000 --- a/views/_layout.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - [[= layout.title ]] - - - - - - - - - - [[= layout.body]] - diff --git a/views/call.html b/views/call.html index d789fc9..3c86cac 100644 --- a/views/call.html +++ b/views/call.html @@ -1,15 +1,15 @@ ---- -layout: _layout.html -title: Peer Call ---- - -[[##body: + + + + Peer Call + <%- include('./_header.html') %> + - - - + + +
- + -#]] + diff --git a/views/index.html b/views/index.html index fb9db8c..8489d15 100644 --- a/views/index.html +++ b/views/index.html @@ -1,18 +1,18 @@ ---- -layout: _layout.html -title: Peer Calls - Video calls to anybody in the world with a private direct connection ---- - -[[##body: + + + + Peer Calls - Video calls to anybody in the world with a private direct connection + <%- include('./_header.html') %> + - Fork me on GitHub + Fork me on GitHub
-
+

- Peer Calls + Peer Calls

Group peer-to-peer calls for everyone. Create a private room. Share the link.

@@ -20,7 +20,6 @@ title: Peer Calls - Video calls to anybody in the world with a private direct co
-#]]