chris/bpb-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bpb-website/server.js
chris 74aa30636c Refactor: Harden for Production 
This commit refactors the Node.js server to be production-ready.

- **Strict Production Environment:** The server now checks for . If it is set, the server will refuse to start unless a secure  is provided as an environment variable. This prevents running with the insecure default password in production.
- **Logging:** Added basic logging for successful status updates and failed login attempts.
- **NPM Scripts:** Added a  script to  for starting the server in production mode ().
2025-11-12 14:26:11 -05:00

74 lines
2.7 KiB
JavaScript
Raw Blame History

// Load environment variables from .env file for development
if (process.env.NODE_ENV !== 'production') {
require('dotenv').config();
}
const express = require('express');
const bodyParser = require('body-parser');
const fs = require('fs');
const path = require('path');
const app = express();
const port = 3000;
const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;
// --- Production Security Check ---
if (process.env.NODE_ENV === 'production' && (!ADMIN_PASSWORD || ADMIN_PASSWORD === "balloons")) {
console.error(`
****************************************************************
** FATAL ERROR: Insecure password configuration for production! **
** Please set a secure ADMIN_PASSWORD environment variable. **
****************************************************************
`);
process.exit(1); // Exit the process with an error code
}
// --- Development Warning ---
if (process.env.NODE_ENV !== 'production' && ADMIN_PASSWORD === "balloons") {
console.warn(`
****************************************************************
** WARNING: Using default, insecure password. **
** This is for development only. **
****************************************************************
`);
}
// Use body-parser middleware to parse JSON bodies
app.use(bodyParser.json());
// Serve static files from the root directory
app.use(express.static(path.join(__dirname)));
// API endpoint to update the JSON file
app.post('/api/update-status', (req, res) => {
const { password, data } = req.body;
if (password !== ADMIN_PASSWORD) {
console.log(`[${new Date().toISOString()}] Failed login attempt.`);
return res.status(401).json({ success: false, message: 'Unauthorized: Incorrect password.' });
}
if (!data) {
return res.status(400).json({ success: false, message: 'Bad Request: No data provided.' });
}
const jsonString = JSON.stringify(data, null, 4);
const filePath = path.join(__dirname, 'update.json');
fs.writeFile(filePath, jsonString, (err) => {
if (err) {
console.error(`[${new Date().toISOString()}] Error writing to update.json:`, err);
return res.status(500).json({ success: false, message: 'Internal Server Error: Could not write to file.' });
}
console.log(`[${new Date().toISOString()}] update.json was successfully updated.`);
res.json({ success: true, message: 'Status updated successfully.' });
});
});
app.listen(port, () => {
console.log(`Server listening at http://localhost:${port}`);
if (process.env.NODE_ENV !== 'production') {
console.log(`Admin panel available at http://localhost:${port}/admin.html`);
}
});
Reference in New Issue View Git Blame Copy Permalink