UNPKG

@tashop/oil.js

Version:

oil.js Opt-In Layer for consent management based on the IAB TCF Standard

themediashop.co

TheMediaShop/oil

95 lines (79 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/* this file is being used to serve the files from /dist folder. It is being used by heroku */ const express = require('express'); const serveStatic = require('serve-static'); const compression = require('compression'); const serveIndex = require('serve-index'); const url = require('url'); const morgan = require('morgan'); const cors = require('cors'); // import CORS config const headerConfig = require('./etc/headerConfig'); const blacklist = require('./etc/blacklist'); // Application setup. const port = process.argv[2] || process.env.PORT || 8080; let CACHE_DURATION = '10m'; let DOCUMENT_ROOT = __dirname + '/dist'; let redirectToOilJsOrg = function (req, res, next) { if (req.path === '/') { res.redirect(301, '//www.oiljs.org'); } else { next(); } }; let domainBlacklist = function (req, res, next) { let referer = req.header("Referer") || req.header("referer"); if (isBlacklisted(referer)) { res .status(403) .send('Host from referer not allowed! Please contact administrator.'); } else { next(); } }; function isBlacklisted(referer) { if(!referer) { return false; } const parts = url.parse(referer).host.split("."); if(parts.length > 1) { const domainNameWithEnding = parts.splice(-2).join("."); return blacklist.blacklist.includes(domainNameWithEnding); } return !parts[0].match(/^(oilcdn|oilsite|localhost)/); } let additionalHeaders = function (req, res, next) { //res.header('Content-Security-Policy', 'script-src \'self\' *'); for (let key in headerConfig.headers) { // skip loop if the property is from prototype if (!headerConfig.headers.hasOwnProperty(key)) continue; // copy header config let object = headerConfig.headers[key]; res.header(key, object); } next(); }; /* * start server */ let app = express(); // access log *this configuration must be defined before of the path configuration app.use(morgan('combined')); app.use(redirectToOilJsOrg); app.use(domainBlacklist); app.use(additionalHeaders); app.post("/amp-consent.json", function(req, res) { res.header('Access-Control-Allow-Origin', 'https://oil-axelspringer-com.cdn.ampproject.org'); res.header('Access-Control-Allow-Credentials', 'true'); res.send('{"promptIfUnknown": true}'); }); // server gzip app.use(compression()); // Serve directory indexes folder (with icons) app.use('/release', cors(), serveIndex('release', {'icons': true})); app.use('/demos', cors(), serveIndex('dist/demos', {'icons': true})); app.use('/poi-lists', cors(), serveIndex('dist/poi-lists', {'icons': true})); // static with cache headers app.use(serveStatic(DOCUMENT_ROOT, {maxAge: CACHE_DURATION, cacheControl: true})); console.log('server is now starting on port ', port); app.listen(port, '0.0.0.0'); module.exports = app;