Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
goelp14
GitHub Repository: goelp14/easyctf-iv-problems
 Path: blob/master/pixelly/src/app.js
650 views
1
const express = require('express');

2
const logger = require('morgan');

3
const mustacheExpress = require('mustache-express');

4
const multer = require('multer');

5
const helmet = require('helmet');

6


7
const child_process = require('child_process');

8
const fs = require('fs');

9
const rimraf = require('rimraf');

10
const path = require('path');

11


12


13
// constants

14


15
const SESSION_KEY = 'moo moo i am a cat that goes moo';

16
const MAX_IMAGE_SIZE = 1000000;  // 1 mb

17
const PROCESS_TIMEOUT = 30000;  // 30 s

18


19
const UPLOAD_DIR = path.join(__dirname, '/uploads');

20
const STATIC_DIR = path.join(__dirname, '/public');

21
const TEMPLATES_DIR = path.join(__dirname, '/views');

22
const ASCII_SCRIPT = path.join(__dirname, '/run.py');

23


24


25
// app config

26


27
const app = express();

28
app.engine('mustache', mustacheExpress());

29
app.set('views', TEMPLATES_DIR);

30
app.set('view engine', 'mustache');

31


32
var upload = multer({

33
  dest: UPLOAD_DIR,

34
  limits: {

35
    fileSize: MAX_IMAGE_SIZE,

36
  },

37
});

38


39
var helmetConfig = {

40
  dnsPrefetchControl: false,

41
  contentSecurityPolicy: {

42
    directives: {

43
      defaultSrc: ["'self'"],

44
    },

45
  },

46
};

47


48
if (app.get('env') === 'production') {

49
  app.set('trust proxy', 1);

50
}

51


52
app.use(logger('dev'));

53
app.use(helmet(helmetConfig));

54
app.use('/static', express.static(STATIC_DIR));

55


56


57
// routes

58


59
app.get('/', function (req, res) {

60
  res.render('index');

61
});

62


63
app.post('/', upload.single('image'), function (req, res) {

64
  var filename = req.file.filename;

65
  console.log('uploaded ' + req.file.originalName + ' to ' + filename);

66


67
  var folder = fs.mkdtempSync(path.join(UPLOAD_DIR, 'temp-'));

68
  fs.renameSync(path.join(UPLOAD_DIR, filename), path.join(folder, 'image'));

69
  fs.copyFileSync(ASCII_SCRIPT, path.join(folder, 'run.py'));

70
  console.log('temporary folder ' + folder);

71


72
  // start process

73
  var child = child_process.execFile(

74
    'nsjail', [

75
      '--quiet', '--config', 'pixelly.cfg', '--',

76
      '/usr/bin/python3', 'run.py', 'image'

77
    ],

78
    {

79
      timeout: PROCESS_TIMEOUT,

80
      env: { 'HOME': folder },

81
    },

82
    function (err, stdout, stderr) {

83
      if (err) {

84
        console.error('app.js: process error: ' + err);

85
      }

86
      var output = stdout + '\n' + stderr;

87
      res.render('display', { content: output });

88
    });

89


90
  console.log('app.js: spawned process for filename', filename);

91


92
  child.on('exit', function (code, signal) {

93
    if (code != 0) {

94
      console.error('app.js: process exited with ' +

95
        'code ' + code + ', signal ' + signal );

96
    }

97
    rimraf(folder, function (err) {

98
      if (err) {

99
        console.error('app.js: error during unlink: ' + err);

100
      }

101
    });

102
  });

103


104
});

105


106
app.use(function (err, req, res, next) {

107
  console.error(err.stack);

108
  res.status(500);

109
  res.render('display', { content: err.stack });

110
});

111


112
module.exports = app;

113


114


115