[call-me] - add config.template.js

.gitignore

@@ -9,4 +9,5 @@ package-lock.json
 
 #personal
 docker-compose.yml
-turnserver.conf
+turnserver.conf
+config.js

README.md

@@ -36,6 +36,9 @@ git clone https://github.com/miroslavpejic85/call-me.git
 # Go to to dir call-me
 cd call-me
 
+# Copy the config file
+$ cp public/config.template.js public/config.js
+
 # Copy .env.template to .env
 cp .env.template .env
 

app/server.js

@@ -8,6 +8,7 @@ const http = require('http');
 const https = require('https');
 const socketIO = require('socket.io');
 const axios = require('axios');
+const helmet = require('helmet');
 const path = require('path');
 const yaml = require('js-yaml');
 const swaggerUi = require('swagger-ui-express');
@@ -112,6 +113,8 @@ server.listen(port, () => {
 // Handle WebSocket connections
 io.on('connection', handleConnection);
 
+app.use(helmet.xssFilter()); // Enable XSS protection
+app.use(helmet.noSniff()); // Enable content type sniffing prevention
 app.use(express.static(PUBLIC_DIR)); // Serve static files from the 'public' directory
 app.use(express.json()); // Api parse body data as json
 app.use(config.apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(config.swaggerDocument)); // api docs

doc/self-hosting.md

@@ -31,6 +31,9 @@ $ git clone https://github.com/miroslavpejic85/call-me.git
 # Go to to dir call-me
 $ cd call-me
 
+# Copy the config file
+$ cp public/config.template.js public/config.js
+
 # Copy .env.template to .env
 $ cp .env.template .env
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "call-me",
-    "version": "1.0.70",
+    "version": "1.0.71",
     "description": "Your Go-To for Instant Video Calls",
     "author": "Miroslav Pejic - miroslav.pejic.85@gmail.com",
     "license": "AGPLv3",
@@ -23,6 +23,7 @@
         "colors": "^1.4.0",
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
+        "helmet": "^8.0.0",
         "js-yaml": "4.1.0",
         "socket.io": "^4.8.1",
         "swagger-ui-express": "5.0.1"

public/client.js

@@ -34,6 +34,9 @@ const remoteVideoDisabled = document.getElementById('remoteVideoDisabled');
 const localUsername = document.getElementById('localUsername');
 const remoteVideo = document.getElementById('remoteVideo');
 
+// Ensure app is defined, even if config.js is not loaded
+const app = window.myAppConfig || {};
+
 // User and connection information
 let userInfo;
 let userName;
@@ -82,16 +85,19 @@ function getUserInfo(userAgent) {
 }
 
 // Handle config
-appTitle.innerText = app.title;
-appName.innerText = app.name;
+appTitle.innerText = app?.title || 'Call-me';
+appName.innerText = app?.name || 'Call-me';
 
 const elementsToHide = [
-    { condition: !app.showGithub, element: githubDiv },
-    { condition: !app.attribution, element: attribution },
+    { condition: !(app?.showGithub ?? true), element: githubDiv },
+    { condition: !(app?.attribution ?? true), element: attribution },
 ];
 
+// Hide elements based on conditions
 elementsToHide.forEach(({ condition, element }) => {
-    if (condition) elemDisplay(element, false);
+    if (condition && element) {
+        elemDisplay(element, false);
+    }
 });
 
 async function checkHostPassword(maxRetries = 3, attempts = 0) {

public/config.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const app = {
+window.myAppConfig = {
     title: 'Call-me',
     name: 'Call-me',
     showGithub: true,

public/config.template.js

@@ -0,0 +1,9 @@
+'use strict';
+
+window.myAppConfig = {
+    title: 'Call-me',
+    name: 'Call-me',
+    showGithub: true,
+    attribution: true,
+    //...
+};