From 6ad046839b59eeb9dca88ff9ee9a3377c9b31304 Mon Sep 17 00:00:00 2001
From: Miroslav Pejic <miroslav.pejic.85@gmail.com>
Date: Fri, 31 Jan 2025 14:08:41 +0100
Subject: [PATCH] [call-me] - add config.template.js

---
 .gitignore                |  3 ++-
 README.md                 |  3 +++
 app/server.js             |  3 +++
 doc/self-hosting.md       |  3 +++
 package.json              |  3 ++-
 public/client.js          | 16 +++++++++++-----
 public/config.js          |  2 +-
 public/config.template.js |  9 +++++++++
 8 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100644 public/config.template.js

diff --git a/.gitignore b/.gitignore
index 5b55d97..d191523 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,5 @@ package-lock.json
 
 #personal
 docker-compose.yml
-turnserver.conf
\ No newline at end of file
+turnserver.conf
+config.js
\ No newline at end of file
diff --git a/README.md b/README.md
index 817cba1..262604a 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,9 @@ git clone https://github.com/miroslavpejic85/call-me.git
 # Go to to dir call-me
 cd call-me
 
+# Copy the config file
+$ cp public/config.template.js public/config.js
+
 # Copy .env.template to .env
 cp .env.template .env
 
diff --git a/app/server.js b/app/server.js
index 0f186b8..2c7972f 100755
--- a/app/server.js
+++ b/app/server.js
@@ -8,6 +8,7 @@ const http = require('http');
 const https = require('https');
 const socketIO = require('socket.io');
 const axios = require('axios');
+const helmet = require('helmet');
 const path = require('path');
 const yaml = require('js-yaml');
 const swaggerUi = require('swagger-ui-express');
@@ -112,6 +113,8 @@ server.listen(port, () => {
 // Handle WebSocket connections
 io.on('connection', handleConnection);
 
+app.use(helmet.xssFilter()); // Enable XSS protection
+app.use(helmet.noSniff()); // Enable content type sniffing prevention
 app.use(express.static(PUBLIC_DIR)); // Serve static files from the 'public' directory
 app.use(express.json()); // Api parse body data as json
 app.use(config.apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(config.swaggerDocument)); // api docs
diff --git a/doc/self-hosting.md b/doc/self-hosting.md
index f7277de..35d1be3 100644
--- a/doc/self-hosting.md
+++ b/doc/self-hosting.md
@@ -31,6 +31,9 @@ $ git clone https://github.com/miroslavpejic85/call-me.git
 # Go to to dir call-me
 $ cd call-me
 
+# Copy the config file
+$ cp public/config.template.js public/config.js
+
 # Copy .env.template to .env
 $ cp .env.template .env
 
diff --git a/package.json b/package.json
index 6e414bf..44f2eb2 100755
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "call-me",
-    "version": "1.0.70",
+    "version": "1.0.71",
     "description": "Your Go-To for Instant Video Calls",
     "author": "Miroslav Pejic - miroslav.pejic.85@gmail.com",
     "license": "AGPLv3",
@@ -23,6 +23,7 @@
         "colors": "^1.4.0",
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
+        "helmet": "^8.0.0",
         "js-yaml": "4.1.0",
         "socket.io": "^4.8.1",
         "swagger-ui-express": "5.0.1"
diff --git a/public/client.js b/public/client.js
index e8dc492..c1719ab 100755
--- a/public/client.js
+++ b/public/client.js
@@ -34,6 +34,9 @@ const remoteVideoDisabled = document.getElementById('remoteVideoDisabled');
 const localUsername = document.getElementById('localUsername');
 const remoteVideo = document.getElementById('remoteVideo');
 
+// Ensure app is defined, even if config.js is not loaded
+const app = window.myAppConfig || {};
+
 // User and connection information
 let userInfo;
 let userName;
@@ -82,16 +85,19 @@ function getUserInfo(userAgent) {
 }
 
 // Handle config
-appTitle.innerText = app.title;
-appName.innerText = app.name;
+appTitle.innerText = app?.title || 'Call-me';
+appName.innerText = app?.name || 'Call-me';
 
 const elementsToHide = [
-    { condition: !app.showGithub, element: githubDiv },
-    { condition: !app.attribution, element: attribution },
+    { condition: !(app?.showGithub ?? true), element: githubDiv },
+    { condition: !(app?.attribution ?? true), element: attribution },
 ];
 
+// Hide elements based on conditions
 elementsToHide.forEach(({ condition, element }) => {
-    if (condition) elemDisplay(element, false);
+    if (condition && element) {
+        elemDisplay(element, false);
+    }
 });
 
 async function checkHostPassword(maxRetries = 3, attempts = 0) {
diff --git a/public/config.js b/public/config.js
index 91d24b9..58f4b7f 100644
--- a/public/config.js
+++ b/public/config.js
@@ -1,6 +1,6 @@
 'use strict';
 
-const app = {
+window.myAppConfig = {
     title: 'Call-me',
     name: 'Call-me',
     showGithub: true,
diff --git a/public/config.template.js b/public/config.template.js
new file mode 100644
index 0000000..58f4b7f
--- /dev/null
+++ b/public/config.template.js
@@ -0,0 +1,9 @@
+'use strict';
+
+window.myAppConfig = {
+    title: 'Call-me',
+    name: 'Call-me',
+    showGithub: true,
+    attribution: true,
+    //...
+};