forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
videoHandler.js
93 lines (88 loc) · 3.54 KB
/
videoHandler.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
const fs = require('fs')
const jade = require('jade')
const config = require('config')
const challenges = require('../data/datacache').challenges
const utils = require('../lib/utils')
const themes = require('../views/themes/themes').themes
exports.getVideo = () => {
return (req, res, next) => {
const path = videoPath()
const stat = fs.statSync(path)
const fileSize = stat.size
const range = req.headers.range
if (range) {
const parts = range.replace(/bytes=/, '').split('-')
const start = parseInt(parts[0], 10)
const end = parts[1] ? parseInt(parts[1], 10) : fileSize - 1
const chunksize = (end - start) + 1
const file = fs.createReadStream(path, { start, end })
const head = {
'Content-Range': `bytes ${start}-${end}/${fileSize}`,
'Accept-Ranges': 'bytes',
'Content-Length': chunksize,
'Content-Type': 'video/mp4'
}
res.writeHead(206, head)
file.pipe(res)
} else {
const head = {
'Content-Length': fileSize,
'Content-Type': 'video/mp4'
}
res.writeHead(200, head)
fs.createReadStream(path).pipe(res)
}
}
}
exports.promotionVideo = () => {
return (req, res, next) => {
fs.readFile('views/promotionVideo.jade', function (err, buf) {
if (err) throw err
let jadeTemplate = buf.toString()
let subs = getSubsFromFile()
if (utils.contains(subs, `</script><script>alert(\`xss\`)</script>`)) {
if (utils.notSolved(challenges.videoXssChallenge)) {
utils.solve(challenges.videoXssChallenge)
}
}
const theme = themes[config.get('application.theme')]
jadeTemplate = jadeTemplate.replace(/_title_/g, config.get('application.name'))
jadeTemplate = jadeTemplate.replace(/_favicon_/g, favicon())
jadeTemplate = jadeTemplate.replace(/_bgColor_/g, theme.bgColor)
jadeTemplate = jadeTemplate.replace(/_textColor_/g, theme.textColor)
jadeTemplate = jadeTemplate.replace(/_navColor_/g, theme.navColor)
jadeTemplate = jadeTemplate.replace(/_primLight_/g, theme.primLight)
jadeTemplate = jadeTemplate.replace(/_primDark_/g, theme.primDark)
const fn = jade.compile(jadeTemplate)
let compiledJade = fn()
compiledJade = compiledJade.replace(`<script id="subtitle"></script>`, `<script id="subtitle" type="text/vtt" data-label="English" data-lang="en">` + subs + `</script>`)
res.send(compiledJade)
})
}
function favicon () {
let icon = config.get('application.favicon')
icon = decodeURIComponent(icon.substring(icon.lastIndexOf('/') + 1))
return icon
}
}
function getSubsFromFile () {
let subtitles = 'jingleSubtitles.vtt'
if (config && config.application && config.application.promotion && config.application.promotion.subtitles !== null) {
subtitles = config.application.promotion.subtitles
if (subtitles.substring(0, 4) === 'http') {
subtitles = decodeURIComponent(subtitles.substring(subtitles.lastIndexOf('/') + 1))
}
}
const data = fs.readFileSync('frontend/dist/frontend/assets/public/subtitles/' + subtitles, 'utf8')
return data.toString()
}
function videoPath () {
if (config && config.application && config.application.promotion && config.application.promotion.video !== null) {
let video = config.application.promotion.video
if (video.substring(0, 4) === 'http') {
video = decodeURIComponent(video.substring(video.lastIndexOf('/') + 1))
}
return 'frontend/src/assets/public/videos/' + video
}
return 'frontend/src/assets/public/videos/JuiceShopJingle.mp4'
}