add additional logging for CSRF errors, redirect to 404 for invalid embed path

catarak · catarak · commit d03b433cfecf · 2017-11-27T16:58:53.000-05:00
diff --git a/server/controllers/embed.controller.js b/server/controllers/embed.controller.js
@@ -5,10 +5,14 @@ import {
   resolvePathsForElementsWithAttribute,
   resolveScripts,
   resolveStyles } from '../utils/previewGeneration';
+import { get404Sketch } from '../views/404Page';
 
 export function serveProject(req, res) {
   Project.findById(req.params.project_id)
     .exec((err, project) => {
+      if (err || !project) {
+        return get404Sketch(html => res.send(html));
+      }
       // TODO this does not parse html
       const files = project.files;
       const htmlFile = files.find(file => file.name.match(/\.html$/i)).content;
diff --git a/server/server.js b/server/server.js
@@ -131,6 +131,14 @@ app.get('*', (req, res) => {
   res.type('txt').send('Not found.');
 });
 
+// error handler
+app.use((err, req, res, next)  => {
+  if (err.code !== 'EBADCSRFTOKEN') return next(err);
+
+  console.error('Invalid CSRF token for: ' + req.url);
+  return next(err);
+});
+
 // start app
 app.listen(serverConfig.port, (error) => {
   if (!error) {
