From 9c32dd13e96f2643e9a168c112128e0407af01b6 Mon Sep 17 00:00:00 2001
From: Wingy <git@wingysam.xyz>
Date: Sun, 8 Nov 2020 19:01:41 -0500
Subject: [PATCH] security notices

---
 index.js                    | 17 +++++++++++++++++
 views/adminSettings.pug     |  2 +-
 views/includes/messages.pug |  2 ++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 67d2ef1..213a771 100644
--- a/index.js
+++ b/index.js
@@ -1,10 +1,14 @@
 global._CC = { require }
+
+_CC.package = require('./package.json')
+
 const PouchSession = require('session-pouchdb-store')
 const LocalStrategy = require('passport-local').Strategy
 const session = require('express-session')
 const bcrypt = require('bcrypt-nodejs')
 const flash = require('connect-flash')
 const passport = require('passport')
+const fetch = require('node-fetch')
 const express = require('express')
 
 const config = require('./config')
@@ -84,3 +88,16 @@ app.listen(config.port, () => logger.success('express', `Express server started
   dbExposeApp.use('/', require('express-pouchdb')(PouchDB, { inMemoryConfig: true }))
   dbExposeApp.listen(config.dbExposePort, () => logger.success('db expose', `DB has been exposed on port ${config.dbExposePort}`))
 })()
+
+;(() => {
+  async function getSecurityNotices () {
+    try {
+      const res = await fetch('https://gitlab.com/wingysam/christmas-community/-/raw/security-notices/security-notices.json')
+      const data = await res.json()
+      _CC.securityNotice = data[_CC.package.version]
+      if (_CC.securityNotice) console.error(_CC.securityNotice)
+    } catch (_) {}
+  }
+  getSecurityNotices()
+  setInterval(getSecurityNotices, 1000 * 60 * 60) // hour
+})()
diff --git a/views/adminSettings.pug b/views/adminSettings.pug
index bf69582..c08cdb5 100644
--- a/views/adminSettings.pug
+++ b/views/adminSettings.pug
@@ -23,6 +23,6 @@ block content
         input.button.is-primary(type='submit' value='Add User')
   h3 Version Info
   p Christmas Community: v#{_CC.require('./package.json').version}
-  p Get Product Data: v#{_CC.require('get-product-name/package.json').version}
+  p Get Product Data: v#{_CC.package.version}
   p Node: #{process.version}
   p PID: #{process.pid}
\ No newline at end of file
diff --git a/views/includes/messages.pug b/views/includes/messages.pug
index 8a25684..3ff24d9 100644
--- a/views/includes/messages.pug
+++ b/views/includes/messages.pug
@@ -1,6 +1,8 @@
 - successes = req.flash('success');
 - errors = req.flash('error');
 
+p.has-text-danger.is-size-4.has-text-weight-bold#securityNotice= _CC.securityNotice
+
 if successes
   each success in successes
     p.has-text-success= (success.toString().startsWith('[object ') ? JSON.stringify(success) : success.toString())