security notices

index.js

@@ -1,10 +1,14 @@
 global._CC = { require }
+
+_CC.package = require('./package.json')
+
 const PouchSession = require('session-pouchdb-store')
 const LocalStrategy = require('passport-local').Strategy
 const session = require('express-session')
 const bcrypt = require('bcrypt-nodejs')
 const flash = require('connect-flash')
 const passport = require('passport')
+const fetch = require('node-fetch')
 const express = require('express')
 
 const config = require('./config')
@@ -84,3 +88,16 @@ app.listen(config.port, () => logger.success('express', `Express server started
   dbExposeApp.use('/', require('express-pouchdb')(PouchDB, { inMemoryConfig: true }))
   dbExposeApp.listen(config.dbExposePort, () => logger.success('db expose', `DB has been exposed on port ${config.dbExposePort}`))
 })()
+
+;(() => {
+  async function getSecurityNotices () {
+    try {
+      const res = await fetch('https://gitlab.com/wingysam/christmas-community/-/raw/security-notices/security-notices.json')
+      const data = await res.json()
+      _CC.securityNotice = data[_CC.package.version]
+      if (_CC.securityNotice) console.error(_CC.securityNotice)
+    } catch (_) {}
+  }
+  getSecurityNotices()
+  setInterval(getSecurityNotices, 1000 * 60 * 60) // hour
+})()

views/adminSettings.pug

@@ -23,6 +23,6 @@ block content
         input.button.is-primary(type='submit' value='Add User')
   h3 Version Info
   p Christmas Community: v#{_CC.require('./package.json').version}
-  p Get Product Data: v#{_CC.require('get-product-name/package.json').version}
+  p Get Product Data: v#{_CC.package.version}
   p Node: #{process.version}
   p PID: #{process.pid}

views/includes/messages.pug

@@ -1,6 +1,8 @@
 - successes = req.flash('success');
 - errors = req.flash('error');
 
+p.has-text-danger.is-size-4.has-text-weight-bold#securityNotice= _CC.securityNotice
+
 if successes
   each success in successes
     p.has-text-success= (success.toString().startsWith('[object ') ? JSON.stringify(success) : success.toString())