Relocated the trackerUrl from the client-side script to a safer embedded script context within the HTML. This enhances security by preventing potential exposure of the tracker URL on the client side.
fix(security): move trackerUrl to embedded script
Relocated the trackerUrl from the client-side script to an embedded script within the HTML to enhance security. This change prevents potential exposure of the tracker URL on the client side, reducing security risks related to unauthorized access.
Refs: #issue123
```
fix(security): move trackerUrl to embedded script
Relocated the trackerUrl from the client-side script to an embedded script within the HTML to enhance security. This adjustment prevents potential exposure of the tracker URL on the client side, reducing the risk of unauthorized access.
- Extended .gitignore to exclude .env files containing sensitive info.
- Imported `crypto` module and added route to generate TURN credentials.
- Enhanced upload/download functionality to use STUN/TURN servers.
- Improved UI text for upload/download scenarios for clarity.
- Added fetching of TURN credentials in the client to enable P2P connections.
These changes improve file sharing reliability by providing fallbacks for network traversal.
Adjusted .gitattributes to specify only `webtorrent.min.js` as linguist-vendored instead of the whole `public/dist` directory. This minimizes misclassification of code and improves code analysis accuracy.
Moved inline CSS from index.ejs to a new style.css file for cleaner structure and maintainability. Extracted embedded JavaScript to index.js to streamline HTML and enhance script manageability.
Benefits:
- Improved readability and organization of HTML
- Easier maintenance and updates for CSS and JS
- Potential for CSS and JS caching, improving load times
No functional changes were made. Refactors existing code for better practices.
Added .gitattributes to classify public/dist files as vendored.
This helps Forgejo's linguist tool ignore these files for language stats,
providing a clearer view of the project’s actual codebase.
Add a new minified WebTorrent script to improve page load times.
The script includes essential WebTorrent functionality and optimizations.
This update enhances client-side performance by reducing file size and
minimizing download overhead. No breaking changes introduced.
Changed 'Upload File' to 'Share File' to better reflect the functionality and improve user guidance. Added explanatory note informing users that the file will remain available as long as the page is open.
Switched from single to double quotes throughout tracker.js
for consistent string formatting. This improves code
readability and maintains uniformity across the project.
Replaced incorrect curly braces in the console log statement with proper template literals to accurately display the HOST and PORT values. This ensures the tracker URL is displayed correctly in the console, improving debugging and monitoring.
Integrated WebTorrent for enhanced torrent capabilities by including a minified version of its library. This provides functionality for handling torrent files, streaming media, and managing peer connections.
The integration supports features such as piece fetching, bitfield management, and peer communication, crucial for efficient torrent handling and P2P media streaming.
- Initialize new Express application for file transfer using WebTorrent.
- Set up routes for generating and retrieving mnemonics and info hashes.
- Implement custom BitTorrent tracker server with WebSockets.
- Add `.gitignore` to exclude `node_modules/`.
- Create `index.ejs` for front-end with file upload and download functionalities.
- Initialize `package.json` and `package-lock.json` with necessary dependencies.
