Fix critical security risk: implement complete fallback profanity filter

- Add comprehensive no-op fallback profanity filter with all required methods - Prevent runtime errors when profanity filter initialization fails - Add startup logging to clearly indicate profanity filter status - Include _isFallback property for monitoring and debugging - Ensure all routes continue to function even with fallback filter - Maintain security awareness with clear warning messages
2025-07-04 13:25:25 -04:00 · 2025-07-04 13:25:25 -04:00 · b1073ce7b8
commit b1073ce7b8
parent a063d5a2c9
1 changed files with 50 additions and 6 deletions
--- a/server.js
+++ b/server.js
@ -35,14 +35,49 @@ try {
    console.error('Creating fallback no-op profanity filter. ALL CONTENT WILL BE ALLOWED!');
    console.error('This is a security risk - please fix the profanity filter configuration.');
    
-    // Create a fallback no-op profanity filter
+    // Create a fallback no-op profanity filter that matches the full ProfanityFilter interface
    profanityFilter = {
+        // Core profanity checking methods
        checkText: () => ({ isProfane: false, reason: null }),
-        addWord: () => Promise.resolve({ success: false, error: 'Profanity filter not available' }),
-        removeWord: () => Promise.resolve({ success: false, error: 'Profanity filter not available' }),
-        getWords: () => Promise.resolve([]),
-        testText: () => Promise.resolve({ isProfane: false, detectedWords: [], filteredText: '' }),
-        close: () => {}
+        containsProfanity: () => false,
+        analyzeProfanity: (text) => ({
+            hasProfanity: false,
+            matches: [],
+            severity: 'none',
+            count: 0,
+            filtered: text || ''
+        }),
+        filterProfanity: (text) => text || '',
+        
+        // Database management methods used by admin routes
+        addCustomWord: (word, severity, category, createdBy) => Promise.resolve({
+            success: false, 
+            error: 'Profanity filter not available - please check server configuration'
+        }),
+        removeCustomWord: (wordId) => Promise.resolve({
+            success: false, 
+            error: 'Profanity filter not available - please check server configuration'
+        }),
+        updateCustomWord: (wordId, updates) => Promise.resolve({
+            success: false, 
+            error: 'Profanity filter not available - please check server configuration'
+        }),
+        getCustomWords: () => Promise.resolve([]),
+        loadCustomWords: () => Promise.resolve(),
+        
+        // Utility methods
+        getAllWords: () => [],
+        getSeverity: () => 'none',
+        getSeverityLevel: () => 0,
+        getSeverityName: () => 'none',
+        normalizeText: (text) => text || '',
+        buildPatterns: () => [],
+        
+        // Cleanup method
+        close: () => {},
+        
+        // Special property to identify this as a fallback filter
+        _isFallback: true
    };
    
    console.warn('⚠️  SECURITY WARNING: Profanity filtering is DISABLED due to initialization failure!');
@ -151,6 +186,15 @@ app.listen(PORT, () => {
    console.log('Great Lakes Ice Report server started');
    console.log(`Listening on port ${PORT}`);
    console.log(`Visit http://localhost:${PORT} to view the website`);
+    
+    // Display profanity filter status
+    if (profanityFilter._isFallback) {
+        console.log('🚨 PROFANITY FILTER: DISABLED (FALLBACK MODE)');
+        console.log('⚠️  ALL USER CONTENT WILL BE ALLOWED!');
+    } else {
+        console.log('✅ PROFANITY FILTER: ACTIVE AND FUNCTIONAL');
+    }
+    
    console.log('===========================================');
 });