chore(release): publish new version

- @standardnotes/api-gateway@1.45.1
 - @standardnotes/files-server@1.9.4

.pnp.cjs

@@ -2701,6 +2701,7 @@ const RAW_RUNTIME_STATE =
           ["eslint", "npm:8.25.0"],\
           ["eslint-plugin-prettier", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.2.1"],\
           ["express", "npm:4.18.2"],\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
           ["helmet", "npm:6.0.0"],\
           ["inversify", "npm:6.0.1"],\
           ["inversify-express-utils", "npm:6.4.3"],\
@@ -2990,6 +2991,7 @@ const RAW_RUNTIME_STATE =
           ["eslint", "npm:8.25.0"],\
           ["eslint-plugin-prettier", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.2.1"],\
           ["express", "npm:4.18.2"],\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
           ["express-winston", "virtual:b442cf0427cc365d1c137f7340f9b81f9b204561afe791a8564ae9590c3a7fc4b5f793aaf8817b946f75a3cb64d03ef8790eb847f8b576b41e700da7b00c240c#npm:4.2.0"],\
           ["helmet", "npm:6.0.0"],\
           ["inversify", "npm:6.0.1"],\
@@ -7316,6 +7318,28 @@ const RAW_RUNTIME_STATE =
         "linkType": "HARD"\
       }]\
     ]],\
+    ["express-robots-txt", [\
+      ["npm:1.0.0", {\
+        "packageLocation": "./.yarn/cache/express-robots-txt-npm-1.0.0-dcc8bd8f0a-54f066f6c3.zip/node_modules/express-robots-txt/",\
+        "packageDependencies": [\
+          ["express-robots-txt", "npm:1.0.0"]\
+        ],\
+        "linkType": "SOFT"\
+      }],\
+      ["virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0", {\
+        "packageLocation": "./.yarn/__virtual__/express-robots-txt-virtual-0a3eb9f2f5/0/cache/express-robots-txt-npm-1.0.0-dcc8bd8f0a-54f066f6c3.zip/node_modules/express-robots-txt/",\
+        "packageDependencies": [\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
+          ["@types/express", "npm:4.17.14"],\
+          ["express", "npm:4.18.2"]\
+        ],\
+        "packagePeers": [\
+          "@types/express",\
+          "express"\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
     ["express-winston", [\
       ["npm:4.2.0", {\
         "packageLocation": "./.yarn/cache/express-winston-npm-4.2.0-e4cfb26486-2d4b37671d.zip/node_modules/express-winston/",\

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.45.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.45.0...@standardnotes/api-gateway@1.45.1) (2023-01-13)
+
+### Bug Fixes
+
+* add robots.txt setup for api-gateway and files server to disallow indexing ([bb82043](https://github.com/standardnotes/api-gateway/commit/bb820437af2b9644d7597de045b5840037b81db3))
+
 # [1.45.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.44.0...@standardnotes/api-gateway@1.45.0) (2023-01-05)
 
 ### Features

packages/api-gateway/bin/server.ts

@@ -31,6 +31,8 @@ import helmet from 'helmet'
 import * as cors from 'cors'
 import { text, json, Request, Response, NextFunction, RequestHandler, ErrorRequestHandler } from 'express'
 import * as winston from 'winston'
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const robots = require('express-robots-txt')
 
 import { InversifyExpressServer } from 'inversify-express-utils'
 import { ContainerConfigLoader } from '../src/Bootstrap/Container'
@@ -78,6 +80,12 @@ void container.load().then((container) => {
       }),
     )
     app.use(cors())
+    app.use(
+      robots({
+        UserAgent: '*',
+        Disallow: '/',
+      }),
+    )
 
     if (env.get('SENTRY_DSN', true)) {
       Sentry.init({

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.45.0",
+  "version": "1.45.1",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -32,6 +32,7 @@
     "cors": "2.8.5",
     "dotenv": "^16.0.1",
     "express": "^4.18.2",
+    "express-robots-txt": "^1.0.0",
     "helmet": "^6.0.0",
     "inversify": "^6.0.1",
     "inversify-express-utils": "^6.4.3",

packages/auth/.env.sample

@@ -67,3 +67,7 @@ VALET_TOKEN_SECRET=
 VALET_TOKEN_TTL=
 
 WEB_SOCKET_CONNECTION_TOKEN_SECRET=
+
+# (Optional) U2F Setup
+U2F_RELYING_PARTY_ID=
+U2F_RELYING_PARTY_NAME=

packages/auth/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.81.8](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.7...@standardnotes/auth-server@1.81.8) (2023-01-11)
+
+### Bug Fixes
+
+* **auth:** add relying party configuration options ([d18f6cc](https://github.com/standardnotes/server/commit/d18f6ccd32fa97c927781c17659cf7a8e662ee07))
+
+## [1.81.7](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.6...@standardnotes/auth-server@1.81.7) (2023-01-09)
+
+### Bug Fixes
+
+* **auth:** failure messages for debug logs upon signing in with recovery codes ([7ae8845](https://github.com/standardnotes/server/commit/7ae8845ae9ff9c208d192aea48e5517a16c8338f))
+
 ## [1.81.6](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.5...@standardnotes/auth-server@1.81.6) (2023-01-09)
 
 ### Bug Fixes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.81.6",
+  "version": "1.81.8",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/auth/src/Bootstrap/Container.ts

@@ -463,7 +463,12 @@ export class ContainerConfigLoader {
     container
       .bind(TYPES.SESSION_TRACE_DAYS_TTL)
       .toConstantValue(env.get('SESSION_TRACE_DAYS_TTL', true) ? +env.get('SESSION_TRACE_DAYS_TTL', true) : 90)
-
+    container
+      .bind(TYPES.U2F_RELYING_PARTY_NAME)
+      .toConstantValue(env.get('U2F_RELYING_PARTY_NAME', true) ?? 'Standard Notes')
+    container
+      .bind(TYPES.U2F_RELYING_PARTY_ID)
+      .toConstantValue(env.get('U2F_RELYING_PARTY_ID', true) ?? 'standardnotes.com')
     // Services
     container.bind<UAParser>(TYPES.DeviceDetector).toConstantValue(new UAParser())
     container.bind<SessionService>(TYPES.SessionService).to(SessionService)
@@ -567,6 +572,8 @@ export class ContainerConfigLoader {
         new GenerateAuthenticatorRegistrationOptions(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_NAME),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container
@@ -575,6 +582,7 @@ export class ContainerConfigLoader {
         new VerifyAuthenticatorRegistrationResponse(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container
@@ -591,6 +599,7 @@ export class ContainerConfigLoader {
         new VerifyAuthenticatorAuthenticationResponse(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container

packages/auth/src/Bootstrap/Types.ts

@@ -94,6 +94,8 @@ const TYPES = {
   VERSION: Symbol.for('VERSION'),
   PAYMENTS_SERVER_URL: Symbol.for('PAYMENTS_SERVER_URL'),
   SESSION_TRACE_DAYS_TTL: Symbol.for('SESSION_TRACE_DAYS_TTL'),
+  U2F_RELYING_PARTY_ID: Symbol.for('U2F_RELYING_PARTY_ID'),
+  U2F_RELYING_PARTY_NAME: Symbol.for('U2F_RELYING_PARTY_NAME'),
   // use cases
   AuthenticateUser: Symbol.for('AuthenticateUser'),
   AuthenticateRequest: Symbol.for('AuthenticateRequest'),

packages/auth/src/Domain/Authenticator/RelyingParty.ts

@@ -1,4 +0,0 @@
-export enum RelyingParty {
-  RP_NAME = 'Standard Notes',
-  RP_ID = 'standardnotes.com',
-}

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts

@@ -11,7 +11,12 @@ describe('GenerateAuthenticatorRegistrationOptions', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new GenerateAuthenticatorRegistrationOptions(authenticatorRepository, authenticatorChallengeRepository)
+    new GenerateAuthenticatorRegistrationOptions(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'Standard Notes',
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     const authenticator = Authenticator.create({

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts

@@ -5,12 +5,13 @@ import { GenerateAuthenticatorRegistrationOptionsDTO } from './GenerateAuthentic
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 
 export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterface<Record<string, unknown>> {
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyName: string,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: GenerateAuthenticatorRegistrationOptionsDTO): Promise<Result<Record<string, unknown>>> {
@@ -28,8 +29,8 @@ export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterfac
 
     const authenticators = await this.authenticatorRepository.findByUserUuid(userUuid)
     const options = generateRegistrationOptions({
-      rpID: RelyingParty.RP_ID,
-      rpName: RelyingParty.RP_NAME,
+      rpID: this.relyingPartyId,
+      rpName: this.relyingPartyName,
       userID: userUuid.value,
       userName: username.value,
       attestationType: 'none',

packages/auth/src/Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes.spec.ts

@@ -81,7 +81,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Empty password')
   })
 
   it('should return error if username is not provided', async () => {
@@ -107,7 +107,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid code verifier')
   })
 
   it('should return error if recovery codes are not provided', async () => {
@@ -120,7 +120,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid recovery codes')
+    expect(result.getError()).toBe('Empty recovery codes')
   })
 
   it('should return error if code verifier is invalid', async () => {
@@ -135,7 +135,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid code verifier')
   })
 
   it('should return error if user is not found', async () => {
@@ -150,7 +150,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Could not find user')
   })
 
   it('should return error if recovery codes are invalid', async () => {
@@ -176,7 +176,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid password')
   })
 
   it('should return error if recovery codes are not generated for user', async () => {

packages/auth/src/Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes.ts

@@ -40,21 +40,21 @@ export class SignInWithRecoveryCodes implements UseCaseInterface<AuthResponse202
     if (!validCodeVerifier) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Invalid code verifier')
     }
 
     const passwordValidationResult = Validator.isNotEmpty(dto.password)
     if (passwordValidationResult.isFailed()) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Empty password')
     }
 
     const recoveryCodesValidationResult = Validator.isNotEmpty(dto.recoveryCodes)
     if (recoveryCodesValidationResult.isFailed()) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid recovery codes')
+      return Result.fail('Empty recovery codes')
     }
 
     const user = await this.userRepository.findOneByEmail(username.value)
@@ -62,14 +62,14 @@ export class SignInWithRecoveryCodes implements UseCaseInterface<AuthResponse202
     if (!user) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Could not find user')
     }
 
     const passwordMatches = await bcrypt.compare(dto.password, user.encryptedPassword)
     if (!passwordMatches) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Invalid password')
     }
 
     const recoveryCodesSetting = await this.settingService.findSettingWithDecryptedValue({

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.spec.ts

@@ -13,7 +13,11 @@ describe('VerifyAuthenticatorAuthenticationResponse', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new VerifyAuthenticatorAuthenticationResponse(authenticatorRepository, authenticatorChallengeRepository)
+    new VerifyAuthenticatorAuthenticationResponse(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     const authenticator = Authenticator.create({

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.ts

@@ -5,12 +5,12 @@ import { AuthenticatorDevice } from '@simplewebauthn/typescript-types'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { VerifyAuthenticatorAuthenticationResponseDTO } from './VerifyAuthenticatorAuthenticationResponseDTO'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 
 export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterface<boolean> {
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: VerifyAuthenticatorAuthenticationResponseDTO): Promise<Result<boolean>> {
@@ -40,8 +40,8 @@ export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterfa
       verification = await verifyAuthenticationResponse({
         credential: dto.authenticationCredential,
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
-        expectedOrigin: `https://${RelyingParty.RP_ID}`,
-        expectedRPID: RelyingParty.RP_ID,
+        expectedOrigin: `https://${this.relyingPartyId}`,
+        expectedRPID: this.relyingPartyId,
         authenticator: {
           counter: authenticator.props.counter,
           credentialID: authenticator.props.credentialId,

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts

@@ -13,7 +13,11 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new VerifyAuthenticatorRegistrationResponse(authenticatorRepository, authenticatorChallengeRepository)
+    new VerifyAuthenticatorRegistrationResponse(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     authenticatorRepository = {} as jest.Mocked<AuthenticatorRepositoryInterface>

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts

@@ -2,7 +2,6 @@ import { Dates, Result, UseCaseInterface, Uuid, Validator } from '@standardnotes
 import { VerifiedRegistrationResponse, verifyRegistrationResponse } from '@simplewebauthn/server'
 
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { Authenticator } from '../../Authenticator/Authenticator'
 import { VerifyAuthenticatorRegistrationResponseDTO } from './VerifyAuthenticatorRegistrationResponseDTO'
@@ -11,6 +10,7 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: VerifyAuthenticatorRegistrationResponseDTO): Promise<Result<boolean>> {
@@ -35,8 +35,8 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
       verification = await verifyRegistrationResponse({
         credential: dto.registrationCredential,
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
-        expectedOrigin: `https://${RelyingParty.RP_ID}`,
-        expectedRPID: RelyingParty.RP_ID,
+        expectedOrigin: `https://${this.relyingPartyId}`,
+        expectedRPID: this.relyingPartyId,
       })
 
       if (!verification.verified) {

packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressAuthController.ts

@@ -264,7 +264,7 @@ export class InversifyExpressAuthController extends BaseHttpController {
   @httpPost('/recovery/login', TYPES.LockMiddleware)
   async recoveryLogin(request: Request): Promise<results.JsonResult> {
     const result = await this.authController.signInWithRecoveryCodes({
-      apiVersion: request.body.apiVersion,
+      apiVersion: request.body.api_version,
       userAgent: <string>request.headers['user-agent'],
       codeVerifier: request.body.code_verifier,
       username: request.body.username,
@@ -278,7 +278,7 @@ export class InversifyExpressAuthController extends BaseHttpController {
   @httpPost('/recovery/params')
   async recoveryParams(request: Request): Promise<results.JsonResult> {
     const result = await this.authController.recoveryKeyParams({
-      apiVersion: request.body.apiVersion,
+      apiVersion: request.body.api_version,
       username: request.body.username,
       codeChallenge: request.body.code_challenge,
       recoveryCodes: request.body.recovery_codes,

packages/files/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.9.4](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.9.3...@standardnotes/files-server@1.9.4) (2023-01-13)
+
+### Bug Fixes
+
+* add robots.txt setup for api-gateway and files server to disallow indexing ([bb82043](https://github.com/standardnotes/files/commit/bb820437af2b9644d7597de045b5840037b81db3))
+
 ## [1.9.3](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.9.2...@standardnotes/files-server@1.9.3) (2022-12-28)
 
 **Note:** Version bump only for package @standardnotes/files-server

packages/files/bin/server.ts

@@ -12,6 +12,8 @@ import helmet from 'helmet'
 import * as cors from 'cors'
 import { urlencoded, json, raw, Request, Response, NextFunction, RequestHandler, ErrorRequestHandler } from 'express'
 import * as winston from 'winston'
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const robots = require('express-robots-txt')
 
 import { InversifyExpressServer } from 'inversify-express-utils'
 import { ContainerConfigLoader } from '../src/Bootstrap/Container'
@@ -65,6 +67,12 @@ void container.load().then((container) => {
         exposedHeaders: ['Content-Range', 'Accept-Ranges'],
       }),
     )
+    app.use(
+      robots({
+        UserAgent: '*',
+        Disallow: '/',
+      }),
+    )
 
     if (env.get('SENTRY_DSN', true)) {
       Sentry.init({

packages/files/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/files-server",
-  "version": "1.9.3",
+  "version": "1.9.4",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -39,6 +39,7 @@
     "dayjs": "^1.11.6",
     "dotenv": "^16.0.1",
     "express": "^4.18.2",
+    "express-robots-txt": "^1.0.0",
     "express-winston": "^4.0.5",
     "helmet": "^6.0.0",
     "inversify": "^6.0.1",

yarn.lock

@@ -1929,6 +1929,7 @@ __metadata:
     eslint: "npm:^8.14.0"
     eslint-plugin-prettier: "npm:^4.0.0"
     express: "npm:^4.18.2"
+    express-robots-txt: "npm:^1.0.0"
     helmet: "npm:^6.0.0"
     inversify: "npm:^6.0.1"
     inversify-express-utils: "npm:^6.4.3"
@@ -2216,6 +2217,7 @@ __metadata:
     eslint: "npm:^8.14.0"
     eslint-plugin-prettier: "npm:^4.0.0"
     express: "npm:^4.18.2"
+    express-robots-txt: "npm:^1.0.0"
     express-winston: "npm:^4.0.5"
     helmet: "npm:^6.0.0"
     inversify: "npm:^6.0.1"
@@ -5580,6 +5582,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"express-robots-txt@npm:^1.0.0":
+  version: 1.0.0
+  resolution: "express-robots-txt@npm:1.0.0"
+  peerDependencies:
+    express: ^4.12.1
+  checksum: 54f066f6c305694ea2082d2b0a46bab8dcbf2b478780cf3f1bc404a5d8c83a4e2d6f06e15b42f0aec2c8866ffb97150487e0bb9abdd9604fa78ea68950946b43
+  languageName: node
+  linkType: hard
+
 "express-winston@npm:^4.0.5":
   version: 4.2.0
   resolution: "express-winston@npm:4.2.0"