2017-04-12 17:16:33 +00:00
|
|
|
'use strict'
|
2017-03-08 10:45:51 +00:00
|
|
|
// app
|
|
|
|
// external modules
|
|
|
|
var express = require('express')
|
2017-04-11 22:05:43 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
var ejs = require('ejs')
|
|
|
|
var passport = require('passport')
|
|
|
|
var methodOverride = require('method-override')
|
|
|
|
var cookieParser = require('cookie-parser')
|
2015-05-04 07:53:29 +00:00
|
|
|
var compression = require('compression')
|
2017-03-08 10:45:51 +00:00
|
|
|
var session = require('express-session')
|
|
|
|
var SequelizeStore = require('connect-session-sequelize')(session.Store)
|
|
|
|
var fs = require('fs')
|
|
|
|
var path = require('path')
|
2017-04-11 22:01:45 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
var morgan = require('morgan')
|
|
|
|
var passportSocketIo = require('passport.socketio')
|
|
|
|
var helmet = require('helmet')
|
|
|
|
var i18n = require('i18n')
|
|
|
|
var flash = require('connect-flash')
|
|
|
|
|
|
|
|
// core
|
2017-04-12 16:20:28 +00:00
|
|
|
var config = require('./lib/config')
|
|
|
|
var logger = require('./lib/logger')
|
|
|
|
var response = require('./lib/response')
|
2017-03-08 10:45:51 +00:00
|
|
|
var models = require('./lib/models')
|
2017-10-21 23:22:48 +00:00
|
|
|
var csp = require('./lib/csp')
|
2017-03-08 10:45:51 +00:00
|
|
|
|
|
|
|
// server setup
|
|
|
|
var app = express()
|
|
|
|
var server = null
|
2018-03-07 14:17:35 +00:00
|
|
|
if (config.useSSL) {
|
2017-03-08 10:45:51 +00:00
|
|
|
var ca = (function () {
|
|
|
|
var i, len, results
|
|
|
|
results = []
|
2018-03-07 14:17:35 +00:00
|
|
|
for (i = 0, len = config.sslCAPath.length; i < len; i++) {
|
|
|
|
results.push(fs.readFileSync(config.sslCAPath[i], 'utf8'))
|
2017-03-08 10:45:51 +00:00
|
|
|
}
|
|
|
|
return results
|
|
|
|
})()
|
|
|
|
var options = {
|
2018-03-07 14:17:35 +00:00
|
|
|
key: fs.readFileSync(config.sslKeyPath, 'utf8'),
|
|
|
|
cert: fs.readFileSync(config.sslCertPath, 'utf8'),
|
2017-03-08 10:45:51 +00:00
|
|
|
ca: ca,
|
2018-03-07 14:17:35 +00:00
|
|
|
dhparam: fs.readFileSync(config.dhParamPath, 'utf8'),
|
2017-03-08 10:45:51 +00:00
|
|
|
requestCert: false,
|
|
|
|
rejectUnauthorized: false
|
|
|
|
}
|
|
|
|
server = require('https').createServer(options, app)
|
2015-05-15 04:58:13 +00:00
|
|
|
} else {
|
2017-03-08 10:45:51 +00:00
|
|
|
server = require('http').createServer(app)
|
2015-05-15 04:58:13 +00:00
|
|
|
}
|
2015-07-01 16:10:20 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// logger
|
2015-06-01 10:04:25 +00:00
|
|
|
app.use(morgan('combined', {
|
2017-03-18 18:44:06 +00:00
|
|
|
'stream': logger
|
2017-03-08 10:45:51 +00:00
|
|
|
}))
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// socket io
|
|
|
|
var io = require('socket.io')(server)
|
2016-11-18 04:18:29 +00:00
|
|
|
io.engine.ws = new (require('uws').Server)({
|
2017-03-08 10:45:51 +00:00
|
|
|
noServer: true,
|
|
|
|
perMessageDeflate: false
|
|
|
|
})
|
2015-07-01 16:10:20 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// others
|
|
|
|
var realtime = require('./lib/realtime.js')
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// assign socket io to realtime
|
|
|
|
realtime.io = io
|
2015-09-24 03:36:41 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// methodOverride
|
|
|
|
app.use(methodOverride('_method'))
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// session store
|
2016-04-20 10:03:55 +00:00
|
|
|
var sessionStore = new SequelizeStore({
|
2017-03-08 10:45:51 +00:00
|
|
|
db: models.sequelize
|
|
|
|
})
|
2015-06-01 10:04:25 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// compression
|
|
|
|
app.use(compression())
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2016-03-15 02:41:49 +00:00
|
|
|
// use hsts to tell https users stick to this
|
2017-10-12 23:09:04 +00:00
|
|
|
if (config.hsts.enable) {
|
|
|
|
app.use(helmet.hsts({
|
|
|
|
maxAge: config.hsts.maxAgeSeconds * 1000,
|
|
|
|
includeSubdomains: config.hsts.includeSubdomains,
|
|
|
|
preload: config.hsts.preload
|
|
|
|
}))
|
2018-03-07 14:17:35 +00:00
|
|
|
} else if (config.useSSL) {
|
2017-10-12 23:09:04 +00:00
|
|
|
logger.info('Consider enabling HSTS for extra security:')
|
|
|
|
logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security')
|
|
|
|
}
|
2016-03-15 02:41:49 +00:00
|
|
|
|
2018-02-12 00:29:58 +00:00
|
|
|
// Add referrer policy to improve privacy
|
|
|
|
app.use(
|
|
|
|
helmet.referrerPolicy({
|
|
|
|
policy: 'same-origin'
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
2017-10-21 23:22:48 +00:00
|
|
|
// Generate a random nonce per request, for CSP with inline scripts
|
|
|
|
app.use(csp.addNonceToLocals)
|
2017-10-18 15:48:53 +00:00
|
|
|
|
2017-10-18 15:10:23 +00:00
|
|
|
// use Content-Security-Policy to limit XSS, dangerous plugins, etc.
|
|
|
|
// https://helmetjs.github.io/docs/csp/
|
|
|
|
if (config.csp.enable) {
|
|
|
|
app.use(helmet.contentSecurityPolicy({
|
2017-10-21 23:22:48 +00:00
|
|
|
directives: csp.computeDirectives()
|
2017-10-18 15:10:23 +00:00
|
|
|
}))
|
|
|
|
} else {
|
2017-10-18 17:37:55 +00:00
|
|
|
logger.info('Content-Security-Policy is disabled. This may be a security risk.')
|
2017-10-18 15:10:23 +00:00
|
|
|
}
|
|
|
|
|
2016-08-19 03:49:24 +00:00
|
|
|
i18n.configure({
|
2018-06-23 19:25:36 +00:00
|
|
|
locales: ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko'],
|
2017-03-08 10:45:51 +00:00
|
|
|
cookie: 'locale',
|
2018-06-04 23:29:27 +00:00
|
|
|
directory: path.join(__dirname, '/locales'),
|
|
|
|
updateFiles: config.updateI18nFiles
|
2017-03-08 10:45:51 +00:00
|
|
|
})
|
2016-08-19 03:49:24 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
app.use(cookieParser())
|
2016-08-19 03:49:24 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
app.use(i18n.init)
|
2016-08-19 03:49:24 +00:00
|
|
|
|
2016-04-20 10:14:28 +00:00
|
|
|
// routes without sessions
|
|
|
|
// static files
|
2018-03-07 14:17:35 +00:00
|
|
|
app.use('/', express.static(path.join(__dirname, '/public'), { maxAge: config.staticCacheTime }))
|
2016-04-20 10:14:28 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// session
|
2015-05-04 07:53:29 +00:00
|
|
|
app.use(session({
|
2018-03-07 14:17:35 +00:00
|
|
|
name: config.sessionName,
|
|
|
|
secret: config.sessionSecret,
|
2017-03-08 10:45:51 +00:00
|
|
|
resave: false, // don't save session if unmodified
|
|
|
|
saveUninitialized: true, // always create session to ensure the origin
|
|
|
|
rolling: true, // reset maxAge on every response
|
|
|
|
cookie: {
|
2018-03-07 14:17:35 +00:00
|
|
|
maxAge: config.sessionLife
|
2017-03-08 10:45:51 +00:00
|
|
|
},
|
|
|
|
store: sessionStore
|
|
|
|
}))
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2016-03-15 02:42:07 +00:00
|
|
|
// session resumption
|
2017-03-08 10:45:51 +00:00
|
|
|
var tlsSessionStore = {}
|
2016-03-15 02:42:07 +00:00
|
|
|
server.on('newSession', function (id, data, cb) {
|
2017-03-08 10:45:51 +00:00
|
|
|
tlsSessionStore[id.toString('hex')] = data
|
|
|
|
cb()
|
|
|
|
})
|
2016-03-15 02:42:07 +00:00
|
|
|
server.on('resumeSession', function (id, cb) {
|
2017-03-08 10:45:51 +00:00
|
|
|
cb(null, tlsSessionStore[id.toString('hex')] || null)
|
|
|
|
})
|
2016-03-15 02:42:07 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// middleware which blocks requests when we're too busy
|
2017-04-11 22:05:43 +00:00
|
|
|
app.use(require('./lib/web/middleware/tooBusy'))
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
app.use(flash())
|
2016-12-01 17:58:14 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// passport
|
|
|
|
app.use(passport.initialize())
|
|
|
|
app.use(passport.session())
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2016-12-03 06:37:24 +00:00
|
|
|
// check uri is valid before going further
|
2017-04-13 13:28:00 +00:00
|
|
|
app.use(require('./lib/web/middleware/checkURIValid'))
|
2016-12-12 02:50:43 +00:00
|
|
|
// redirect url without trailing slashes
|
2017-05-07 16:52:13 +00:00
|
|
|
app.use(require('./lib/web/middleware/redirectWithoutTrailingSlashes'))
|
2018-06-24 11:59:18 +00:00
|
|
|
app.use(require('./lib/web/middleware/codiMDVersion'))
|
2016-04-20 10:19:11 +00:00
|
|
|
|
2016-04-20 10:14:28 +00:00
|
|
|
// routes need sessions
|
2017-03-08 10:45:51 +00:00
|
|
|
// template files
|
|
|
|
app.set('views', path.join(__dirname, '/public/views'))
|
|
|
|
// set render engine
|
|
|
|
app.engine('ejs', ejs.renderFile)
|
|
|
|
// set view engine
|
|
|
|
app.set('view engine', 'ejs')
|
2016-07-31 16:06:07 +00:00
|
|
|
|
2017-04-11 21:38:54 +00:00
|
|
|
app.use(require('./lib/web/baseRouter'))
|
2017-04-11 21:39:41 +00:00
|
|
|
app.use(require('./lib/web/statusRouter'))
|
2017-04-11 21:41:14 +00:00
|
|
|
app.use(require('./lib/web/auth'))
|
2017-04-11 21:48:55 +00:00
|
|
|
app.use(require('./lib/web/historyRouter'))
|
2017-04-11 21:55:36 +00:00
|
|
|
app.use(require('./lib/web/userRouter'))
|
2017-04-11 22:01:45 +00:00
|
|
|
app.use(require('./lib/web/imageRouter'))
|
2017-04-11 22:01:22 +00:00
|
|
|
app.use(require('./lib/web/noteRouter'))
|
2017-04-11 21:56:20 +00:00
|
|
|
|
|
|
|
// response not found if no any route matxches
|
2016-04-20 10:19:29 +00:00
|
|
|
app.get('*', function (req, res) {
|
2017-03-08 10:45:51 +00:00
|
|
|
response.errorNotFound(res)
|
|
|
|
})
|
2015-05-04 07:53:29 +00:00
|
|
|
|
2017-03-08 10:45:51 +00:00
|
|
|
// socket.io secure
|
|
|
|
io.use(realtime.secure)
|
|
|
|
// socket.io auth
|
2015-06-01 10:04:25 +00:00
|
|
|
io.use(passportSocketIo.authorize({
|
2017-03-08 10:45:51 +00:00
|
|
|
cookieParser: cookieParser,
|
2018-03-07 14:17:35 +00:00
|
|
|
key: config.sessionName,
|
|
|
|
secret: config.sessionSecret,
|
2017-03-08 10:45:51 +00:00
|
|
|
store: sessionStore,
|
|
|
|
success: realtime.onAuthorizeSuccess,
|
|
|
|
fail: realtime.onAuthorizeFail
|
|
|
|
}))
|
|
|
|
// socket.io heartbeat
|
2018-03-07 14:17:35 +00:00
|
|
|
io.set('heartbeat interval', config.heartbeatInterval)
|
|
|
|
io.set('heartbeat timeout', config.heartbeatTimeout)
|
2017-03-08 10:45:51 +00:00
|
|
|
// socket.io connection
|
|
|
|
io.sockets.on('connection', realtime.connection)
|
|
|
|
|
|
|
|
// listen
|
|
|
|
function startListen () {
|
2018-07-23 00:27:51 +00:00
|
|
|
var address
|
|
|
|
var listenCallback = function () {
|
2018-03-07 14:17:35 +00:00
|
|
|
var schema = config.useSSL ? 'HTTPS' : 'HTTP'
|
2018-07-23 00:27:51 +00:00
|
|
|
logger.info('%s Server listening at %s', schema, address)
|
2017-04-12 17:57:55 +00:00
|
|
|
realtime.maintenance = false
|
2018-07-23 00:27:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// use unix domain socket if 'path' is specified
|
|
|
|
if (config.path) {
|
|
|
|
address = config.path
|
|
|
|
server.listen(config.path, listenCallback)
|
|
|
|
} else {
|
|
|
|
address = config.host + ':' + config.port
|
|
|
|
server.listen(config.port, config.host, listenCallback)
|
|
|
|
}
|
2015-07-11 04:44:16 +00:00
|
|
|
}
|
2016-04-20 10:03:55 +00:00
|
|
|
|
|
|
|
// sync db then start listen
|
2016-06-17 08:09:33 +00:00
|
|
|
models.sequelize.sync().then(function () {
|
2017-03-08 10:45:51 +00:00
|
|
|
// check if realtime is ready
|
|
|
|
if (realtime.isReady()) {
|
|
|
|
models.Revision.checkAllNotesRevision(function (err, notes) {
|
|
|
|
if (err) throw new Error(err)
|
|
|
|
if (!notes || notes.length <= 0) return startListen()
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
throw new Error('server still not ready after db synced')
|
|
|
|
}
|
|
|
|
})
|
2016-04-20 10:03:55 +00:00
|
|
|
|
|
|
|
// log uncaught exception
|
2015-07-11 04:44:16 +00:00
|
|
|
process.on('uncaughtException', function (err) {
|
2017-03-08 10:45:51 +00:00
|
|
|
logger.error('An uncaught exception has occured.')
|
|
|
|
logger.error(err)
|
|
|
|
logger.error('Process will exit now.')
|
|
|
|
process.exit(1)
|
|
|
|
})
|
2016-06-01 06:18:54 +00:00
|
|
|
|
2017-01-20 01:13:09 +00:00
|
|
|
// install exit handler
|
2017-03-08 10:45:51 +00:00
|
|
|
function handleTermSignals () {
|
2018-06-22 19:07:30 +00:00
|
|
|
logger.info('CodiMD has been killed by signal, try to exit gracefully...')
|
2017-04-12 18:00:27 +00:00
|
|
|
realtime.maintenance = true
|
2017-03-08 10:45:51 +00:00
|
|
|
// disconnect all socket.io clients
|
|
|
|
Object.keys(io.sockets.sockets).forEach(function (key) {
|
|
|
|
var socket = io.sockets.sockets[key]
|
|
|
|
// notify client server going into maintenance status
|
|
|
|
socket.emit('maintenance')
|
|
|
|
setTimeout(function () {
|
|
|
|
socket.disconnect(true)
|
|
|
|
}, 0)
|
|
|
|
})
|
|
|
|
var checkCleanTimer = setInterval(function () {
|
|
|
|
if (realtime.isReady()) {
|
|
|
|
models.Revision.checkAllNotesRevision(function (err, notes) {
|
|
|
|
if (err) return logger.error(err)
|
|
|
|
if (!notes || notes.length <= 0) {
|
|
|
|
clearInterval(checkCleanTimer)
|
|
|
|
return process.exit(0)
|
2016-06-01 06:18:54 +00:00
|
|
|
}
|
2017-03-08 10:45:51 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}, 100)
|
2017-01-20 01:13:09 +00:00
|
|
|
}
|
2017-03-08 10:45:51 +00:00
|
|
|
process.on('SIGINT', handleTermSignals)
|
|
|
|
process.on('SIGTERM', handleTermSignals)
|
2017-03-22 07:26:35 +00:00
|
|
|
process.on('SIGQUIT', handleTermSignals)
|