2015-05-04 15:53:29 +08:00
//external modules
var express = require('express');
var toobusy = require('toobusy-js');
var ejs = require('ejs');
var passport = require('passport');
var methodOverride = require('method-override');
2015-06-01 18:04:25 +08:00
var cookieParser = require('cookie-parser');
2015-05-04 15:53:29 +08:00
var bodyParser = require('body-parser');
var compression = require('compression')
var session = require('express-session');
2016-04-20 18:03:55 +08:00
var SequelizeStore = require('connect-session-sequelize')(session.Store);
2015-05-15 12:58:13 +08:00
var fs = require('fs');
var imgur = require('imgur');
var formidable = require('formidable');
2015-06-01 18:04:25 +08:00
var morgan = require('morgan');
var passportSocketIo = require("passport.socketio");
2016-03-15 10:41:49 +08:00
var helmet = require('helmet');
2016-08-19 11:49:24 +08:00
var i18n = require('i18n');
2015-05-04 15:53:29 +08:00
2016-04-20 18:03:55 +08:00
var config = require("./lib/config.js");
2015-06-01 18:04:25 +08:00
var logger = require("./lib/logger.js");
2015-05-04 15:53:29 +08:00
var auth = require("./lib/auth.js");
2016-10-10 20:51:46 +08:00
var history = require("./lib/history.js");
2015-05-04 15:53:29 +08:00
var response = require("./lib/response.js");
2016-04-20 18:03:55 +08:00
var models = require("./lib/models");
2015-05-04 15:53:29 +08:00
//server setup
2015-05-15 12:58:13 +08:00
if (config.usessl) {
var ca = (function () {
var i, len, results;
results = [];
for (i = 0, len = config.sslcapath.length; i < len; i++) {
results.push(fs.readFileSync(config.sslcapath[i], 'utf8'));
return results;
var options = {
key: fs.readFileSync(config.sslkeypath, 'utf8'),
cert: fs.readFileSync(config.sslcertpath, 'utf8'),
ca: ca,
2016-03-15 10:39:45 +08:00
dhparam: fs.readFileSync(config.dhparampath, 'utf8'),
2015-05-15 12:58:13 +08:00
requestCert: false,
rejectUnauthorized: false
var app = express();
var server = require('https').createServer(options, app);
} else {
var app = express();
var server = require('http').createServer(app);
2015-07-02 00:10:20 +08:00
2015-06-01 18:04:25 +08:00
app.use(morgan('combined', {
"stream": logger.stream
2015-05-04 15:53:29 +08:00
2015-07-02 00:10:20 +08:00
//socket io
var io = require('socket.io')(server);
2015-05-04 15:53:29 +08:00
var realtime = require("./lib/realtime.js");
2015-09-24 11:36:41 +08:00
//assign socket io to realtime
realtime.io = io;
2015-05-04 15:53:29 +08:00
// create application/json parser
2016-07-30 11:13:13 +08:00
var jsonParser = bodyParser.json({
limit: 1024 * 1024 * 10 // 10 mb
2015-05-04 15:53:29 +08:00
// create application/x-www-form-urlencoded parser
var urlencodedParser = bodyParser.urlencoded({
2016-07-30 11:13:13 +08:00
extended: false,
limit: 1024 * 1024 * 10 // 10 mb
2015-05-04 15:53:29 +08:00
2015-06-01 18:04:25 +08:00
//session store
2016-04-20 18:03:55 +08:00
var sessionStore = new SequelizeStore({
db: models.sequelize
2015-06-01 18:04:25 +08:00
2015-05-04 15:53:29 +08:00
2016-03-15 10:41:49 +08:00
// use hsts to tell https users stick to this
maxAge: 31536000 * 1000, // 365 days
includeSubdomains: true,
preload: true
2016-08-19 11:49:24 +08:00
2016-10-21 13:39:28 +08:00
locales: ['en', 'zh', 'fr', 'de', 'ja', 'es', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv'],
2016-08-19 11:49:24 +08:00
cookie: 'locale',
directory: __dirname + '/locales'
2016-04-20 18:14:28 +08:00
// routes without sessions
// static files
app.use('/', express.static(__dirname + '/public', { maxAge: config.staticcachetime }));
app.use('/vendor/', express.static(__dirname + '/bower_components', { maxAge: config.staticcachetime }));
2015-05-04 15:53:29 +08:00
name: config.sessionname,
secret: config.sessionsecret,
resave: false, //don't save session if unmodified
2015-12-30 00:34:32 -05:00
saveUninitialized: true, //always create session to ensure the origin
2016-07-05 16:06:18 +08:00
rolling: true, // reset maxAge on every response
2015-05-04 15:53:29 +08:00
cookie: {
2016-09-26 12:13:24 -04:00
maxAge: config.sessionlife
2015-05-04 15:53:29 +08:00
2015-06-01 18:04:25 +08:00
store: sessionStore
2015-05-04 15:53:29 +08:00
2016-03-15 10:42:07 +08:00
// session resumption
var tlsSessionStore = {};
server.on('newSession', function (id, data, cb) {
tlsSessionStore[id.toString('hex')] = data;
server.on('resumeSession', function (id, cb) {
cb(null, tlsSessionStore[id.toString('hex')] || null);
2015-05-04 15:53:29 +08:00
//middleware which blocks requests when we're too busy
app.use(function (req, res, next) {
if (toobusy()) {
} else {
//serialize and deserialize
passport.serializeUser(function (user, done) {
2016-04-20 18:03:55 +08:00
logger.info('serializeUser: ' + user.id);
return done(null, user.id);
2015-05-04 15:53:29 +08:00
passport.deserializeUser(function (id, done) {
2016-04-20 18:03:55 +08:00
where: {
id: id
}).then(function (user) {
logger.info('deserializeUser: ' + user.id);
return done(null, user);
}).catch(function (err) {
return done(err, null);
2015-05-04 15:53:29 +08:00
2016-04-20 18:19:11 +08:00
// redirect url with trailing slashes
app.use(function(req, res, next) {
if ("GET" == req.method && req.path.substr(-1) == '/' && req.path.length > 1) {
var query = req.url.slice(req.path.length);
res.redirect(301, config.serverurl + req.path.slice(0, -1) + query);
} else {
2016-04-20 18:14:28 +08:00
// routes need sessions
2015-05-04 15:53:29 +08:00
//template files
2016-08-19 11:31:23 +08:00
app.set('views', __dirname + '/public/views');
2015-05-04 15:53:29 +08:00
//set render engine
2016-08-19 11:31:23 +08:00
app.engine('ejs', ejs.renderFile);
//set view engine
app.set('view engine', 'ejs');
2015-05-04 15:53:29 +08:00
//get index
2015-09-22 12:06:13 +08:00
app.get("/", response.showIndex);
2015-12-30 00:33:36 -05:00
//get 403 forbidden
2016-04-20 18:03:55 +08:00
app.get("/403", function (req, res) {
2015-12-30 00:33:36 -05:00
//get 404 not found
2016-04-20 18:03:55 +08:00
app.get("/404", function (req, res) {
2015-12-30 00:33:36 -05:00
2016-04-20 18:03:55 +08:00
//get 500 internal error
app.get("/500", function (req, res) {
2015-05-04 15:53:29 +08:00
//get status
app.get("/status", function (req, res, next) {
realtime.getStatus(function (data) {
2016-09-18 16:23:56 +08:00
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
2016-08-19 11:31:23 +08:00
2015-05-04 15:53:29 +08:00
2015-05-15 12:58:13 +08:00
//get status
app.get("/temp", function (req, res) {
var host = req.get('host');
if (config.alloworigin.indexOf(host) == -1)
else {
var tempid = req.query.tempid;
if (!tempid)
else {
2016-04-20 18:03:55 +08:00
where: {
id: tempid
}).then(function (temp) {
if (!temp)
2015-05-15 12:58:13 +08:00
else {
res.header("Access-Control-Allow-Origin", "*");
temp: temp.data
2016-04-20 18:03:55 +08:00
temp.destroy().catch(function (err) {
2015-05-15 12:58:13 +08:00
if (err)
2015-07-02 00:10:20 +08:00
logger.error('remove temp failed: ' + err);
2015-05-15 12:58:13 +08:00
2016-04-20 18:03:55 +08:00
}).catch(function (err) {
return response.errorInternalError(res);
2015-05-15 12:58:13 +08:00
//post status
app.post("/temp", urlencodedParser, function (req, res) {
var host = req.get('host');
if (config.alloworigin.indexOf(host) == -1)
else {
var data = req.body.data;
2016-04-20 18:03:55 +08:00
if (!data)
2015-05-15 12:58:13 +08:00
else {
if (config.debug)
2015-07-02 00:10:20 +08:00
logger.info('SERVER received temp from [' + host + ']: ' + req.body.data);
2016-04-20 18:03:55 +08:00
data: data
}).then(function (temp) {
if (temp) {
2015-05-15 12:58:13 +08:00
res.header("Access-Control-Allow-Origin", "*");
status: 'ok',
id: temp.id
} else
2016-04-20 18:03:55 +08:00
}).catch(function (err) {
return response.errorInternalError(res);
2015-05-15 12:58:13 +08:00
2016-08-01 00:06:07 +08:00
function setReturnToFromReferer(req) {
var referer = req.get('referer');
if (!req.session) req.session = {};
req.session.returnTo = referer;
2015-05-04 15:53:29 +08:00
//facebook auth
2016-04-20 18:03:55 +08:00
if (config.facebook) {
2016-08-01 00:06:07 +08:00
app.get('/auth/facebook', function (req, res, next) {
passport.authenticate('facebook')(req, res, next);
2016-04-20 18:03:55 +08:00
//facebook auth callback
passport.authenticate('facebook', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-04-20 18:03:55 +08:00
2015-05-04 15:53:29 +08:00
//twitter auth
2016-04-20 18:03:55 +08:00
if (config.twitter) {
2016-08-01 00:06:07 +08:00
app.get('/auth/twitter', function (req, res, next) {
passport.authenticate('twitter')(req, res, next);
2016-04-20 18:03:55 +08:00
//twitter auth callback
passport.authenticate('twitter', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-04-20 18:03:55 +08:00
2015-05-04 15:53:29 +08:00
//github auth
2016-04-20 18:03:55 +08:00
if (config.github) {
2016-08-01 00:06:07 +08:00
app.get('/auth/github', function (req, res, next) {
passport.authenticate('github')(req, res, next);
2016-04-20 18:03:55 +08:00
//github auth callback
passport.authenticate('github', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-04-20 18:03:55 +08:00
//github callback actions
app.get('/auth/github/callback/:noteId/:action', response.githubActions);
2016-05-09 16:27:35 -04:00
//gitlab auth
if (config.gitlab) {
2016-08-01 00:06:07 +08:00
app.get('/auth/gitlab', function (req, res, next) {
passport.authenticate('gitlab')(req, res, next);
2016-05-09 16:27:35 -04:00
//gitlab auth callback
passport.authenticate('gitlab', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-05-09 16:27:35 -04:00
//gitlab callback actions
2016-05-16 18:16:45 +08:00
app.get('/auth/gitlab/callback/:noteId/:action', response.gitlabActions);
2016-05-09 16:27:35 -04:00
2015-05-04 15:53:29 +08:00
//dropbox auth
2016-04-20 18:03:55 +08:00
if (config.dropbox) {
2016-08-01 00:06:07 +08:00
app.get('/auth/dropbox', function (req, res, next) {
passport.authenticate('dropbox-oauth2')(req, res, next);
2016-04-20 18:03:55 +08:00
//dropbox auth callback
passport.authenticate('dropbox-oauth2', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-04-20 18:03:55 +08:00
2016-05-21 22:48:00 +08:00
//google auth
if (config.google) {
2016-08-01 00:06:07 +08:00
app.get('/auth/google', function (req, res, next) {
passport.authenticate('google', { scope: ['profile'] })(req, res, next);
2016-05-21 22:48:00 +08:00
//google auth callback
passport.authenticate('google', {
2016-08-01 00:06:07 +08:00
successReturnToOrRedirect: config.serverurl + '/',
2016-07-08 13:37:41 +08:00
failureRedirect: config.serverurl + '/'
2016-08-01 00:06:07 +08:00
2016-05-21 22:48:00 +08:00
2015-05-04 15:53:29 +08:00
app.get('/logout', function (req, res) {
2016-01-31 15:41:10 -06:00
if (config.debug && req.isAuthenticated())
2016-04-20 18:03:55 +08:00
logger.info('user logout: ' + req.user.id);
2015-05-04 15:53:29 +08:00
2016-07-08 13:37:41 +08:00
res.redirect(config.serverurl + '/');
2015-05-04 15:53:29 +08:00
//get history
2016-10-10 20:51:46 +08:00
app.get('/history', history.historyGet);
2015-05-04 15:53:29 +08:00
//post history
2016-10-10 20:51:46 +08:00
app.post('/history', urlencodedParser, history.historyPost);
2016-10-10 20:52:09 +08:00
//post history by note id
app.post('/history/:noteId', urlencodedParser, history.historyPost);
//delete history
app.delete('/history', history.historyDelete);
//delete history by note id
app.delete('/history/:noteId', history.historyDelete);
2015-05-04 15:53:29 +08:00
//get me info
app.get('/me', function (req, res) {
if (req.isAuthenticated()) {
2016-04-20 18:03:55 +08:00
where: {
id: req.user.id
2015-05-04 15:53:29 +08:00
2016-04-20 18:03:55 +08:00
}).then(function (user) {
if (!user)
return response.errorNotFound(res);
var profile = models.User.parseProfile(user.profile);
status: 'ok',
id: req.user.id,
name: profile.name,
photo: profile.photo
}).catch(function (err) {
logger.error('read me failed: ' + err);
return response.errorInternalError(res);
2015-05-04 15:53:29 +08:00
} else {
status: 'forbidden'
2015-05-15 12:58:13 +08:00
//upload to imgur
app.post('/uploadimage', function (req, res) {
var form = new formidable.IncomingForm();
form.parse(req, function (err, fields, files) {
if (err || !files.image || !files.image.path) {
} else {
if (config.debug)
2015-07-02 00:10:20 +08:00
logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image));
2015-05-15 12:58:13 +08:00
2015-07-02 00:10:20 +08:00
try {
.then(function (json) {
if (config.debug)
logger.info('SERVER uploadimage success: ' + JSON.stringify(json));
2016-05-08 01:54:57 +08:00
link: json.data.link.replace(/^http:\/\//i, 'https://')
2015-07-02 00:10:20 +08:00
.catch(function (err) {
2016-08-19 11:31:23 +08:00
return res.status(500).end('upload image error');
2015-06-01 18:04:25 +08:00
2015-07-02 00:10:20 +08:00
} catch (err) {
2016-08-19 11:31:23 +08:00
return res.status(500).end('upload image error');
2015-07-02 00:10:20 +08:00
2015-05-15 12:58:13 +08:00
2015-05-04 15:53:29 +08:00
//get new note
app.get("/new", response.newNote);
2015-07-06 13:51:55 +08:00
//get publish note
app.get("/s/:shortid", response.showPublishNote);
//publish note actions
app.get("/s/:shortid/:action", response.publishNoteActions);
2015-12-18 09:40:52 -06:00
//get publish slide
2015-11-23 20:38:26 +08:00
app.get("/p/:shortid", response.showPublishSlide);
2016-08-15 11:25:27 +08:00
//publish slide actions
app.get("/p/:shortid/:action", response.publishSlideActions);
2015-05-04 15:53:29 +08:00
//get note by id
app.get("/:noteId", response.showNote);
//note actions
app.get("/:noteId/:action", response.noteActions);
2016-06-17 16:11:14 +08:00
//note actions with action id
app.get("/:noteId/:action/:actionId", response.noteActions);
2016-04-20 18:19:29 +08:00
// response not found if no any route matches
app.get('*', function (req, res) {
2015-05-04 15:53:29 +08:00
//socket.io secure
2015-06-01 18:04:25 +08:00
//socket.io auth
cookieParser: cookieParser,
key: config.sessionname,
secret: config.sessionsecret,
store: sessionStore,
success: realtime.onAuthorizeSuccess,
fail: realtime.onAuthorizeFail
2015-05-04 15:53:29 +08:00
//socket.io heartbeat
io.set('heartbeat interval', config.heartbeatinterval);
io.set('heartbeat timeout', config.heartbeattimeout);
//socket.io connection
io.sockets.on('connection', realtime.connection);
2016-04-20 18:03:55 +08:00
function startListen() {
2016-09-06 14:37:05 +03:00
server.listen(config.port, function () {
var schema = config.usessl ? 'HTTPS' : 'HTTP';
logger.info('%s Server listening at port %d', schema, config.port);
config.maintenance = false;
2015-07-11 12:44:16 +08:00
2016-04-20 18:03:55 +08:00
// sync db then start listen
2016-06-17 16:09:33 +08:00
models.sequelize.sync().then(function () {
// check if realtime is ready
2016-10-10 20:51:46 +08:00
if (history.isReady() && realtime.isReady()) {
2016-06-17 16:09:33 +08:00
models.Revision.checkAllNotesRevision(function (err, notes) {
2016-10-10 20:56:41 +08:00
if (err) throw new Error(err);
2016-09-18 16:50:20 +08:00
if (!notes || notes.length <= 0) return startListen();
2016-06-17 16:09:33 +08:00
2016-11-07 21:31:11 +08:00
} else {
throw new Error('server still not ready after db synced');
2016-06-17 16:09:33 +08:00
2016-04-20 18:03:55 +08:00
// log uncaught exception
2015-07-11 12:44:16 +08:00
process.on('uncaughtException', function (err) {
2016-05-10 09:37:41 +08:00
logger.error('An uncaught exception has occured.');
2015-07-11 12:44:16 +08:00
2016-05-10 09:37:41 +08:00
logger.error('Process will exit now.');
2016-06-01 14:18:54 +08:00
// gracefully exit
process.on('SIGINT', function () {
config.maintenance = true;
// disconnect all socket.io clients
Object.keys(io.sockets.sockets).forEach(function (key) {
var socket = io.sockets.sockets[key];
// notify client server going into maintenance status
2016-06-17 16:09:33 +08:00
2016-10-21 13:35:29 +08:00
setTimeout(function () {
}, 0);
2016-06-01 14:18:54 +08:00
var checkCleanTimer = setInterval(function () {
2016-10-10 20:51:46 +08:00
if (history.isReady() && realtime.isReady()) {
2016-06-17 16:09:33 +08:00
models.Revision.checkAllNotesRevision(function (err, notes) {
2016-10-10 20:56:41 +08:00
if (err) throw new Error(err);
2016-10-12 17:47:25 +08:00
if (!notes || notes.length <= 0) {
2016-06-17 16:09:33 +08:00
return process.exit(0);
2016-06-01 14:18:54 +08:00
}, 100);
2016-07-08 13:37:41 +08:00