cryptpad/server.js

341 lines
12 KiB
JavaScript
Raw Normal View History

2016-02-15 23:47:53 +08:00
/*
globals require console
*/
2014-10-31 23:42:58 +08:00
var Express = require('express');
var Http = require('http');
2014-12-04 17:53:47 +08:00
var Https = require('https');
var Fs = require('fs');
2014-10-31 23:42:58 +08:00
var WebSocketServer = require('ws').Server;
var NetfluxSrv = require('./node_modules/chainpad-server/NetfluxWebsocketSrv');
var Package = require('./package.json');
2017-05-19 22:56:45 +08:00
var Path = require("path");
2018-01-26 22:24:07 +08:00
var nThen = require("nthen");
2014-10-31 23:42:58 +08:00
var config = require("./lib/load-config");
var websocketPort = config.websocketPort || config.httpPort;
var useSecureWebsockets = config.useSecureWebsockets || false;
2014-10-31 23:42:58 +08:00
// This is stuff which will become available to replify
const debuggableStore = new WeakMap();
const debuggable = function (name, x) {
if (name in debuggableStore) {
try { throw new Error(); } catch (e) {
console.error('cannot add ' + name + ' more than once [' + e.stack + ']');
}
} else {
debuggableStore[name] = x;
}
return x;
};
debuggable('global', global);
debuggable('config', config);
// support multiple storage back ends
var Storage = require(config.storage||'./storage/file');
var app = debuggable('app', Express());
var httpsOpts;
2019-08-30 21:03:22 +08:00
// mode can be FRESH (default), DEV, or PACKAGE
2017-12-11 18:13:06 +08:00
var FRESH_KEY = '';
2019-08-30 21:03:22 +08:00
var FRESH_MODE = true;
var DEV_MODE = false;
if (process.env.PACKAGE) {
// `PACKAGE=1 node server` uses the version string from package.json as the cache string
console.log("PACKAGE MODE ENABLED");
FRESH_MODE = false;
DEV_MODE = false;
} else if (process.env.DEV) {
// `DEV=1 node server` will use a random cache string on every page reload
console.log("DEV MODE ENABLED");
FRESH_MODE = false;
DEV_MODE = true;
} else {
// `FRESH=1 node server` will set a random cache string when the server is launched
// and use it for the process lifetime or until it is reset from the admin panel
2017-12-11 18:13:06 +08:00
console.log("FRESH MODE ENABLED");
FRESH_KEY = +new Date();
}
2019-08-30 21:03:22 +08:00
2019-03-28 00:00:28 +08:00
config.flushCache = function () {
FRESH_KEY = +new Date();
if (!(DEV_MODE || FRESH_MODE)) { FRESH_MODE = true; }
2019-08-30 21:03:22 +08:00
if (!config.log) { return; }
config.log.info("UPDATING_FRESH_KEY", FRESH_KEY);
2019-03-28 00:00:28 +08:00
};
const clone = (x) => (JSON.parse(JSON.stringify(x)));
var setHeaders = (function () {
if (typeof(config.httpHeaders) !== 'object') { return function () {}; }
const headers = clone(config.httpHeaders);
if (config.contentSecurity) {
headers['Content-Security-Policy'] = clone(config.contentSecurity);
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
// backward compat for those who do not merge the new version of the config
// when updating. This prevents endless spinner if someone clicks donate.
// It also fixes the cross-domain iframe.
headers['Content-Security-Policy'] += "frame-ancestors *;";
}
}
const padHeaders = clone(headers);
if (config.padContentSecurity) {
padHeaders['Content-Security-Policy'] = clone(config.padContentSecurity);
}
if (Object.keys(headers).length) {
return function (req, res) {
2019-03-01 00:08:19 +08:00
const h = [
/^\/pad(2)?\/inner\.html.*/,
2019-01-28 19:18:18 +08:00
/^\/sheet\/inner\.html.*/,
/^\/common\/onlyoffice\/.*\/index\.html.*/
].some((regex) => {
2019-03-01 00:08:19 +08:00
return regex.test(req.url)
}) ? padHeaders : headers;
for (let header in h) { res.setHeader(header, h[header]); }
};
}
return function () {};
}());
(function () {
if (!config.logFeedback) { return; }
const logFeedback = function (url) {
url.replace(/\?(.*?)=/, function (all, fb) {
2019-04-09 00:11:36 +08:00
config.log.feedback(fb, '');
});
};
app.head(/^\/common\/feedback\.html/, function (req, res, next) {
logFeedback(req.url);
next();
});
}());
2019-08-27 00:39:23 +08:00
app.use(function (req, res, next) {
if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range');
res.setHeader('Access-Control-Max-Age', 1728000);
res.setHeader('Content-Type', 'application/octet-stream; charset=utf-8');
res.setHeader('Content-Length', 0);
res.statusCode = 204;
return void res.end();
}
setHeaders(req, res);
if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
next();
});
2014-10-31 23:42:58 +08:00
app.use(Express.static(__dirname + '/www'));
2016-09-27 18:17:38 +08:00
Fs.exists(__dirname + "/customize", function (e) {
if (e) { return; }
2015-01-31 01:12:20 +08:00
console.log("Cryptpad is customizable, see customize.dist/readme.md for details");
});
// FIXME I think this is a regression caused by a recent PR
// correct this hack without breaking the contributor's intended behaviour.
2017-01-17 01:28:37 +08:00
var mainPages = config.mainPages || ['index', 'privacy', 'terms', 'about', 'contact'];
var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
app.get(mainPagePattern, Express.static(__dirname + '/customize'));
app.get(mainPagePattern, Express.static(__dirname + '/customize.dist'));
app.use("/blob", Express.static(Path.join(__dirname, (config.blobPath || './blob')), {
maxAge: DEV_MODE? "0d": "365d"
}));
app.use("/datastore", Express.static(Path.join(__dirname, (config.filePath || './datastore')), {
maxAge: "0d"
}));
app.use("/block", Express.static(Path.join(__dirname, (config.blockPath || '/block')), {
maxAge: "0d",
}));
app.use("/customize", Express.static(__dirname + '/customize'));
app.use("/customize", Express.static(__dirname + '/customize.dist'));
app.use("/customize.dist", Express.static(__dirname + '/customize.dist'));
app.use(/^\/[^\/]*$/, Express.static('customize'));
app.use(/^\/[^\/]*$/, Express.static('customize.dist'));
2015-01-31 01:12:20 +08:00
2014-12-04 17:53:47 +08:00
if (config.privKeyAndCertFiles) {
var privKeyAndCerts = '';
2016-09-27 18:17:38 +08:00
config.privKeyAndCertFiles.forEach(function (file) {
2014-12-04 17:53:47 +08:00
privKeyAndCerts = privKeyAndCerts + Fs.readFileSync(file);
});
var array = privKeyAndCerts.split('\n-----BEGIN ');
2016-02-12 18:39:37 +08:00
for (var i = 1; i < array.length; i++) { array[i] = '-----BEGIN ' + array[i]; }
2014-12-04 17:53:47 +08:00
var privKey;
for (var i = 0; i < array.length; i++) {
if (array[i].indexOf('PRIVATE KEY-----\n') !== -1) {
privKey = array[i];
array.splice(i, 1);
break;
}
}
if (!privKey) { throw new Error("cannot find private key"); }
httpsOpts = {
cert: array.shift(),
key: privKey,
ca: array
2016-02-12 18:39:37 +08:00
};
2014-12-04 17:53:47 +08:00
}
var admins = [];
try {
admins = (config.adminKeys || []).map(function (k) {
k = k.replace(/\/+$/, '');
var s = k.split('/');
return s[s.length-1].replace(/-/g, '/');
});
} catch (e) { console.error("Can't parse admin keys"); }
2019-04-09 00:39:45 +08:00
// TODO, cache this /api/config responses instead of re-computing it each time
2016-09-27 18:17:38 +08:00
app.get('/api/config', function(req, res){
// TODO precompute any data that isn't dynamic to save some CPU time
var host = req.headers.host.replace(/\:[0-9]+/, '');
res.setHeader('Content-Type', 'text/javascript');
res.send('define(function(){\n' + [
'var obj = ' + JSON.stringify({
requireConf: {
waitSeconds: 600,
2017-12-11 18:13:06 +08:00
urlArgs: 'ver=' + Package.version + (FRESH_KEY? '-' + FRESH_KEY: '') + (DEV_MODE? '-' + (+new Date()): ''),
},
removeDonateButton: (config.removeDonateButton === true),
allowSubscriptions: (config.allowSubscriptions === true),
websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
2019-04-09 00:39:45 +08:00
// FIXME don't send websocketURL if websocketPath is provided. deprecated.
websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
websocketPort + '/cryptpad_websocket',
2019-12-17 17:57:13 +08:00
httpUnsafeOrigin: config.httpUnsafeOrigin.replace(/^ /, ''),
2019-03-29 00:18:04 +08:00
adminEmail: config.adminEmail,
2019-03-28 00:00:28 +08:00
adminKeys: admins,
inactiveTime: config.inactiveTime,
2019-06-24 18:15:34 +08:00
supportMailbox: config.supportMailboxPublicKey
}, null, '\t'),
'obj.httpSafeOrigin = ' + (function () {
if (config.httpSafeOrigin) { return '"' + config.httpSafeOrigin + '"'; }
if (config.httpSafePort) {
return "(function () { return window.location.origin.replace(/\:[0-9]+$/, ':" +
config.httpSafePort + "'); }())";
}
return 'window.location.origin';
}()),
'return obj',
'});'
].join(';\n'));
});
2017-12-01 02:19:21 +08:00
var four04_path = Path.resolve(__dirname + '/customize.dist/404.html');
var custom_four04_path = Path.resolve(__dirname + '/customize/404.html');
var send404 = function (res, path) {
if (!path && path !== four04_path) { path = four04_path; }
Fs.exists(path, function (exists) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
2017-12-01 02:19:21 +08:00
if (exists) { return Fs.createReadStream(path).pipe(res); }
send404(res);
});
};
app.use(function (req, res, next) {
res.status(404);
send404(res, custom_four04_path);
});
2014-12-04 17:53:47 +08:00
var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
httpServer.listen(config.httpPort,config.httpAddress,function(){
var host = config.httpAddress;
var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
var port = config.httpPort;
var ps = port === 80? '': ':' + port;
console.log('[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
});
if (config.httpSafePort) {
Http.createServer(app).listen(config.httpSafePort, config.httpAddress);
}
2014-10-31 23:42:58 +08:00
var wsConfig = { server: httpServer };
2018-01-26 22:24:07 +08:00
var rpc;
var historyKeeper;
var log;
2019-08-21 19:22:43 +08:00
// Initialize logging, the the store, then tasks, then rpc, then history keeper and then start the server
2018-01-26 22:24:07 +08:00
var nt = nThen(function (w) {
2019-04-09 00:11:36 +08:00
// set up logger
var Logger = require("./lib/log");
//console.log("Loading logging module");
2019-04-09 00:11:36 +08:00
Logger.create(config, w(function (_log) {
log = config.log = _log;
2019-04-09 00:11:36 +08:00
}));
}).nThen(function (w) {
if (config.useExternalWebsocket) { return; }
Storage.create(config, w(function (_store) {
config.store = _store;
}));
}).nThen(function (w) {
var Tasks = require("./storage/tasks");
Tasks.create(config, w(function (e, tasks) {
if (e) {
throw e;
}
config.tasks = tasks;
if (config.disableIntegratedTasks) { return; }
setInterval(function () {
tasks.runAll(function (err) {
if (err) {
// either TASK_CONCURRENCY or an error with tasks.list
// in either case it is already logged.
}
});
}, 1000 * 60 * 5); // run every five minutes
}));
2018-01-26 22:24:07 +08:00
}).nThen(function (w) {
config.rpc = typeof(config.rpc) === 'undefined'? './rpc.js' : config.rpc;
2018-01-26 22:24:07 +08:00
if (typeof(config.rpc) !== 'string') { return; }
// load pin store...
var Rpc = require(config.rpc);
2018-02-06 18:41:57 +08:00
Rpc.create(config, debuggable, w(function (e, _rpc) {
2018-01-26 22:24:07 +08:00
if (e) {
w.abort();
throw e;
}
rpc = _rpc;
}));
}).nThen(function () {
if (config.useExternalWebsocket) { return; }
var HK = require('./historyKeeper.js');
var hkConfig = {
tasks: config.tasks,
rpc: rpc,
store: config.store,
log: log,
retainData: Boolean(config.retainData),
};
historyKeeper = HK.create(hkConfig);
}).nThen(function () {
if (config.useExternalWebsocket) { return; }
2018-01-26 22:24:07 +08:00
if (websocketPort !== config.httpPort) {
log.debug("setting up a new websocket server");
2018-01-26 22:24:07 +08:00
wsConfig = { port: websocketPort};
}
2018-01-26 22:24:07 +08:00
var wsSrv = new WebSocketServer(wsConfig);
NetfluxSrv.run(wsSrv, config, historyKeeper);
2018-01-26 22:24:07 +08:00
});
if (config.debugReplName) {
require('replify')({ name: config.debugReplName, app: debuggableStore });
2018-02-19 19:11:06 +08:00
}