2016-02-15 23:47:53 +08:00
|
|
|
/*
|
|
|
|
globals require console
|
|
|
|
*/
|
2014-10-31 23:42:58 +08:00
|
|
|
var Express = require('express');
|
|
|
|
var Http = require('http');
|
2014-12-04 17:53:47 +08:00
|
|
|
var Https = require('https');
|
|
|
|
var Fs = require('fs');
|
2014-10-31 23:42:58 +08:00
|
|
|
var WebSocketServer = require('ws').Server;
|
2017-03-16 22:57:13 +08:00
|
|
|
var NetfluxSrv = require('./node_modules/chainpad-server/NetfluxWebsocketSrv');
|
2017-03-02 00:23:34 +08:00
|
|
|
var Package = require('./package.json');
|
2017-05-19 22:56:45 +08:00
|
|
|
var Path = require("path");
|
2014-10-31 23:42:58 +08:00
|
|
|
|
2014-11-01 00:48:17 +08:00
|
|
|
var config = require('./config');
|
2016-10-07 04:37:25 +08:00
|
|
|
var websocketPort = config.websocketPort || config.httpPort;
|
2017-01-02 18:54:50 +08:00
|
|
|
var useSecureWebsockets = config.useSecureWebsockets || false;
|
2014-10-31 23:42:58 +08:00
|
|
|
|
2015-10-26 07:35:25 +08:00
|
|
|
// support multiple storage back ends
|
2016-10-07 04:37:25 +08:00
|
|
|
var Storage = require(config.storage||'./storage/file');
|
2015-10-26 07:35:25 +08:00
|
|
|
|
2014-10-31 23:42:58 +08:00
|
|
|
var app = Express();
|
2016-10-07 04:37:25 +08:00
|
|
|
|
2016-10-07 04:44:58 +08:00
|
|
|
var httpsOpts;
|
|
|
|
|
2017-03-07 00:25:02 +08:00
|
|
|
var DEV_MODE = !!process.env.DEV
|
|
|
|
if (DEV_MODE) {
|
|
|
|
console.log("DEV MODE ENABLED");
|
|
|
|
}
|
|
|
|
|
2017-03-02 00:23:34 +08:00
|
|
|
const clone = (x) => (JSON.parse(JSON.stringify(x)));
|
|
|
|
|
2016-10-18 17:48:29 +08:00
|
|
|
var setHeaders = (function () {
|
|
|
|
if (typeof(config.httpHeaders) !== 'object') { return function () {}; }
|
2016-10-07 04:37:25 +08:00
|
|
|
|
2017-03-02 00:23:34 +08:00
|
|
|
const headers = clone(config.httpHeaders);
|
2017-07-22 22:43:53 +08:00
|
|
|
if (config.contentSecurity && false) {
|
2017-03-02 00:23:34 +08:00
|
|
|
headers['Content-Security-Policy'] = clone(config.contentSecurity);
|
2017-06-15 20:45:01 +08:00
|
|
|
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
|
2017-06-07 15:51:10 +08:00
|
|
|
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
|
|
|
|
// backward compat for those who do not merge the new version of the config
|
|
|
|
// when updating. This prevents endless spinner if someone clicks donate.
|
|
|
|
headers['Content-Security-Policy'] += "frame-ancestors 'self' accounts.cryptpad.fr;";
|
|
|
|
}
|
2017-03-02 00:23:34 +08:00
|
|
|
}
|
|
|
|
const padHeaders = clone(headers);
|
|
|
|
if (config.padContentSecurity) {
|
|
|
|
padHeaders['Content-Security-Policy'] = clone(config.padContentSecurity);
|
|
|
|
}
|
2016-10-18 17:48:29 +08:00
|
|
|
if (Object.keys(headers).length) {
|
2017-03-02 00:23:34 +08:00
|
|
|
return function (req, res) {
|
|
|
|
const h = /^\/pad\/inner\.html.*/.test(req.url) ? padHeaders : headers;
|
|
|
|
for (let header in h) { res.setHeader(header, h[header]); }
|
2016-10-18 17:48:29 +08:00
|
|
|
};
|
|
|
|
}
|
|
|
|
return function () {};
|
|
|
|
}());
|
2016-10-07 05:02:30 +08:00
|
|
|
|
2017-04-18 21:51:42 +08:00
|
|
|
(function () {
|
|
|
|
if (!config.logFeedback) { return; }
|
|
|
|
|
|
|
|
const logFeedback = function (url) {
|
|
|
|
url.replace(/\?(.*?)=/, function (all, fb) {
|
|
|
|
console.log('[FEEDBACK] %s', fb);
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
app.head(/^\/common\/feedback\.html/, function (req, res, next) {
|
|
|
|
logFeedback(req.url);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
}());
|
|
|
|
|
2016-10-18 17:48:29 +08:00
|
|
|
app.use(function (req, res, next) {
|
2017-03-02 00:23:34 +08:00
|
|
|
setHeaders(req, res);
|
|
|
|
if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
|
2016-10-07 04:37:25 +08:00
|
|
|
next();
|
|
|
|
});
|
|
|
|
|
2014-10-31 23:42:58 +08:00
|
|
|
app.use(Express.static(__dirname + '/www'));
|
|
|
|
|
2016-09-27 18:17:38 +08:00
|
|
|
Fs.exists(__dirname + "/customize", function (e) {
|
2016-07-12 18:17:03 +08:00
|
|
|
if (e) { return; }
|
2015-01-31 01:12:20 +08:00
|
|
|
console.log("Cryptpad is customizable, see customize.dist/readme.md for details");
|
2016-07-12 18:17:03 +08:00
|
|
|
});
|
|
|
|
|
2016-10-18 17:48:29 +08:00
|
|
|
// FIXME I think this is a regression caused by a recent PR
|
|
|
|
// correct this hack without breaking the contributor's intended behaviour.
|
2016-12-29 00:11:06 +08:00
|
|
|
|
2017-01-17 01:28:37 +08:00
|
|
|
var mainPages = config.mainPages || ['index', 'privacy', 'terms', 'about', 'contact'];
|
2016-12-29 00:11:06 +08:00
|
|
|
var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
|
|
|
|
app.get(mainPagePattern, Express.static(__dirname + '/customize.dist'));
|
2016-10-18 17:48:29 +08:00
|
|
|
|
2017-06-19 17:29:13 +08:00
|
|
|
app.use("/blob", Express.static(Path.join(__dirname, (config.blobPath || './blob')), {
|
|
|
|
maxAge: DEV_MODE? "0d": "365d"
|
|
|
|
}));
|
2017-04-25 23:19:13 +08:00
|
|
|
|
2016-07-12 18:44:44 +08:00
|
|
|
app.use("/customize", Express.static(__dirname + '/customize'));
|
2016-07-12 18:17:03 +08:00
|
|
|
app.use("/customize", Express.static(__dirname + '/customize.dist'));
|
2016-09-27 17:53:52 +08:00
|
|
|
app.use(/^\/[^\/]*$/, Express.static('customize'));
|
|
|
|
app.use(/^\/[^\/]*$/, Express.static('customize.dist'));
|
2015-01-31 01:12:20 +08:00
|
|
|
|
2014-12-04 17:53:47 +08:00
|
|
|
if (config.privKeyAndCertFiles) {
|
|
|
|
var privKeyAndCerts = '';
|
2016-09-27 18:17:38 +08:00
|
|
|
config.privKeyAndCertFiles.forEach(function (file) {
|
2014-12-04 17:53:47 +08:00
|
|
|
privKeyAndCerts = privKeyAndCerts + Fs.readFileSync(file);
|
|
|
|
});
|
|
|
|
var array = privKeyAndCerts.split('\n-----BEGIN ');
|
2016-02-12 18:39:37 +08:00
|
|
|
for (var i = 1; i < array.length; i++) { array[i] = '-----BEGIN ' + array[i]; }
|
2014-12-04 17:53:47 +08:00
|
|
|
var privKey;
|
|
|
|
for (var i = 0; i < array.length; i++) {
|
|
|
|
if (array[i].indexOf('PRIVATE KEY-----\n') !== -1) {
|
|
|
|
privKey = array[i];
|
|
|
|
array.splice(i, 1);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!privKey) { throw new Error("cannot find private key"); }
|
|
|
|
httpsOpts = {
|
|
|
|
cert: array.shift(),
|
|
|
|
key: privKey,
|
|
|
|
ca: array
|
2016-02-12 18:39:37 +08:00
|
|
|
};
|
2014-12-04 17:53:47 +08:00
|
|
|
}
|
|
|
|
|
2016-09-27 18:17:38 +08:00
|
|
|
app.get('/api/config', function(req, res){
|
2014-11-03 18:13:41 +08:00
|
|
|
var host = req.headers.host.replace(/\:[0-9]+/, '');
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
res.send('define(' + JSON.stringify({
|
2017-03-02 00:23:34 +08:00
|
|
|
requireConf: {
|
|
|
|
waitSeconds: 60,
|
2017-03-07 00:25:02 +08:00
|
|
|
urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
|
2017-03-02 00:23:34 +08:00
|
|
|
},
|
2017-05-30 21:35:51 +08:00
|
|
|
removeDonateButton: (config.removeDonateButton === true),
|
|
|
|
allowSubscriptions: (config.allowSubscriptions === true),
|
|
|
|
|
2017-01-27 23:45:41 +08:00
|
|
|
websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
|
2017-01-02 18:54:50 +08:00
|
|
|
websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
|
2016-10-07 04:37:25 +08:00
|
|
|
websocketPort + '/cryptpad_websocket',
|
2014-11-03 18:13:41 +08:00
|
|
|
}) + ');');
|
|
|
|
});
|
|
|
|
|
2014-12-04 17:53:47 +08:00
|
|
|
var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
|
|
|
|
|
2016-09-27 18:17:38 +08:00
|
|
|
httpServer.listen(config.httpPort,config.httpAddress,function(){
|
2017-06-14 16:27:29 +08:00
|
|
|
var host = config.httpAddress;
|
|
|
|
var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
|
|
|
|
|
|
|
|
var port = config.httpPort;
|
|
|
|
var ps = port === 80? '': ':' + port;
|
|
|
|
|
|
|
|
console.log('\n[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
|
2015-10-26 07:35:25 +08:00
|
|
|
});
|
2014-10-31 23:42:58 +08:00
|
|
|
|
2016-03-16 23:34:27 +08:00
|
|
|
var wsConfig = { server: httpServer };
|
2017-01-27 23:45:41 +08:00
|
|
|
|
2017-03-11 01:03:15 +08:00
|
|
|
var createSocketServer = function (err, rpc) {
|
|
|
|
if(!config.useExternalWebsocket) {
|
|
|
|
if (websocketPort !== config.httpPort) {
|
|
|
|
console.log("setting up a new websocket server");
|
|
|
|
wsConfig = { port: websocketPort};
|
|
|
|
}
|
|
|
|
var wsSrv = new WebSocketServer(wsConfig);
|
|
|
|
Storage.create(config, function (store) {
|
|
|
|
NetfluxSrv.run(store, wsSrv, config, rpc);
|
|
|
|
});
|
2017-01-27 23:45:41 +08:00
|
|
|
}
|
2017-03-11 01:03:15 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
var loadRPC = function (cb) {
|
|
|
|
config.rpc = typeof(config.rpc) === 'undefined'? './rpc.js' : config.rpc;
|
|
|
|
|
|
|
|
if (typeof(config.rpc) === 'string') {
|
|
|
|
// load pin store...
|
|
|
|
var Rpc = require(config.rpc);
|
|
|
|
Rpc.create(config, function (e, rpc) {
|
|
|
|
if (e) { throw e; }
|
|
|
|
cb(void 0, rpc);
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
cb();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
loadRPC(createSocketServer);
|