2016-02-15 23:47:53 +08:00
|
|
|
|
/*
|
2022-10-06 18:04:58 +08:00
|
|
|
|
globals process
|
2016-02-15 23:47:53 +08:00
|
|
|
|
*/
|
2014-10-31 23:42:58 +08:00
|
|
|
|
var Express = require('express');
|
|
|
|
|
|
var Http = require('http');
|
2014-12-04 17:53:47 +08:00
|
|
|
|
var Fs = require('fs');
|
2017-05-19 22:56:45 +08:00
|
|
|
|
var Path = require("path");
|
2018-01-26 22:24:07 +08:00
|
|
|
|
var nThen = require("nthen");
|
2020-02-28 02:48:19 +08:00
|
|
|
|
var Util = require("./lib/common-util");
|
2020-02-29 01:01:52 +08:00
|
|
|
|
var Default = require("./lib/defaults");
|
2014-10-31 23:42:58 +08:00
|
|
|
|
|
2019-04-17 19:48:39 +08:00
|
|
|
|
var config = require("./lib/load-config");
|
2020-10-12 20:09:53 +08:00
|
|
|
|
var Env = require("./lib/env").create(config);
|
2019-04-01 20:39:32 +08:00
|
|
|
|
|
2019-12-24 06:15:07 +08:00
|
|
|
|
var app = Express();
|
2016-10-07 04:44:58 +08:00
|
|
|
|
|
2021-06-01 20:23:57 +08:00
|
|
|
|
var fancyURL = function (domain, path) {
|
|
|
|
|
|
try {
|
|
|
|
|
|
if (domain && path) { return new URL(path, domain).href; }
|
|
|
|
|
|
return new URL(domain);
|
|
|
|
|
|
} catch (err) {}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2020-02-29 01:01:52 +08:00
|
|
|
|
(function () {
|
2021-06-15 06:22:12 +08:00
|
|
|
|
// you absolutely must provide an 'httpUnsafeOrigin' (a truthy string)
|
2022-03-14 19:39:22 +08:00
|
|
|
|
if (typeof(Env.httpUnsafeOrigin) !== 'string' || !Env.httpUnsafeOrigin.trim()) {
|
2020-02-29 01:01:52 +08:00
|
|
|
|
throw new Error("No 'httpUnsafeOrigin' provided");
|
|
|
|
|
|
}
|
|
|
|
|
|
}());
|
|
|
|
|
|
|
2020-10-27 10:42:23 +08:00
|
|
|
|
var applyHeaderMap = function (res, map) {
|
2022-03-14 19:39:22 +08:00
|
|
|
|
for (let header in map) {
|
|
|
|
|
|
if (typeof(map[header]) === 'string') { res.setHeader(header, map[header]); }
|
|
|
|
|
|
}
|
2020-10-27 10:42:23 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
var EXEMPT = [
|
|
|
|
|
|
/^\/common\/onlyoffice\/.*\.html.*/,
|
|
|
|
|
|
/^\/(sheet|presentation|doc)\/inner\.html.*/,
|
|
|
|
|
|
/^\/unsafeiframe\/inner\.html.*$/,
|
|
|
|
|
|
];
|
|
|
|
|
|
|
2022-03-14 19:39:22 +08:00
|
|
|
|
var cacheHeaders = function (Env, key, headers) {
|
|
|
|
|
|
if (Env.DEV_MODE) { return; }
|
|
|
|
|
|
Env[key] = headers;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
var getHeaders = function (Env, type) {
|
|
|
|
|
|
var key = type + 'HeadersCache';
|
|
|
|
|
|
if (Env[key]) { return Env[key]; }
|
|
|
|
|
|
|
|
|
|
|
|
var headers = {};
|
2020-02-29 01:01:52 +08:00
|
|
|
|
|
|
|
|
|
|
var custom = config.httpHeaders;
|
|
|
|
|
|
// if the admin provided valid http headers then use them
|
|
|
|
|
|
if (custom && typeof(custom) === 'object' && !Array.isArray(custom)) {
|
2020-10-09 15:58:13 +08:00
|
|
|
|
headers = Util.clone(custom);
|
2020-02-29 01:01:52 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
// otherwise use the default
|
2022-02-18 16:24:33 +08:00
|
|
|
|
headers = Default.httpHeaders(Env);
|
2020-02-29 01:01:52 +08:00
|
|
|
|
}
|
2016-10-07 04:37:25 +08:00
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
headers['Content-Security-Policy'] = type === 'office'?
|
|
|
|
|
|
Default.padContentSecurity(Env):
|
2022-02-18 16:29:00 +08:00
|
|
|
|
Default.contentSecurity(Env);
|
2020-02-29 01:01:52 +08:00
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
if (Env.NO_SANDBOX) { // handles correct configuration for local development
|
|
|
|
|
|
// https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs
|
|
|
|
|
|
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
|
|
|
|
|
headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
|
2017-03-02 00:23:34 +08:00
|
|
|
|
}
|
2021-04-15 22:13:03 +08:00
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
// Don't set CSP headers on /api/ endpoints
|
|
|
|
|
|
// because they aren't necessary and they cause problems
|
|
|
|
|
|
// when duplicated by NGINX in production environments
|
|
|
|
|
|
if (type === 'api') {
|
2022-03-14 19:39:22 +08:00
|
|
|
|
cacheHeaders(Env, key, headers);
|
2022-02-18 16:24:33 +08:00
|
|
|
|
return headers;
|
2016-10-18 17:48:29 +08:00
|
|
|
|
}
|
2021-05-12 16:48:26 +08:00
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
2022-03-14 19:39:22 +08:00
|
|
|
|
cacheHeaders(Env, key, headers);
|
2022-02-18 16:24:33 +08:00
|
|
|
|
return headers;
|
|
|
|
|
|
};
|
2021-04-15 17:47:08 +08:00
|
|
|
|
|
2022-02-18 16:24:33 +08:00
|
|
|
|
var setHeaders = function (req, res) {
|
|
|
|
|
|
var type;
|
|
|
|
|
|
if (EXEMPT.some(regex => regex.test(req.url))) {
|
|
|
|
|
|
type = 'office';
|
|
|
|
|
|
} else if (/^\/api\/(broadcast|config)/.test(req.url)) {
|
|
|
|
|
|
type = 'api';
|
|
|
|
|
|
} else {
|
|
|
|
|
|
type = 'standard';
|
2016-10-18 17:48:29 +08:00
|
|
|
|
}
|
2022-02-18 16:24:33 +08:00
|
|
|
|
|
|
|
|
|
|
var h = getHeaders(Env, type);
|
2022-03-14 19:39:22 +08:00
|
|
|
|
//console.log('PEWPEW', type, h);
|
2022-02-18 16:24:33 +08:00
|
|
|
|
applyHeaderMap(res, h);
|
|
|
|
|
|
};
|
2016-10-07 05:02:30 +08:00
|
|
|
|
|
2017-04-18 21:51:42 +08:00
|
|
|
|
(function () {
|
|
|
|
|
|
if (!config.logFeedback) { return; }
|
|
|
|
|
|
|
|
|
|
|
|
const logFeedback = function (url) {
|
|
|
|
|
|
url.replace(/\?(.*?)=/, function (all, fb) {
|
2020-10-12 20:09:53 +08:00
|
|
|
|
if (!config.log) { return; }
|
2019-04-09 00:11:36 +08:00
|
|
|
|
config.log.feedback(fb, '');
|
2017-04-18 21:51:42 +08:00
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
app.head(/^\/common\/feedback\.html/, function (req, res, next) {
|
|
|
|
|
|
logFeedback(req.url);
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
}());
|
|
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
const serveStatic = Express.static(Env.paths.blob, {
|
|
|
|
|
|
setHeaders: function (res) {
|
|
|
|
|
|
res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
|
|
|
|
|
|
res.set('Access-Control-Allow-Headers', 'Content-Length');
|
|
|
|
|
|
res.set('Access-Control-Expose-Headers', 'Content-Length');
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2020-11-24 23:38:31 +08:00
|
|
|
|
app.use('/blob', function (req, res, next) {
|
|
|
|
|
|
if (req.method === 'HEAD') {
|
2022-10-06 18:04:58 +08:00
|
|
|
|
return void serveStatic(req, res, next);
|
2020-11-24 23:38:31 +08:00
|
|
|
|
}
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2019-08-27 00:39:23 +08:00
|
|
|
|
app.use(function (req, res, next) {
|
|
|
|
|
|
if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
|
2022-03-24 15:13:16 +08:00
|
|
|
|
res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
|
2019-08-27 00:39:23 +08:00
|
|
|
|
res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
|
2022-03-14 19:39:22 +08:00
|
|
|
|
res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
|
2019-08-27 00:39:23 +08:00
|
|
|
|
res.setHeader('Access-Control-Max-Age', 1728000);
|
|
|
|
|
|
res.setHeader('Content-Type', 'application/octet-stream; charset=utf-8');
|
|
|
|
|
|
res.setHeader('Content-Length', 0);
|
|
|
|
|
|
res.statusCode = 204;
|
|
|
|
|
|
return void res.end();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-02 00:23:34 +08:00
|
|
|
|
setHeaders(req, res);
|
|
|
|
|
|
if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
|
2020-10-27 10:42:23 +08:00
|
|
|
|
else { res.setHeader("Cache-Control", "no-cache"); }
|
2016-10-07 04:37:25 +08:00
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2022-07-25 19:10:29 +08:00
|
|
|
|
// serve custom app content from the customize directory
|
|
|
|
|
|
// useful for testing pages customized with opengraph data
|
2022-10-06 18:04:05 +08:00
|
|
|
|
app.use(Express.static(Path.resolve('customize/www')));
|
2021-11-22 20:46:35 +08:00
|
|
|
|
app.use(Express.static(Path.resolve('www')));
|
2014-10-31 23:42:58 +08:00
|
|
|
|
|
2016-10-18 17:48:29 +08:00
|
|
|
|
// FIXME I think this is a regression caused by a recent PR
|
|
|
|
|
|
// correct this hack without breaking the contributor's intended behaviour.
|
2016-12-29 00:11:06 +08:00
|
|
|
|
|
2020-02-29 01:01:52 +08:00
|
|
|
|
var mainPages = config.mainPages || Default.mainPages();
|
2016-12-29 00:11:06 +08:00
|
|
|
|
var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
|
2021-11-22 20:46:35 +08:00
|
|
|
|
app.get(mainPagePattern, Express.static(Path.resolve('customize')));
|
|
|
|
|
|
app.get(mainPagePattern, Express.static(Path.resolve('customize.dist')));
|
2016-10-18 17:48:29 +08:00
|
|
|
|
|
2021-11-22 20:46:35 +08:00
|
|
|
|
app.use("/blob", Express.static(Env.paths.blob, {
|
2020-10-12 20:09:53 +08:00
|
|
|
|
maxAge: Env.DEV_MODE? "0d": "365d"
|
2017-06-19 17:29:13 +08:00
|
|
|
|
}));
|
2021-11-22 20:46:35 +08:00
|
|
|
|
app.use("/datastore", Express.static(Env.paths.data, {
|
2018-04-13 23:49:17 +08:00
|
|
|
|
maxAge: "0d"
|
|
|
|
|
|
}));
|
2021-11-22 20:46:35 +08:00
|
|
|
|
|
|
|
|
|
|
app.use("/block", Express.static(Env.paths.block, {
|
2018-06-19 17:31:15 +08:00
|
|
|
|
maxAge: "0d",
|
|
|
|
|
|
}));
|
2017-04-25 23:19:13 +08:00
|
|
|
|
|
2021-11-22 20:46:35 +08:00
|
|
|
|
app.use("/customize", Express.static(Path.resolve('customize')));
|
|
|
|
|
|
app.use("/customize", Express.static(Path.resolve('customize.dist')));
|
|
|
|
|
|
app.use("/customize.dist", Express.static(Path.resolve('customize.dist')));
|
|
|
|
|
|
app.use(/^\/[^\/]*$/, Express.static(Path.resolve('customize')));
|
|
|
|
|
|
app.use(/^\/[^\/]*$/, Express.static(Path.resolve('customize.dist')));
|
2015-01-31 01:12:20 +08:00
|
|
|
|
|
2021-04-12 15:49:11 +08:00
|
|
|
|
// if dev mode: never cache
|
|
|
|
|
|
var cacheString = function () {
|
|
|
|
|
|
return (Env.FRESH_KEY? '-' + Env.FRESH_KEY: '') + (Env.DEV_MODE? '-' + (+new Date()): '');
|
|
|
|
|
|
};
|
2020-02-28 02:48:19 +08:00
|
|
|
|
|
2021-04-12 15:49:11 +08:00
|
|
|
|
var makeRouteCache = function (template, cacheName) {
|
2020-02-28 02:48:19 +08:00
|
|
|
|
var cleanUp = {};
|
2021-04-12 15:49:11 +08:00
|
|
|
|
var cache = Env[cacheName] = Env[cacheName] || {};
|
2020-02-28 02:48:19 +08:00
|
|
|
|
|
|
|
|
|
|
return function (req, res) {
|
|
|
|
|
|
var host = req.headers.host.replace(/\:[0-9]+/, '');
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
// don't cache anything if you're in dev mode
|
2020-10-12 20:09:53 +08:00
|
|
|
|
if (Env.DEV_MODE) {
|
2020-02-28 02:48:19 +08:00
|
|
|
|
return void res.send(template(host));
|
|
|
|
|
|
}
|
|
|
|
|
|
// generate a lookup key for the cache
|
|
|
|
|
|
var cacheKey = host + ':' + cacheString();
|
2020-10-09 15:58:13 +08:00
|
|
|
|
|
2020-10-12 20:09:53 +08:00
|
|
|
|
// FIXME mutable
|
|
|
|
|
|
// we must be able to clear the cache when updating any mutable key
|
2020-02-28 02:48:19 +08:00
|
|
|
|
// if there's nothing cached for that key...
|
2021-04-12 15:49:11 +08:00
|
|
|
|
if (!cache[cacheKey]) {
|
2020-02-28 02:48:19 +08:00
|
|
|
|
// generate the response and cache it in memory
|
2021-04-12 15:49:11 +08:00
|
|
|
|
cache[cacheKey] = template(host);
|
2020-02-28 02:48:19 +08:00
|
|
|
|
// and create a function to conditionally evict cache entries
|
|
|
|
|
|
// which have not been accessed in the last 20 seconds
|
|
|
|
|
|
cleanUp[cacheKey] = Util.throttle(function () {
|
|
|
|
|
|
delete cleanUp[cacheKey];
|
2021-04-12 15:49:11 +08:00
|
|
|
|
delete cache[cacheKey];
|
2020-02-28 02:48:19 +08:00
|
|
|
|
}, 20000);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// successive calls to this function
|
|
|
|
|
|
cleanUp[cacheKey]();
|
2021-04-12 15:49:11 +08:00
|
|
|
|
return void res.send(cache[cacheKey]);
|
2021-03-12 19:46:11 +08:00
|
|
|
|
};
|
2021-04-12 15:49:11 +08:00
|
|
|
|
};
|
2021-03-12 19:46:11 +08:00
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
var serveConfig = makeRouteCache(function () {
|
2021-04-12 15:49:11 +08:00
|
|
|
|
return [
|
|
|
|
|
|
'define(function(){',
|
2021-10-19 16:52:06 +08:00
|
|
|
|
'return ' + JSON.stringify({
|
2021-04-12 15:49:11 +08:00
|
|
|
|
requireConf: {
|
|
|
|
|
|
waitSeconds: 600,
|
2021-06-09 21:13:31 +08:00
|
|
|
|
urlArgs: 'ver=' + Env.version + cacheString(),
|
2021-04-12 15:49:11 +08:00
|
|
|
|
},
|
2021-06-08 22:54:30 +08:00
|
|
|
|
removeDonateButton: (Env.removeDonateButton === true),
|
|
|
|
|
|
allowSubscriptions: (Env.allowSubscriptions === true),
|
2021-10-19 16:52:06 +08:00
|
|
|
|
websocketPath: Env.websocketPath,
|
2021-06-08 22:54:30 +08:00
|
|
|
|
httpUnsafeOrigin: Env.httpUnsafeOrigin,
|
2021-04-12 15:49:11 +08:00
|
|
|
|
adminEmail: Env.adminEmail,
|
|
|
|
|
|
adminKeys: Env.admins,
|
|
|
|
|
|
inactiveTime: Env.inactiveTime,
|
|
|
|
|
|
supportMailbox: Env.supportMailbox,
|
|
|
|
|
|
defaultStorageLimit: Env.defaultStorageLimit,
|
|
|
|
|
|
maxUploadSize: Env.maxUploadSize,
|
|
|
|
|
|
premiumUploadSize: Env.premiumUploadSize,
|
2021-06-08 22:54:30 +08:00
|
|
|
|
restrictRegistration: Env.restrictRegistration,
|
2021-10-19 16:52:06 +08:00
|
|
|
|
httpSafeOrigin: Env.httpSafeOrigin,
|
2022-03-24 15:13:16 +08:00
|
|
|
|
enableEmbedding: Env.enableEmbedding,
|
2022-03-14 19:39:22 +08:00
|
|
|
|
fileHost: Env.fileHost,
|
2022-03-22 16:57:07 +08:00
|
|
|
|
shouldUpdateNode: Env.shouldUpdateNode || undefined,
|
2022-05-10 15:43:02 +08:00
|
|
|
|
listMyInstance: Env.listMyInstance,
|
2022-09-01 16:27:01 +08:00
|
|
|
|
accounts_api: Env.accounts_api,
|
2021-04-12 15:49:11 +08:00
|
|
|
|
}, null, '\t'),
|
|
|
|
|
|
'});'
|
2022-10-06 18:04:58 +08:00
|
|
|
|
].join(';\n');
|
2021-04-12 15:49:11 +08:00
|
|
|
|
}, 'configCache');
|
|
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
var serveBroadcast = makeRouteCache(function () {
|
2021-04-12 15:49:11 +08:00
|
|
|
|
var maintenance = Env.maintenance;
|
|
|
|
|
|
if (maintenance && maintenance.end && maintenance.end < (+new Date())) {
|
|
|
|
|
|
maintenance = undefined;
|
|
|
|
|
|
}
|
|
|
|
|
|
return [
|
|
|
|
|
|
'define(function(){',
|
|
|
|
|
|
'return ' + JSON.stringify({
|
2023-03-28 18:16:32 +08:00
|
|
|
|
curvePublic: Env.curvePublic, // XXX could be in api/config but issue with static config
|
2021-04-12 15:49:11 +08:00
|
|
|
|
lastBroadcastHash: Env.lastBroadcastHash,
|
|
|
|
|
|
surveyURL: Env.surveyURL,
|
|
|
|
|
|
maintenance: maintenance
|
|
|
|
|
|
}, null, '\t'),
|
|
|
|
|
|
'});'
|
2022-10-06 18:04:58 +08:00
|
|
|
|
].join(';\n');
|
2021-04-12 15:49:11 +08:00
|
|
|
|
}, 'broadcastCache');
|
2021-03-12 19:46:11 +08:00
|
|
|
|
|
2020-02-28 02:48:19 +08:00
|
|
|
|
app.get('/api/config', serveConfig);
|
2021-03-12 19:46:11 +08:00
|
|
|
|
app.get('/api/broadcast', serveBroadcast);
|
2014-11-03 18:13:41 +08:00
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
var defineBlock = function (obj) {
|
2022-05-03 20:50:18 +08:00
|
|
|
|
return `define(function (){
|
|
|
|
|
|
return ${JSON.stringify(obj, null, '\t')};
|
2022-10-06 18:04:58 +08:00
|
|
|
|
});`;
|
2022-05-03 20:50:18 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
app.get('/api/instance', function (req, res) { // XXX use caching?
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
2022-10-06 18:04:58 +08:00
|
|
|
|
res.send(defineBlock({
|
2022-05-06 16:25:00 +08:00
|
|
|
|
name: Env.instanceName,
|
|
|
|
|
|
description: Env.instanceDescription,
|
|
|
|
|
|
location: Env.instanceJurisdiction,
|
|
|
|
|
|
notice: Env.instanceNotice,
|
2022-05-03 20:50:18 +08:00
|
|
|
|
}));
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2021-11-22 20:46:35 +08:00
|
|
|
|
var four04_path = Path.resolve('customize.dist/404.html');
|
2022-10-06 18:04:05 +08:00
|
|
|
|
var fivehundred_path = Path.resolve('customize.dist/500.html');
|
2021-11-22 20:46:35 +08:00
|
|
|
|
var custom_four04_path = Path.resolve('customize/404.html');
|
2022-10-06 18:04:05 +08:00
|
|
|
|
var custom_fivehundred_path = Path.resolve('/customize/500.html');
|
2017-12-01 02:19:21 +08:00
|
|
|
|
|
|
|
|
|
|
var send404 = function (res, path) {
|
|
|
|
|
|
if (!path && path !== four04_path) { path = four04_path; }
|
|
|
|
|
|
Fs.exists(path, function (exists) {
|
2018-04-12 23:24:51 +08:00
|
|
|
|
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
2017-12-01 02:19:21 +08:00
|
|
|
|
if (exists) { return Fs.createReadStream(path).pipe(res); }
|
|
|
|
|
|
send404(res);
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
2022-03-22 19:08:42 +08:00
|
|
|
|
var send500 = function (res, path) {
|
|
|
|
|
|
if (!path && path !== fivehundred_path) { path = fivehundred_path; }
|
|
|
|
|
|
Fs.exists(path, function (exists) {
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
|
|
|
|
|
if (exists) { return Fs.createReadStream(path).pipe(res); }
|
|
|
|
|
|
send500(res);
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2022-07-11 16:17:53 +08:00
|
|
|
|
app.get('/api/updatequota', function (req, res) {
|
2022-08-30 19:53:10 +08:00
|
|
|
|
if (!Env.accounts_api) {
|
2022-07-11 16:17:53 +08:00
|
|
|
|
res.status(404);
|
|
|
|
|
|
return void send404(res);
|
|
|
|
|
|
}
|
|
|
|
|
|
var Quota = require("./lib/commands/quota");
|
|
|
|
|
|
Quota.updateCachedLimits(Env, (e) => {
|
|
|
|
|
|
if (e) {
|
2022-09-13 16:26:23 +08:00
|
|
|
|
Env.Log.warn('UPDATE_QUOTA_ERR', e);
|
2022-07-11 16:17:53 +08:00
|
|
|
|
res.status(500);
|
|
|
|
|
|
return void send500(res);
|
|
|
|
|
|
}
|
2022-09-13 15:30:36 +08:00
|
|
|
|
Env.Log.info('QUOTA_UPDATED', {});
|
2022-07-11 16:17:53 +08:00
|
|
|
|
res.send();
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
app.get('/api/profiling', function (req, res) {
|
2022-03-07 21:12:00 +08:00
|
|
|
|
if (!Env.enableProfiling) { return void send404(res); }
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
res.send(JSON.stringify({
|
|
|
|
|
|
bytesWritten: Env.bytesWritten,
|
|
|
|
|
|
}));
|
|
|
|
|
|
});
|
2017-12-01 02:19:21 +08:00
|
|
|
|
|
2022-10-06 18:04:58 +08:00
|
|
|
|
app.use(function (req, res) {
|
2017-12-01 02:19:21 +08:00
|
|
|
|
res.status(404);
|
|
|
|
|
|
send404(res, custom_four04_path);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2022-03-22 19:08:42 +08:00
|
|
|
|
// default message for thrown errors in ExpressJS routes
|
2022-10-06 18:04:58 +08:00
|
|
|
|
app.use(function (err, req, res) {
|
2022-03-22 19:08:42 +08:00
|
|
|
|
Env.Log.error('EXPRESSJS_ROUTING', {
|
|
|
|
|
|
error: err.stack || err,
|
|
|
|
|
|
});
|
|
|
|
|
|
res.status(500);
|
|
|
|
|
|
send500(res, custom_fivehundred_path);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2020-10-12 20:09:53 +08:00
|
|
|
|
var httpServer = Env.httpServer = Http.createServer(app);
|
2014-12-04 17:53:47 +08:00
|
|
|
|
|
2020-01-28 06:57:39 +08:00
|
|
|
|
nThen(function (w) {
|
2021-11-22 20:46:35 +08:00
|
|
|
|
Fs.exists(Path.resolve("customize"), w(function (e) {
|
2020-01-28 06:57:39 +08:00
|
|
|
|
if (e) { return; }
|
use consistent capitalization for CryptPad
run docs/ARCHITECTURE.md:[XWiki-Labs](https://labs.xwiki.com/) has published an open source suite (called [Cryptpad](https://github.com/xwiki-labs/cryptpad)) of collaborative editors which employ end to end encryption.
docs/ARCHITECTURE.md:Cryptpad is capable of using a variety of data stores.
docs/ARCHITECTURE.md:Cryptpad was initially written to use [websockets](https://en.wikipedia.org/wiki/WebSocket) for transportation of messages.
docs/ARCHITECTURE.md:The encryption scheme employed by Cryptpad is a [symmetric encryption](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) which utilizes a single [pre-shared-key](https://en.wikipedia.org/wiki/Pre-shared_key) known by all participants.
readme.md:See [Cryptpad-Docker](https://github.com/xwiki-labs/cryptpad-docker) repository for details on how to get up-and-running with Cryptpad in Docker. This repository is maintained by the community and not officially supported.
readme.md:If you have any questions or comments, or if you're interested in contributing to Cryptpad, come say hi in our [Matrix channel](https://app.element.io/#/room/#cryptpad:matrix.xwiki.com).
www/common/translations/README.md:To illustrate the process of translating, this guide will make an english-pirate translation of Cryptpad.
www/common/translations/README.md:We'll assume that you have a work locally-installed, properly functioning installation of Cryptpad.
www/common/translations/README.md:If you don't have Cryptpad installed locally, start by following the steps in the main readme.
www/common/translations/README.md: out.main_title = "Cryptpad: Zero Knowledge, Collaborative Real Time Editing";
www/common/translations/README.md: out.main_title = "Cryptpad: Knowledge lost at sea while ye scribble with yer mateys";
www/common/translations/README.md:It's advisable to save your translation file frequently, and reload Cryptpad in your browser to check that there are no errors in your translation file.
www/common/translations/README.md:When you're happy with your translation file, you can visit http://localhost:3000/assert/translations/ to view Cryptpad's tests.
www/common/translations/messages.ca.json: "topbar_whatIsCryptpad": "Què és CryptPad",
www/common/translations/messages.de.json: "topbar_whatIsCryptpad": "Was ist CryptPad",
www/common/translations/messages.el.json: "topbar_whatIsCryptpad": "Τι είναι το CryptPad",
www/common/translations/messages.es.json: "main_title": "Cryptpad: Zero Knowledge, Editor Colaborativo en Tiempo Real",
www/common/translations/messages.es.json: "tos_title": "Condiciones de servicio Cryptpad",
www/common/translations/messages.es.json: "tos_e2ee": "Los documentos Cryptpad pueden ser leídos o modificados por cualquiera que pueda adivinar o que pueda tener el enlace. Recomendamos que utilices mensajes cifrados de punto a punto (e2ee) para compartir URLs, no asumimos ninguna responsabilidad en el evento de alguna fuga.",
www/common/translations/messages.es.json: "topbar_whatIsCryptpad": "Qué es CryptPad",
www/common/translations/messages.es.json: "settings_autostoreHint": "<b> Automático </b> Todos los pads que visita se almacenan en su CryptDrive. <br> <b> Manual (siempre pregunte) </b> Si aún no ha guardado un pad, se le preguntará si desea para almacenarlos en su CryptDrive. <br> <b> Manual (nunca preguntar) </b> Los Pads no se almacenan automáticamente en su Cryptpad. La opción para almacenarlos estará oculta.",
www/common/translations/messages.fi.json: "home_host": "Tämä on itsenäinen yhteisön ylläpitämä Cryptpad-instanssi.",
www/common/translations/messages.fi.json: "topbar_whatIsCryptpad": "Mikä on CryptPad",
www/common/translations/messages.fr.json: "topbar_whatIsCryptpad": "Qu'est-ce que CryptPad",
www/common/translations/messages.fr.json: "admin_updateAvailableHint": "Une nouvelle version de Cryptpad est disponible",
www/common/translations/messages.id.json: "main_title": "Cryptpad: Informasi Aman, Kolaborasi Waktu Nyata"
www/common/translations/messages.it.json: "topbar_whatIsCryptpad": "Cos'è CryptPad",
www/common/translations/messages.it.json: "settings_autostoreHint": "<b>Automatico</b> Tutti i pad che visiti sono conservati nel tuo CryptDrive.<br><b>Manuale (chiedi sempre)</b> Se non hai ancora conservato alcun pad ti verrà chiesto se vuoi conservarli nel tuo CryptDrive.<br><b>Manuale (non chiedere mai)</b> I pads non sono conservati automaticamente nel tuo Cryptpad. L'opzione di conservarli sarà nascosta.",
www/common/translations/messages.it.json: "survey": "Sondaggio Cryptpad",
www/common/translations/messages.it.json: "crowdfunding_button": "Supporta Cryptpad",
www/common/translations/messages.ja.json: "topbar_whatIsCryptpad": "CryptPadとは何か",
www/common/translations/messages.json: "settings_autostoreHint": "<b>Automatic</b> All the pads you visit are stored in your CryptDrive.<br><b>Manual (always ask)</b> If you have not stored a pad yet, you will be asked if you want to store them in your CryptDrive.<br><b>Manual (never ask)</b> Pads are not stored automatically in your Cryptpad. The option to store them will be hidden.",
www/common/translations/messages.json: "topbar_whatIsCryptpad": "What is CryptPad",
www/common/translations/messages.nb.json: "topbar_whatIsCryptpad": "Hva er CryptPad",
www/common/translations/messages.nl.json: "settings_autostoreHint": "<b>Automatisch</b> Alle geopende werkomgevingen worden automatisch opgeslagen in uw CryptDrive.<br><b>Handmatig (altijd vragen)</b> Als u een werkomgeving nog niet hebt opgeslagen, zult u gevraagd worden of u het in uw CryptDrive wilt opslaan.<br><b>Handmatig (nooit vragen)</b> Werkomgevingen worden niet automatisch opgeslagen in uw Cryptpad. The optie om op te slaan wordt verborgen.",
www/common/translations/messages.pl.json: "main_title": "Cryptpad: Wspólne edytowanie w czasie rzeczywistym, bez wiedzy specjalistycznej",
www/common/translations/messages.pl.json: "tos_title": "Warunki korzystania z usług Cryptpad",
www/common/translations/messages.pl.json: "tos_e2ee": "Dokumenty Cryptpad mogą być odczytywane i modyfikowane przez każdego kto może zgadnąć lub w inny sposób uzyskać identyfikator dokumentu. Polecamy korzystania z oprogramowania szyfrującego end-to-end (e2ee) do udostępniania linków URL. Nie będziesz rościł sobie żadnych wierzytelności w wypadku gdy taki URL dostanie się w niepowołane ręce.",
www/common/translations/messages.pt-br.json: "main_title": "Cryptpad: Zero Knowledge, Edição Colaborativa em Tempo Real",
www/common/translations/messages.pt-br.json: "tos_title": "Termos de serviço doCryptpad",
www/common/translations/messages.pt-br.json: "topbar_whatIsCryptpad": "O que é CryptPad",
www/common/translations/messages.ro.json: "settings_autostoreHint": "<b>Automat</b> Toate documentele accesate sunt stocate în CryptDrive-ul dumneavoastră.<br><b>Manual (întreabă întotdeauna)</b> Dacă nu ai stocat încă un document, vei fi întrebat dacă dorești să îl stochezi în Cryptdrive-ul tău.<br><b>Manual (nu mai întreba)</b> Documentele nu sunt stocate automat în Cryptpad-ul tău. Opțiunea de a le stoca ulterior va fi ascunsă.",
www/common/translations/messages.ru.json: "topbar_whatIsCryptpad": "Что такое CryptPad",
www/common/translations/messages.zh.json: "footer_aboutUs": "關於 Cryptpad", for many more examples
2021-08-04 16:48:07 +08:00
|
|
|
|
console.log("CryptPad is customizable, see customize.dist/readme.md for details");
|
2020-01-28 06:57:39 +08:00
|
|
|
|
}));
|
|
|
|
|
|
}).nThen(function (w) {
|
2021-10-19 16:52:06 +08:00
|
|
|
|
httpServer.listen(Env.httpPort, Env.httpAddress, function(){
|
|
|
|
|
|
var host = Env.httpAddress;
|
2020-01-28 06:57:39 +08:00
|
|
|
|
var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
|
2017-01-27 23:45:41 +08:00
|
|
|
|
|
2021-10-19 16:52:06 +08:00
|
|
|
|
var port = Env.httpPort;
|
2020-01-28 06:57:39 +08:00
|
|
|
|
var ps = port === 80? '': ':' + port;
|
2017-03-11 01:03:15 +08:00
|
|
|
|
|
2021-06-01 20:23:57 +08:00
|
|
|
|
var roughAddress = 'http://' + hostName + ps;
|
2021-06-08 22:54:30 +08:00
|
|
|
|
var betterAddress = fancyURL(Env.httpUnsafeOrigin);
|
2021-06-01 20:23:57 +08:00
|
|
|
|
|
|
|
|
|
|
if (betterAddress) {
|
|
|
|
|
|
console.log('Serving content for %s via %s.\n', betterAddress, roughAddress);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
console.log('Serving content via %s.\n', roughAddress);
|
|
|
|
|
|
}
|
2021-06-08 22:54:30 +08:00
|
|
|
|
if (!Env.admins.length) {
|
2021-06-01 20:23:57 +08:00
|
|
|
|
console.log("Your instance is not correctly configured for safe use in production.\nSee %s for more information.\n",
|
2021-06-08 22:54:30 +08:00
|
|
|
|
fancyURL(Env.httpUnsafeOrigin, '/checkup/') || 'https://your-domain.com/checkup/'
|
2021-06-01 20:23:57 +08:00
|
|
|
|
);
|
|
|
|
|
|
}
|
2020-01-28 06:57:39 +08:00
|
|
|
|
});
|
2019-04-09 17:40:51 +08:00
|
|
|
|
|
2021-10-19 16:52:06 +08:00
|
|
|
|
if (Env.httpSafePort) {
|
|
|
|
|
|
Http.createServer(app).listen(Env.httpSafePort, Env.httpAddress, w());
|
2019-12-24 06:39:13 +08:00
|
|
|
|
}
|
2018-01-26 22:24:07 +08:00
|
|
|
|
}).nThen(function () {
|
2022-10-06 18:04:58 +08:00
|
|
|
|
//var wsConfig = { server: httpServer };
|
2020-01-28 06:57:39 +08:00
|
|
|
|
|
|
|
|
|
|
// Initialize logging then start the API server
|
|
|
|
|
|
require("./lib/log").create(config, function (_log) {
|
2020-10-12 20:09:53 +08:00
|
|
|
|
Env.Log = _log;
|
2020-01-28 06:57:39 +08:00
|
|
|
|
config.log = _log;
|
|
|
|
|
|
|
2022-03-22 16:57:07 +08:00
|
|
|
|
if (Env.shouldUpdateNode) {
|
|
|
|
|
|
Env.Log.warn("NODEJS_OLD_VERSION", {
|
|
|
|
|
|
message: `The CryptPad development team recommends using at least NodeJS v16.14.2`,
|
|
|
|
|
|
currentVersion: process.version,
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-08 17:19:04 +08:00
|
|
|
|
if (Env.OFFLINE_MODE) { return; }
|
2021-10-19 16:52:06 +08:00
|
|
|
|
if (Env.websocketPath) { return; }
|
2020-10-12 20:09:53 +08:00
|
|
|
|
|
|
|
|
|
|
require("./lib/api").create(Env);
|
2020-01-28 06:57:39 +08:00
|
|
|
|
});
|
2018-01-26 22:24:07 +08:00
|
|
|
|
});
|
2020-01-28 06:57:39 +08:00
|
|
|
|
|
|
|
|
|
|
|