2023-10-20 22:35:26 +08:00
|
|
|
|
// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
|
|
|
|
|
|
//
|
|
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
const process = require("node:process");
|
|
|
|
|
|
const Http = require("node:http");
|
|
|
|
|
|
const Default = require("./defaults");
|
|
|
|
|
|
const Path = require("node:path");
|
|
|
|
|
|
const Fs = require("node:fs");
|
|
|
|
|
|
const nThen = require("nthen");
|
|
|
|
|
|
const Util = require("./common-util");
|
|
|
|
|
|
const Logger = require("./log");
|
2023-05-05 20:47:58 +08:00
|
|
|
|
const AuthCommands = require("./http-commands");
|
|
|
|
|
|
const MFA = require("./storage/mfa");
|
|
|
|
|
|
const Sessions = require("./storage/sessions");
|
2023-06-23 23:46:14 +08:00
|
|
|
|
const cookieParser = require("cookie-parser");
|
2023-10-19 00:20:49 +08:00
|
|
|
|
const bodyParser = require('body-parser');
|
2023-08-29 23:50:39 +08:00
|
|
|
|
const BlobStore = require("./storage/blob");
|
2023-09-09 00:10:02 +08:00
|
|
|
|
const BlockStore = require("./storage/block");
|
2023-11-18 00:19:04 +08:00
|
|
|
|
const plugins = require("./plugin-manager");
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
const DEFAULT_QUERY_TIMEOUT = 5000;
|
|
|
|
|
|
const PID = process.pid;
|
|
|
|
|
|
|
2023-11-18 00:19:04 +08:00
|
|
|
|
let SSOUtils = plugins.SSO && plugins.SSO.utils;
|
2023-11-06 23:27:52 +08:00
|
|
|
|
|
2023-05-05 20:47:58 +08:00
|
|
|
|
var Env = JSON.parse(process.env.Env);
|
2023-12-06 00:10:45 +08:00
|
|
|
|
Env.plugins = plugins;
|
2022-12-20 16:50:59 +08:00
|
|
|
|
const response = Util.response(function (errLabel, info) {
|
2023-05-05 20:47:58 +08:00
|
|
|
|
if (!Env.Log) { return; }
|
2023-01-11 17:32:02 +08:00
|
|
|
|
Env.Log.error(errLabel, info);
|
2022-12-20 16:50:59 +08:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
const guid = () => {
|
|
|
|
|
|
return Util.guid(response._pending);
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
const sendMessage = (msg, cb, opt) => {
|
|
|
|
|
|
var txid = guid();
|
|
|
|
|
|
var timeout = (opt && opt.timeout) || DEFAULT_QUERY_TIMEOUT;
|
|
|
|
|
|
var obj = {
|
|
|
|
|
|
pid: PID,
|
|
|
|
|
|
txid: txid,
|
|
|
|
|
|
content: msg,
|
|
|
|
|
|
};
|
|
|
|
|
|
response.expect(txid, cb, timeout);
|
|
|
|
|
|
process.send(obj);
|
|
|
|
|
|
};
|
|
|
|
|
|
const Log = {};
|
|
|
|
|
|
Logger.levels.forEach(level => {
|
|
|
|
|
|
Log[level] = function (tag, info) {
|
|
|
|
|
|
sendMessage({
|
|
|
|
|
|
command: 'LOG',
|
|
|
|
|
|
level: level,
|
|
|
|
|
|
tag: tag,
|
|
|
|
|
|
info: info,
|
|
|
|
|
|
}, (err) => {
|
|
|
|
|
|
if (err) {
|
2022-12-20 20:33:52 +08:00
|
|
|
|
return void console.error(new Error(err));
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
});
|
2023-05-06 23:12:11 +08:00
|
|
|
|
Env.Log = Log;
|
2023-06-09 21:06:17 +08:00
|
|
|
|
Env.incrementBytesWritten = function () {};
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
const EVENTS = {};
|
|
|
|
|
|
|
2022-12-20 20:33:52 +08:00
|
|
|
|
EVENTS.ENV_UPDATE = function (data /*, cb */) {
|
|
|
|
|
|
try {
|
|
|
|
|
|
Env = JSON.parse(data);
|
2023-05-05 20:47:58 +08:00
|
|
|
|
Env.Log = Log;
|
2023-12-13 00:04:01 +08:00
|
|
|
|
Env.plugins = plugins;
|
2023-06-09 21:06:17 +08:00
|
|
|
|
Env.incrementBytesWritten = function () {};
|
2022-12-20 20:33:52 +08:00
|
|
|
|
} catch (err) {
|
|
|
|
|
|
Log.error('HTTP_WORKER_ENV_UPDATE', Util.serializeError(err));
|
|
|
|
|
|
}
|
2022-12-20 16:50:59 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
2023-01-11 17:32:02 +08:00
|
|
|
|
EVENTS.FLUSH_CACHE = function (data) {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (typeof(data) !== 'number') {
|
|
|
|
|
|
return Log.error('INVALID_FRESH_KEY', data);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Env.FRESH_KEY = data;
|
|
|
|
|
|
[ 'configCache', 'broadcastCache', ].forEach(key => {
|
|
|
|
|
|
Env[key] = {};
|
|
|
|
|
|
});
|
|
|
|
|
|
[ 'officeHeadersCache', 'standardHeadersCache', 'apiHeadersCache', ].forEach(key => {
|
|
|
|
|
|
Env[key] = undefined;
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
process.on('message', msg => {
|
|
|
|
|
|
if (!(msg && msg.txid)) { return; }
|
|
|
|
|
|
if (msg.type === 'REPLY') {
|
|
|
|
|
|
var txid = msg.txid;
|
|
|
|
|
|
return void response.handle(txid, [msg.error, msg.value]);
|
|
|
|
|
|
} else if (msg.type === 'EVENT') {
|
|
|
|
|
|
// response to event...
|
|
|
|
|
|
// ie. Update Env, flush cache, etc.
|
|
|
|
|
|
var ev = EVENTS[msg.command];
|
|
|
|
|
|
if (typeof(ev) === 'function') {
|
|
|
|
|
|
return void ev(msg.data, () => {});
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2023-07-13 20:12:47 +08:00
|
|
|
|
//console.error("UNHANDLED_MESSAGE", msg);
|
2022-12-20 16:50:59 +08:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var applyHeaderMap = function (res, map) {
|
|
|
|
|
|
for (let header in map) {
|
|
|
|
|
|
if (typeof(map[header]) === 'string') { res.setHeader(header, map[header]); }
|
|
|
|
|
|
}
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
var EXEMPT = [
|
|
|
|
|
|
/^\/common\/onlyoffice\/.*\.html.*/,
|
|
|
|
|
|
/^\/(sheet|presentation|doc)\/inner\.html.*/,
|
|
|
|
|
|
/^\/unsafeiframe\/inner\.html.*$/,
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
var cacheHeaders = function (Env, key, headers) {
|
2022-12-20 20:33:52 +08:00
|
|
|
|
if (Env.DEV_MODE) { return; }
|
2022-12-20 16:50:59 +08:00
|
|
|
|
Env[key] = headers;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2022-12-20 20:33:52 +08:00
|
|
|
|
var getHeaders = function (Env, type) {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
var key = type + 'HeadersCache';
|
|
|
|
|
|
if (Env[key]) { return Env[key]; }
|
|
|
|
|
|
|
2022-12-20 20:33:52 +08:00
|
|
|
|
var headers = Default.httpHeaders(Env);
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
2023-07-11 16:30:36 +08:00
|
|
|
|
var csp;
|
|
|
|
|
|
if (type === 'office') {
|
|
|
|
|
|
csp = Default.padContentSecurity(Env);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
csp = Default.contentSecurity(Env);
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}
|
2023-07-11 16:30:36 +08:00
|
|
|
|
headers['Content-Security-Policy'] = csp;
|
2023-09-05 19:01:41 +08:00
|
|
|
|
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
|
|
|
|
|
headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
|
|
|
|
|
|
cacheHeaders(Env, key, headers);
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
// Don't set CSP headers on /api/ endpoints
|
|
|
|
|
|
// because they aren't necessary and they cause problems
|
|
|
|
|
|
// when duplicated by NGINX in production environments
|
2023-09-05 19:01:41 +08:00
|
|
|
|
if (type === 'api') { delete headers['Content-Security-Policy']; }
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
return headers;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
var setHeaders = function (req, res) {
|
|
|
|
|
|
var type;
|
|
|
|
|
|
if (EXEMPT.some(regex => regex.test(req.url))) {
|
|
|
|
|
|
type = 'office';
|
|
|
|
|
|
} else if (/^\/api\/(broadcast|config)/.test(req.url)) {
|
|
|
|
|
|
type = 'api';
|
|
|
|
|
|
} else {
|
|
|
|
|
|
type = 'standard';
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var h = getHeaders(Env, type);
|
2024-04-17 20:50:32 +08:00
|
|
|
|
|
2024-04-17 21:12:27 +08:00
|
|
|
|
// Allow main domain to load resources from the sandbox URL
|
|
|
|
|
|
if (!Env.enableEmbedding && req.get('origin') === Env.httpUnsafeOrigin &&
|
|
|
|
|
|
/^\/common\/onlyoffice\/dist\/.*\/fonts\/.*/.test(req.url)) {
|
2024-04-17 20:50:32 +08:00
|
|
|
|
h['Access-Control-Allow-Origin'] = Env.httpUnsafeOrigin;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
applyHeaderMap(res, h);
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
const Express = require("express");
|
2023-10-09 17:32:40 +08:00
|
|
|
|
Express.static.mime.define({'application/wasm': ['wasm']});
|
2022-12-20 16:50:59 +08:00
|
|
|
|
var app = Express();
|
2023-10-19 00:20:49 +08:00
|
|
|
|
|
|
|
|
|
|
app.use(bodyParser.urlencoded({
|
|
|
|
|
|
extended: true
|
|
|
|
|
|
}));
|
2023-06-23 23:46:14 +08:00
|
|
|
|
app.use(cookieParser());
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
(function () {
|
|
|
|
|
|
if (!Env.logFeedback) { return; }
|
|
|
|
|
|
|
|
|
|
|
|
const logFeedback = function (url) {
|
|
|
|
|
|
url.replace(/\?(.*?)=/, function (all, fb) {
|
|
|
|
|
|
Log.feedback(fb, '');
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
app.head(/^\/common\/feedback\.html/, function (req, res, next) {
|
|
|
|
|
|
logFeedback(req.url);
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
}());
|
|
|
|
|
|
|
|
|
|
|
|
const { createProxyMiddleware } = require("http-proxy-middleware");
|
2022-12-20 20:33:52 +08:00
|
|
|
|
|
2023-12-18 22:47:10 +08:00
|
|
|
|
var httpAddress = Env.httpAddress === '::' ? 'localhost' : Env.httpAddress;
|
|
|
|
|
|
var proxyTarget = new URL('', `ws:${httpAddress}`);
|
2022-12-20 20:33:52 +08:00
|
|
|
|
proxyTarget.port = Env.websocketPort;
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
const wsProxy = createProxyMiddleware({
|
2022-12-20 20:33:52 +08:00
|
|
|
|
target: proxyTarget.href,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
ws: true,
|
2022-12-20 20:33:52 +08:00
|
|
|
|
logLevel: 'error',
|
2024-03-13 23:51:22 +08:00
|
|
|
|
onProxyReqWs: function (proxyReq, req) {
|
2024-02-20 01:15:05 +08:00
|
|
|
|
proxyReq.setHeader('X-Real-Ip', req.socket.remoteAddress);
|
|
|
|
|
|
},
|
2023-07-13 20:49:07 +08:00
|
|
|
|
logProvider: (p) => {
|
|
|
|
|
|
p.error = (data) => {
|
|
|
|
|
|
if (/ECONNRESET/.test(data)) { return; }
|
|
|
|
|
|
Env.Log.error('HTTP_PROXY_MIDDLEWARE', data);
|
|
|
|
|
|
};
|
|
|
|
|
|
return p;
|
|
|
|
|
|
}
|
2022-12-20 16:50:59 +08:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
app.use('/cryptpad_websocket', wsProxy);
|
|
|
|
|
|
|
2023-10-19 00:20:49 +08:00
|
|
|
|
app.use('/ssoauth', (req, res, next) => {
|
2023-11-06 23:27:52 +08:00
|
|
|
|
if (SSOUtils && req && req.body && req.body.SAMLResponse) {
|
2023-10-21 00:20:31 +08:00
|
|
|
|
req.method = 'GET';
|
|
|
|
|
|
|
|
|
|
|
|
let token = Util.uid();
|
|
|
|
|
|
let smres = req.body.SAMLResponse;
|
|
|
|
|
|
return SSOUtils.writeRequest(Env, {
|
|
|
|
|
|
id: token,
|
|
|
|
|
|
type: 'saml',
|
|
|
|
|
|
content: smres
|
|
|
|
|
|
}, (err) => {
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('E_SSO_WRITE_REQ', err);
|
|
|
|
|
|
return res.sendStatus(500);
|
|
|
|
|
|
}
|
|
|
|
|
|
let value = `samltoken="${token}"; SameSite=Strict; HttpOnly`;
|
|
|
|
|
|
res.setHeader('Set-Cookie', value);
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
}
|
2023-10-19 00:20:49 +08:00
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
app.use('/blob', function (req, res, next) {
|
2023-03-07 13:47:46 +08:00
|
|
|
|
/* Head requests are used to check the size of a blob.
|
|
|
|
|
|
Clients can configure a maximum size to download automatically,
|
|
|
|
|
|
and can manually click to download blobs which exceed that limit. */
|
2023-08-29 23:50:39 +08:00
|
|
|
|
const url = req.url;
|
|
|
|
|
|
if (typeof(url) === "string" && Env.blobStore) {
|
|
|
|
|
|
const s = url.split('/');
|
|
|
|
|
|
if (s[1] && s[1].length === 2 && s[2] && s[2].length === Env.blobStore.BLOB_LENGTH) {
|
|
|
|
|
|
Env.blobStore.updateActivity(s[2], () => {});
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (req.method === 'HEAD') {
|
|
|
|
|
|
Express.static(Path.resolve(Env.paths.blob), {
|
|
|
|
|
|
setHeaders: function (res /*, path, stat */) {
|
|
|
|
|
|
res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
|
|
|
|
|
|
res.set('Access-Control-Allow-Headers', 'Content-Length');
|
|
|
|
|
|
res.set('Access-Control-Expose-Headers', 'Content-Length');
|
|
|
|
|
|
}
|
|
|
|
|
|
})(req, res, next);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2023-03-07 13:47:46 +08:00
|
|
|
|
|
|
|
|
|
|
/* Some GET requests concern the whole file,
|
|
|
|
|
|
others only target ranges, either:
|
|
|
|
|
|
|
|
|
|
|
|
1. a two octet prefix which encodes the length of the metadata in octets
|
|
|
|
|
|
2. the metadata itself, excluding the two preceding octets
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
// Example code to demonstrate the types of requests which are handled
|
|
|
|
|
|
if (req.method === 'GET') {
|
|
|
|
|
|
if (!req.headers.range) {
|
|
|
|
|
|
// metadata
|
|
|
|
|
|
} else {
|
|
|
|
|
|
// full request
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
app.use(function (req, res, next) {
|
2023-03-07 13:47:46 +08:00
|
|
|
|
/* These are pre-flight requests, through which the client
|
|
|
|
|
|
confirms with the server that it is permitted to make the
|
|
|
|
|
|
actual requests which will follow */
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
|
|
|
|
|
|
res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
|
|
|
|
|
|
res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
|
|
|
|
|
|
res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
|
|
|
|
|
|
res.setHeader('Access-Control-Max-Age', 1728000);
|
|
|
|
|
|
res.setHeader('Content-Type', 'application/octet-stream; charset=utf-8');
|
|
|
|
|
|
res.setHeader('Content-Length', 0);
|
|
|
|
|
|
res.statusCode = 204;
|
|
|
|
|
|
return void res.end();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
setHeaders(req, res);
|
|
|
|
|
|
if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
|
|
|
|
|
|
else { res.setHeader("Cache-Control", "no-cache"); }
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2023-10-19 00:20:49 +08:00
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
// serve custom app content from the customize directory
|
|
|
|
|
|
// useful for testing pages customized with opengraph data
|
|
|
|
|
|
app.use(Express.static(Path.resolve('./customize/www')));
|
|
|
|
|
|
app.use(Express.static(Path.resolve('./www')));
|
|
|
|
|
|
|
|
|
|
|
|
var mainPages = Env.mainPages || Default.mainPages();
|
|
|
|
|
|
var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
|
|
|
|
|
|
app.get(mainPagePattern, Express.static('./customize'));
|
|
|
|
|
|
app.get(mainPagePattern, Express.static('./customize.dist'));
|
|
|
|
|
|
|
|
|
|
|
|
app.use("/blob", Express.static(Path.resolve(Env.paths.blob), {
|
|
|
|
|
|
maxAge: Env.DEV_MODE? "0d": "365d"
|
|
|
|
|
|
}));
|
2023-08-22 19:13:19 +08:00
|
|
|
|
app.use("/datastore",
|
|
|
|
|
|
(req, res, next) => {
|
|
|
|
|
|
if (req.method === 'HEAD') {
|
|
|
|
|
|
next();
|
|
|
|
|
|
} else {
|
|
|
|
|
|
res.status(403).end();
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
|
|
|
|
|
Express.static(Env.paths.data, {
|
|
|
|
|
|
maxAge: "0d"
|
|
|
|
|
|
}
|
|
|
|
|
|
));
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
2023-05-05 20:47:58 +08:00
|
|
|
|
app.use('/block/', function (req, res, next) {
|
|
|
|
|
|
var parsed = Path.parse(req.url);
|
|
|
|
|
|
var name = parsed.name;
|
|
|
|
|
|
// block access control only applies to files
|
|
|
|
|
|
// identified by base64-encoded public keys
|
|
|
|
|
|
// skip everything else, ie. /block/placeholder.txt
|
|
|
|
|
|
if (typeof(name) !== 'string' || name.length !== 44) {
|
|
|
|
|
|
return void next();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var authorization = req.headers.authorization;
|
|
|
|
|
|
|
2023-06-27 22:04:32 +08:00
|
|
|
|
var mfa_params, sso_params;
|
2023-05-05 20:47:58 +08:00
|
|
|
|
nThen(function (w) {
|
|
|
|
|
|
// First, check whether the block id in question has any MFA settings stored
|
|
|
|
|
|
MFA.read(Env, name, w(function (err, content) {
|
|
|
|
|
|
// ENOENT means there are no settings configured
|
|
|
|
|
|
// it could be a 404 or an existing block without MFA protection
|
|
|
|
|
|
// in either case you can abort and fall through
|
|
|
|
|
|
// allowing the static webserver to handle either case
|
|
|
|
|
|
if (err && err.code === 'ENOENT') {
|
2023-06-27 22:04:32 +08:00
|
|
|
|
return;
|
2023-05-05 20:47:58 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// we're not expecting other errors. the sensible thing is to fail
|
|
|
|
|
|
// closed - meaning assume some protection is in place but that
|
|
|
|
|
|
// the settings couldn't be loaded for some reason. block access
|
|
|
|
|
|
// to the resource, logging for the admin and responding to the client
|
|
|
|
|
|
// with a vague error code
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('GET_BLOCK_METADATA', err);
|
|
|
|
|
|
return void res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
error: "UNEXPECTED_ERROR",
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Otherwise, some settings were loaded correctly.
|
|
|
|
|
|
// We're expecting stringified JSON, so try to parse it.
|
|
|
|
|
|
// Log and respond with an error again if this fails.
|
|
|
|
|
|
// If it parses successfully then fall through to the next block.
|
|
|
|
|
|
try {
|
|
|
|
|
|
mfa_params = JSON.parse(content);
|
|
|
|
|
|
} catch (err2) {
|
|
|
|
|
|
w.abort();
|
|
|
|
|
|
Log.error("INVALID_BLOCK_METADATA", err2);
|
|
|
|
|
|
return res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
error: "UNEXPECTED_ERROR",
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
}));
|
2023-06-27 22:04:32 +08:00
|
|
|
|
|
|
|
|
|
|
// Same for SSO settings
|
2023-11-06 23:27:52 +08:00
|
|
|
|
if (!SSOUtils) { return; }
|
2023-06-27 22:04:32 +08:00
|
|
|
|
SSOUtils.readBlock(Env, name, w(function (err, content) {
|
2023-11-08 22:58:28 +08:00
|
|
|
|
if (err && (err.code === 'ENOENT' || err === 'ENOENT')) {
|
2023-06-27 22:04:32 +08:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('GET_BLOCK_METADATA', err);
|
|
|
|
|
|
return void res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
error: "UNEXPECTED_ERROR",
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
sso_params = content;
|
|
|
|
|
|
}));
|
|
|
|
|
|
}).nThen(function (w) {
|
|
|
|
|
|
if (!mfa_params && !sso_params) {
|
|
|
|
|
|
w.abort();
|
|
|
|
|
|
next();
|
|
|
|
|
|
}
|
2023-05-05 20:47:58 +08:00
|
|
|
|
}).nThen(function (w) {
|
|
|
|
|
|
// We should only be able to reach this logic
|
|
|
|
|
|
// if we successfully loaded and parsed some JSON
|
2023-06-27 22:04:32 +08:00
|
|
|
|
// representing the user's MFA and/or SSO settings.
|
2023-05-05 20:47:58 +08:00
|
|
|
|
|
|
|
|
|
|
// Failures at this point relate to insufficient or incorrect authorization.
|
|
|
|
|
|
// This function standardizes how we reject such requests.
|
|
|
|
|
|
|
|
|
|
|
|
// So far the only additional factor which is supported is TOTP.
|
|
|
|
|
|
// We specify what the method is to allow for future alternatives
|
|
|
|
|
|
// and inform the client so they can determine how to respond
|
|
|
|
|
|
// "401" means "Unauthorized"
|
|
|
|
|
|
var no = function () {
|
|
|
|
|
|
w.abort();
|
|
|
|
|
|
res.status(401).json({
|
2023-10-26 23:55:54 +08:00
|
|
|
|
sso: Boolean(sso_params),
|
|
|
|
|
|
method: mfa_params && mfa_params.method,
|
2023-05-05 20:47:58 +08:00
|
|
|
|
code: 401
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2023-06-27 22:04:32 +08:00
|
|
|
|
// if you are here it is because this block is protected by MFA or SSO.
|
2023-05-05 20:47:58 +08:00
|
|
|
|
// they will need to provide a JSON Web Token, so we can reject them outright
|
|
|
|
|
|
// if one is not present in their authorization header
|
|
|
|
|
|
if (!authorization) { return void no(); }
|
|
|
|
|
|
|
|
|
|
|
|
// The authorization header should be of the form
|
2023-06-27 22:04:32 +08:00
|
|
|
|
// "Authorization: Bearer <SessionId>"
|
2023-05-05 20:47:58 +08:00
|
|
|
|
// We can reject the request if it is malformed.
|
|
|
|
|
|
let token = authorization.replace(/^Bearer\s+/, '').trim();
|
|
|
|
|
|
if (!token) { return void no(); }
|
|
|
|
|
|
|
2023-06-24 00:35:18 +08:00
|
|
|
|
Sessions.read(Env, name, token, function (err, contentStr) {
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('SESSION_READ_ERROR', err);
|
|
|
|
|
|
return res.status(401).json({
|
2023-10-26 23:55:54 +08:00
|
|
|
|
sso: Boolean(sso_params),
|
|
|
|
|
|
method: mfa_params && mfa_params.method,
|
2023-06-24 00:35:18 +08:00
|
|
|
|
code: 401,
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
let content = Util.tryParse(contentStr);
|
|
|
|
|
|
|
2023-06-27 22:04:32 +08:00
|
|
|
|
if (mfa_params && !content.mfa) { return void no(); }
|
|
|
|
|
|
if (sso_params && !content.sso) { return void no(); }
|
|
|
|
|
|
|
2023-06-29 18:32:45 +08:00
|
|
|
|
if (content.mfa && content.mfa.exp && (+new Date()) > content.mfa.exp) {
|
2023-06-27 22:04:32 +08:00
|
|
|
|
Log.error("OTP_SESSION_EXPIRED", content.mfa);
|
2023-06-24 00:35:18 +08:00
|
|
|
|
Sessions.delete(Env, name, token, function (err) {
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('SESSION_DELETE_EXPIRED_ERROR', err);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
Log.info('SESSION_DELETE_EXPIRED', err);
|
|
|
|
|
|
});
|
|
|
|
|
|
return void no();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-05 20:47:58 +08:00
|
|
|
|
|
2023-06-29 18:32:45 +08:00
|
|
|
|
if (content.sso && content.sso.exp && (+new Date()) > content.sso.exp) {
|
|
|
|
|
|
Log.error("SSO_SESSION_EXPIRED", content.sso);
|
|
|
|
|
|
Sessions.delete(Env, name, token, function (err) {
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Log.error('SSO_SESSION_DELETE_EXPIRED_ERROR', err);
|
|
|
|
|
|
return;
|
2023-06-27 22:04:32 +08:00
|
|
|
|
}
|
2023-06-29 18:32:45 +08:00
|
|
|
|
Log.info('SSO_SESSION_DELETE_EXPIRED', err);
|
2023-05-05 20:47:58 +08:00
|
|
|
|
});
|
2023-06-29 18:32:45 +08:00
|
|
|
|
return void no();
|
2023-05-05 20:47:58 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-29 18:32:45 +08:00
|
|
|
|
// Interpret the existence of a file in that location as the continued
|
2023-05-05 20:47:58 +08:00
|
|
|
|
// validity of the session. Fall through and let the built-in webserver
|
|
|
|
|
|
// handle the 404 or serving the file.
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
// TODO this would be a good place to update a block's atime
|
|
|
|
|
|
// in a manner independent of the filesystem. ie. for detecting and archiving
|
|
|
|
|
|
// inactive accounts in a way that will not be invalidated by other forms of access
|
|
|
|
|
|
// like filesystem backups.
|
2022-12-20 16:50:59 +08:00
|
|
|
|
app.use("/block", Express.static(Path.resolve(Env.paths.block), {
|
|
|
|
|
|
maxAge: "0d",
|
|
|
|
|
|
}));
|
2023-09-09 00:10:02 +08:00
|
|
|
|
// In case of a 404 for the block, check if a placeholder exists
|
|
|
|
|
|
// and provide the result if that's the case
|
|
|
|
|
|
app.use("/block", (req, res, next) => {
|
|
|
|
|
|
const url = req.url;
|
|
|
|
|
|
if (typeof(url) === "string") {
|
|
|
|
|
|
const s = url.split('/');
|
|
|
|
|
|
if (s[1] && s[1].length === 2 && BlockStore.isValidKey(s[2])) {
|
|
|
|
|
|
return BlockStore.readPlaceholder(Env, s[2], (content) => {
|
|
|
|
|
|
res.status(404).json({
|
|
|
|
|
|
reason: content,
|
|
|
|
|
|
code: 404
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
next();
|
|
|
|
|
|
});
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
2024-05-01 00:13:52 +08:00
|
|
|
|
Object.keys(plugins || {}).forEach(name => {
|
|
|
|
|
|
let plugin = plugins[name];
|
|
|
|
|
|
if (!plugin.addHttpEndpoints) { return; }
|
|
|
|
|
|
plugin.addHttpEndpoints(Env, app);
|
|
|
|
|
|
});
|
2024-03-15 23:09:23 +08:00
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
app.use("/customize", Express.static('customize'));
|
|
|
|
|
|
app.use("/customize", Express.static('customize.dist'));
|
|
|
|
|
|
app.use("/customize.dist", Express.static('customize.dist'));
|
|
|
|
|
|
app.use(/^\/[^\/]*$/, Express.static('customize'));
|
|
|
|
|
|
app.use(/^\/[^\/]*$/, Express.static('customize.dist'));
|
|
|
|
|
|
|
|
|
|
|
|
// if dev mode: never cache
|
|
|
|
|
|
var cacheString = function () {
|
|
|
|
|
|
return (Env.FRESH_KEY? '-' + Env.FRESH_KEY: '') + (Env.DEV_MODE? '-' + (+new Date()): '');
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
var makeRouteCache = function (template, cacheName) {
|
|
|
|
|
|
var cleanUp = {};
|
|
|
|
|
|
|
|
|
|
|
|
return function (req, res) {
|
2023-08-22 21:48:43 +08:00
|
|
|
|
var cache = Env[cacheName] = Env[cacheName] || {};
|
2022-12-20 16:50:59 +08:00
|
|
|
|
var host = req.headers.host.replace(/\:[0-9]+/, '');
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
// don't cache anything if you're in dev mode
|
|
|
|
|
|
if (Env.DEV_MODE) {
|
|
|
|
|
|
return void res.send(template(host));
|
|
|
|
|
|
}
|
|
|
|
|
|
// generate a lookup key for the cache
|
|
|
|
|
|
var cacheKey = host + ':' + cacheString();
|
|
|
|
|
|
|
|
|
|
|
|
// FIXME mutable
|
|
|
|
|
|
// we must be able to clear the cache when updating any mutable key
|
|
|
|
|
|
// if there's nothing cached for that key...
|
|
|
|
|
|
if (!cache[cacheKey]) {
|
|
|
|
|
|
// generate the response and cache it in memory
|
|
|
|
|
|
cache[cacheKey] = template(host);
|
|
|
|
|
|
// and create a function to conditionally evict cache entries
|
|
|
|
|
|
// which have not been accessed in the last 20 seconds
|
|
|
|
|
|
cleanUp[cacheKey] = Util.throttle(function () {
|
|
|
|
|
|
delete cleanUp[cacheKey];
|
|
|
|
|
|
delete cache[cacheKey];
|
|
|
|
|
|
}, 20000);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// successive calls to this function
|
2024-02-28 01:00:23 +08:00
|
|
|
|
if (typeof (cleanUp[cacheKey]) === "function") {
|
|
|
|
|
|
cleanUp[cacheKey]();
|
|
|
|
|
|
}
|
2022-12-20 16:50:59 +08:00
|
|
|
|
return void res.send(cache[cacheKey]);
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2023-06-23 23:46:14 +08:00
|
|
|
|
const ssoList = Env.sso && Env.sso.enabled && Array.isArray(Env.sso.list) &&
|
2023-07-02 17:04:21 +08:00
|
|
|
|
Env.sso.list.map(function (obj) { return obj.name; }) || [];
|
2023-11-07 23:02:27 +08:00
|
|
|
|
const ssoCfg = (SSOUtils && ssoList.length) ? {
|
2023-06-23 23:46:14 +08:00
|
|
|
|
force: (Env.sso && Env.sso.enforced && 1) || 0,
|
2023-11-07 23:02:27 +08:00
|
|
|
|
password: (Env.sso && Env.sso.cpPassword && (Env.sso.forceCpPassword ? 2 : 1)) || 0,
|
2023-06-23 23:46:14 +08:00
|
|
|
|
list: ssoList
|
|
|
|
|
|
} : false;
|
2022-12-20 20:33:52 +08:00
|
|
|
|
var serveConfig = makeRouteCache(function () {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
return [
|
|
|
|
|
|
'define(function(){',
|
|
|
|
|
|
'return ' + JSON.stringify({
|
|
|
|
|
|
requireConf: {
|
|
|
|
|
|
waitSeconds: 600,
|
|
|
|
|
|
urlArgs: 'ver=' + Env.version + cacheString(),
|
|
|
|
|
|
},
|
|
|
|
|
|
removeDonateButton: (Env.removeDonateButton === true),
|
|
|
|
|
|
allowSubscriptions: (Env.allowSubscriptions === true),
|
|
|
|
|
|
websocketPath: Env.websocketPath,
|
|
|
|
|
|
httpUnsafeOrigin: Env.httpUnsafeOrigin,
|
|
|
|
|
|
adminEmail: Env.adminEmail,
|
|
|
|
|
|
adminKeys: Env.admins,
|
2024-02-23 01:46:26 +08:00
|
|
|
|
moderatorKeys: Env.moderators,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
inactiveTime: Env.inactiveTime,
|
|
|
|
|
|
supportMailbox: Env.supportMailbox,
|
2024-02-22 22:48:34 +08:00
|
|
|
|
supportMailboxKey: Env.supportMailboxKey,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
defaultStorageLimit: Env.defaultStorageLimit,
|
|
|
|
|
|
maxUploadSize: Env.maxUploadSize,
|
|
|
|
|
|
premiumUploadSize: Env.premiumUploadSize,
|
|
|
|
|
|
restrictRegistration: Env.restrictRegistration,
|
2024-06-20 00:11:55 +08:00
|
|
|
|
appsToDisable: Env.appsToDisable,
|
2023-12-20 00:59:56 +08:00
|
|
|
|
restrictSsoRegistration: Env.restrictSsoRegistration,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
httpSafeOrigin: Env.httpSafeOrigin,
|
|
|
|
|
|
enableEmbedding: Env.enableEmbedding,
|
|
|
|
|
|
fileHost: Env.fileHost,
|
|
|
|
|
|
shouldUpdateNode: Env.shouldUpdateNode || undefined,
|
|
|
|
|
|
listMyInstance: Env.listMyInstance,
|
|
|
|
|
|
accounts_api: Env.accounts_api,
|
2023-11-09 22:35:56 +08:00
|
|
|
|
sso: ssoCfg,
|
2024-03-04 21:58:22 +08:00
|
|
|
|
enforceMFA: Env.enforceMFA,
|
|
|
|
|
|
onlyOffice: Env.onlyOffice
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}, null, '\t'),
|
|
|
|
|
|
'});'
|
|
|
|
|
|
].join(';\n');
|
|
|
|
|
|
}, 'configCache');
|
|
|
|
|
|
|
2022-12-20 20:33:52 +08:00
|
|
|
|
var serveBroadcast = makeRouteCache(function () {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
var maintenance = Env.maintenance;
|
|
|
|
|
|
if (maintenance && maintenance.end && maintenance.end < (+new Date())) {
|
|
|
|
|
|
maintenance = undefined;
|
|
|
|
|
|
}
|
|
|
|
|
|
return [
|
|
|
|
|
|
'define(function(){',
|
|
|
|
|
|
'return ' + JSON.stringify({
|
2023-09-11 17:53:59 +08:00
|
|
|
|
curvePublic: Env.curvePublic,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
lastBroadcastHash: Env.lastBroadcastHash,
|
|
|
|
|
|
surveyURL: Env.surveyURL,
|
|
|
|
|
|
maintenance: maintenance
|
|
|
|
|
|
}, null, '\t'),
|
|
|
|
|
|
'});'
|
|
|
|
|
|
].join(';\n');
|
|
|
|
|
|
}, 'broadcastCache');
|
|
|
|
|
|
|
|
|
|
|
|
app.get('/api/config', serveConfig);
|
|
|
|
|
|
app.get('/api/broadcast', serveBroadcast);
|
|
|
|
|
|
|
2024-05-07 22:52:01 +08:00
|
|
|
|
(function () {
|
|
|
|
|
|
let extensions = plugins._extensions;
|
|
|
|
|
|
let styles = plugins._styles;
|
|
|
|
|
|
let str = JSON.stringify(extensions);
|
|
|
|
|
|
let str2 = JSON.stringify(styles);
|
|
|
|
|
|
let js = `let extensions = ${str};
|
|
|
|
|
|
let styles = ${str2};
|
|
|
|
|
|
let lang = window.cryptpadLanguage;
|
|
|
|
|
|
let paths = [];
|
|
|
|
|
|
extensions.forEach(name => {
|
|
|
|
|
|
paths.push(\`optional!/\${name}/extensions.js\`);
|
|
|
|
|
|
paths.push(\`optional!json!/\${name}/translations/messages.json\`);
|
|
|
|
|
|
paths.push(\`optional!json!/\${name}/translations/messages.\${lang}.json\`);
|
|
|
|
|
|
});
|
|
|
|
|
|
styles.forEach(name => {
|
|
|
|
|
|
paths.push(\`optional!less!/\${name}/style.less\`);
|
|
|
|
|
|
});
|
|
|
|
|
|
define(paths, function () {
|
|
|
|
|
|
let args = Array.prototype.slice.apply(arguments);
|
|
|
|
|
|
return args;
|
|
|
|
|
|
}, function () {
|
|
|
|
|
|
// ignore missing files
|
2024-06-21 23:01:33 +08:00
|
|
|
|
});`;
|
2024-05-07 22:52:01 +08:00
|
|
|
|
app.get('/extensions.js', (req, res) => {
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
res.send(js);
|
|
|
|
|
|
});
|
|
|
|
|
|
})();
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
var Define = function (obj) {
|
|
|
|
|
|
return `define(function (){
|
|
|
|
|
|
return ${JSON.stringify(obj, null, '\t')};
|
|
|
|
|
|
});`;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2022-12-20 20:33:52 +08:00
|
|
|
|
app.get('/api/instance', function (req, res) {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
res.send(Define({
|
2024-03-20 01:16:01 +08:00
|
|
|
|
color: Env.accentColor,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
name: Env.instanceName,
|
|
|
|
|
|
description: Env.instanceDescription,
|
|
|
|
|
|
location: Env.instanceJurisdiction,
|
|
|
|
|
|
notice: Env.instanceNotice,
|
|
|
|
|
|
}));
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
var four04_path = Path.resolve('./customize.dist/404.html');
|
|
|
|
|
|
var fivehundred_path = Path.resolve('./customize.dist/500.html');
|
|
|
|
|
|
var custom_four04_path = Path.resolve('./customize/404.html');
|
|
|
|
|
|
var custom_fivehundred_path = Path.resolve('./customize/500.html');
|
|
|
|
|
|
|
|
|
|
|
|
var send404 = function (res, path) {
|
|
|
|
|
|
if (!path && path !== four04_path) { path = four04_path; }
|
|
|
|
|
|
Fs.exists(path, function (exists) {
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
|
|
|
|
|
if (exists) { return Fs.createReadStream(path).pipe(res); }
|
|
|
|
|
|
send404(res);
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
var send500 = function (res, path) {
|
|
|
|
|
|
if (!path && path !== fivehundred_path) { path = fivehundred_path; }
|
|
|
|
|
|
Fs.exists(path, function (exists) {
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
|
|
|
|
|
if (exists) { return Fs.createReadStream(path).pipe(res); }
|
|
|
|
|
|
send500(res);
|
|
|
|
|
|
});
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
app.get('/api/updatequota', function (req, res) {
|
|
|
|
|
|
if (!Env.accounts_api) {
|
|
|
|
|
|
res.status(404);
|
|
|
|
|
|
return void send404(res);
|
|
|
|
|
|
}
|
2022-12-20 20:33:52 +08:00
|
|
|
|
sendMessage({
|
2022-12-20 16:50:59 +08:00
|
|
|
|
command: 'UPDATE_QUOTA',
|
2022-12-20 20:33:52 +08:00
|
|
|
|
}, (err) => {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (err) {
|
|
|
|
|
|
res.status(500);
|
|
|
|
|
|
return void send500(res);
|
|
|
|
|
|
}
|
|
|
|
|
|
res.send();
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
app.get('/api/profiling', function (req, res) {
|
|
|
|
|
|
if (!Env.enableProfiling) { return void send404(res); }
|
2022-12-20 20:33:52 +08:00
|
|
|
|
sendMessage({
|
2022-12-20 16:50:59 +08:00
|
|
|
|
command: 'GET_PROFILING_DATA',
|
2022-12-20 19:40:10 +08:00
|
|
|
|
}, (err, value) => {
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (err) {
|
|
|
|
|
|
res.status(500);
|
|
|
|
|
|
return void send500(res);
|
|
|
|
|
|
}
|
|
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
|
|
res.send(JSON.stringify({
|
2022-12-20 19:40:10 +08:00
|
|
|
|
bytesWritten: value,
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}));
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2024-03-15 23:09:23 +08:00
|
|
|
|
app.get('/api/logo', function (req, res) {
|
2024-03-15 23:38:06 +08:00
|
|
|
|
let path = Path.resolve('./customize/CryptPad_logo_hero.svg');
|
|
|
|
|
|
let base = Path.resolve('./customize.dist/CryptPad_logo_hero.svg');
|
2024-03-15 23:09:23 +08:00
|
|
|
|
Fs.exists(path, function (exists) {
|
2024-03-15 23:38:06 +08:00
|
|
|
|
res.setHeader('Content-Disposition', 'inline');
|
|
|
|
|
|
if (exists) {
|
|
|
|
|
|
let mime = Env.logoMimeType || 'image/svg+xml';
|
|
|
|
|
|
res.setHeader('Content-Type', mime);
|
|
|
|
|
|
return res.sendFile(path);
|
|
|
|
|
|
}
|
|
|
|
|
|
res.sendFile(base);
|
2024-03-15 23:09:23 +08:00
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2023-05-05 20:47:58 +08:00
|
|
|
|
// This endpoint handles authenticated RPCs over HTTP
|
|
|
|
|
|
// via an interactive challenge-response protocol
|
|
|
|
|
|
app.use(Express.json());
|
|
|
|
|
|
app.post('/api/auth', function (req, res, next) {
|
|
|
|
|
|
AuthCommands.handle(Env, req, res, next);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
app.use(function (req, res /*, next */) {
|
2024-06-21 23:01:33 +08:00
|
|
|
|
if (/^(\/favicon\.ico\/|.*\.js\.map|.*\/translations\/.*\.json)/.test(req.url)) {
|
2023-05-03 19:02:09 +08:00
|
|
|
|
// ignore common 404s
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Log.info('HTTP_404', req.url);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-12-20 16:50:59 +08:00
|
|
|
|
res.status(404);
|
|
|
|
|
|
send404(res, custom_four04_path);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
// default message for thrown errors in ExpressJS routes
|
|
|
|
|
|
app.use(function (err, req, res /*, next*/) {
|
|
|
|
|
|
Log.error('EXPRESSJS_ROUTING', {
|
|
|
|
|
|
error: err.stack || err,
|
|
|
|
|
|
});
|
|
|
|
|
|
res.status(500);
|
|
|
|
|
|
send500(res, custom_fivehundred_path);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
var server = Http.createServer(app);
|
|
|
|
|
|
|
|
|
|
|
|
nThen(function (w) {
|
2023-08-18 16:40:35 +08:00
|
|
|
|
server.listen(Env.httpPort, Env.httpAddress, w());
|
2022-12-20 16:50:59 +08:00
|
|
|
|
if (Env.httpSafePort) {
|
2024-05-16 22:58:39 +08:00
|
|
|
|
let safeServer = Http.createServer(app);
|
|
|
|
|
|
safeServer.listen(Env.httpSafePort, Env.httpAddress, w());
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}
|
|
|
|
|
|
server.on('upgrade', function (req, socket, head) {
|
2023-01-11 17:32:02 +08:00
|
|
|
|
// TODO warn admins that websockets should only be proxied in this way in a dev environment
|
|
|
|
|
|
// in production it's more efficient to have your reverse proxy (NGINX) directly forward
|
|
|
|
|
|
// websocket traffic to the correct port (Env.websocketPort)
|
2022-12-20 16:50:59 +08:00
|
|
|
|
wsProxy.upgrade(req, socket, head);
|
|
|
|
|
|
});
|
2023-08-29 23:50:39 +08:00
|
|
|
|
|
|
|
|
|
|
var config = require("./load-config");
|
|
|
|
|
|
BlobStore.create({
|
|
|
|
|
|
blobPath: config.blobPath,
|
|
|
|
|
|
blobStagingPath: config.blobStagingPath,
|
|
|
|
|
|
archivePath: config.archivePath,
|
|
|
|
|
|
getSession: function () {},
|
|
|
|
|
|
}, w(function (err, blob) {
|
|
|
|
|
|
if (err) { return; }
|
|
|
|
|
|
Env.blobStore = blob;
|
|
|
|
|
|
}));
|
2022-12-20 16:50:59 +08:00
|
|
|
|
}).nThen(function () {
|
2023-01-11 17:32:02 +08:00
|
|
|
|
// TODO inform the parent process that this worker is ready
|
2022-12-20 16:50:59 +08:00
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2023-05-06 23:12:11 +08:00
|
|
|
|
process.on('uncaughtException', function (err) {
|
|
|
|
|
|
console.error('[%s] UNCAUGHT EXCEPTION IN HTTP WORKER', new Date());
|
|
|
|
|
|
console.error(err);
|
|
|
|
|
|
console.error("TERMINATING");
|
|
|
|
|
|
process.exit(1);
|
|
|
|
|
|
});
|
