From dee77c459a929d7e0041fae38176b71248a9ff9c Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:30:04 +0800 Subject: refactor(app.js): Extract middleware to module extract check URi is valid, redirect without trailing slashes --- lib/web/middleware/checkURiValid.js | 14 ++++++++++++++ lib/web/middleware/redirectWithoutTrailingSlashes.js | 17 +++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 lib/web/middleware/checkURiValid.js create mode 100644 lib/web/middleware/redirectWithoutTrailingSlashes.js (limited to 'lib/web') diff --git a/lib/web/middleware/checkURiValid.js b/lib/web/middleware/checkURiValid.js new file mode 100644 index 00000000..88065e79 --- /dev/null +++ b/lib/web/middleware/checkURiValid.js @@ -0,0 +1,14 @@ +'use strict' + +const logger = require('../../logger') +const response = require('../../response') + +module.exports = function (req, res, next) { + try { + decodeURIComponent(req.path) + } catch (err) { + logger.error(err) + return response.errorBadRequest(res) + } + next() +} diff --git a/lib/web/middleware/redirectWithoutTrailingSlashes.js b/lib/web/middleware/redirectWithoutTrailingSlashes.js new file mode 100644 index 00000000..fbaba617 --- /dev/null +++ b/lib/web/middleware/redirectWithoutTrailingSlashes.js @@ -0,0 +1,17 @@ +'use strict' + +const config = require('../../config') + +module.exports = function (req, res, next) { + if (req.method === 'GET' && req.path.substr(-1) === '/' && req.path.length > 1) { + const queryString = req.url.slice(req.path.length) + const urlPath = req.path.slice(0, -1) + let serverURL = config.serverurl + if (config.urlpath) { + serverURL = serverURL.slice(0, -(config.urlpath.length + 1)) + } + res.redirect(301, serverURL + urlPath + queryString) + } else { + next() + } +} -- cgit v1.2.3 From 9f1f16c8e347f2bb2c0c6ab1b71c1a683a413a90 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:31:22 +0800 Subject: refactor(app.js): Extract urlencodedParser to utils module --- lib/web/utils.js | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 lib/web/utils.js (limited to 'lib/web') diff --git a/lib/web/utils.js b/lib/web/utils.js new file mode 100644 index 00000000..c9016523 --- /dev/null +++ b/lib/web/utils.js @@ -0,0 +1,9 @@ +'use strict' + +const bodyParser = require('body-parser') + +// create application/x-www-form-urlencoded parser +exports.urlencodedParser = bodyParser.urlencoded({ + extended: false, + limit: 1024 * 1024 * 10 // 10 mb +}) -- cgit v1.2.3 From 66c68254b4c213fcfc03ce081c47d24bcd42bbd3 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:38:54 +0800 Subject: refactor(app.js): Extract index, 403, 404, 500 pages --- lib/web/baseRouter.js | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 lib/web/baseRouter.js (limited to 'lib/web') diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js new file mode 100644 index 00000000..271568b9 --- /dev/null +++ b/lib/web/baseRouter.js @@ -0,0 +1,23 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') + +const baseRouter = module.exports = Router() + +// get index +baseRouter.get('/', response.showIndex) +// get 403 forbidden +baseRouter.get('/403', function (req, res) { + response.errorForbidden(res) +}) +// get 404 not found +baseRouter.get('/404', function (req, res) { + response.errorNotFound(res) +}) +// get 500 internal error +baseRouter.get('/500', function (req, res) { + response.errorInternalError(res) +}) + -- cgit v1.2.3 From 766022378a2f276df2f2d2f003e2124044ab2df0 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:39:41 +0800 Subject: refactor(app.js): Extract status pages --- lib/web/statusRouter.js | 92 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 lib/web/statusRouter.js (limited to 'lib/web') diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js new file mode 100644 index 00000000..aa3a9b79 --- /dev/null +++ b/lib/web/statusRouter.js @@ -0,0 +1,92 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') +const realtime = require('../realtime') +const config = require('../config') +const models = require('../models') +const logger = require('../logger') + +const {urlencodedParser} = require('./utils') + +const statusRouter = module.exports = Router() + +// get status +statusRouter.get('/status', function (req, res, next) { + realtime.getStatus(function (data) { + res.set({ + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow', // prevent crawling + 'HackMD-Version': config.version + }) + res.send(data) + }) +}) +// get status +statusRouter.get('/temp', function (req, res) { + var host = req.get('host') + if (config.alloworigin.indexOf(host) === -1) { + response.errorForbidden(res) + } else { + var tempid = req.query.tempid + if (!tempid) { + response.errorForbidden(res) + } else { + models.Temp.findOne({ + where: { + id: tempid + } + }).then(function (temp) { + if (!temp) { + response.errorNotFound(res) + } else { + res.header('Access-Control-Allow-Origin', '*') + res.send({ + temp: temp.data + }) + temp.destroy().catch(function (err) { + if (err) { + logger.error('remove temp failed: ' + err) + } + }) + } + }).catch(function (err) { + logger.error(err) + return response.errorInternalError(res) + }) + } + } +}) +// post status +statusRouter.post('/temp', urlencodedParser, function (req, res) { + var host = req.get('host') + if (config.alloworigin.indexOf(host) === -1) { + response.errorForbidden(res) + } else { + var data = req.body.data + if (!data) { + response.errorForbidden(res) + } else { + if (config.debug) { + logger.info('SERVER received temp from [' + host + ']: ' + req.body.data) + } + models.Temp.create({ + data: data + }).then(function (temp) { + if (temp) { + res.header('Access-Control-Allow-Origin', '*') + res.send({ + status: 'ok', + id: temp.id + }) + } else { + response.errorInternalError(res) + } + }).catch(function (err) { + logger.error(err) + return response.errorInternalError(res) + }) + } + } +}) -- cgit v1.2.3 From 69a9f7ca38875dc110697960a8f9db5ac2bcd97c Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:41:14 +0800 Subject: refactor(app.js, auth.js): Extract all auth method to individual modules --- lib/web/auth/dropbox/index.js | 29 +++++++++++++++++ lib/web/auth/email/index.js | 74 ++++++++++++++++++++++++++++++++++++++++++ lib/web/auth/facebook/index.js | 29 +++++++++++++++++ lib/web/auth/github/index.js | 28 ++++++++++++++++ lib/web/auth/gitlab/index.js | 36 ++++++++++++++++++++ lib/web/auth/google/index.js | 27 +++++++++++++++ lib/web/auth/index.js | 26 +++++++++++++++ lib/web/auth/ldap/index.js | 74 ++++++++++++++++++++++++++++++++++++++++++ lib/web/auth/twitter/index.js | 29 +++++++++++++++++ lib/web/auth/utils.js | 53 ++++++++++++++++++++++++++++++ 10 files changed, 405 insertions(+) create mode 100644 lib/web/auth/dropbox/index.js create mode 100644 lib/web/auth/email/index.js create mode 100644 lib/web/auth/facebook/index.js create mode 100644 lib/web/auth/github/index.js create mode 100644 lib/web/auth/gitlab/index.js create mode 100644 lib/web/auth/google/index.js create mode 100644 lib/web/auth/index.js create mode 100644 lib/web/auth/ldap/index.js create mode 100644 lib/web/auth/twitter/index.js create mode 100644 lib/web/auth/utils.js (limited to 'lib/web') diff --git a/lib/web/auth/dropbox/index.js b/lib/web/auth/dropbox/index.js new file mode 100644 index 00000000..c03fbc57 --- /dev/null +++ b/lib/web/auth/dropbox/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const DropboxStrategy = require('passport-dropbox-oauth2').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let dropboxAuth = module.exports = Router() + +passport.use(new DropboxStrategy({ + apiVersion: '2', + clientID: config.dropbox.clientID, + clientSecret: config.dropbox.clientSecret, + callbackURL: config.serverurl + '/auth/dropbox/callback' +}, passportGeneralCallback)) + +dropboxAuth.get('/auth/dropbox', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('dropbox-oauth2')(req, res, next) +}) + +// dropbox auth callback +dropboxAuth.get('/auth/dropbox/callback', + passport.authenticate('dropbox-oauth2', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js new file mode 100644 index 00000000..760075f8 --- /dev/null +++ b/lib/web/auth/email/index.js @@ -0,0 +1,74 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const validator = require('validator') +const LocalStrategy = require('passport-local').Strategy +const config = require('../../../config') +const models = require('../../../models') +const logger = require('../../../logger') +const {setReturnToFromReferer} = require('../utils') +const {urlencodedParser} = require('../../utils') +const response = require('../../../response') + +let emailAuth = module.exports = Router() + +passport.use(new LocalStrategy({ + usernameField: 'email' +}, function (email, password, done) { + if (!validator.isEmail(email)) return done(null, false) + models.User.findOne({ + where: { + email: email + } + }).then(function (user) { + if (!user) return done(null, false) + if (!user.verifyPassword(password)) return done(null, false) + return done(null, user) + }).catch(function (err) { + logger.error(err) + return done(err) + }) +})) + +if (config.allowemailregister) { + emailAuth.post('/register', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + models.User.findOrCreate({ + where: { + email: req.body.email + }, + defaults: { + password: req.body.password + } + }).spread(function (user, created) { + if (user) { + if (created) { + logger.debug('user registered: ' + user.id) + req.flash('info', "You've successfully registered, please signin.") + } else { + logger.debug('user found: ' + user.id) + req.flash('error', 'This email has been used, please try another one.') + } + return res.redirect(config.serverurl + '/') + } + req.flash('error', 'Failed to register your account, please try again.') + return res.redirect(config.serverurl + '/') + }).catch(function (err) { + logger.error('auth callback failed: ' + err) + return response.errorInternalError(res) + }) + }) +} + +emailAuth.post('/login', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + setReturnToFromReferer(req) + passport.authenticate('local', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: 'Invalid email or password.' + })(req, res, next) +}) diff --git a/lib/web/auth/facebook/index.js b/lib/web/auth/facebook/index.js new file mode 100644 index 00000000..0e5474d8 --- /dev/null +++ b/lib/web/auth/facebook/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const FacebookStrategy = require('passport-facebook').Strategy + +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let facebookAuth = module.exports = Router() + +passport.use(new FacebookStrategy({ + clientID: config.facebook.clientID, + clientSecret: config.facebook.clientSecret, + callbackURL: config.serverurl + '/auth/facebook/callback' +}, passportGeneralCallback)) + +facebookAuth.get('/auth/facebook', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('facebook')(req, res, next) +}) + +// facebook auth callback +facebookAuth.get('/auth/facebook/callback', + passport.authenticate('facebook', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/github/index.js b/lib/web/auth/github/index.js new file mode 100644 index 00000000..2a26669c --- /dev/null +++ b/lib/web/auth/github/index.js @@ -0,0 +1,28 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const GithubStrategy = require('passport-github').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let githubAuth = module.exports = Router() + +passport.use(new GithubStrategy({ + clientID: config.github.clientID, + clientSecret: config.github.clientSecret, + callbackURL: config.serverurl + '/auth/github/callback' +}, passportGeneralCallback)) + +githubAuth.get('/auth/github', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('github')(req, res, next) +}) + +// github auth callback +githubAuth.get('/auth/github/callback', + passport.authenticate('github', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/gitlab/index.js b/lib/web/auth/gitlab/index.js new file mode 100644 index 00000000..51de1602 --- /dev/null +++ b/lib/web/auth/gitlab/index.js @@ -0,0 +1,36 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const GitlabStrategy = require('passport-gitlab2').Strategy +const config = require('../../../config') +const response = require('../../../response') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let gitlabAuth = module.exports = Router() + +passport.use(new GitlabStrategy({ + baseURL: config.gitlab.baseURL, + clientID: config.gitlab.clientID, + clientSecret: config.gitlab.clientSecret, + scope: config.gitlab.scope, + callbackURL: config.serverurl + '/auth/gitlab/callback' +}, passportGeneralCallback)) + +gitlabAuth.get('/auth/gitlab', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('gitlab')(req, res, next) +}) + +// gitlab auth callback +gitlabAuth.get('/auth/gitlab/callback', + passport.authenticate('gitlab', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) + +if (!config.gitlab.scope || config.gitlab.scope === 'api') { + // gitlab callback actions + gitlabAuth.get('/auth/gitlab/callback/:noteId/:action', response.gitlabActions) +} diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js new file mode 100644 index 00000000..bf2a260f --- /dev/null +++ b/lib/web/auth/google/index.js @@ -0,0 +1,27 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +var GoogleStrategy = require('passport-google-oauth20').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let facebookAuth = module.exports = Router() + +passport.use(new GoogleStrategy({ + clientID: config.google.clientID, + clientSecret: config.google.clientSecret, + callbackURL: config.serverurl + '/auth/google/callback' +}, passportGeneralCallback)) + +facebookAuth.get('/auth/google', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('google', { scope: ['profile'] })(req, res, next) +}) + // google auth callback +facebookAuth.get('/auth/google/callback', + passport.authenticate('google', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js new file mode 100644 index 00000000..3a203800 --- /dev/null +++ b/lib/web/auth/index.js @@ -0,0 +1,26 @@ +'use strict' + +const Router = require('express').Router + +const config = require('../../config') +const logger = require('../../logger') + +const authRouter = module.exports = Router() + +if (config.facebook) authRouter.use('/', require('./facebook')) +if (config.twitter) authRouter.use('/', require('./twitter')) +if (config.github) authRouter.use('/', require('./github')) +if (config.gitlab) authRouter.use('/', require('./gitlab')) +if (config.dropbox) authRouter.use('/', require('./dropbox')) +if (config.google) authRouter.use('/', require('./google')) +if (config.ldap) authRouter.use('/', require('./ldap')) +if (config.email) authRouter.use('/', require('./email')) + +// logout +authRouter.get('/logout', function (req, res) { + if (config.debug && req.isAuthenticated()) { + logger.debug('user logout: ' + req.user.id) + } + req.logout() + res.redirect(config.serverurl + '/') +}) diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js new file mode 100644 index 00000000..766c5cbc --- /dev/null +++ b/lib/web/auth/ldap/index.js @@ -0,0 +1,74 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const LDAPStrategy = require('passport-ldapauth') +const config = require('../../../config') +const models = require('../../../models') +const logger = require('../../../logger') +const {setReturnToFromReferer} = require('../utils') +const {urlencodedParser} = require('../../utils') +const response = require('../../../response') + +let ldapAuth = module.exports = Router() + +passport.use(new LDAPStrategy({ + server: { + url: config.ldap.url || null, + bindDn: config.ldap.bindDn || null, + bindCredentials: config.ldap.bindCredentials || null, + searchBase: config.ldap.searchBase || null, + searchFilter: config.ldap.searchFilter || null, + searchAttributes: config.ldap.searchAttributes || null, + tlsOptions: config.ldap.tlsOptions || null + } +}, function (user, done) { + var profile = { + id: 'LDAP-' + user.uidNumber, + username: user.uid, + displayName: user.displayName, + emails: user.mail ? [user.mail] : [], + avatarUrl: null, + profileUrl: null, + provider: 'ldap' + } + var stringifiedProfile = JSON.stringify(profile) + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile + } + }).spread(function (user, created) { + if (user) { + var needSave = false + if (user.profile !== stringifiedProfile) { + user.profile = stringifiedProfile + needSave = true + } + if (needSave) { + user.save().then(function () { + if (config.debug) { logger.debug('user login: ' + user.id) } + return done(null, user) + }) + } else { + if (config.debug) { logger.debug('user login: ' + user.id) } + return done(null, user) + } + } + }).catch(function (err) { + logger.error('ldap auth failed: ' + err) + return done(err, null) + }) +})) + +ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) { + if (!req.body.username || !req.body.password) return response.errorBadRequest(res) + setReturnToFromReferer(req) + passport.authenticate('ldapauth', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: true + })(req, res, next) +}) diff --git a/lib/web/auth/twitter/index.js b/lib/web/auth/twitter/index.js new file mode 100644 index 00000000..5429522d --- /dev/null +++ b/lib/web/auth/twitter/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const TwitterStrategy = require('passport-twitter').Strategy + +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let twitterAuth = module.exports = Router() + +passport.use(new TwitterStrategy({ + consumerKey: config.twitter.consumerKey, + consumerSecret: config.twitter.consumerSecret, + callbackURL: config.serverurl + '/auth/twitter/callback' +}, passportGeneralCallback)) + +twitterAuth.get('/auth/twitter', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('twitter')(req, res, next) +}) + +// twitter auth callback +twitterAuth.get('/auth/twitter/callback', + passport.authenticate('twitter', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/utils.js b/lib/web/auth/utils.js new file mode 100644 index 00000000..ff7a1237 --- /dev/null +++ b/lib/web/auth/utils.js @@ -0,0 +1,53 @@ +'use strict' + +const models = require('../../models') +const config = require('../../config') +const logger = require('../../logger') + +exports.setReturnToFromReferer = function setReturnToFromReferer (req) { + var referer = req.get('referer') + if (!req.session) req.session = {} + req.session.returnTo = referer +} + +exports.passportGeneralCallback = function callback (accessToken, refreshToken, profile, done) { + var stringifiedProfile = JSON.stringify(profile) + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile, + accessToken: accessToken, + refreshToken: refreshToken + } + }).spread(function (user, created) { + if (user) { + var needSave = false + if (user.profile !== stringifiedProfile) { + user.profile = stringifiedProfile + needSave = true + } + if (user.accessToken !== accessToken) { + user.accessToken = accessToken + needSave = true + } + if (user.refreshToken !== refreshToken) { + user.refreshToken = refreshToken + needSave = true + } + if (needSave) { + user.save().then(function () { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + }) + } else { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + } + } + }).catch(function (err) { + logger.error('auth callback failed: ' + err) + return done(err, null) + }) +} -- cgit v1.2.3 From 706df11e2356bd7548bfa14316e86111b7ba9d90 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:48:55 +0800 Subject: refactor(app.js): Extract history api --- lib/web/historyRouter.js | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lib/web/historyRouter.js (limited to 'lib/web') diff --git a/lib/web/historyRouter.js b/lib/web/historyRouter.js new file mode 100644 index 00000000..738e409d --- /dev/null +++ b/lib/web/historyRouter.js @@ -0,0 +1,19 @@ +'use strict' + +const Router = require('express').Router + +const {urlencodedParser} = require('./utils') +const history = require('../history.js') + +const historyRouter = module.exports = Router() + +// get history +historyRouter.get('/history', history.historyGet) +// post history +historyRouter.post('/history', urlencodedParser, history.historyPost) +// post history by note id +historyRouter.post('/history/:noteId', urlencodedParser, history.historyPost) +// delete history +historyRouter.delete('/history', history.historyDelete) +// delete history by note id +historyRouter.delete('/history/:noteId', history.historyDelete) -- cgit v1.2.3 From e2ac73f5a36310dead9e23f46004ccef909f317b Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:55:36 +0800 Subject: refactor(app.js): Extract /me page --- lib/web/userRouter.js | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 lib/web/userRouter.js (limited to 'lib/web') diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js new file mode 100644 index 00000000..ecfbaf8b --- /dev/null +++ b/lib/web/userRouter.js @@ -0,0 +1,36 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') +const models = require('../models') +const logger = require('../logger') + +const UserRouter = module.exports = Router() + +// get me info +UserRouter.get('/me', function (req, res) { + if (req.isAuthenticated()) { + models.User.findOne({ + where: { + id: req.user.id + } + }).then(function (user) { + if (!user) { return response.errorNotFound(res) } + var profile = models.User.getProfile(user) + res.send({ + status: 'ok', + id: req.user.id, + name: profile.name, + photo: profile.photo + }) + }).catch(function (err) { + logger.error('read me failed: ' + err) + return response.errorInternalError(res) + }) + } else { + res.send({ + status: 'forbidden' + }) + } +}) -- cgit v1.2.3 From 689bade73046ba2c35af59d7a65824a441b14a65 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 05:56:20 +0800 Subject: refactor(app.js): Extract note action --- lib/web/noteRouter.js | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 lib/web/noteRouter.js (limited to 'lib/web') diff --git a/lib/web/noteRouter.js b/lib/web/noteRouter.js new file mode 100644 index 00000000..007c02c2 --- /dev/null +++ b/lib/web/noteRouter.js @@ -0,0 +1,24 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') + +const noteRouter = module.exports = Router() + +// get new note +noteRouter.get('/new', response.newNote) +// get publish note +noteRouter.get('/s/:shortid', response.showPublishNote) +// publish note actions +noteRouter.get('/s/:shortid/:action', response.publishNoteActions) +// get publish slide +noteRouter.get('/p/:shortid', response.showPublishSlide) +// publish slide actions +noteRouter.get('/p/:shortid/:action', response.publishSlideActions) +// get note by id +noteRouter.get('/:noteId', response.showNote) +// note actions +noteRouter.get('/:noteId/:action', response.noteActions) +// note actions with action id +noteRouter.get('/:noteId/:action/:actionId', response.noteActions) -- cgit v1.2.3 From 768943002c7f9bdac7f674338f18e567c16bda52 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 06:01:45 +0800 Subject: refactor(app.js): Extract upload image --- lib/web/imageRouter.js | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 lib/web/imageRouter.js (limited to 'lib/web') diff --git a/lib/web/imageRouter.js b/lib/web/imageRouter.js new file mode 100644 index 00000000..7a3819c5 --- /dev/null +++ b/lib/web/imageRouter.js @@ -0,0 +1,95 @@ +'use strict' +var fs = require('fs') +var url = require('url') +var path = require('path') + +const Router = require('express').Router +const formidable = require('formidable') +var imgur = require('imgur') + +const config = require('../config') +const logger = require('../logger') +const response = require('../response') + +const imageRouter = module.exports = Router() + +// upload image +imageRouter.post('/uploadimage', function (req, res) { + var form = new formidable.IncomingForm() + + form.keepExtensions = true + + if (config.imageUploadType === 'filesystem') { + form.uploadDir = 'public/uploads' + } + + form.parse(req, function (err, fields, files) { + if (err || !files.image || !files.image.path) { + response.errorForbidden(res) + } else { + if (config.debug) { logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image)) } + + try { + switch (config.imageUploadType) { + case 'filesystem': + res.send({ + link: url.resolve(config.serverurl + '/', files.image.path.match(/^public\/(.+$)/)[1]) + }) + + break + + case 's3': + var AWS = require('aws-sdk') + var awsConfig = new AWS.Config(config.s3) + var s3 = new AWS.S3(awsConfig) + + fs.readFile(files.image.path, function (err, buffer) { + if (err) { + logger.error(err) + res.status(500).end('upload image error') + return + } + var params = { + Bucket: config.s3bucket, + Key: path.join('uploads', path.basename(files.image.path)), + Body: buffer + } + + var mimeType = getImageMimeType(files.image.path) + if (mimeType) { params.ContentType = mimeType } + + s3.putObject(params, function (err, data) { + if (err) { + logger.error(err) + res.status(500).end('upload image error') + return + } + res.send({ + link: `https://s3-${config.s3.region}.amazonaws.com/${config.s3bucket}/${params.Key}` + }) + }) + }) + break + case 'imgur': + default: + imgur.setClientId(config.imgur.clientID) + imgur.uploadFile(files.image.path) + .then(function (json) { + if (config.debug) { logger.info('SERVER uploadimage success: ' + JSON.stringify(json)) } + res.send({ + link: json.data.link.replace(/^http:\/\//i, 'https://') + }) + }) + .catch(function (err) { + logger.error(err) + return res.status(500).end('upload image error') + }) + break + } + } catch (err) { + logger.error(err) + return res.status(500).end('upload image error') + } + } + }) +}) -- cgit v1.2.3 From 7ef17fd4e61503178875dd34f998203264ffb691 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 06:05:43 +0800 Subject: refactor(app.js): Extract tooBusy --- lib/web/middleware/tooBusy.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 lib/web/middleware/tooBusy.js (limited to 'lib/web') diff --git a/lib/web/middleware/tooBusy.js b/lib/web/middleware/tooBusy.js new file mode 100644 index 00000000..f1b72330 --- /dev/null +++ b/lib/web/middleware/tooBusy.js @@ -0,0 +1,13 @@ +'use strict' + +const toobusy = require('toobusy-js') + +const response = require('../../response') + +module.exports = function (req, res, next) { + if (toobusy()) { + response.errorServiceUnavailable(res) + } else { + next() + } +} -- cgit v1.2.3 From d88502e3315f189af28ac6e86fccfa1406d75b52 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 06:07:19 +0800 Subject: refactor(app.js): Move passport serialize and deserialize to auth module --- lib/web/auth/index.js | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/web') diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index 3a203800..18d70572 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -1,12 +1,34 @@ 'use strict' const Router = require('express').Router +const passport = require('passport') const config = require('../../config') const logger = require('../../logger') +const models = require('../../models') const authRouter = module.exports = Router() +// serialize and deserialize +passport.serializeUser(function (user, done) { + logger.info('serializeUser: ' + user.id) + return done(null, user.id) +}) + +passport.deserializeUser(function (id, done) { + models.User.findOne({ + where: { + id: id + } + }).then(function (user) { + logger.info('deserializeUser: ' + user.id) + return done(null, user) + }).catch(function (err) { + logger.error(err) + return done(err, null) + }) +}) + if (config.facebook) authRouter.use('/', require('./facebook')) if (config.twitter) authRouter.use('/', require('./twitter')) if (config.github) authRouter.use('/', require('./github')) -- cgit v1.2.3 From a7e3c4d535e15832b1fff5482582a4c644a00c26 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 06:10:24 +0800 Subject: refactor(auth.js): Remove base path --- lib/web/auth/index.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib/web') diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index 18d70572..8a4eb774 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) { }) }) -if (config.facebook) authRouter.use('/', require('./facebook')) -if (config.twitter) authRouter.use('/', require('./twitter')) -if (config.github) authRouter.use('/', require('./github')) -if (config.gitlab) authRouter.use('/', require('./gitlab')) -if (config.dropbox) authRouter.use('/', require('./dropbox')) -if (config.google) authRouter.use('/', require('./google')) -if (config.ldap) authRouter.use('/', require('./ldap')) -if (config.email) authRouter.use('/', require('./email')) +if (config.facebook) authRouter.use(require('./facebook')) +if (config.twitter) authRouter.use(require('./twitter')) +if (config.github) authRouter.use(require('./github')) +if (config.gitlab) authRouter.use(require('./gitlab')) +if (config.dropbox) authRouter.use(require('./dropbox')) +if (config.google) authRouter.use(require('./google')) +if (config.ldap) authRouter.use(require('./ldap')) +if (config.email) authRouter.use(require('./email')) // logout authRouter.get('/logout', function (req, res) { -- cgit v1.2.3 From 34c9f07669d2f00c7672f2d75702d086fd01f4c6 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Wed, 12 Apr 2017 06:14:30 +0800 Subject: refactor(baseRouter.js): Adjust style fit standard --- lib/web/baseRouter.js | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/web') diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js index 271568b9..b918ce75 100644 --- a/lib/web/baseRouter.js +++ b/lib/web/baseRouter.js @@ -20,4 +20,3 @@ baseRouter.get('/404', function (req, res) { baseRouter.get('/500', function (req, res) { response.errorInternalError(res) }) - -- cgit v1.2.3 From aca01f064d605d8f143d75f0fd1c1a82b9a8f396 Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Thu, 13 Apr 2017 00:20:28 +0800 Subject: refactor: Remove `require` extension filename --- lib/web/historyRouter.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/web') diff --git a/lib/web/historyRouter.js b/lib/web/historyRouter.js index 738e409d..1b22c232 100644 --- a/lib/web/historyRouter.js +++ b/lib/web/historyRouter.js @@ -3,8 +3,7 @@ const Router = require('express').Router const {urlencodedParser} = require('./utils') -const history = require('../history.js') - +const history = require('../history') const historyRouter = module.exports = Router() // get history -- cgit v1.2.3 From ecb05336055a37ba8a03c119995cd37d96aad90d Mon Sep 17 00:00:00 2001 From: BoHong Li Date: Thu, 13 Apr 2017 01:57:55 +0800 Subject: refactor(config.js): Extract config file * Separate different config source to each files * Freeze config object --- lib/web/auth/index.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib/web') diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index 8a4eb774..b5ca8434 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) { }) }) -if (config.facebook) authRouter.use(require('./facebook')) -if (config.twitter) authRouter.use(require('./twitter')) -if (config.github) authRouter.use(require('./github')) -if (config.gitlab) authRouter.use(require('./gitlab')) -if (config.dropbox) authRouter.use(require('./dropbox')) -if (config.google) authRouter.use(require('./google')) -if (config.ldap) authRouter.use(require('./ldap')) -if (config.email) authRouter.use(require('./email')) +if (config.isFacebookEnable) authRouter.use(require('./facebook')) +if (config.isTwitterEnable) authRouter.use(require('./twitter')) +if (config.isGitHubEnable) authRouter.use(require('./github')) +if (config.isGitLabEnable) authRouter.use(require('./gitlab')) +if (config.isDropboxEnable) authRouter.use(require('./dropbox')) +if (config.isGoogleEnable) authRouter.use(require('./google')) +if (config.isLDAPEnable) authRouter.use(require('./ldap')) +if (config.isEmailEnable) authRouter.use(require('./email')) // logout authRouter.get('/logout', function (req, res) { -- cgit v1.2.3 From d79997808a224cdfe6a4f3fbc76c1b1e9afc3b87 Mon Sep 17 00:00:00 2001 From: Raccoon Li Date: Mon, 8 May 2017 20:04:05 +0800 Subject: fix(imageRouter): import missing dependency: getImageMimeType --- lib/web/imageRouter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/web') diff --git a/lib/web/imageRouter.js b/lib/web/imageRouter.js index 7a3819c5..592a497c 100644 --- a/lib/web/imageRouter.js +++ b/lib/web/imageRouter.js @@ -42,7 +42,7 @@ imageRouter.post('/uploadimage', function (req, res) { var AWS = require('aws-sdk') var awsConfig = new AWS.Config(config.s3) var s3 = new AWS.S3(awsConfig) - + const {getImageMimeType} = require('../utils') fs.readFile(files.image.path, function (err, buffer) { if (err) { logger.error(err) -- cgit v1.2.3 From 0ef0e705794689b79767a1bd5de0385dfb084143 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Mon, 8 May 2017 00:35:44 +0800 Subject: Rename checkURiValid.js to checkURIValid.js --- lib/web/middleware/checkURIValid.js | 14 ++++++++++++++ lib/web/middleware/checkURiValid.js | 14 -------------- 2 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 lib/web/middleware/checkURIValid.js delete mode 100644 lib/web/middleware/checkURiValid.js (limited to 'lib/web') diff --git a/lib/web/middleware/checkURIValid.js b/lib/web/middleware/checkURIValid.js new file mode 100644 index 00000000..88065e79 --- /dev/null +++ b/lib/web/middleware/checkURIValid.js @@ -0,0 +1,14 @@ +'use strict' + +const logger = require('../../logger') +const response = require('../../response') + +module.exports = function (req, res, next) { + try { + decodeURIComponent(req.path) + } catch (err) { + logger.error(err) + return response.errorBadRequest(res) + } + next() +} diff --git a/lib/web/middleware/checkURiValid.js b/lib/web/middleware/checkURiValid.js deleted file mode 100644 index 88065e79..00000000 --- a/lib/web/middleware/checkURiValid.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const logger = require('../../logger') -const response = require('../../response') - -module.exports = function (req, res, next) { - try { - decodeURIComponent(req.path) - } catch (err) { - logger.error(err) - return response.errorBadRequest(res) - } - next() -} -- cgit v1.2.3