mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2025-01-19 01:31:34 +00:00
86b51fe5f5
This adds Cookie Consent library at public/libs/cookieconsent. Added views/cookiepolicy.njk. Added a new config option cookiePolicy. Disabled by default. Updated views/faq.njk to use variables wherever applicable. The variables are initiated at views/_globals.njk. The said file also contains variables used at views/cookiepolicy.njk. Restored messages about Cloudflare to FAQ. They will be shown only if config.cloudflare.purgeCache is enabled. Statistics will now capitalize first letters of the keys instead. Updated background color of SweetAlert modals. Moved table styling from dashboard.css to style.css (global), since table will also be used in Cookie Policy page. Bumped v1 version string and rebuilt client assets.
308 lines
9.7 KiB
JavaScript
308 lines
9.7 KiB
JavaScript
const bodyParser = require('body-parser')
|
|
const clamd = require('clamdjs')
|
|
const express = require('express')
|
|
const helmet = require('helmet')
|
|
const nunjucks = require('nunjucks')
|
|
const path = require('path')
|
|
const RateLimit = require('express-rate-limit')
|
|
const readline = require('readline')
|
|
const config = require('./config')
|
|
const logger = require('./logger')
|
|
const versions = require('./src/versions')
|
|
const safe = express()
|
|
|
|
logger.log('Starting lolisafe\u2026')
|
|
|
|
process.on('uncaughtException', error => {
|
|
logger.error(error, { prefix: 'Uncaught Exception: ' })
|
|
})
|
|
process.on('unhandledRejection', error => {
|
|
logger.error(error, { prefix: 'Unhandled Rejection (Promise): ' })
|
|
})
|
|
|
|
const paths = require('./controllers/pathsController')
|
|
const utils = require('./controllers/utilsController')
|
|
|
|
const album = require('./routes/album')
|
|
const api = require('./routes/api')
|
|
const nojs = require('./routes/nojs')
|
|
|
|
const db = require('knex')(config.database)
|
|
|
|
safe.use(helmet({
|
|
hsts: false
|
|
}))
|
|
|
|
if (config.hsts instanceof Object && Object.keys(config.hsts).length)
|
|
safe.use(helmet.hsts(config.hsts))
|
|
|
|
if (config.trustProxy)
|
|
safe.set('trust proxy', 1)
|
|
|
|
// https://mozilla.github.io/nunjucks/api.html#configure
|
|
nunjucks.configure('views', {
|
|
autoescape: true,
|
|
express: safe,
|
|
noCache: process.env.NODE_ENV === 'development'
|
|
})
|
|
safe.set('view engine', 'njk')
|
|
safe.enable('view cache')
|
|
|
|
// Configure rate limits
|
|
if (Array.isArray(config.rateLimits) && config.rateLimits.length)
|
|
for (const rateLimit of config.rateLimits) {
|
|
const limiter = new RateLimit(rateLimit.config)
|
|
for (const route of rateLimit.routes)
|
|
safe.use(route, limiter)
|
|
}
|
|
|
|
safe.use(bodyParser.urlencoded({ extended: true }))
|
|
safe.use(bodyParser.json())
|
|
|
|
let cdnPages
|
|
let setHeaders = res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
}
|
|
|
|
// Cache control (safe.fiery.me)
|
|
if (config.cacheControl) {
|
|
const cacheControls = {
|
|
// max-age: 6 months
|
|
static: 'public, max-age=15778800, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800',
|
|
// s-max-age: 6 months (only cache in CDN)
|
|
cdn: 's-max-age=15778800, proxy-revalidate, stale-while-revalidate=86400, stale-if-error=604800',
|
|
// validate cache's validity before using them (soft cache)
|
|
validate: 'no-cache',
|
|
// do not use cache at all
|
|
disable: 'no-store'
|
|
}
|
|
|
|
// By default soft cache everything
|
|
safe.use('/', (req, res, next) => {
|
|
res.set('Cache-Control', cacheControls.validate)
|
|
next()
|
|
})
|
|
|
|
// If using CDN, cache public pages in CDN
|
|
if (config.cacheControl !== 2) {
|
|
cdnPages = config.pages.concat(['api/check'])
|
|
for (const page of cdnPages)
|
|
safe.use(`/${page === 'home' ? '' : page}`, (req, res, next) => {
|
|
res.set('Cache-Control', cacheControls.cdn)
|
|
next()
|
|
})
|
|
}
|
|
|
|
// If serving uploads with node
|
|
if (config.serveFilesWithNode)
|
|
safe.use('/', express.static(paths.uploads, {
|
|
setHeaders: res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
// If using CDN, cache uploads in CDN as well
|
|
// Use with cloudflare.purgeCache enabled in config file
|
|
if (config.cacheControl !== 2)
|
|
res.set('Cache-Control', cacheControls.cdn)
|
|
}
|
|
}))
|
|
|
|
// Function for static assets.
|
|
// This requires the assets to use version in their query string,
|
|
// as they will be cached by clients for a very long time.
|
|
setHeaders = res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
res.set('Cache-Control', cacheControls.static)
|
|
}
|
|
|
|
// Consider album ZIPs static as well, since they use version in their query string
|
|
safe.use(['/api/album/zip'], (req, res, next) => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
const versionString = parseInt(req.query.v)
|
|
if (versionString > 0)
|
|
res.set('Cache-Control', cacheControls.static)
|
|
else
|
|
res.set('Cache-Control', cacheControls.disable)
|
|
next()
|
|
})
|
|
} else if (config.serveFilesWithNode) {
|
|
// If serving uploads with node
|
|
safe.use('/', express.static(paths.uploads))
|
|
}
|
|
|
|
// Static assets
|
|
safe.use('/', express.static(paths.public, { setHeaders }))
|
|
safe.use('/', express.static(paths.dist, { setHeaders }))
|
|
|
|
safe.use('/', album)
|
|
safe.use('/', nojs)
|
|
safe.use('/api', api)
|
|
|
|
;(async () => {
|
|
try {
|
|
// Init database
|
|
await require('./database/db.js')(db)
|
|
|
|
// Verify paths, create missing ones, clean up temp ones
|
|
await paths.init()
|
|
|
|
if (!Array.isArray(config.pages) || !config.pages.length) {
|
|
logger.error('Config file does not have any frontend pages enabled')
|
|
process.exit(1)
|
|
}
|
|
|
|
// Re-map version strings if cache control is enabled (safe.fiery.me)
|
|
utils.versionStrings = {}
|
|
if (config.cacheControl) {
|
|
for (const type in versions)
|
|
utils.versionStrings[type] = `?_=${versions[type]}`
|
|
if (versions['1'])
|
|
utils.clientVersion = versions['1']
|
|
}
|
|
|
|
// Cookie Policy
|
|
if (config.cookiePolicy)
|
|
config.pages.push('cookiepolicy')
|
|
|
|
// Check for custom pages, otherwise fallback to Nunjucks templates
|
|
for (const page of config.pages) {
|
|
const customPage = path.join(paths.customPages, `${page}.html`)
|
|
if (!await paths.access(customPage).catch(() => true))
|
|
safe.get(`/${page === 'home' ? '' : page}`, (req, res, next) => res.sendFile(customPage))
|
|
else if (page === 'home')
|
|
safe.get('/', (req, res, next) => res.render(page, {
|
|
config,
|
|
versions: utils.versionStrings,
|
|
gitHash: utils.gitHash
|
|
}))
|
|
else
|
|
safe.get(`/${page}`, (req, res, next) => res.render(page, {
|
|
config,
|
|
versions: utils.versionStrings
|
|
}))
|
|
}
|
|
|
|
// Error pages
|
|
safe.use((req, res, next) => {
|
|
res.setHeader('Cache-Control', 'no-store')
|
|
res.status(404).sendFile(path.join(paths.errorRoot, config.errorPages[404]))
|
|
})
|
|
|
|
safe.use((error, req, res, next) => {
|
|
logger.error(error)
|
|
res.setHeader('Cache-Control', 'no-store')
|
|
res.status(500).sendFile(path.join(paths.errorRoot, config.errorPages[500]))
|
|
})
|
|
|
|
// Git hash
|
|
if (config.showGitHash) {
|
|
utils.gitHash = await new Promise((resolve, reject) => {
|
|
require('child_process').exec('git rev-parse HEAD', (error, stdout) => {
|
|
if (error) return reject(error)
|
|
resolve(stdout.replace(/\n$/, ''))
|
|
})
|
|
})
|
|
logger.log(`Git commit: ${utils.gitHash}`)
|
|
}
|
|
|
|
// Clamd scanner
|
|
if (config.uploads.scan && config.uploads.scan.enabled) {
|
|
const { ip, port } = config.uploads.scan
|
|
const version = await clamd.version(ip, port)
|
|
logger.log(`${ip}:${port} ${version}`)
|
|
|
|
utils.clamd.scanner = clamd.createScanner(ip, port)
|
|
if (!utils.clamd.scanner)
|
|
throw 'Could not create clamd scanner'
|
|
}
|
|
|
|
// Cache file identifiers
|
|
if (config.uploads.cacheFileIdentifiers) {
|
|
utils.idSet = await db.table('files')
|
|
.select('name')
|
|
.then(rows => {
|
|
return new Set(rows.map(row => row.name.split('.')[0]))
|
|
})
|
|
logger.log(`Cached ${utils.idSet.size} file identifiers`)
|
|
}
|
|
|
|
// Binds Express to port
|
|
await new Promise(resolve => safe.listen(config.port, () => resolve()))
|
|
logger.log(`lolisafe started on port ${config.port}`)
|
|
|
|
// Cache control (safe.fiery.me)
|
|
// Purge Cloudflare cache
|
|
if (config.cacheControl && config.cacheControl !== 2)
|
|
if (config.cloudflare.purgeCache) {
|
|
logger.log('Cache control enabled, purging Cloudflare\'s cache...')
|
|
const results = await utils.purgeCloudflareCache(cdnPages)
|
|
let errored = false
|
|
let succeeded = 0
|
|
for (const result of results) {
|
|
if (result.errors.length) {
|
|
if (!errored) errored = true
|
|
result.errors.forEach(error => logger.log(`[CF]: ${error}`))
|
|
continue
|
|
}
|
|
succeeded += result.files.length
|
|
}
|
|
if (!errored)
|
|
logger.log(`Successfully purged ${succeeded} cache`)
|
|
} else {
|
|
logger.log('Cache control enabled without Cloudflare\'s cache purging')
|
|
}
|
|
|
|
// Temporary uploads (only check for expired uploads if config.uploads.temporaryUploadsInterval is also set)
|
|
if (Array.isArray(config.uploads.temporaryUploadAges) &&
|
|
config.uploads.temporaryUploadAges.length &&
|
|
config.uploads.temporaryUploadsInterval) {
|
|
let temporaryUploadsInProgress = false
|
|
const temporaryUploadCheck = async () => {
|
|
if (temporaryUploadsInProgress)
|
|
return
|
|
|
|
temporaryUploadsInProgress = true
|
|
const result = await utils.bulkDeleteExpired()
|
|
|
|
if (result.expired.length) {
|
|
let logMessage = `Expired uploads: ${result.expired.length} deleted`
|
|
if (result.failed.length)
|
|
logMessage += `, ${result.failed.length} errored`
|
|
|
|
logger.log(logMessage)
|
|
}
|
|
|
|
temporaryUploadsInProgress = false
|
|
}
|
|
|
|
temporaryUploadCheck()
|
|
setInterval(temporaryUploadCheck, config.uploads.temporaryUploadsInterval)
|
|
}
|
|
|
|
// NODE_ENV=development yarn start
|
|
if (process.env.NODE_ENV === 'development') {
|
|
// Add readline interface to allow evaluating arbitrary JavaScript from console
|
|
readline.createInterface({
|
|
input: process.stdin,
|
|
output: process.stdout,
|
|
prompt: ''
|
|
}).on('line', line => {
|
|
try {
|
|
if (line === 'rs')
|
|
return
|
|
if (line === '.exit')
|
|
return process.exit(0)
|
|
// eslint-disable-next-line no-eval
|
|
logger.log(eval(line))
|
|
} catch (error) {
|
|
logger.error(error.toString())
|
|
}
|
|
}).on('SIGINT', () => {
|
|
process.exit(0)
|
|
})
|
|
logger.log('DEVELOPMENT MODE: Disabled Nunjucks caching & enabled readline interface')
|
|
}
|
|
} catch (error) {
|
|
logger.error(error)
|
|
process.exit(1)
|
|
}
|
|
})()
|