mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2024-12-13 16:06:21 +00:00
c8a5f7be16
Resolves #192 This added 2 new dependencies: content-disposition BobbyWibowo/serve-static content-disposition: This has fallback generation for file names that are outside ISO-8859-1. Plus it was already a sub-dependency due to express to begin with. BobbyWibowo/serve-static: A fork of express/serve-static to allow specifying an async setHeaders function by the name preSetHeaders, that will be awaited before creating send stream to clients.
342 lines
11 KiB
JavaScript
342 lines
11 KiB
JavaScript
const bodyParser = require('body-parser')
|
|
const clamd = require('clamdjs')
|
|
const contentDisposition = require('content-disposition')
|
|
const express = require('express')
|
|
const helmet = require('helmet')
|
|
const nunjucks = require('nunjucks')
|
|
const path = require('path')
|
|
const RateLimit = require('express-rate-limit')
|
|
const readline = require('readline')
|
|
const serveStatic = require('serve-static')
|
|
const config = require('./config')
|
|
const logger = require('./logger')
|
|
const versions = require('./src/versions')
|
|
const safe = express()
|
|
|
|
logger.log('Starting lolisafe\u2026')
|
|
|
|
process.on('uncaughtException', error => {
|
|
logger.error(error, { prefix: 'Uncaught Exception: ' })
|
|
})
|
|
process.on('unhandledRejection', error => {
|
|
logger.error(error, { prefix: 'Unhandled Rejection (Promise): ' })
|
|
})
|
|
|
|
const paths = require('./controllers/pathsController')
|
|
const utils = require('./controllers/utilsController')
|
|
|
|
const album = require('./routes/album')
|
|
const api = require('./routes/api')
|
|
const nojs = require('./routes/nojs')
|
|
|
|
const db = require('knex')(config.database)
|
|
|
|
safe.use(helmet({
|
|
contentSecurityPolicy: false,
|
|
hsts: false
|
|
}))
|
|
|
|
if (config.hsts instanceof Object && Object.keys(config.hsts).length)
|
|
safe.use(helmet.hsts(config.hsts))
|
|
|
|
if (config.trustProxy)
|
|
safe.set('trust proxy', 1)
|
|
|
|
// https://mozilla.github.io/nunjucks/api.html#configure
|
|
nunjucks.configure('views', {
|
|
autoescape: true,
|
|
express: safe,
|
|
noCache: process.env.NODE_ENV === 'development'
|
|
})
|
|
safe.set('view engine', 'njk')
|
|
safe.enable('view cache')
|
|
|
|
// Configure rate limits
|
|
if (Array.isArray(config.rateLimits) && config.rateLimits.length)
|
|
for (const rateLimit of config.rateLimits) {
|
|
const limiter = new RateLimit(rateLimit.config)
|
|
for (const route of rateLimit.routes)
|
|
safe.use(route, limiter)
|
|
}
|
|
|
|
safe.use(bodyParser.urlencoded({ extended: true }))
|
|
safe.use(bodyParser.json())
|
|
|
|
let cdnPages
|
|
let setHeaders = res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
}
|
|
|
|
const initServeStaticUploads = (opts = {}) => {
|
|
if (config.setContentDisposition) {
|
|
opts.preSetHeaders = async (res, path) => {
|
|
// Do only if accessing files from uploads' root directory (i.e. not thumbs, etc.)
|
|
// and only if they're GET requests
|
|
if (path.indexOf('/', 1) === -1 && res.req.method === 'GET') {
|
|
const name = path.substring(1)
|
|
try {
|
|
const file = await db.table('files')
|
|
.where('name', name)
|
|
.select('original')
|
|
.first()
|
|
res.set('Content-Disposition', contentDisposition(file.original, { type: 'inline' }))
|
|
} catch (error) {
|
|
logger.error(error)
|
|
}
|
|
}
|
|
}
|
|
// serveStatic is just a modified express/serve-static module that allows specifying
|
|
// an async setHeaders function by the name preSetHeaders.
|
|
// The module will wait for the said function before creating send stream to client.
|
|
safe.use('/', serveStatic(paths.uploads, opts))
|
|
} else {
|
|
safe.use('/', express.static(paths.uploads, opts))
|
|
}
|
|
}
|
|
|
|
// Cache control (safe.fiery.me)
|
|
if (config.cacheControl) {
|
|
const cacheControls = {
|
|
// max-age: 6 months
|
|
static: 'public, max-age=15778800, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800',
|
|
// s-max-age: 6 months (only cache in CDN)
|
|
cdn: 's-max-age=15778800, proxy-revalidate, stale-while-revalidate=86400, stale-if-error=604800',
|
|
// validate cache's validity before using them (soft cache)
|
|
validate: 'no-cache',
|
|
// do not use cache at all
|
|
disable: 'no-store'
|
|
}
|
|
|
|
// By default soft cache everything
|
|
safe.use('/', (req, res, next) => {
|
|
res.set('Cache-Control', cacheControls.validate)
|
|
next()
|
|
})
|
|
|
|
// If using CDN, cache public pages in CDN
|
|
if (config.cacheControl !== 2) {
|
|
cdnPages = config.pages.concat(['api/check'])
|
|
for (const page of cdnPages)
|
|
safe.use(`/${page === 'home' ? '' : page}`, (req, res, next) => {
|
|
res.set('Cache-Control', cacheControls.cdn)
|
|
next()
|
|
})
|
|
}
|
|
|
|
// If serving uploads with node
|
|
if (config.serveFilesWithNode)
|
|
initServeStaticUploads({
|
|
setHeaders: res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
// If using CDN, cache uploads in CDN as well
|
|
// Use with cloudflare.purgeCache enabled in config file
|
|
if (config.cacheControl !== 2)
|
|
res.set('Cache-Control', cacheControls.cdn)
|
|
}
|
|
})
|
|
|
|
// Function for static assets.
|
|
// This requires the assets to use version in their query string,
|
|
// as they will be cached by clients for a very long time.
|
|
setHeaders = res => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
res.set('Cache-Control', cacheControls.static)
|
|
}
|
|
|
|
// Consider album ZIPs static as well, since they use version in their query string
|
|
safe.use(['/api/album/zip'], (req, res, next) => {
|
|
res.set('Access-Control-Allow-Origin', '*')
|
|
const versionString = parseInt(req.query.v)
|
|
if (versionString > 0)
|
|
res.set('Cache-Control', cacheControls.static)
|
|
else
|
|
res.set('Cache-Control', cacheControls.disable)
|
|
next()
|
|
})
|
|
} else if (config.serveFilesWithNode) {
|
|
initServeStaticUploads()
|
|
}
|
|
|
|
// Static assets
|
|
safe.use('/', express.static(paths.public, { setHeaders }))
|
|
safe.use('/', express.static(paths.dist, { setHeaders }))
|
|
|
|
safe.use('/', album)
|
|
safe.use('/', nojs)
|
|
safe.use('/api', api)
|
|
|
|
;(async () => {
|
|
try {
|
|
// Init database
|
|
await require('./database/db.js')(db)
|
|
|
|
// Verify paths, create missing ones, clean up temp ones
|
|
await paths.init()
|
|
|
|
if (!Array.isArray(config.pages) || !config.pages.length) {
|
|
logger.error('Config file does not have any frontend pages enabled')
|
|
process.exit(1)
|
|
}
|
|
|
|
// Re-map version strings if cache control is enabled (safe.fiery.me)
|
|
utils.versionStrings = {}
|
|
if (config.cacheControl) {
|
|
for (const type in versions)
|
|
utils.versionStrings[type] = `?_=${versions[type]}`
|
|
if (versions['1'])
|
|
utils.clientVersion = versions['1']
|
|
}
|
|
|
|
// Cookie Policy
|
|
if (config.cookiePolicy)
|
|
config.pages.push('cookiepolicy')
|
|
|
|
// Check for custom pages, otherwise fallback to Nunjucks templates
|
|
for (const page of config.pages) {
|
|
const customPage = path.join(paths.customPages, `${page}.html`)
|
|
if (!await paths.access(customPage).catch(() => true))
|
|
safe.get(`/${page === 'home' ? '' : page}`, (req, res, next) => res.sendFile(customPage))
|
|
else if (page === 'home')
|
|
safe.get('/', (req, res, next) => res.render(page, {
|
|
config,
|
|
versions: utils.versionStrings,
|
|
gitHash: utils.gitHash
|
|
}))
|
|
else
|
|
safe.get(`/${page}`, (req, res, next) => res.render(page, {
|
|
config,
|
|
versions: utils.versionStrings
|
|
}))
|
|
}
|
|
|
|
// Error pages
|
|
safe.use((req, res, next) => {
|
|
res.setHeader('Cache-Control', 'no-store')
|
|
res.status(404).sendFile(path.join(paths.errorRoot, config.errorPages[404]))
|
|
})
|
|
|
|
safe.use((error, req, res, next) => {
|
|
logger.error(error)
|
|
res.setHeader('Cache-Control', 'no-store')
|
|
res.status(500).sendFile(path.join(paths.errorRoot, config.errorPages[500]))
|
|
})
|
|
|
|
// Git hash
|
|
if (config.showGitHash) {
|
|
utils.gitHash = await new Promise((resolve, reject) => {
|
|
require('child_process').exec('git rev-parse HEAD', (error, stdout) => {
|
|
if (error) return reject(error)
|
|
resolve(stdout.replace(/\n$/, ''))
|
|
})
|
|
})
|
|
logger.log(`Git commit: ${utils.gitHash}`)
|
|
}
|
|
|
|
// Clamd scanner
|
|
if (config.uploads.scan && config.uploads.scan.enabled) {
|
|
const { ip, port } = config.uploads.scan
|
|
const version = await clamd.version(ip, port)
|
|
logger.log(`${ip}:${port} ${version}`)
|
|
|
|
utils.clamd.scanner = clamd.createScanner(ip, port)
|
|
if (!utils.clamd.scanner)
|
|
throw 'Could not create clamd scanner'
|
|
}
|
|
|
|
// Cache file identifiers
|
|
if (config.uploads.cacheFileIdentifiers) {
|
|
utils.idSet = await db.table('files')
|
|
.select('name')
|
|
.then(rows => {
|
|
return new Set(rows.map(row => row.name.split('.')[0]))
|
|
})
|
|
logger.log(`Cached ${utils.idSet.size} file identifiers`)
|
|
}
|
|
|
|
// Binds Express to port
|
|
await new Promise(resolve => safe.listen(config.port, () => resolve()))
|
|
logger.log(`lolisafe started on port ${config.port}`)
|
|
|
|
// Cache control (safe.fiery.me)
|
|
// Purge Cloudflare cache
|
|
if (config.cacheControl && config.cacheControl !== 2)
|
|
if (config.cloudflare.purgeCache) {
|
|
logger.log('Cache control enabled, purging Cloudflare\'s cache...')
|
|
const results = await utils.purgeCloudflareCache(cdnPages)
|
|
let errored = false
|
|
let succeeded = 0
|
|
for (const result of results) {
|
|
if (result.errors.length) {
|
|
if (!errored) errored = true
|
|
result.errors.forEach(error => logger.log(`[CF]: ${error}`))
|
|
continue
|
|
}
|
|
succeeded += result.files.length
|
|
}
|
|
if (!errored)
|
|
logger.log(`Successfully purged ${succeeded} cache`)
|
|
} else {
|
|
logger.log('Cache control enabled without Cloudflare\'s cache purging')
|
|
}
|
|
|
|
// Temporary uploads (only check for expired uploads if config.uploads.temporaryUploadsInterval is also set)
|
|
if (Array.isArray(config.uploads.temporaryUploadAges) &&
|
|
config.uploads.temporaryUploadAges.length &&
|
|
config.uploads.temporaryUploadsInterval) {
|
|
let temporaryUploadsInProgress = false
|
|
const temporaryUploadCheck = async () => {
|
|
if (temporaryUploadsInProgress)
|
|
return
|
|
|
|
temporaryUploadsInProgress = true
|
|
try {
|
|
const result = await utils.bulkDeleteExpired()
|
|
|
|
if (result.expired.length) {
|
|
let logMessage = `Expired uploads: ${result.expired.length} deleted`
|
|
if (result.failed.length)
|
|
logMessage += `, ${result.failed.length} errored`
|
|
|
|
logger.log(logMessage)
|
|
}
|
|
} catch (error) {
|
|
// Simply print-out errors, then continue
|
|
logger.error(error)
|
|
}
|
|
|
|
temporaryUploadsInProgress = false
|
|
}
|
|
|
|
temporaryUploadCheck()
|
|
setInterval(temporaryUploadCheck, config.uploads.temporaryUploadsInterval)
|
|
}
|
|
|
|
// NODE_ENV=development yarn start
|
|
if (process.env.NODE_ENV === 'development') {
|
|
// Add readline interface to allow evaluating arbitrary JavaScript from console
|
|
readline.createInterface({
|
|
input: process.stdin,
|
|
output: process.stdout,
|
|
prompt: ''
|
|
}).on('line', line => {
|
|
try {
|
|
if (line === 'rs')
|
|
return
|
|
if (line === '.exit')
|
|
return process.exit(0)
|
|
// eslint-disable-next-line no-eval
|
|
logger.log(eval(line))
|
|
} catch (error) {
|
|
logger.error(error.toString())
|
|
}
|
|
}).on('SIGINT', () => {
|
|
process.exit(0)
|
|
})
|
|
logger.log('DEVELOPMENT MODE: Disabled Nunjucks caching & enabled readline interface')
|
|
}
|
|
} catch (error) {
|
|
logger.error(error)
|
|
process.exit(1)
|
|
}
|
|
})()
|