mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-01-18 13:32:58 +01:00
d20b07cfea
* feat: webpack 5 part 1 * fix: gruntfile fixes * fix: fix taskbar warning add app.importScript copy public/src/modules to build folder * refactor: remove commented old code * feat: reenable admin * fix: acp settings pages, fix sortable on manage categories embedded require in html not allowed * fix: bundle serialize/deserizeli so plugins dont break * test: fixe util tests * test: fix require path * test: more test fixes * test: require correct utils module * test: require correct utils * test: log stack * test: fix db require blowing up tests * test: move and disable bundle test * refactor: add aliases * test: disable testing route * fix: move webpack modules necessary for build, into `dependencies` * test: fix one more test remove 500-embed.tpl * fix: restore use of assets/nodebb.min.js, at least for now * fix: remove unnecessary line break * fix: point to proper ACP bundle * test: maybe fix build test * test: composer * refactor: dont need dist * refactor: more cleanup use everything from build/public folder * get rid of conditional import in app.js * fix: ace * refactor: cropper alias * test: lint and test fixes * lint: fix * refactor: rename function to app.require * refactor: go back to using app.require * chore: use github branch * chore: use webpack branch * feat: webpack webinstaller * feat: add chunkFile name with contenthash * refactor: move hooks to top * refactor: get rid of template500Function * fix(deps): use webpack5 branch of 2factor plugin * chore: tagging v2.0.0-beta.0 pre-release version 💥 :shipit: 🎉 🚀 * refactor: disable cache on templates loadTemplate is called once by benchpress and the result is cache internally * refactor: add server side helpers.js * feat: deprecate /plugins shorthand route, closes #10343 * refactor: use build/public for webpack * test: fix filename * fix: more specific selector * lint: ignore * refactor: fix comments * test: add debug for random failing test * refactor: cleanup remove test page, remove dupe functions in utils.common * lint: use relative path for now * chore: bump prerelease version * feat: add translateKeys * fix: optional params * fix: get rid of extra timeago files * refactor: cleanup, require timeago locale earlier remove translator.prepareDOM, it is in header.tpl html tag * refactor: privileges system to use a Map in the backend instead of separate objects for keys and labels (#10378) * refactor: privileges system to use a Map in the backend instead of separate objects for keys and labels - Existing hooks are preserved (to be deprecated at a later date, possibly) - New init hooks are called on NodeBB start, and provide a one-stop shop to add new privileges, instead of having to add to four different hooks * docs: fix typo in comment * test: spec changes * refactor: privileges system to use a Map in the backend instead of separate objects for keys and labels (#10378) * refactor: privileges system to use a Map in the backend instead of separate objects for keys and labels - Existing hooks are preserved (to be deprecated at a later date, possibly) - New init hooks are called on NodeBB start, and provide a one-stop shop to add new privileges, instead of having to add to four different hooks * docs: fix typo in comment * test: spec changes * feat: allow app.require('bootbox'/'benchpressjs') * refactor: require server side utils * test: jquery ready * change istaller to use build/public * test: use document.addEventListener * refactor: closes #10301 * refactor: generateTopicClass * fix: column counts for other privileges * fix: #10443, regression where sorted-list items did not render into the DOM in the predicted order [breaking] * fix: typo in hook name * refactor: introduce a generic autocomplete.init() method that can be called to add nodebb-style autocompletion but using different data sources (e.g. not user/groups/tags) * fix: crash if `delay` not passed in (as it cannot be destructured) * refactor: replace substr * feat: set --panel-offset style in html element based on stored value in localStorage * refactor: addDropupHandler() logic to be less naive - Take into account height of the menu - Don't apply dropUp logic if there's nothing in the dropdown - Remove 'hidden' class (added by default in Persona for post tools) when menu items are added closes #10423 * refactor: simplify utils.params [breaking] Retrospective analysis of the usage of this method suggests that the options passed in are superfluous, and that only `url` is required. Using a browser built-in makes more sense to accomplish what this method sets out to do. * feat: add support for returning full URLSearchParams for utils.params * fix: utils.params() fallback handling * fix: default empty obj for params() * fix: remove \'loggedin\' and \'register\' qs parameters once they have been used, delay invocation of messages until ajaxify.end * fix: utils.params() not allowing relative paths to be passed in * refactor(DRY): new assertPasswordValidity utils method * fix: incorrect error message returned on insufficient privilege on flag edit * fix: read/update/delete access to flags API should be limited for moderators to only post flags in categories they moderate - added failing tests and patched up middleware.assert.flags to fix * refactor: flag api v3 tests to create new post and flags on every round * fix: missing error:no-flag language key * refactor: flags.canView to check flag existence, simplify middleware.assert.flag * feat: flag deletion API endpoint, #10426 * feat: UI for flag deletion, closes #10426 * chore: update plugin versions * chore: up emoji * chore: update markdown * chore: up emoji-android * fix: regression caused by utils.params() refactor, supports arrays and pipes all values through utils.toType, adjusts tests to type check Co-authored-by: Julian Lam <julian@nodebb.org>
338 lines
9.4 KiB
JavaScript
338 lines
9.4 KiB
JavaScript
|
|
'use strict';
|
|
|
|
const fs = require('fs');
|
|
const util = require('util');
|
|
const path = require('path');
|
|
const os = require('os');
|
|
const nconf = require('nconf');
|
|
const express = require('express');
|
|
const chalk = require('chalk');
|
|
|
|
const app = express();
|
|
app.renderAsync = util.promisify((tpl, data, callback) => app.render(tpl, data, callback));
|
|
let server;
|
|
const winston = require('winston');
|
|
const flash = require('connect-flash');
|
|
const bodyParser = require('body-parser');
|
|
const cookieParser = require('cookie-parser');
|
|
const session = require('express-session');
|
|
const useragent = require('express-useragent');
|
|
const favicon = require('serve-favicon');
|
|
const detector = require('spider-detector');
|
|
const helmet = require('helmet');
|
|
|
|
const Benchpress = require('benchpressjs');
|
|
const db = require('./database');
|
|
const analytics = require('./analytics');
|
|
const file = require('./file');
|
|
const emailer = require('./emailer');
|
|
const meta = require('./meta');
|
|
const logger = require('./logger');
|
|
const plugins = require('./plugins');
|
|
const flags = require('./flags');
|
|
const topicEvents = require('./topics/events');
|
|
const privileges = require('./privileges');
|
|
const routes = require('./routes');
|
|
const auth = require('./routes/authentication');
|
|
|
|
const helpers = require('./helpers');
|
|
|
|
if (nconf.get('ssl')) {
|
|
server = require('https').createServer({
|
|
key: fs.readFileSync(nconf.get('ssl').key),
|
|
cert: fs.readFileSync(nconf.get('ssl').cert),
|
|
}, app);
|
|
} else {
|
|
server = require('http').createServer(app);
|
|
}
|
|
|
|
module.exports.server = server;
|
|
module.exports.app = app;
|
|
|
|
server.on('error', (err) => {
|
|
if (err.code === 'EADDRINUSE') {
|
|
winston.error(`NodeBB address in use, exiting...\n${err.stack}`);
|
|
} else {
|
|
winston.error(err.stack);
|
|
}
|
|
|
|
throw err;
|
|
});
|
|
|
|
// see https://github.com/isaacs/server-destroy/blob/master/index.js
|
|
const connections = {};
|
|
server.on('connection', (conn) => {
|
|
const key = `${conn.remoteAddress}:${conn.remotePort}`;
|
|
connections[key] = conn;
|
|
conn.on('close', () => {
|
|
delete connections[key];
|
|
});
|
|
});
|
|
|
|
exports.destroy = function (callback) {
|
|
server.close(callback);
|
|
for (const connection of Object.values(connections)) {
|
|
connection.destroy();
|
|
}
|
|
};
|
|
|
|
exports.listen = async function () {
|
|
emailer.registerApp(app);
|
|
setupExpressApp(app);
|
|
helpers.register();
|
|
logger.init(app);
|
|
await initializeNodeBB();
|
|
winston.info('NodeBB Ready');
|
|
|
|
require('./socket.io').server.emit('event:nodebb.ready', {
|
|
'cache-buster': meta.config['cache-buster'],
|
|
hostname: os.hostname(),
|
|
});
|
|
|
|
plugins.hooks.fire('action:nodebb.ready');
|
|
|
|
await listen();
|
|
};
|
|
|
|
async function initializeNodeBB() {
|
|
const middleware = require('./middleware');
|
|
await meta.themes.setupPaths();
|
|
await plugins.init(app, middleware);
|
|
await plugins.hooks.fire('static:assets.prepare', {});
|
|
await plugins.hooks.fire('static:app.preload', {
|
|
app: app,
|
|
middleware: middleware,
|
|
});
|
|
await routes(app, middleware);
|
|
await privileges.init();
|
|
await meta.blacklist.load();
|
|
await flags.init();
|
|
await analytics.init();
|
|
await topicEvents.init();
|
|
}
|
|
|
|
function setupExpressApp(app) {
|
|
const middleware = require('./middleware');
|
|
const pingController = require('./controllers/ping');
|
|
|
|
const relativePath = nconf.get('relative_path');
|
|
const viewsDir = nconf.get('views_dir');
|
|
|
|
app.engine('tpl', (filepath, data, next) => {
|
|
filepath = filepath.replace(/\.tpl$/, '.js');
|
|
|
|
Benchpress.__express(filepath, data, next);
|
|
});
|
|
app.set('view engine', 'tpl');
|
|
app.set('views', viewsDir);
|
|
app.set('json spaces', global.env === 'development' ? 4 : 0);
|
|
app.use(flash());
|
|
|
|
app.enable('view cache');
|
|
|
|
if (global.env !== 'development') {
|
|
app.enable('cache');
|
|
app.enable('minification');
|
|
}
|
|
|
|
if (meta.config.useCompression) {
|
|
const compression = require('compression');
|
|
app.use(compression());
|
|
}
|
|
if (relativePath) {
|
|
app.use((req, res, next) => {
|
|
if (!req.path.startsWith(relativePath)) {
|
|
return require('./controllers/helpers').redirect(res, req.path);
|
|
}
|
|
next();
|
|
});
|
|
}
|
|
|
|
app.get(`${relativePath}/ping`, pingController.ping);
|
|
app.get(`${relativePath}/sping`, pingController.ping);
|
|
|
|
setupFavicon(app);
|
|
|
|
app.use(`${relativePath}/apple-touch-icon`, middleware.routeTouchIcon);
|
|
|
|
configureBodyParser(app);
|
|
|
|
app.use(cookieParser(nconf.get('secret')));
|
|
app.use(useragent.express());
|
|
app.use(detector.middleware());
|
|
app.use(session({
|
|
store: db.sessionStore,
|
|
secret: nconf.get('secret'),
|
|
key: nconf.get('sessionKey'),
|
|
cookie: setupCookie(),
|
|
resave: nconf.get('sessionResave') || false,
|
|
saveUninitialized: nconf.get('sessionSaveUninitialized') || false,
|
|
}));
|
|
|
|
setupHelmet(app);
|
|
|
|
app.use(middleware.addHeaders);
|
|
app.use(middleware.processRender);
|
|
auth.initialize(app, middleware);
|
|
const als = require('./als');
|
|
app.use((req, res, next) => {
|
|
als.run({ uid: req.uid }, next);
|
|
});
|
|
app.use(middleware.autoLocale); // must be added after auth middlewares are added
|
|
|
|
const toobusy = require('toobusy-js');
|
|
toobusy.maxLag(meta.config.eventLoopLagThreshold);
|
|
toobusy.interval(meta.config.eventLoopInterval);
|
|
}
|
|
|
|
function setupHelmet(app) {
|
|
/**
|
|
* The only reason why these middlewares are all explicitly spelled out is because
|
|
* helmet.contentSecurityPolicy() is too restrictive and breaks plugins.
|
|
*
|
|
* It should be implemented in the future... 🔜
|
|
*/
|
|
if (meta.config['cross-origin-embedder-policy']) {
|
|
app.use(helmet.crossOriginEmbedderPolicy());
|
|
}
|
|
app.use(helmet.crossOriginOpenerPolicy());
|
|
app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
|
|
app.use(helmet.dnsPrefetchControl());
|
|
app.use(helmet.expectCt());
|
|
app.use(helmet.frameguard());
|
|
app.use(helmet.hidePoweredBy());
|
|
if (meta.config['hsts-enabled']) {
|
|
app.use(helmet.hsts({
|
|
maxAge: meta.config['hsts-maxage'],
|
|
includeSubDomains: !!meta.config['hsts-subdomains'],
|
|
preload: !!meta.config['hsts-preload'],
|
|
}));
|
|
}
|
|
app.use(helmet.ieNoOpen());
|
|
app.use(helmet.noSniff());
|
|
app.use(helmet.originAgentCluster());
|
|
app.use(helmet.permittedCrossDomainPolicies());
|
|
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
|
|
app.use(helmet.xssFilter());
|
|
}
|
|
|
|
|
|
function setupFavicon(app) {
|
|
let faviconPath = meta.config['brand:favicon'] || 'favicon.ico';
|
|
faviconPath = path.join(nconf.get('base_dir'), 'public', faviconPath.replace(/assets\/uploads/, 'uploads'));
|
|
if (file.existsSync(faviconPath)) {
|
|
app.use(nconf.get('relative_path'), favicon(faviconPath));
|
|
}
|
|
}
|
|
|
|
function configureBodyParser(app) {
|
|
const urlencodedOpts = nconf.get('bodyParser:urlencoded') || {};
|
|
if (!urlencodedOpts.hasOwnProperty('extended')) {
|
|
urlencodedOpts.extended = true;
|
|
}
|
|
app.use(bodyParser.urlencoded(urlencodedOpts));
|
|
|
|
const jsonOpts = nconf.get('bodyParser:json') || {};
|
|
app.use(bodyParser.json(jsonOpts));
|
|
}
|
|
|
|
function setupCookie() {
|
|
const cookie = meta.configs.cookie.get();
|
|
const ttl = meta.getSessionTTLSeconds() * 1000;
|
|
cookie.maxAge = ttl;
|
|
|
|
return cookie;
|
|
}
|
|
|
|
async function listen() {
|
|
let port = nconf.get('port');
|
|
const isSocket = isNaN(port) && !Array.isArray(port);
|
|
const socketPath = isSocket ? nconf.get('port') : '';
|
|
|
|
if (Array.isArray(port)) {
|
|
if (!port.length) {
|
|
winston.error('[startup] empty ports array in config.json');
|
|
process.exit();
|
|
}
|
|
|
|
winston.warn('[startup] If you want to start nodebb on multiple ports please use loader.js');
|
|
winston.warn(`[startup] Defaulting to first port in array, ${port[0]}`);
|
|
port = port[0];
|
|
if (!port) {
|
|
winston.error('[startup] Invalid port, exiting');
|
|
process.exit();
|
|
}
|
|
}
|
|
port = parseInt(port, 10);
|
|
if ((port !== 80 && port !== 443) || nconf.get('trust_proxy') === true) {
|
|
winston.info('Enabling \'trust proxy\'');
|
|
app.enable('trust proxy');
|
|
}
|
|
|
|
if ((port === 80 || port === 443) && process.env.NODE_ENV !== 'development') {
|
|
winston.info('Using ports 80 and 443 is not recommend; use a proxy instead. See README.md');
|
|
}
|
|
|
|
const bind_address = ((nconf.get('bind_address') === '0.0.0.0' || !nconf.get('bind_address')) ? '0.0.0.0' : nconf.get('bind_address'));
|
|
const args = isSocket ? [socketPath] : [port, bind_address];
|
|
let oldUmask;
|
|
|
|
if (isSocket) {
|
|
oldUmask = process.umask('0000');
|
|
try {
|
|
await exports.testSocket(socketPath);
|
|
} catch (err) {
|
|
winston.error(`[startup] NodeBB was unable to secure domain socket access (${socketPath})\n${err.stack}`);
|
|
throw err;
|
|
}
|
|
}
|
|
|
|
return new Promise((resolve, reject) => {
|
|
server.listen(...args.concat([function (err) {
|
|
const onText = `${isSocket ? socketPath : `${bind_address}:${port}`}`;
|
|
if (err) {
|
|
winston.error(`[startup] NodeBB was unable to listen on: ${chalk.yellow(onText)}`);
|
|
reject(err);
|
|
}
|
|
|
|
winston.info(`NodeBB is now listening on: ${chalk.yellow(onText)}`);
|
|
winston.info(`Canonical URL: ${chalk.yellow(nconf.get('url'))}`);
|
|
if (oldUmask) {
|
|
process.umask(oldUmask);
|
|
}
|
|
resolve();
|
|
}]));
|
|
});
|
|
}
|
|
|
|
exports.testSocket = async function (socketPath) {
|
|
if (typeof socketPath !== 'string') {
|
|
throw new Error(`invalid socket path : ${socketPath}`);
|
|
}
|
|
const net = require('net');
|
|
const file = require('./file');
|
|
const exists = await file.exists(socketPath);
|
|
if (!exists) {
|
|
return;
|
|
}
|
|
return new Promise((resolve, reject) => {
|
|
const testSocket = new net.Socket();
|
|
testSocket.on('error', (err) => {
|
|
if (err.code !== 'ECONNREFUSED') {
|
|
return reject(err);
|
|
}
|
|
// The socket was stale, kick it out of the way
|
|
fs.unlink(socketPath, (err) => {
|
|
if (err) reject(err); else resolve();
|
|
});
|
|
});
|
|
testSocket.connect({ path: socketPath }, () => {
|
|
// Something's listening here, abort
|
|
reject(new Error('port-in-use'));
|
|
});
|
|
});
|
|
};
|
|
|
|
require('./promisify')(exports);
|