-
Notifications
You must be signed in to change notification settings - Fork 45
/
app.js
117 lines (109 loc) · 4.24 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
const path = require('path')
const bodyParser = require('body-parser')
const MongoStore = require('connect-mongo')
const cookieParser = require('cookie-parser')
const express = require('express')
const { rateLimit } = require('express-rate-limit')
const session = require('express-session')
const mustache = require('mustache')
const serveStatic = require('serve-static')
const settings = require('./config')
const db = require('./lib/db')
const templates = require('./lib/templates')
const limiter = rateLimit({
windowMs: 5 * 60 * 1000, // 5 minutes
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: false, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
handler: (req, res, next, options) => {
console.log(`Rate Limit: ${req.method} ${req.url} ${req.ip} `)
res.status(options.statusCode).send(options.message)
}
})
;(async function () {
await db.init()
const app = express()
app.use(cookieParser())
if (!settings.maintenance) {
app.use(session({
store: MongoStore.create({
mongoUrl: settings.mongo.url,
touchAfter: 24 * 3600,
collectionName: settings.session.collection || 'sessions_new'
}),
key: settings.session.key,
secret: settings.session.secret,
saveUninitialized: false,
resave: false
}))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true }))
}
app.use('/', serveStatic(path.join(__dirname, 'public')))
if (process.env.FLOW_ENV !== 'PRODUCTION') {
app.use('*', function (req, res, next) {
console.log('>', req.url)
next()
})
}
app.use(limiter)
if (!settings.maintenance) {
app.set('trust proxy', 1)
app.use(require('./routes/index'))
app.use(require('./routes/auth'))
app.use(require('./routes/flows'))
app.use(require('./routes/nodes'))
app.use(require('./routes/admin'))
app.use(require('./routes/users'))
app.use(require('./routes/api'))
app.use(require('./routes/collections'))
app.use(require('./routes/categories'))
app.use(function (err, req, res, next) {
if (err.code !== 'EBADCSRFTOKEN') {
console.log('here', err)
return next(err)
}
// handle CSRF token errors here
res.status(403)
res.send('Invalid request')
let stringBody = ''
if (req.method === 'POST') {
stringBody = req.body
if (typeof req.body === 'object') {
try {
stringBody = JSON.stringify(req.body)
} catch (err) {
}
}
if (typeof stringBody !== 'string') {
stringBody = '' + stringBody
}
if (stringBody.length > 30) {
const l = stringBody.length
stringBody = stringBody.substring(0, 30) + `...[length:${l}]`
}
}
console.log(`CSRF Error: ${req.method} ${req.url} ${req.ip} ${stringBody} `)
})
app.use(function (req, res) {
// We see lots of requests to these paths that we don't want to flood
// the logs with so we missing more interesting things
if (!/^\/(js|flow|node|css|font|jquery|images|font-awesome)\/?$/i.test(req.url)) {
console.log(`404: ${req.method} ${req.url} ${req.ip}`)
}
res.status(404).send(mustache.render(templates['404'], { sessionuser: req.session.user }, templates.partials))
})
} else {
app.use(function (req, res) {
res.send(mustache.render(templates.maintenance, {}, templates.partials))
})
}
app.listen(settings.port || 20982)
console.log(`Listening on http://localhost:${settings.port || 20982}`)
if (process.env.FLOW_ENV === 'PRODUCTION') {
require('./lib/events').add({
action: 'started',
message: 'Flow Library app started'
})
}
})()