thelounge/src/server.js

var _ = require("lodash");
var pkg = require("../package.json");
var bcrypt = require("bcrypt-nodejs");
var Client = require("./client");
var ClientManager = require("./clientManager");
var express = require("express");
var fs = require("fs");
var io = require("socket.io");
var dns = require("dns");
var Helper = require("./helper");

var manager = null;

module.exports = function() {
	manager = new ClientManager();

	var app = express()
		.use(allRequests)
		.use(index)
		.use(express.static("client"));

	var config = Helper.config;
	var server = null;

	if (!config.https.enable) {
		server = require("http");
		server = server.createServer(app).listen(config.port, config.host);
	} else {
		server = require("spdy");
		server = server.createServer({
			key: fs.readFileSync(Helper.expandHome(config.https.key)),
			cert: fs.readFileSync(Helper.expandHome(config.https.certificate))
		}, app).listen(config.port, config.host);
	}

	if (config.identd.enable) {
		if (manager.identHandler) {
			log.warn("Using both identd and oidentd at the same time!");
		}

		require("./identd").start(config.identd.port);
	}

	var sockets = io(server, {
		transports: config.transports
	});

	sockets.on("connect", function(socket) {
		if (config.public) {
			auth.call(socket);
		} else {
			init(socket);
		}
	});

	manager.sockets = sockets;

	var protocol = config.https.enable ? "https" : "http";
	log.info("The Lounge v" + pkg.version + " is now running on", protocol + "://" + (config.host || "*") + ":" + config.port + "/", (config.public ? "in public mode" : "in private mode"));
	log.info("Press ctrl-c to stop\n");

	if (!config.public) {
		manager.loadUsers();
		if (config.autoload) {
			manager.autoload();
		}
	}
};

function getClientIp(req) {
	if (!Helper.config.reverseProxy) {
		return req.connection.remoteAddress;
	} else {
		return req.headers["x-forwarded-for"] || req.connection.remoteAddress;
	}
}

function allRequests(req, res, next) {
	res.setHeader("X-Content-Type-Options", "nosniff");
	return next();
}

function index(req, res, next) {
	if (req.url.split("?")[0] !== "/") {
		return next();
	}

	return fs.readFile("client/index.html", "utf-8", function(err, file) {
		var data = _.merge(
			pkg,
			Helper.config
		);
		var template = _.template(file);
		res.setHeader("Content-Security-Policy", "default-src *; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
		res.setHeader("Content-Type", "text/html");
		res.writeHead(200);
		res.end(template(data));
	});
}

function init(socket, client) {
	if (!client) {
		socket.emit("auth", {success: true});
		socket.on("auth", auth);
	} else {
		socket.on(
			"input",
			function(data) {
				client.input(data);
			}
		);
		socket.on(
			"more",
			function(data) {
				client.more(data);
			}
		);
		socket.on(
			"conn",
			function(data) {
				// prevent people from overriding webirc settings
				data.ip = null;
				data.hostname = null;
				client.connect(data);
			}
		);
		if (!Helper.config.public) {
			socket.on(
				"change-password",
				function(data) {
					var old = data.old_password;
					var p1 = data.new_password;
					var p2 = data.verify_password;
					if (typeof p1 === "undefined" || p1 === "") {
						socket.emit("change-password", {
							error: "Please enter a new password"
						});
						return;
					}
					if (p1 !== p2) {
						socket.emit("change-password", {
							error: "Both new password fields must match"
						});
						return;
					}
					if (!bcrypt.compareSync(old || "", client.config.password)) {
						socket.emit("change-password", {
							error: "The current password field does not match your account password"
						});
						return;
					}

					var salt = bcrypt.genSaltSync(8);
					var hash = bcrypt.hashSync(p1, salt);

					client.setPassword(hash, function(success) {
						var obj = {};

						if (success) {
							obj.success = "Successfully updated your password, all your other sessions were logged out";
							obj.token = client.config.token;
						} else {
							obj.error = "Failed to update your password";
						}

						socket.emit("change-password", obj);
					});
				}
			);
		}
		socket.on(
			"open",
			function(data) {
				client.open(data);
			}
		);
		socket.on(
			"sort",
			function(data) {
				client.sort(data);
			}
		);
		socket.on(
			"names",
			function(data) {
				client.names(data);
			}
		);
		socket.join(client.id);
		socket.emit("init", {
			active: client.activeChannel,
			networks: client.networks,
			token: client.config.token || null
		});
	}
}

function reverseDnsLookup(socket, client) {
	client.ip = getClientIp(socket.request);

	dns.reverse(client.ip, function(err, host) {
		if (!err && host.length) {
			client.hostname = host[0];
		} else {
			client.hostname = client.ip;
		}

		init(socket, client);
	});
}

function auth(data) {
	var socket = this;
	if (Helper.config.public) {
		var client = new Client(manager);
		manager.clients.push(client);
		socket.on("disconnect", function() {
			manager.clients = _.without(manager.clients, client);
			client.quit();
		});
		if (Helper.config.webirc) {
			reverseDnsLookup(socket, client);
		} else {
			init(socket, client);
		}
	} else {
		var success = false;
		_.each(manager.clients, function(client) {
			if (data.token) {
				if (data.token === client.config.token) {
					success = true;
				}
			} else if (client.config.user === data.user) {
				if (bcrypt.compareSync(data.password || "", client.config.password)) {
					success = true;
				}
			}
			if (success) {
				if (Helper.config.webirc !== null && !client.config["ip"]) {
					reverseDnsLookup(socket, client);
				} else {
					init(socket, client);
				}
				return false;
			}
		});
		if (!success) {
			socket.emit("auth", {success: success});
		}
	}
}
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`var _ = require("lodash");`
Rename package variable to pkg, as "package" is reserved. 2016-06-12 02:44:28 +01:00			`var pkg = require("../package.json");`
Use 'bcrypt-nodejs' package 2014-10-03 02:57:35 -07:00			`var bcrypt = require("bcrypt-nodejs");`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`var Client = require("./client");`
			`var ClientManager = require("./clientManager");`
Use express 2014-09-26 15:12:53 -07:00			`var express = require("express");`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`var fs = require("fs");`
			`var io = require("socket.io");`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`var dns = require("dns");`
Load home directory from helper and make it configurable. 2014-09-13 14:23:17 +02:00			`var Helper = require("./helper");`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00
Add support for oidentd spoofing 2016-04-26 16:41:08 -04:00			`var manager = null;`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`module.exports = function() {`
Add support for oidentd spoofing 2016-04-26 16:41:08 -04:00			`manager = new ClientManager();`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00
Use express 2014-09-26 15:12:53 -07:00			`var app = express()`
Add security headers to minimize XSS damage 2016-05-01 20:27:10 +03:00			`.use(allRequests)`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`.use(index)`
Added '--home <path>' option 2014-10-03 16:33:44 -07:00			`.use(express.static("client"));`
add socket.io transports to configuration 2014-11-01 22:06:01 +02:00
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`var config = Helper.config;`
Added https support 2014-09-26 16:26:21 -07:00			`var server = null;`

Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (!config.https.enable) {`
Added https support 2014-09-26 16:26:21 -07:00			`server = require("http");`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`server = server.createServer(app).listen(config.port, config.host);`
Added https support 2014-09-26 16:26:21 -07:00			`} else {`
Add support for HTTP2 2016-03-09 14:04:05 +02:00			`server = require("spdy");`
Added https support 2014-09-26 16:26:21 -07:00			`server = server.createServer({`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`key: fs.readFileSync(Helper.expandHome(config.https.key)),`
			`cert: fs.readFileSync(Helper.expandHome(config.https.certificate))`
			`}, app).listen(config.port, config.host);`
Added https support 2014-09-26 16:26:21 -07:00			`}`

Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (config.identd.enable) {`
Warn the user when both ident handlers are enabled 2016-04-26 16:53:29 -04:00			`if (manager.identHandler) {`
			`log.warn("Using both identd and oidentd at the same time!");`
			`}`

Refactoring 2014-10-11 19:33:28 +02:00			`require("./identd").start(config.identd.port);`
Set up identd and make it work on connection :sunglasses: 2014-10-11 11:09:27 +01:00			`}`

Fix complete crash when refreshing a public instance 2016-02-29 01:19:11 +00:00			`var sockets = io(server, {`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`transports: config.transports`
add socket.io transports to configuration 2014-11-01 22:06:01 +02:00			`});`

Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`sockets.on("connect", function(socket) {`
			`if (config.public) {`
			`auth.call(socket);`
			`} else {`
			`init(socket);`
			`}`
			`});`

Autoload users 2014-09-24 15:23:54 -07:00			`manager.sockets = sockets;`

Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`var protocol = config.https.enable ? "https" : "http";`
			`log.info("The Lounge v" + pkg.version + " is now running on", protocol + "://" + (config.host \|\| "*") + ":" + config.port + "/", (config.public ? "in public mode" : "in private mode"));`
Document supported node version 2016-04-26 13:51:11 +03:00			`log.info("Press ctrl-c to stop\n");`

Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`if (!config.public) {`
Autoload users 2014-09-24 15:23:54 -07:00			`manager.loadUsers();`
			`if (config.autoload) {`
			`manager.autoload();`
			`}`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`}`
			`};`

Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`function getClientIp(req) {`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (!Helper.config.reverseProxy) {`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`return req.connection.remoteAddress;`
			`} else {`
			`return req.headers["x-forwarded-for"] \|\| req.connection.remoteAddress;`
			`}`
			`}`

Add security headers to minimize XSS damage 2016-05-01 20:27:10 +03:00			`function allRequests(req, res, next) {`
			`res.setHeader("X-Content-Type-Options", "nosniff");`
			`return next();`
			`}`

Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`function index(req, res, next) {`
Stricter eslint rule for curly brackets 2016-05-01 12:41:17 +03:00			`if (req.url.split("?")[0] !== "/") {`
			`return next();`
			`}`

Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`return fs.readFile("client/index.html", "utf-8", function(err, file) {`
			`var data = _.merge(`
Rename package variable to pkg, as "package" is reserved. 2016-06-12 02:44:28 +01:00			`pkg,`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`Helper.config`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`);`
Update lodash 2016-02-14 19:09:51 +02:00			`var template = _.template(file);`
Add security headers to minimize XSS damage 2016-05-01 20:27:10 +03:00			`res.setHeader("Content-Security-Policy", "default-src ; style-src 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");`
Server correctly sends text/html MIME type and response code 200 for the root index. 2014-09-13 05:54:17 +01:00			`res.setHeader("Content-Type", "text/html");`
			`res.writeHead(200);`
Update lodash 2016-02-14 19:09:51 +02:00			`res.end(template(data));`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`});`
			`}`

Implement user token persistency 2016-06-01 00:28:31 +03:00			`function init(socket, client) {`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`if (!client) {`
Do not lose authentication token when the connection gets lost 2016-06-01 00:02:10 +03:00			`socket.emit("auth", {success: true});`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`socket.on("auth", auth);`
			`} else {`
			`socket.on(`
			`"input",`
			`function(data) {`
Allow commands on connect 2014-09-09 12:31:23 -07:00			`client.input(data);`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`}`
			`);`
			`socket.on(`
Fix the 'Show More' button 2014-09-10 12:23:56 -07:00			`"more",`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`function(data) {`
Fix the 'Show More' button 2014-09-10 12:23:56 -07:00			`client.more(data);`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`}`
			`);`
			`socket.on(`
			`"conn",`
			`function(data) {`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`// prevent people from overriding webirc settings`
			`data.ip = null;`
			`data.hostname = null;`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`client.connect(data);`
			`}`
			`);`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (!Helper.config.public) {`
frontend password change functionality - refactor clientManager.js to allow configuration parsing as a serparate function. - refactor clientManager.js to add configuration writing function. - add server.js changes to allow for new password-change functionality - add password change ui to "settings" screen - refactor client.js to use new clientManager functionality for saving the configuration files 2016-02-17 00:14:43 +00:00			`socket.on(`
			`"change-password",`
			`function(data) {`
			`var old = data.old_password;`
			`var p1 = data.new_password;`
			`var p2 = data.verify_password;`
			`if (typeof p1 === "undefined" \|\| p1 === "") {`
			`socket.emit("change-password", {`
			`error: "Please enter a new password"`
			`});`
			`return;`
			`}`
			`if (p1 !== p2) {`
			`socket.emit("change-password", {`
			`error: "Both new password fields must match"`
			`});`
			`return;`
			`}`
			`if (!bcrypt.compareSync(old \|\| "", client.config.password)) {`
			`socket.emit("change-password", {`
			`error: "The current password field does not match your account password"`
			`});`
			`return;`
			`}`
Implement user token persistency 2016-06-01 00:28:31 +03:00
frontend password change functionality - refactor clientManager.js to allow configuration parsing as a serparate function. - refactor clientManager.js to add configuration writing function. - add server.js changes to allow for new password-change functionality - add password change ui to "settings" screen - refactor client.js to use new clientManager functionality for saving the configuration files 2016-02-17 00:14:43 +00:00			`var salt = bcrypt.genSaltSync(8);`
			`var hash = bcrypt.hashSync(p1, salt);`
Implement user token persistency 2016-06-01 00:28:31 +03:00
			`client.setPassword(hash, function(success) {`
			`var obj = {};`

			`if (success) {`
			`obj.success = "Successfully updated your password, all your other sessions were logged out";`
			`obj.token = client.config.token;`
			`} else {`
			`obj.error = "Failed to update your password";`
			`}`

			`socket.emit("change-password", obj);`
frontend password change functionality - refactor clientManager.js to allow configuration parsing as a serparate function. - refactor clientManager.js to add configuration writing function. - add server.js changes to allow for new password-change functionality - add password change ui to "settings" screen - refactor client.js to use new clientManager functionality for saving the configuration files 2016-02-17 00:14:43 +00:00			`});`
			`}`
			`);`
			`}`
Server-side tracking of new message count 2014-09-21 09:46:43 -07:00			`socket.on(`
			`"open",`
			`function(data) {`
			`client.open(data);`
			`}`
Sync sidebar order 2014-09-24 12:42:36 -07:00			`);`
			`socket.on(`
			`"sort",`
			`function(data) {`
			`client.sort(data);`
			`}`
			`);`
Only update the users list when needed Currently, for join/part/kick/nick/... the server will send an updated list of users and the client will re-render the list entirely. This ends up being a very expensive operation when joined on large channels and causes the client to slow down a lot. 2016-02-16 21:29:44 -05:00			`socket.on(`
			`"names",`
			`function(data) {`
			`client.names(data);`
			`}`
			`);`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`socket.join(client.id);`
			`socket.emit("init", {`
Server-side tracking of new message count 2014-09-21 09:46:43 -07:00			`active: client.activeChannel,`
Added 'Remember' login option 2014-09-15 14:13:03 -07:00			`networks: client.networks,`
src/client: make sure config is always an object 2016-06-30 15:06:07 +02:00			`token: client.config.token \|\| null`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`});`
			`}`
			`}`

Implement user token persistency 2016-06-01 00:28:31 +03:00			`function reverseDnsLookup(socket, client) {`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`client.ip = getClientIp(socket.request);`

			`dns.reverse(client.ip, function(err, host) {`
			`if (!err && host.length) {`
			`client.hostname = host[0];`
			`} else {`
			`client.hostname = client.ip;`
			`}`

Implement user token persistency 2016-06-01 00:28:31 +03:00			`init(socket, client);`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`});`
			`}`

Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`function auth(data) {`
			`var socket = this;`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (Helper.config.public) {`
Fix complete crash when refreshing a public instance 2016-02-29 01:19:11 +00:00			`var client = new Client(manager);`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`manager.clients.push(client);`
			`socket.on("disconnect", function() {`
			`manager.clients = _.without(manager.clients, client);`
			`client.quit();`
			`});`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (Helper.config.webirc) {`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`reverseDnsLookup(socket, client);`
			`} else {`
			`init(socket, client);`
			`}`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`} else {`
Added password hashing 2014-09-11 13:37:16 -07:00			`var success = false;`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`_.each(manager.clients, function(client) {`
Added 'Remember' login option 2014-09-15 14:13:03 -07:00			`if (data.token) {`
Implement user token persistency 2016-06-01 00:28:31 +03:00			`if (data.token === client.config.token) {`
Added 'Remember' login option 2014-09-15 14:13:03 -07:00			`success = true;`
			`}`
Comply with ESLint 2015-10-01 00:39:57 +02:00			`} else if (client.config.user === data.user) {`
Fix login 2014-09-14 12:13:34 -07:00			`if (bcrypt.compareSync(data.password \|\| "", client.config.password)) {`
Added password hashing 2014-09-11 13:37:16 -07:00			`success = true;`
			`}`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`}`
Added 'Remember' login option 2014-09-15 14:13:03 -07:00			`if (success) {`
Cache loaded config and merge it with defaults Fixes #249 2016-06-08 12:26:24 +03:00			`if (Helper.config.webirc !== null && !client.config["ip"]) {`
Implement user token persistency 2016-06-01 00:28:31 +03:00			`reverseDnsLookup(socket, client);`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`} else {`
Implement user token persistency 2016-06-01 00:28:31 +03:00			`init(socket, client);`
Add WEBIRC support Fixes #181 2016-04-03 01:12:49 -04:00			`}`
Fix login 2014-09-16 10:42:49 -07:00			`return false;`
Added 'Remember' login option 2014-09-15 14:13:03 -07:00			`}`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`});`
			`if (!success) {`
Do not lose authentication token when the connection gets lost 2016-06-01 00:02:10 +03:00			`socket.emit("auth", {success: success});`
Run private server by default Use `shout start --public` or edit your `config.json` to override. 2014-08-14 09:35:37 -07:00			`}`
			`}`
			`}`