thelounge/src/server.js

457 lines
10 KiB
JavaScript
Raw Normal View History

"use strict";
var _ = require("lodash");
var pkg = require("../package.json");
var Client = require("./client");
var ClientManager = require("./clientManager");
2014-09-26 22:12:53 +00:00
var express = require("express");
var expressHandlebars = require("express-handlebars");
var fs = require("fs");
var path = require("path");
var io = require("socket.io");
2016-04-03 05:12:49 +00:00
var dns = require("dns");
var Helper = require("./helper");
var ldapAuth = require("./plugins/auth/ldap");
var localAuth = require("./plugins/auth/local");
2016-11-18 17:25:23 +00:00
var colors = require("colors/safe");
2017-06-11 19:33:04 +00:00
const net = require("net");
const Identification = require("./identification");
2016-04-26 20:41:08 +00:00
var manager = null;
module.exports = function() {
log.info(`The Lounge ${colors.green(Helper.getVersion())} \
(node ${colors.green(process.versions.node)} on ${colors.green(process.platform)} ${process.arch})`);
log.info(`Configuration file: ${colors.green(Helper.CONFIG_PATH)}`);
if (!fs.existsSync("client/js/bundle.js")) {
log.error(`The client application was not built. Run ${colors.bold("NODE_ENV=production npm run build")} to resolve this.`);
process.exit();
}
2014-09-26 22:12:53 +00:00
var app = express()
.use(allRequests)
.use(index)
.use(express.static("client"))
.use("/storage/", express.static(Helper.getStoragePath(), {
redirect: false,
maxAge: 86400 * 1000,
}))
.engine("html", expressHandlebars({
extname: ".html",
helpers: {
tojson: (c) => JSON.stringify(c)
}
}))
.set("view engine", "html")
.set("views", path.join(__dirname, "..", "client"));
var config = Helper.config;
2014-09-26 23:26:21 +00:00
var server = null;
2016-07-30 01:20:38 +00:00
if (config.public && (config.ldap || {}).enable) {
log.warn("Server is public and set to use LDAP. Set to private mode if trying to use LDAP authentication.");
2016-07-30 01:20:38 +00:00
}
if (!config.https.enable) {
2014-09-26 23:26:21 +00:00
server = require("http");
server = server.createServer(app);
2014-09-26 23:26:21 +00:00
} else {
const keyPath = Helper.expandHome(config.https.key);
const certPath = Helper.expandHome(config.https.certificate);
2017-04-10 18:49:58 +00:00
const caPath = Helper.expandHome(config.https.ca);
2017-04-13 21:05:28 +00:00
if (!keyPath.length || !fs.existsSync(keyPath)) {
log.error("Path to SSL key is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
if (!certPath.length || !fs.existsSync(certPath)) {
log.error("Path to SSL certificate is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
2017-04-10 18:49:58 +00:00
if (caPath.length && !fs.existsSync(caPath)) {
log.error("Path to SSL ca bundle is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
server = require("spdy");
2014-09-26 23:26:21 +00:00
server = server.createServer({
key: fs.readFileSync(keyPath),
2017-04-10 18:49:58 +00:00
cert: fs.readFileSync(certPath),
ca: caPath ? fs.readFileSync(caPath) : undefined
}, app);
2014-09-26 23:26:21 +00:00
}
server.listen({
port: config.port,
host: config.host,
}, () => {
const protocol = config.https.enable ? "https" : "http";
var address = server.address();
log.info(
"Available at " +
colors.green(`${protocol}://${address.address}:${address.port}/`) +
` in ${colors.bold(config.public ? "public" : "private")} mode`
);
2016-07-30 01:20:38 +00:00
const sockets = io(server, {
serveClient: false,
transports: config.transports
});
sockets.on("connect", (socket) => {
if (config.public) {
performAuthentication.call(socket, {});
} else {
socket.emit("auth", {success: true});
socket.on("auth", performAuthentication);
}
});
manager = new ClientManager();
new Identification((identHandler) => {
manager.init(identHandler, sockets);
});
});
};
2017-06-11 19:33:04 +00:00
function getClientIp(request) {
let ip = request.connection.remoteAddress;
2016-07-31 00:54:09 +00:00
2017-06-11 19:33:04 +00:00
if (Helper.config.reverseProxy) {
const forwarded = (request.headers["x-forwarded-for"] || "").split(/\s*,\s*/).filter(Boolean);
if (forwarded.length && net.isIP(forwarded[0])) {
ip = forwarded[0];
}
2016-04-03 05:12:49 +00:00
}
2016-07-31 00:54:09 +00:00
return ip.replace(/^::ffff:/, "");
2016-04-03 05:12:49 +00:00
}
function allRequests(req, res, next) {
res.setHeader("X-Content-Type-Options", "nosniff");
return next();
}
function index(req, res, next) {
if (req.url.split("?")[0] !== "/") {
return next();
}
var data = _.merge(
pkg,
Helper.config
);
data.gitCommit = Helper.getGitCommit();
data.themes = fs.readdirSync("client/themes/").filter(function(themeFile) {
return themeFile.endsWith(".css");
}).map(function(css) {
const filename = css.slice(0, -4);
return {
name: filename.charAt(0).toUpperCase() + filename.slice(1),
filename: filename
};
});
const policies = [
"default-src *",
"connect-src 'self' ws: wss:",
"style-src * 'unsafe-inline'",
"script-src 'self'",
"child-src 'self'",
"object-src 'none'",
"form-action 'none'",
];
// If prefetch is enabled, but storage is not, we have to allow mixed content
if (Helper.config.prefetchStorage || !Helper.config.prefetch) {
policies.push("img-src 'self'");
policies.unshift("block-all-mixed-content");
}
res.setHeader("Content-Security-Policy", policies.join("; "));
res.setHeader("Referrer-Policy", "no-referrer");
res.render("index", data);
}
2017-08-13 18:37:12 +00:00
function initializeClient(socket, client, generateToken, token) {
socket.emit("authorized");
2016-09-25 06:52:16 +00:00
2017-08-13 18:37:12 +00:00
socket.on("disconnect", function() {
client.clientDetach(socket.id);
});
2017-07-10 19:47:03 +00:00
client.clientAttach(socket.id, token);
2017-08-13 18:37:12 +00:00
socket.on(
"input",
function(data) {
client.input(data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"more",
function(data) {
client.more(data);
}
);
socket.on(
"conn",
function(data) {
// prevent people from overriding webirc settings
data.ip = null;
data.hostname = null;
client.connect(data);
}
);
if (!Helper.config.public && !Helper.config.ldap.enable) {
socket.on(
2017-08-13 18:37:12 +00:00
"change-password",
function(data) {
2017-08-13 18:37:12 +00:00
var old = data.old_password;
var p1 = data.new_password;
var p2 = data.verify_password;
if (typeof p1 === "undefined" || p1 === "") {
socket.emit("change-password", {
error: "Please enter a new password"
});
return;
}
if (p1 !== p2) {
socket.emit("change-password", {
error: "Both new password fields must match"
});
return;
}
2016-05-31 21:28:31 +00:00
2017-08-13 18:37:12 +00:00
Helper.password
.compare(old || "", client.config.password)
.then((matching) => {
if (!matching) {
socket.emit("change-password", {
error: "The current password field does not match your account password"
});
return;
}
const hash = Helper.password.hash(p1);
2016-05-31 21:28:31 +00:00
2017-08-13 18:37:12 +00:00
client.setPassword(hash, (success) => {
const obj = {};
2016-05-31 21:28:31 +00:00
2017-08-13 18:37:12 +00:00
if (success) {
obj.success = "Successfully updated your password";
} else {
obj.error = "Failed to update your password";
}
2016-05-31 21:28:31 +00:00
2017-08-13 18:37:12 +00:00
socket.emit("change-password", obj);
});
2017-08-13 18:37:12 +00:00
}).catch((error) => {
log.error(`Error while checking users password. Error: ${error}`);
});
2014-09-24 19:42:36 +00:00
}
);
2017-08-13 18:37:12 +00:00
}
2017-08-13 18:37:12 +00:00
socket.on(
"open",
function(data) {
client.open(socket.id, data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"sort",
function(data) {
client.sort(data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"names",
function(data) {
client.names(data);
}
);
socket.on("msg:preview:toggle", function(data) {
const networkAndChan = client.find(data.target);
if (!networkAndChan) {
return;
}
const message = networkAndChan.chan.findMessage(data.msgId);
if (!message) {
return;
}
const preview = message.findPreview(data.link);
if (preview) {
preview.shown = data.shown;
}
});
2017-07-10 19:47:03 +00:00
socket.on("push:register", (subscription) => {
if (!client.isRegistered() || !client.config.sessions[token]) {
return;
}
const registration = client.registerPushSubscription(client.config.sessions[token], subscription);
if (registration) {
client.manager.webPush.pushSingle(client, registration, {
type: "notification",
timestamp: Date.now(),
title: "The Lounge",
body: "🚀 Push notifications have been enabled"
});
}
});
socket.on("push:unregister", () => {
if (!client.isRegistered()) {
return;
}
client.unregisterPushSubscription(token);
});
2017-08-13 18:37:12 +00:00
socket.on("sign-out", () => {
delete client.config.sessions[token];
2017-08-13 18:37:12 +00:00
client.manager.updateUser(client.name, {
sessions: client.config.sessions
}, (err) => {
if (err) {
log.error("Failed to update sessions for", client.name, err);
}
});
2017-08-13 18:37:12 +00:00
socket.emit("sign-out");
});
socket.join(client.id);
const sendInitEvent = (tokenToSend) => {
socket.emit("init", {
2017-07-10 19:47:03 +00:00
applicationServerKey: manager.webPush.vapidKeys.publicKey,
pushSubscription: client.config.sessions[token],
active: client.lastActiveChannel,
2014-09-15 21:13:03 +00:00
networks: client.networks,
2017-08-13 18:37:12 +00:00
token: tokenToSend
});
2017-08-13 18:37:12 +00:00
};
2017-08-13 18:37:12 +00:00
if (generateToken) {
client.generateToken((newToken) => {
token = newToken;
2016-04-03 05:12:49 +00:00
2017-08-13 18:37:12 +00:00
client.updateSession(token, getClientIp(socket.request), socket.request);
2016-04-03 05:12:49 +00:00
client.manager.updateUser(client.name, {
sessions: client.config.sessions
}, (err) => {
if (err) {
log.error("Failed to update sessions for", client.name, err);
}
});
2017-08-13 18:37:12 +00:00
sendInitEvent(token);
});
2017-08-13 18:37:12 +00:00
} else {
sendInitEvent(null);
}
2016-04-03 05:12:49 +00:00
}
2017-08-13 18:37:12 +00:00
function performAuthentication(data) {
const socket = this;
let client;
2017-08-13 18:37:12 +00:00
const finalInit = () => initializeClient(socket, client, !!data.remember, data.token || null);
const initClient = () => {
2017-08-13 18:37:12 +00:00
client.ip = getClientIp(socket.request);
// If webirc is enabled perform reverse dns lookup
if (Helper.config.webirc === null) {
return finalInit();
}
2017-08-13 18:37:12 +00:00
reverseDnsLookup(client.ip, (hostname) => {
client.hostname = hostname;
finalInit();
});
};
if (Helper.config.public) {
2016-07-30 01:20:38 +00:00
client = new Client(manager);
manager.clients.push(client);
socket.on("disconnect", function() {
manager.clients = _.without(manager.clients, client);
client.quit();
});
initClient();
return;
}
const authCallback = (success) => {
// Authorization failed
if (!success) {
socket.emit("auth", {success: false});
return;
2016-04-03 05:12:49 +00:00
}
2016-07-30 01:20:38 +00:00
// If authorization succeeded but there is no loaded user,
// load it and find the user again (this happens with LDAP)
if (!client) {
manager.loadUser(data.user);
client = manager.findClient(data.user);
2016-07-30 01:20:38 +00:00
}
initClient();
};
2016-07-30 01:20:38 +00:00
client = manager.findClient(data.user);
// We have found an existing user and client has provided a token
if (client && data.token && typeof client.config.sessions[data.token] !== "undefined") {
client.updateSession(data.token, getClientIp(socket.request), socket.request);
authCallback(true);
return;
}
// Perform password checking
2017-08-30 09:49:21 +00:00
let auth;
2017-08-29 17:11:06 +00:00
if (ldapAuth.isEnabled()) {
auth = ldapAuth.auth;
} else if (localAuth.isEnabled()) {
auth = localAuth.auth;
}
auth(manager, client, data.user, data.password, authCallback);
}
2017-08-13 18:37:12 +00:00
function reverseDnsLookup(ip, callback) {
dns.reverse(ip, (err, hostnames) => {
if (!err && hostnames.length) {
return callback(hostnames[0]);
}
callback(ip);
});
}