thelounge/src/server.js

615 lines
15 KiB
JavaScript
Raw Normal View History

"use strict";
var _ = require("lodash");
var pkg = require("../package.json");
var Client = require("./client");
var ClientManager = require("./clientManager");
2014-09-26 22:12:53 +00:00
var express = require("express");
var fs = require("fs");
var path = require("path");
var io = require("socket.io");
2016-04-03 05:12:49 +00:00
var dns = require("dns");
var Helper = require("./helper");
2016-11-18 17:25:23 +00:00
var colors = require("colors/safe");
2017-06-11 19:33:04 +00:00
const net = require("net");
const Identification = require("./identification");
const changelog = require("./plugins/changelog");
2018-01-05 17:40:34 +00:00
const themes = require("./plugins/packages/themes");
themes.loadLocalThemes();
const packages = require("./plugins/packages/index");
packages.loadPackages();
// The order defined the priority: the first available plugin is used
// ALways keep local auth in the end, which should always be enabled.
const authPlugins = [
require("./plugins/auth/ldap"),
require("./plugins/auth/local"),
];
// A random number that will force clients to reload the page if it differs
const serverHash = Math.floor(Date.now() * Math.random());
2016-04-26 20:41:08 +00:00
var manager = null;
module.exports = function() {
log.info(`The Lounge ${colors.green(Helper.getVersion())} \
(Node.js ${colors.green(process.versions.node)} on ${colors.green(process.platform)} ${process.arch})`);
log.info(`Configuration file: ${colors.green(Helper.getConfigPath())}`);
2014-09-26 22:12:53 +00:00
var app = express()
.disable("x-powered-by")
.use(allRequests)
.use(index)
2017-10-03 10:52:31 +00:00
.use(express.static("public"))
.use("/storage/", express.static(Helper.getStoragePath(), {
redirect: false,
maxAge: 86400 * 1000,
}));
// This route serves *installed themes only*. Local themes are served directly
// from the `public/themes/` folder as static assets, without entering this
// handler. Remember this is you make changes to this function, serving of
// local themes will not get those changes.
2017-06-22 21:09:55 +00:00
app.get("/themes/:theme.css", (req, res) => {
const themeName = req.params.theme;
const theme = themes.getFilename(themeName);
if (theme === undefined) {
return res.status(404).send("Not found");
}
return res.sendFile(theme);
});
2018-01-05 17:40:34 +00:00
app.get("/packages/:package/:filename", (req, res) => {
const packageName = req.params.package;
const fileName = req.params.filename;
const packageFile = packages.getPackage(packageName);
if (!packageFile || !packages.getStylesheets().includes(`${packageName}/${fileName}`)) {
return res.status(404).send("Not found");
}
const packagePath = Helper.getPackageModulePath(packageName);
return res.sendFile(path.join(packagePath, fileName));
});
var config = Helper.config;
2014-09-26 23:26:21 +00:00
var server = null;
2016-07-30 01:20:38 +00:00
if (config.public && (config.ldap || {}).enable) {
log.warn("Server is public and set to use LDAP. Set to private mode if trying to use LDAP authentication.");
2016-07-30 01:20:38 +00:00
}
if (!config.https.enable) {
2014-09-26 23:26:21 +00:00
server = require("http");
server = server.createServer(app);
2014-09-26 23:26:21 +00:00
} else {
const keyPath = Helper.expandHome(config.https.key);
const certPath = Helper.expandHome(config.https.certificate);
2017-04-10 18:49:58 +00:00
const caPath = Helper.expandHome(config.https.ca);
2017-04-13 21:05:28 +00:00
if (!keyPath.length || !fs.existsSync(keyPath)) {
log.error("Path to SSL key is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
if (!certPath.length || !fs.existsSync(certPath)) {
log.error("Path to SSL certificate is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
2017-04-10 18:49:58 +00:00
if (caPath.length && !fs.existsSync(caPath)) {
log.error("Path to SSL ca bundle is invalid. Stopping server...");
process.exit();
}
2017-04-13 21:05:28 +00:00
server = require("spdy");
2014-09-26 23:26:21 +00:00
server = server.createServer({
key: fs.readFileSync(keyPath),
2017-04-10 18:49:58 +00:00
cert: fs.readFileSync(certPath),
ca: caPath ? fs.readFileSync(caPath) : undefined,
}, app);
2014-09-26 23:26:21 +00:00
}
let listenParams;
if (typeof config.host === "string" && config.host.startsWith("unix:")) {
listenParams = config.host.replace(/^unix:/, "");
} else {
listenParams = {
port: config.port,
host: config.host,
};
}
2017-09-03 12:13:56 +00:00
server.on("error", (err) => log.error(`${err}`));
server.listen(listenParams, () => {
if (typeof listenParams === "string") {
log.info("Available on socket " + colors.green(listenParams));
} else {
const protocol = config.https.enable ? "https" : "http";
const address = server.address();
log.info(
"Available at " +
colors.green(`${protocol}://${address.address}:${address.port}/`) +
` in ${colors.bold(config.public ? "public" : "private")} mode`
);
}
const sockets = io(server, {
serveClient: false,
transports: config.transports,
});
sockets.on("connect", (socket) => {
if (config.public) {
performAuthentication.call(socket, {});
} else {
socket.emit("auth", {
serverHash: serverHash,
success: true,
});
socket.on("auth", performAuthentication);
}
});
manager = new ClientManager();
new Identification((identHandler) => {
manager.init(identHandler, sockets);
});
2017-08-30 17:26:45 +00:00
// Handle ctrl+c and kill gracefully
let suicideTimeout = null;
const exitGracefully = function() {
if (suicideTimeout !== null) {
return;
}
if (Helper.config.prefetchStorage) {
log.info("Clearing prefetch storage folder, this might take a while...");
require("./plugins/storage").emptyDir();
}
2017-08-30 17:26:45 +00:00
// Forcefully exit after 3 seconds
suicideTimeout = setTimeout(() => process.exit(1), 3000);
log.info("Exiting...");
// Close all client and IRC connections
manager.clients.forEach((client) => client.quit());
// Close http server
server.close(() => {
clearTimeout(suicideTimeout);
process.exit(0);
});
};
process.on("SIGINT", exitGracefully);
process.on("SIGTERM", exitGracefully);
// Clear storage folder after server starts successfully
if (Helper.config.prefetchStorage) {
require("./plugins/storage").emptyDir();
}
});
2017-10-06 09:53:08 +00:00
return server;
};
2017-10-12 07:57:25 +00:00
function getClientIp(socket) {
let ip = socket.handshake.address;
2016-07-31 00:54:09 +00:00
2017-06-11 19:33:04 +00:00
if (Helper.config.reverseProxy) {
2017-10-12 07:57:25 +00:00
const forwarded = (socket.request.headers["x-forwarded-for"] || "").split(/\s*,\s*/).filter(Boolean);
2017-06-11 19:33:04 +00:00
if (forwarded.length && net.isIP(forwarded[0])) {
ip = forwarded[0];
}
2016-04-03 05:12:49 +00:00
}
2016-07-31 00:54:09 +00:00
return ip.replace(/^::ffff:/, "");
2016-04-03 05:12:49 +00:00
}
function allRequests(req, res, next) {
res.setHeader("X-Content-Type-Options", "nosniff");
return next();
}
function index(req, res, next) {
if (req.url.split("?")[0] !== "/") {
return next();
}
const policies = [
"default-src 'none'", // default to nothing
"form-action 'none'", // no default-src fallback
"connect-src 'self' ws: wss:", // allow self for polling; websockets
"style-src 'self' 'unsafe-inline'", // allow inline due to use in irc hex colors
"script-src 'self'", // javascript
"worker-src 'self'", // service worker
"child-src 'self'", // deprecated fall back for workers, Firefox <58, see #1902
"manifest-src 'self'", // manifest.json
"font-src 'self' https:", // allow loading fonts from secure sites (e.g. google fonts)
"media-src 'self' https:", // self for notification sound; allow https media (audio previews)
];
// If prefetch is enabled, but storage is not, we have to allow mixed content
// - https://user-images.githubusercontent.com is where we currently push our changelog screenshots
// - data: is required for the HTML5 video player
if (Helper.config.prefetchStorage || !Helper.config.prefetch) {
policies.push("img-src 'self' data: https://user-images.githubusercontent.com");
policies.unshift("block-all-mixed-content");
} else {
policies.push("img-src http: https: data:");
}
res.setHeader("Content-Type", "text/html");
res.setHeader("Content-Security-Policy", policies.join("; "));
res.setHeader("Referrer-Policy", "no-referrer");
return fs.readFile(path.join(__dirname, "..", "public", "index.html"), "utf-8", (err, file) => {
if (err) {
throw err;
}
2018-01-05 17:40:34 +00:00
res.send(_.template(file)(getServerConfiguration()));
});
}
function initializeClient(socket, client, token, lastMessage) {
2017-08-13 18:37:12 +00:00
socket.emit("authorized");
2016-09-25 06:52:16 +00:00
client.clientAttach(socket.id, token);
2017-08-13 18:37:12 +00:00
socket.on("disconnect", function() {
client.clientDetach(socket.id);
});
2017-08-13 18:37:12 +00:00
socket.on(
"input",
function(data) {
client.input(data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"more",
function(data) {
const history = client.more(data);
if (history !== null) {
socket.emit("more", history);
}
2017-08-13 18:37:12 +00:00
}
);
socket.on(
"conn",
function(data) {
// prevent people from overriding webirc settings
data.ip = null;
data.hostname = null;
client.connect(data);
}
);
if (!Helper.config.public && !Helper.config.ldap.enable) {
socket.on(
2017-08-13 18:37:12 +00:00
"change-password",
function(data) {
2017-08-13 18:37:12 +00:00
var old = data.old_password;
var p1 = data.new_password;
var p2 = data.verify_password;
if (typeof p1 === "undefined" || p1 === "") {
socket.emit("change-password", {
error: "Please enter a new password",
2017-08-13 18:37:12 +00:00
});
return;
}
if (p1 !== p2) {
socket.emit("change-password", {
error: "Both new password fields must match",
2017-08-13 18:37:12 +00:00
});
return;
}
2016-05-31 21:28:31 +00:00
2017-08-13 18:37:12 +00:00
Helper.password
.compare(old || "", client.config.password)
.then((matching) => {
if (!matching) {
socket.emit("change-password", {
error: "The current password field does not match your account password",
2017-08-13 18:37:12 +00:00
});
return;
}
const hash = Helper.password.hash(p1);
2017-08-13 18:37:12 +00:00
client.setPassword(hash, (success) => {
const obj = {};
2017-08-13 18:37:12 +00:00
if (success) {
obj.success = "Successfully updated your password";
} else {
obj.error = "Failed to update your password";
}
2017-08-13 18:37:12 +00:00
socket.emit("change-password", obj);
});
2017-08-13 18:37:12 +00:00
}).catch((error) => {
log.error(`Error while checking users password. Error: ${error}`);
});
}
);
2017-08-13 18:37:12 +00:00
}
2017-08-13 18:37:12 +00:00
socket.on(
"open",
function(data) {
client.open(socket.id, data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"sort",
function(data) {
client.sort(data);
}
);
2017-08-13 18:37:12 +00:00
socket.on(
"names",
function(data) {
client.names(data);
}
);
Improve UI of the About section and changelog viewer - Keep consistent width between the Help page and Changelog (which is already different from other windows 😠) - Add icons to the About links - Make sure `li` elements (i.e. all the lists in changelogs) are consistent in size with rest of the client - Display version and release notes link on the "About The Lounge" header line, smaller, pushed to the right - Check new releases when opening the Help window in order to display it without having to open the release notes. Release notes are being fed to the Changelog page at that moment to avoid fetching twice. - Re-check version/fetch release notes after 24h. Since The Lounge can now run 24/7, reconnect when losing the network, we have to assume an "always-on" usage. - Change icon, animate background color when getting response from GitHub to avoid flashing. - Combine click handlers with our wonderful window management. These were the same handler, even with similar checks (`target` exists, etc.), just in 2 different places. This is necessary for the next item. - Combine "Open release notes" and "Go back to Help" button behaviors with window management handlers. The window management code is gross as ever, and is in desperate need of a refactor, but at least there is no duplicated code for the same behavior + history management. This fixes the "Next" history behavior (however reloading the app while viewing the notes does not load on the notes, but this is a bug for a different PR!). - Added a rule in the history management thingy: if a link we want to add history handling to has an `id`, store that in the state - Added a button to go back to the Help window - Fixed links to releases - Send user to the GitHub issues *list* instead of *new issue form* because if they do not have a GitHub account, they will be redirected to the login page, which is a rather unpleasant experience when you are already confused... - Fixed a bug that would return data about a new release in `latest` even though it is already the `current`. It was showing the current version as "The Lounge v... is now available". - Added https://user-images.githubusercontent.com to the CSP rule when prefetch storage is enabled, because that is where we have stored screenshots in the changelog so far. Meh (we can improve that later if we decide to have a dedicated place for screenshots). - Fetch changelog info even in public mode because users in public mode can access the release notes. They do not see the result of the version checker however.
2017-12-23 03:40:41 +00:00
socket.on("changelog", function() {
changelog.fetch((data) => {
socket.emit("changelog", data);
});
Improve UI of the About section and changelog viewer - Keep consistent width between the Help page and Changelog (which is already different from other windows 😠) - Add icons to the About links - Make sure `li` elements (i.e. all the lists in changelogs) are consistent in size with rest of the client - Display version and release notes link on the "About The Lounge" header line, smaller, pushed to the right - Check new releases when opening the Help window in order to display it without having to open the release notes. Release notes are being fed to the Changelog page at that moment to avoid fetching twice. - Re-check version/fetch release notes after 24h. Since The Lounge can now run 24/7, reconnect when losing the network, we have to assume an "always-on" usage. - Change icon, animate background color when getting response from GitHub to avoid flashing. - Combine click handlers with our wonderful window management. These were the same handler, even with similar checks (`target` exists, etc.), just in 2 different places. This is necessary for the next item. - Combine "Open release notes" and "Go back to Help" button behaviors with window management handlers. The window management code is gross as ever, and is in desperate need of a refactor, but at least there is no duplicated code for the same behavior + history management. This fixes the "Next" history behavior (however reloading the app while viewing the notes does not load on the notes, but this is a bug for a different PR!). - Added a rule in the history management thingy: if a link we want to add history handling to has an `id`, store that in the state - Added a button to go back to the Help window - Fixed links to releases - Send user to the GitHub issues *list* instead of *new issue form* because if they do not have a GitHub account, they will be redirected to the login page, which is a rather unpleasant experience when you are already confused... - Fixed a bug that would return data about a new release in `latest` even though it is already the `current`. It was showing the current version as "The Lounge v... is now available". - Added https://user-images.githubusercontent.com to the CSP rule when prefetch storage is enabled, because that is where we have stored screenshots in the changelog so far. Meh (we can improve that later if we decide to have a dedicated place for screenshots). - Fetch changelog info even in public mode because users in public mode can access the release notes. They do not see the result of the version checker however.
2017-12-23 03:40:41 +00:00
});
2017-08-13 18:37:12 +00:00
socket.on("msg:preview:toggle", function(data) {
const networkAndChan = client.find(data.target);
if (!networkAndChan) {
return;
}
const message = networkAndChan.chan.findMessage(data.msgId);
if (!message) {
return;
}
const preview = message.findPreview(data.link);
if (preview) {
preview.shown = data.shown;
}
});
2017-07-10 19:47:03 +00:00
socket.on("push:register", (subscription) => {
if (!client.isRegistered() || !client.config.sessions.hasOwnProperty(token)) {
2017-07-10 19:47:03 +00:00
return;
}
const registration = client.registerPushSubscription(client.config.sessions[token], subscription);
if (registration) {
client.manager.webPush.pushSingle(client, registration, {
type: "notification",
timestamp: Date.now(),
title: "The Lounge",
body: "🚀 Push notifications have been enabled",
2017-07-10 19:47:03 +00:00
});
}
});
socket.on("push:unregister", () => {
if (!client.isRegistered()) {
return;
}
client.unregisterPushSubscription(token);
});
2017-08-15 09:44:29 +00:00
const sendSessionList = () => {
const sessions = _.map(client.config.sessions, (session, sessionToken) => ({
current: sessionToken === token,
active: _.find(client.attachedClients, (u) => u.token === sessionToken) !== undefined,
lastUse: session.lastUse,
ip: session.ip,
agent: session.agent,
token: sessionToken, // TODO: Ideally don't expose actual tokens to the client
}));
socket.emit("sessions:list", sessions);
};
socket.on("sessions:get", sendSessionList);
socket.on("sign-out", (tokenToSignOut) => {
// If no token provided, sign same client out
if (!tokenToSignOut) {
tokenToSignOut = token;
}
if (!client.config.sessions.hasOwnProperty(tokenToSignOut)) {
2017-08-15 09:44:29 +00:00
return;
}
delete client.config.sessions[tokenToSignOut];
2017-08-13 18:37:12 +00:00
client.manager.updateUser(client.name, {
sessions: client.config.sessions,
});
2017-08-15 09:44:29 +00:00
_.map(client.attachedClients, (attachedClient, socketId) => {
if (attachedClient.token !== tokenToSignOut) {
return;
}
const socketToRemove = manager.sockets.of("/").connected[socketId];
socketToRemove.emit("sign-out");
socketToRemove.disconnect();
});
// Do not send updated session list if user simply logs out
if (tokenToSignOut !== token) {
sendSessionList();
}
2017-08-13 18:37:12 +00:00
});
socket.join(client.id);
const sendInitEvent = (tokenToSend) => {
socket.emit("init", {
2017-07-10 19:47:03 +00:00
applicationServerKey: manager.webPush.vapidKeys.publicKey,
pushSubscription: client.config.sessions[token],
2017-08-13 18:37:12 +00:00
active: client.lastActiveChannel,
networks: client.networks.map((network) => network.getFilteredClone(client.lastActiveChannel, lastMessage)),
token: tokenToSend,
2017-08-13 18:37:12 +00:00
});
};
if (!Helper.config.public && token === null) {
2017-08-13 18:37:12 +00:00
client.generateToken((newToken) => {
client.attachedClients[socket.id].token = token = client.calculateTokenHash(newToken);
2017-08-13 18:37:12 +00:00
2017-10-12 07:57:25 +00:00
client.updateSession(token, getClientIp(socket), socket.request);
sendInitEvent(newToken);
});
2017-08-13 18:37:12 +00:00
} else {
sendInitEvent(null);
}
}
function getClientConfiguration() {
const config = _.pick(Helper.config, [
"public",
"lockNetwork",
"displayNetwork",
"useHexIp",
"themes",
"prefetch",
]);
config.ldapEnabled = Helper.config.ldap.enable;
2017-11-12 18:00:34 +00:00
config.version = pkg.version;
2017-11-07 20:22:16 +00:00
config.gitCommit = Helper.getGitCommit();
config.themes = themes.getAll();
if (config.displayNetwork) {
config.defaults = Helper.config.defaults;
}
return config;
}
2018-01-05 17:40:34 +00:00
function getServerConfiguration() {
const config = _.clone(Helper.config);
config.stylesheets = packages.getStylesheets();
return config;
}
2017-08-13 18:37:12 +00:00
function performAuthentication(data) {
const socket = this;
let client;
let token = null;
const finalInit = () => initializeClient(socket, client, token, data.lastMessage || -1);
2017-08-13 18:37:12 +00:00
const initClient = () => {
socket.emit("configuration", getClientConfiguration());
2017-10-12 07:57:25 +00:00
client.ip = getClientIp(socket);
2017-08-13 18:37:12 +00:00
// If webirc is enabled perform reverse dns lookup
if (Helper.config.webirc === null) {
return finalInit();
}
2017-08-13 18:37:12 +00:00
reverseDnsLookup(client.ip, (hostname) => {
client.hostname = hostname;
finalInit();
});
};
if (Helper.config.public) {
2016-07-30 01:20:38 +00:00
client = new Client(manager);
manager.clients.push(client);
socket.on("disconnect", function() {
manager.clients = _.without(manager.clients, client);
client.quit();
});
initClient();
return;
}
const authCallback = (success) => {
// Authorization failed
if (!success) {
socket.emit("auth", {success: false});
return;
2016-04-03 05:12:49 +00:00
}
2016-07-30 01:20:38 +00:00
// If authorization succeeded but there is no loaded user,
// load it and find the user again (this happens with LDAP)
if (!client) {
2017-10-15 16:05:19 +00:00
client = manager.loadUser(data.user);
2016-07-30 01:20:38 +00:00
}
initClient();
};
2016-07-30 01:20:38 +00:00
client = manager.findClient(data.user);
// We have found an existing user and client has provided a token
if (client && data.token) {
const providedToken = client.calculateTokenHash(data.token);
if (client.config.sessions.hasOwnProperty(providedToken)) {
token = providedToken;
client.updateSession(providedToken, getClientIp(socket), socket.request);
return authCallback(true);
}
}
// Perform password checking
let auth = () => {
log.error("None of the auth plugins is enabled");
};
for (let i = 0; i < authPlugins.length; ++i) {
if (authPlugins[i].isEnabled()) {
auth = authPlugins[i].auth;
break;
}
}
auth(manager, client, data.user, data.password, authCallback);
}
2017-08-13 18:37:12 +00:00
function reverseDnsLookup(ip, callback) {
dns.reverse(ip, (err, hostnames) => {
if (!err && hostnames.length) {
return callback(hostnames[0]);
}
callback(ip);
});
}