jschan/server.js

'use strict';

process
	.on('uncaughtException', console.error)
	.on('unhandledRejection', console.error);

const express = require('express')
	, path = require('path')
	, app = express()
	, server = require('http').createServer(app)
	, cookieParser = require('cookie-parser')
	, { cacheTemplates, boardDefaults, globalLimits, captchaOptions,
		enableUserBoardCreation, enableUserAccountCreation, cookieSecret,
		debugLogs, ipHashPermLevel, meta, port, enableWebring } = require(__dirname+'/configs/main.js')
	, referrerCheck = require(__dirname+'/helpers/referrercheck.js')
	, { themes, codeThemes } = require(__dirname+'/helpers/themes.js')
	, Mongo = require(__dirname+'/db/db.js')
	, Socketio = require(__dirname+'/socketio.js')
	, commit = require(__dirname+'/helpers/commit.js')
	, dynamicResponse = require(__dirname+'/helpers/dynamic.js')
	, formatSize = require(__dirname+'/helpers/files/formatsize.js')
	, CachePugTemplates = require('cache-pug-templates');

(async () => {

	const env = process.env.NODE_ENV;
	const production = env === 'production';
	debugLogs && console.log('STARTING IN MODE:', env);

	// connect to mongodb
	debugLogs && console.log('CONNECTING TO MONGODB');
	await Mongo.connect();
	await Mongo.checkVersion();

	// connect to redis
	debugLogs && console.log('CONNECTING TO REDIS');
	const { redisClient } = require(__dirname+'/redis.js');

	// disable useless express header
	app.disable('x-powered-by');
	// parse forms
	app.use(express.urlencoded({extended: false}));
	// parse cookies
	app.use(cookieParser(cookieSecret));

	// session store
	const sessionMiddleware = require(__dirname+'/helpers/usesession.js');

	// connect socketio
	debugLogs && console.log('STARTING WEBSOCKET');
	Socketio.connect(server, sessionMiddleware);

	//trust proxy for nginx
	app.set('trust proxy', 1);

	//self explanatory middlewares
	app.use(referrerCheck);

	// use pug view engine
	const views = path.join(__dirname, 'views/pages');
	app.set('view engine', 'pug');
	app.set('views', views);
	//cache loaded templates
	if (cacheTemplates === true) {
		app.enable('view cache');
	}

	//default settings
	app.locals.enableUserAccountCreation = enableUserAccountCreation;
	app.locals.enableUserBoardCreation = enableUserBoardCreation;
	app.locals.defaultTheme = boardDefaults.theme;
	app.locals.defaultCodeTheme = boardDefaults.codeTheme;
	app.locals.globalLimits = globalLimits;
	app.locals.ipHashPermLevel = ipHashPermLevel;
	app.locals.enableWebring = enableWebring;
	app.locals.commit = commit;
	app.locals.meta = meta;
	app.locals.captchaType = captchaOptions.type;
	app.locals.postFilesSize = formatSize(globalLimits.postFilesSize.max);
	switch (captchaOptions.type) {
		case 'google':
			app.locals.googleRecaptchaSiteKey = captchaOptions.google.siteKey;
			break;
		case 'grid':
			app.locals.captchaGridSize = captchaOptions.grid.size;
			break;
		default:
			break;
	}

	// routes
	if (!production) {
		app.use(express.static(__dirname+'/static', { redirect: false }));
		app.use(express.static(__dirname+'/static/html', { redirect: false }));
		app.use(express.static(__dirname+'/static/json', { redirect: false }));
	}

	app.use('/forms', require(__dirname+'/controllers/forms.js'));
	app.use('/', require(__dirname+'/controllers/pages.js'));

	//404 catchall
	app.get('*', (req, res) => {
		res.status(404).render('404');
	})

	// catch any unhandled errors
	app.use((err, req, res, next) => {
		if (err.code === 'EBADCSRFTOKEN') {
			return dynamicResponse(req, res, 403, 'message', {
				'title': 'Forbidden',
				'message': 'Invalid CSRF token'
  			});
		}
		console.error(err);
		return dynamicResponse(req, res, 500, 'message', {
			'title': 'Internal Server Error',
			'error': 'Internal Server Error', //what to put here?
			'redirect': req.headers.referer || '/'
		});
	})

	//listen
	server.listen(port, '127.0.0.1', () => {
		new CachePugTemplates({ app, views }).start();
		debugLogs && console.log(`LISTENING ON :${port}`);
		//let PM2 know that this is ready for graceful reloads and to serialise startup
		if (typeof process.send === 'function') {
			//make sure we are a child process of PM2 i.e. not in dev
			debugLogs && console.log('SENT READY SIGNAL TO PM2');
			process.send('ready');
		}
	});

	const gracefulStop = () => {
		debugLogs && console.log('SIGINT SIGNAL RECEIVED');
		// Stops the server from accepting new connections and finishes existing connections.
		Socketio.io.close((err) => {
			// if error, log and exit with error (1 code)
			debugLogs && console.log('CLOSING SERVER');
			if (err) {
				console.error(err);
				process.exit(1);
			}
			// close database connection
			debugLogs && console.log('DISCONNECTING MONGODB');
			Mongo.client.close();
			//close redis connection
			debugLogs && console.log('DISCONNECTING REDIS')
			redisClient.quit();
			// now close without error
			process.exit(0);
		});
	};

	//graceful stop
	process.on('SIGINT', gracefulStop);
	process.on('message', (message) => {
		if (message === 'shutdown') {
			gracefulStop();
		}
	});

})();
First commit 5 years ago			`'use strict';`

improved configuration options -- settings for opengraph url/sitename and render template cache 5 years ago			`process`
			`.on('uncaughtException', console.error)`
			`.on('unhandledRejection', console.error);`
First commit 5 years ago
backlinking refactor, remove helmet from server since its basically useless 5 years ago			`const express = require('express')`
			`, path = require('path')`
			`, app = express()`
socket.io to make posting _actually_ live instead of polling the api. way mroe efficient 5 years ago			`, server = require('http').createServer(app)`
First commit 5 years ago			`, cookieParser = require('cookie-parser')`
references #209 , add optional google recaptcha. implementation could use some polish, but it will work for now. 4 years ago			`, { cacheTemplates, boardDefaults, globalLimits, captchaOptions,`
Merge optional google captcha, integrate into captcha check refactor, will allow for more captcha provider in future More tor fixes and changes, and add some basic nginx config for tor 4 years ago			`enableUserBoardCreation, enableUserAccountCreation, cookieSecret,`
Dont show webring link in navbar if disabled reference #145 4 years ago			`debugLogs, ipHashPermLevel, meta, port, enableWebring } = require(__dirname+'/configs/main.js')`
refactor some middlewares to move them out of main server file 5 years ago			`, referrerCheck = require(__dirname+'/helpers/referrercheck.js')`
remove themes from footer, prep for settings UI, add code theme to board settings 5 years ago			`, { themes, codeThemes } = require(__dirname+'/helpers/themes.js')`
pug-cache-templates actually helps 5 years ago			`, Mongo = require(__dirname+'/db/db.js')`
socket.io to make posting _actually_ live instead of polling the api. way mroe efficient 5 years ago			`, Socketio = require(__dirname+'/socketio.js')`
add short commit hash as v?= query of important scripts and css for updates, to cache bust on updates for public site 4 years ago			`, commit = require(__dirname+'/helpers/commit.js')`
improve how errors shown when making a post, use modals and fix ban seen marking 5 years ago			`, dynamicResponse = require(__dirname+'/helpers/dynamic.js')`
add formatsize helper to server 4 years ago			`, formatSize = require(__dirname+'/helpers/files/formatsize.js')`
pug-cache-templates actually helps 5 years ago			`, CachePugTemplates = require('cache-pug-templates');`
First commit 5 years ago
			`(async () => {`

some changes to make it at least _possible_ to run in dev without https 5 years ago			`const env = process.env.NODE_ENV;`
			`const production = env === 'production';`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('STARTING IN MODE:', env);`
disable useless x-powered header, and log node env on startup 5 years ago
no more lmx. since we have redis, use it for redlock and connect-redis for sessions instead of mongo 5 years ago			`// connect to mongodb`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('CONNECTING TO MONGODB');`
First commit 5 years ago			`await Mongo.connect();`
Exit if migrateVersion outdated close #163 4 years ago			`await Mongo.checkVersion();`
switch redis lib to have a separate client, so that i can use it for k:v cache later 5 years ago
no more lmx. since we have redis, use it for redlock and connect-redis for sessions instead of mongo 5 years ago			`// connect to redis`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('CONNECTING TO REDIS');`
switch redis lib to have a separate client, so that i can use it for k:v cache later 5 years ago			`const { redisClient } = require(__dirname+'/redis.js');`
First commit 5 years ago
disable useless x-powered header, and log node env on startup 5 years ago			`// disable useless express header`
			`app.disable('x-powered-by');`
fix exploit; no longer use extended body parser mode and remove unneeded array prefix from array body fields, since we use different lib to parse body now. also upgrade express and dont allow body for modlog actions to be entered into modlog, replace with non user controlled text 5 years ago			`// parse forms`
urlencoded extended mode should be false 4 years ago			`app.use(express.urlencoded({extended: false}));`
no more lmx. since we have redis, use it for redlock and connect-redis for sessions instead of mongo 5 years ago			`// parse cookies`
Beta testing .onion support *DO NOT USE* This still has some issues and needs testing. - needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost - need to make sure bans work properly still - need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now - im 99% sure post history of tor users is broken if viewed by non-global staff - manual input ban form will also be broken for non-global staff - could still use some improvement on the middleware having a little more complicated flor for tor users But for the most part it works. Basically it will use the bypass id of a tor user as their "ip". 4 years ago			`app.use(cookieParser(cookieSecret));`
backlinking refactor, remove helmet from server since its basically useless 5 years ago
First commit 5 years ago			`// session store`
do not read session when not needed 4 years ago			`const sessionMiddleware = require(__dirname+'/helpers/usesession.js');`
Get session in websocket 4 years ago
			`// connect socketio`
			`debugLogs && console.log('STARTING WEBSOCKET');`
			`Socketio.connect(server, sessionMiddleware);`
First commit 5 years ago
backlinking refactor, remove helmet from server since its basically useless 5 years ago			`//trust proxy for nginx`
			`app.set('trust proxy', 1);`
First commit 5 years ago
refactor some middlewares to move them out of main server file 5 years ago			`//self explanatory middlewares`
			`app.use(referrerCheck);`
referrer header POST check/rejection 5 years ago
First commit 5 years ago			`// use pug view engine`
pug-cache-templates actually helps 5 years ago			`const views = path.join(__dirname, 'views/pages');`
First commit 5 years ago			`app.set('view engine', 'pug');`
pug-cache-templates actually helps 5 years ago			`app.set('views', views);`
implementing global limits for board settings and configurable defaults for board creation 5 years ago			`//cache loaded templates`
logs optional, add a config for it 4 years ago			`if (cacheTemplates === true) {`
improved configuration options -- settings for opengraph url/sitename and render template cache 5 years ago			`app.enable('view cache');`
			`}`
First commit 5 years ago
implementing global limits for board settings and configurable defaults for board creation 5 years ago			`//default settings`
fixes #137, not even a regression. i dont think that ever worked 4 years ago			`app.locals.enableUserAccountCreation = enableUserAccountCreation;`
			`app.locals.enableUserBoardCreation = enableUserBoardCreation;`
logs optional, add a config for it 4 years ago			`app.locals.defaultTheme = boardDefaults.theme;`
			`app.locals.defaultCodeTheme = boardDefaults.codeTheme;`
			`app.locals.globalLimits = globalLimits;`
early ver of per-board recents and changed iphash code 4 years ago			`app.locals.ipHashPermLevel = ipHashPermLevel;`
Dont show webring link in navbar if disabled reference #145 4 years ago			`app.locals.enableWebring = enableWebring;`
add short commit hash as v?= query of important scripts and css for updates, to cache bust on updates for public site 4 years ago			`app.locals.commit = commit;`
logs optional, add a config for it 4 years ago			`app.locals.meta = meta;`
Make a bit more maintainable, support different captcha types with some config options 4 years ago			`app.locals.captchaType = captchaOptions.type;`
Bugfix not showing post file size on express server .render('d pages 4 years ago			`app.locals.postFilesSize = formatSize(globalLimits.postFilesSize.max);`
Make a bit more maintainable, support different captcha types with some config options 4 years ago			`switch (captchaOptions.type) {`
			`case 'google':`
			`app.locals.googleRecaptchaSiteKey = captchaOptions.google.siteKey;`
			`break;`
			`case 'grid':`
More configuration and bit less ugly config layout for captcha 4 years ago			`app.locals.captchaGridSize = captchaOptions.grid.size;`
Make a bit more maintainable, support different captcha types with some config options 4 years ago			`break;`
			`default:`
			`break;`
			`}`
implementing global limits for board settings and configurable defaults for board creation 5 years ago
First commit 5 years ago			`// routes`
more changes to make possible to run without nginx for dev purposes 5 years ago			`if (!production) {`
use `redirect: false` in express.static This prevents prolems like `/` giving 404 in devel mode (when `static/html/index.html` is missing) or `/captcha` redirecting to `/captcha/` (then breaking). 4 years ago			`app.use(express.static(__dirname+'/static', { redirect: false }));`
			`app.use(express.static(__dirname+'/static/html', { redirect: false }));`
			`app.use(express.static(__dirname+'/static/json', { redirect: false }));`
more changes to make possible to run without nginx for dev purposes 5 years ago			`}`
Beta testing .onion support *DO NOT USE* This still has some issues and needs testing. - needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost - need to make sure bans work properly still - need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now - im 99% sure post history of tor users is broken if viewed by non-global staff - manual input ban form will also be broken for non-global staff - could still use some improvement on the middleware having a little more complicated flor for tor users But for the most part it works. Basically it will use the bypass id of a tor user as their "ip". 4 years ago
statics for non prod before generating ones 5 years ago			`app.use('/forms', require(__dirname+'/controllers/forms.js'));`
			`app.use('/', require(__dirname+'/controllers/pages.js'));`
First commit 5 years ago
gulp to minify, remove static file serving -- using nginx instead 5 years ago			`//404 catchall`
First commit 5 years ago			`app.get('*', (req, res) => {`
improved configuration options -- settings for opengraph url/sitename and render template cache 5 years ago			`res.status(404).render('404');`
First commit 5 years ago			`})`

correct recent sorting, no more class for Posts and fix 404 loop 5 years ago			`// catch any unhandled errors`
First commit 5 years ago			`app.use((err, req, res, next) => {`
			`if (err.code === 'EBADCSRFTOKEN') {`
supporting stuff for modals, scripts, and urlencoded handling in forms.js 4 years ago			`return dynamicResponse(req, res, 403, 'message', {`
use net module in ip process handler 5 years ago			`'title': 'Forbidden',`
			`'message': 'Invalid CSRF token'`
			`});`
First commit 5 years ago			`}`
fix file number check in post controller prevent error in spam check 5 years ago			`console.error(err);`
improve how errors shown when making a post, use modals and fix ban seen marking 5 years ago			`return dynamicResponse(req, res, 500, 'message', {`
global and board IP bans, improved error handling, improved permissions checks 5 years ago			`'title': 'Internal Server Error',`
improve how errors shown when making a post, use modals and fix ban seen marking 5 years ago			`'error': 'Internal Server Error', //what to put here?`
referrer header POST check/rejection 5 years ago			`'redirect': req.headers.referer \|\| '/'`
improved configuration options -- settings for opengraph url/sitename and render template cache 5 years ago			`});`
First commit 5 years ago			`})`

refactor some middlewares to move them out of main server file 5 years ago			`//listen`
logs optional, add a config for it 4 years ago			`server.listen(port, '127.0.0.1', () => {`
pug-cache-templates actually helps 5 years ago			`new CachePugTemplates({ app, views }).start();`
logs optional, add a config for it 4 years ago			debugLogs && console.log(`LISTENING ON :${port}`);
refactor some middlewares to move them out of main server file 5 years ago			`//let PM2 know that this is ready for graceful reloads and to serialise startup`
			`if (typeof process.send === 'function') {`
			`//make sure we are a child process of PM2 i.e. not in dev`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('SENT READY SIGNAL TO PM2');`
improve ecosystem file and only signal PM2 _after_ listening 5 years ago			`process.send('ready');`
			`}`
locks for writing html files, also might need to add during dedupe to prevent file incs changing while pruning 5 years ago			`});`
server graceful reload with PM2 and close on sigints 5 years ago
better graceful server shutdown 4 years ago			`const gracefulStop = () => {`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('SIGINT SIGNAL RECEIVED');`
server graceful reload with PM2 and close on sigints 5 years ago			`// Stops the server from accepting new connections and finishes existing connections.`
close websockets so the server doesnt hang when trying to shutdown 5 years ago			`Socketio.io.close((err) => {`
server graceful reload with PM2 and close on sigints 5 years ago			`// if error, log and exit with error (1 code)`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('CLOSING SERVER');`
server graceful reload with PM2 and close on sigints 5 years ago			`if (err) {`
			`console.error(err);`
			`process.exit(1);`
			`}`
			`// close database connection`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('DISCONNECTING MONGODB');`
server graceful reload with PM2 and close on sigints 5 years ago			`Mongo.client.close();`
switch redis lib to have a separate client, so that i can use it for k:v cache later 5 years ago			`//close redis connection`
logs optional, add a config for it 4 years ago			`debugLogs && console.log('DISCONNECTING REDIS')`
switch redis lib to have a separate client, so that i can use it for k:v cache later 5 years ago			`redisClient.quit();`
server graceful reload with PM2 and close on sigints 5 years ago			`// now close without error`
			`process.exit(0);`
refactor some middlewares to move them out of main server file 5 years ago			`});`
better graceful server shutdown 4 years ago			`};`

			`//graceful stop`
			`process.on('SIGINT', gracefulStop);`
			`process.on('message', (message) => {`
			`if (message === 'shutdown') {`
			`gracefulStop();`
			`}`
refactor some middlewares to move them out of main server file 5 years ago			`});`
server graceful reload with PM2 and close on sigints 5 years ago
First commit 5 years ago			`})();`