NodeBB/src/middleware/index.js

'use strict';

var async = require('async');
var path = require('path');
var csrf = require('csurf');
var validator = require('validator');
var nconf = require('nconf');
var ensureLoggedIn = require('connect-ensure-login');
var toobusy = require('toobusy-js');

var plugins = require('../plugins');
var meta = require('../meta');
var user = require('../user');
var groups = require('../groups');
var file = require('../file');

var analytics = require('../analytics');

var controllers = {
	api: require('./../controllers/api'),
	helpers: require('../controllers/helpers'),
};

var middleware = module.exports;

middleware.applyCSRF = csrf();

middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');

require('./admin')(middleware);
require('./header')(middleware);
require('./render')(middleware);
require('./maintenance')(middleware);
require('./user')(middleware);
require('./headers')(middleware);

middleware.pageView = function (req, res, next) {
	analytics.pageView({
		ip: req.ip,
		path: req.path,
		uid: req.uid,
	});

	plugins.fireHook('action:middleware.pageView', { req: req });

	if (req.user) {
		user.updateLastOnlineTime(req.user.uid);
		if (req.path.startsWith('/api/users') || req.path.startsWith('/users')) {
			user.updateOnlineUsers(req.user.uid, next);
		} else {
			user.updateOnlineUsers(req.user.uid);
			next();
		}
	} else {
		next();
	}
};


middleware.pluginHooks = function (req, res, next) {
	async.each(plugins.loadedHooks['filter:router.page'] || [], function (hookObj, next) {
		hookObj.method(req, res, next);
	}, function (err) {
		// If it got here, then none of the subscribed hooks did anything, or there were no hooks
		next(err);
	});
};

middleware.validateFiles = function (req, res, next) {
	if (!Array.isArray(req.files.files) || !req.files.files.length) {
		return next(new Error(['[[error:invalid-files]]']));
	}

	next();
};

middleware.prepareAPI = function (req, res, next) {
	res.locals.isAPI = true;
	next();
};

middleware.routeTouchIcon = function (req, res) {
	if (meta.config['brand:touchIcon'] && validator.isURL(meta.config['brand:touchIcon'])) {
		return res.redirect(meta.config['brand:touchIcon']);
	}
	return res.sendFile(path.join(__dirname, '../../public', meta.config['brand:touchIcon'] || '/logo.png'), {
		maxAge: req.app.enabled('cache') ? 5184000000 : 0,
	});
};

middleware.privateTagListing = function (req, res, next) {
	if (!req.user && parseInt(meta.config.privateTagListing, 10) === 1) {
		controllers.helpers.notAllowed(req, res);
	} else {
		next();
	}
};

middleware.exposeGroupName = function (req, res, next) {
	expose('groupName', groups.getGroupNameByGroupSlug, 'slug', req, res, next);
};

middleware.exposeUid = function (req, res, next) {
	expose('uid', user.getUidByUserslug, 'userslug', req, res, next);
};

function expose(exposedField, method, field, req, res, next) {
	if (!req.params.hasOwnProperty(field)) {
		return next();
	}
	async.waterfall([
		function (next) {
			method(req.params[field], next);
		},
		function (id, next) {
			res.locals[exposedField] = id;
			next();
		},
	], next);
}

middleware.privateUploads = function (req, res, next) {
	if (req.user || parseInt(meta.config.privateUploads, 10) !== 1) {
		return next();
	}
	if (req.path.startsWith('/assets/uploads/files')) {
		return res.status(403).json('not-allowed');
	}
	next();
};

middleware.busyCheck = function (req, res, next) {
	if (global.env === 'production' && (!meta.config.hasOwnProperty('eventLoopCheckEnabled') || parseInt(meta.config.eventLoopCheckEnabled, 10) === 1) && toobusy()) {
		analytics.increment('errors:503');
		res.status(503).type('text/html').sendFile(path.join(__dirname, '../../public/503.html'));
	} else {
		next();
	}
};

middleware.applyBlacklist = function (req, res, next) {
	meta.blacklist.test(req.ip, function (err) {
		next(err);
	});
};

middleware.processTimeagoLocales = function (req, res, next) {
	var fallback = req.path.indexOf('-short') === -1 ? 'jquery.timeago.en.js' : 'jquery.timeago.en-short.js';
	var localPath = path.join(__dirname, '../../public/vendor/jquery/timeago/locales', req.path);

	async.waterfall([
		function (next) {
			file.exists(localPath, next);
		},
		function (exists, next) {
			if (exists) {
				next(null, localPath);
			} else {
				next(null, path.join(__dirname, '../../public/vendor/jquery/timeago/locales', fallback));
			}
		},
		function (path) {
			res.status(200).sendFile(path, {
				maxAge: req.app.enabled('cache') ? 5184000000 : 0,
			});
		},
	], next);
};
ESlint quotes 2017-02-18 01:56:23 -07:00			`'use strict';`
random jshinting expedition 2014-03-02 14:45:57 -05:00
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`var async = require('async');`
			`var path = require('path');`
			`var csrf = require('csurf');`
			`var validator = require('validator');`
			`var nconf = require('nconf');`
			`var ensureLoggedIn = require('connect-ensure-login');`
			`var toobusy = require('toobusy-js');`

			`var plugins = require('../plugins');`
			`var meta = require('../meta');`
			`var user = require('../user');`
			`var groups = require('../groups');`
timeago locale test 2017-05-23 23:32:38 -04:00			`var file = require('../file');`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
			`var analytics = require('../analytics');`

			`var controllers = {`
			`api: require('./../controllers/api'),`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`helpers: require('../controllers/helpers'),`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
more tests 2017-05-12 17:53:23 -04:00			`var middleware = module.exports;`
one final push, cleanup + organize + lint; made feeds/meta/plugins routes follow same pattern as other route files 2014-03-05 17:06:24 -05:00
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`middleware.applyCSRF = csrf();`

			`middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');`

			`require('./admin')(middleware);`
			`require('./header')(middleware);`
			`require('./render')(middleware);`
			`require('./maintenance')(middleware);`
			`require('./user')(middleware);`
			`require('./headers')(middleware);`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.pageView = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`analytics.pageView({`
			`ip: req.ip,`
			`path: req.path,`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`uid: req.uid,`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`});`

ESlint object-curly-spacing 2017-02-18 12:30:49 -07:00			`plugins.fireHook('action:middleware.pageView', { req: req });`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
			`if (req.user) {`
			`user.updateLastOnlineTime(req.user.uid);`
			`if (req.path.startsWith('/api/users') \|\| req.path.startsWith('/users')) {`
			`user.updateOnlineUsers(req.user.uid, next);`
			`} else {`
			`user.updateOnlineUsers(req.user.uid);`
			`next();`
			`}`
			`} else {`
			`next();`
			`}`
			`};`
moved middleware out of webserver.js and into middleware.js 2014-03-02 14:16:16 -05:00
enabling view cache, since we require server restart on theme changes it doesn't hurt 2014-05-05 16:56:01 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.pluginHooks = function (req, res, next) {`
			`async.each(plugins.loadedHooks['filter:router.page'] \|\| [], function (hookObj, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`hookObj.method(req, res, next);`
error handler tests 2017-05-10 21:02:36 -04:00			`}, function (err) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`// If it got here, then none of the subscribed hooks did anything, or there were no hooks`
error handler tests 2017-05-10 21:02:36 -04:00			`next(err);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`});`
			`};`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.validateFiles = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`if (!Array.isArray(req.files.files) \|\| !req.files.files.length) {`
			`return next(new Error(['[[error:invalid-files]]']));`
			`}`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`next();`
			`};`
only use multipart on upload routes, delete temp files if there is an error in admin, admin/mods should see topic reply 2014-10-22 18:25:57 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.prepareAPI = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`res.locals.isAPI = true;`
			`next();`
			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.routeTouchIcon = function (req, res) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`if (meta.config['brand:touchIcon'] && validator.isURL(meta.config['brand:touchIcon'])) {`
			`return res.redirect(meta.config['brand:touchIcon']);`
			`}`
ESlint no-useless-escape, no-else-return 2017-02-18 14:27:26 -07:00			`return res.sendFile(path.join(__dirname, '../../public', meta.config['brand:touchIcon'] \|\| '/logo.png'), {`
			`maxAge: req.app.enabled('cache') ? 5184000000 : 0,`
			`});`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.privateTagListing = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`if (!req.user && parseInt(meta.config.privateTagListing, 10) === 1) {`
			`controllers.helpers.notAllowed(req, res);`
			`} else {`
			`next();`
			`}`
			`};`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.exposeGroupName = function (req, res, next) {`
adde expose methods back used by plugins 2016-09-14 21:21:32 +03:00			`expose('groupName', groups.getGroupNameByGroupSlug, 'slug', req, res, next);`
			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.exposeUid = function (req, res, next) {`
adde expose methods back used by plugins 2016-09-14 21:21:32 +03:00			`expose('uid', user.getUidByUserslug, 'userslug', req, res, next);`
			`};`

			`function expose(exposedField, method, field, req, res, next) {`
			`if (!req.params.hasOwnProperty(field)) {`
			`return next();`
			`}`
cleanup and tests 2017-05-25 16:40:03 -04:00			`async.waterfall([`
			`function (next) {`
			`method(req.params[field], next);`
			`},`
			`function (id, next) {`
			`res.locals[exposedField] = id;`
			`next();`
			`},`
			`], next);`
adde expose methods back used by plugins 2016-09-14 21:21:32 +03:00			`}`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.privateUploads = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`if (req.user \|\| parseInt(meta.config.privateUploads, 10) !== 1) {`
			`return next();`
Allow session cookie domain customization 2014-07-24 22:26:19 +02:00			`}`
Fix #5416, uploads path config setting - Finish moving uploads route to `/assets/uploads` - Remove `upload_url` config setting, it was broken 2017-02-08 11:41:24 -07:00			`if (req.path.startsWith('/assets/uploads/files')) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`return res.status(403).json('not-allowed');`
			`}`
			`next();`
			`};`
fixed #1988 2014-08-13 16:03:33 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.busyCheck = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`if (global.env === 'production' && (!meta.config.hasOwnProperty('eventLoopCheckEnabled') \|\| parseInt(meta.config.eventLoopCheckEnabled, 10) === 1) && toobusy()) {`
			`analytics.increment('errors:503');`
			`res.status(503).type('text/html').sendFile(path.join(__dirname, '../../public/503.html'));`
			`} else {`
			`next();`
closes #3435 2015-08-17 14:53:37 -04:00			`}`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.applyBlacklist = function (req, res, next) {`
			`meta.blacklist.test(req.ip, function (err) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`next(err);`
			`});`
			`};`

timeago locale test 2017-05-23 23:32:38 -04:00			`middleware.processTimeagoLocales = function (req, res, next) {`
ESlint one-var, fix comma-dangle 2017-02-17 20:20:42 -07:00			`var fallback = req.path.indexOf('-short') === -1 ? 'jquery.timeago.en.js' : 'jquery.timeago.en-short.js';`
			`var localPath = path.join(__dirname, '../../public/vendor/jquery/timeago/locales', req.path);`
moved all app.configure() code into middleware/index.js + organization/cleanup 2014-03-01 17:26:26 -05:00
timeago locale test 2017-05-23 23:32:38 -04:00			`async.waterfall([`
			`function (next) {`
			`file.exists(localPath, next);`
			`},`
			`function (exists, next) {`
			`if (exists) {`
			`next(null, localPath);`
			`} else {`
			`next(null, path.join(__dirname, '../../public/vendor/jquery/timeago/locales', fallback));`
			`}`
			`},`
			`function (path) {`
			`res.status(200).sendFile(path, {`
			`maxAge: req.app.enabled('cache') ? 5184000000 : 0,`
			`});`
			`},`
			`], next);`
Add missing new lines at end of files. 2014-04-10 20:31:57 +01:00			`};`