cryptpad/server.js

/*
    globals require console
*/
var Express = require('express');
var Http = require('http');
var Https = require('https');
var Fs = require('fs');
var WebSocketServer = require('ws').Server;
var NetfluxSrv = require('./NetfluxWebsocketSrv');
var WebRTCSrv = require('./WebRTCSrv');

var config = require('./config');
var websocketPort = config.websocketPort || config.httpPort;

// support multiple storage back ends
var Storage = require(config.storage||'./storage/file');

var app = Express();

app.use(function (req, res, next) {
    var host = req.headers.host;
    if (config.websocketPort) {
        host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);
    }
    var proto = httpsOpts ? 'wss://' : 'ws://'
    res.setHeader('Content-Security-Policy', [
        "default-src 'none'",
        "style-src 'unsafe-inline' 'self'",

        // No way to load ckeditor without unsafe-eval and unsafe-inline
        // https://dev.ckeditor.com/ticket/8584
        "script-src 'self' 'unsafe-eval' 'unsafe-inline'",

        "connect-src 'self' " + proto + host,
        "child-src 'self'",
        "font-src 'self'",

        // data: is used by codemirror, (insecure remote) images are included by people making
        //       documents in ckeditor.
        "img-src data: *"
    ].join('; '));
    next();
});

app.use(Express.static(__dirname + '/www'));

Fs.exists(__dirname + "/customize", function (e) {
    if (e) { return; }
    console.log("Cryptpad is customizable, see customize.dist/readme.md for details");
});

app.use("/customize", Express.static(__dirname + '/customize'));
app.use("/customize", Express.static(__dirname + '/customize.dist'));
app.use(/^\/[^\/]*$/, Express.static('customize'));
app.use(/^\/[^\/]*$/, Express.static('customize.dist'));

var httpsOpts;
if (config.privKeyAndCertFiles) {
    var privKeyAndCerts = '';
    config.privKeyAndCertFiles.forEach(function (file) {
        privKeyAndCerts = privKeyAndCerts + Fs.readFileSync(file);
    });
    var array = privKeyAndCerts.split('\n-----BEGIN ');
    for (var i = 1; i < array.length; i++) { array[i] = '-----BEGIN ' + array[i]; }
    var privKey;
    for (var i = 0; i < array.length; i++) {
        if (array[i].indexOf('PRIVATE KEY-----\n') !== -1) {
            privKey = array[i];
            array.splice(i, 1);
            break;
        }
    }
    if (!privKey) { throw new Error("cannot find private key"); }
    httpsOpts = {
        cert: array.shift(),
        key: privKey,
        ca: array
    };
}

app.get('/api/config', function(req, res){
    var host = req.headers.host.replace(/\:[0-9]+/, '');
    res.setHeader('Content-Type', 'text/javascript');
    res.send('define(' + JSON.stringify({
        websocketURL:'ws' + ((httpsOpts) ? 's' : '') + '://' + host + ':' +
            websocketPort + '/cryptpad_websocket',
        webrtcURL:'ws' + ((httpsOpts) ? 's' : '') + '://' + host + ':' +
            websocketPort + '/cryptpad_webrtc',
    }) + ');');
});

var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);

httpServer.listen(config.httpPort,config.httpAddress,function(){
    console.log('[%s] listening on port %s', new Date().toISOString(), config.httpPort);
});

var wsConfig = { server: httpServer };
if (websocketPort !== config.httpPort) {
    console.log("setting up a new websocket server");
    wsConfig = { port: websocketPort};
}
var wsSrv = new WebSocketServer(wsConfig);
Storage.create(config, function (store) {
    NetfluxSrv.run(store, wsSrv, config);
    WebRTCSrv.run(wsSrv);
});
even more jshint compliance 2016-02-15 15:47:53 +00:00			`/*`
			`globals require console`
			`*/`
and so it begins 2014-10-31 15:42:58 +00:00			`var Express = require('express');`
			`var Http = require('http');`
added ability to use https 2014-12-04 09:53:47 +00:00			`var Https = require('https');`
			`var Fs = require('fs');`
and so it begins 2014-10-31 15:42:58 +00:00			`var WebSocketServer = require('ws').Server;`
Update the pads to run with the latest improvements to the websocket server 2016-04-05 10:17:43 +00:00			`var NetfluxSrv = require('./NetfluxWebsocketSrv');`
Add the WebRTC server in Cryptpad 2016-03-08 10:45:03 +00:00			`var WebRTCSrv = require('./WebRTCSrv');`
and so it begins 2014-10-31 15:42:58 +00:00
Move config from server.js into config.js.dist 2014-10-31 16:48:17 +00:00			`var config = require('./config');`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`var websocketPort = config.websocketPort \|\| config.httpPort;`
and so it begins 2014-10-31 15:42:58 +00:00
relocate and rename Storage.js. implement a simple, non-persistent in memory datastore for those who'd rather not bother with mongodb. Continue to default to previous values. 2015-10-25 23:35:25 +00:00			`// support multiple storage back ends`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`var Storage = require(config.storage\|\|'./storage/file');`
relocate and rename Storage.js. implement a simple, non-persistent in memory datastore for those who'd rather not bother with mongodb. Continue to default to previous values. 2015-10-25 23:35:25 +00:00
and so it begins 2014-10-31 15:42:58 +00:00			`var app = Express();`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00
			`app.use(function (req, res, next) {`
			`var host = req.headers.host;`
			`if (config.websocketPort) {`
			`host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);`
			`}`
			`var proto = httpsOpts ? 'wss://' : 'ws://'`
			`res.setHeader('Content-Security-Policy', [`
			`"default-src 'none'",`
			`"style-src 'unsafe-inline' 'self'",`

			`// No way to load ckeditor without unsafe-eval and unsafe-inline`
			`// https://dev.ckeditor.com/ticket/8584`
			`"script-src 'self' 'unsafe-eval' 'unsafe-inline'",`

			`"connect-src 'self' " + proto + host,`
			`"child-src 'self'",`
			`"font-src 'self'",`

			`// data: is used by codemirror, (insecure remote) images are included by people making`
			`// documents in ckeditor.`
			`"img-src data: *"`
			`].join('; '));`
			`next();`
			`});`

and so it begins 2014-10-31 15:42:58 +00:00			`app.use(Express.static(__dirname + '/www'));`

reverting the style changes 2016-09-27 10:17:38 +00:00			`Fs.exists(__dirname + "/customize", function (e) {`
implement more seamless customization (with fallbacks) 2016-07-12 10:17:03 +00:00			`if (e) { return; }`
not quite finished 2015-01-30 17:12:20 +00:00			`console.log("Cryptpad is customizable, see customize.dist/readme.md for details");`
implement more seamless customization (with fallbacks) 2016-07-12 10:17:03 +00:00			`});`

use an absolutely specific regex for the document root 2016-07-12 10:44:44 +00:00			`app.use("/customize", Express.static(__dirname + '/customize'));`
implement more seamless customization (with fallbacks) 2016-07-12 10:17:03 +00:00			`app.use("/customize", Express.static(__dirname + '/customize.dist'));`
Using express.static instead of custom handler 2016-09-27 09:53:52 +00:00			`app.use(/^\/[^\/]*$/, Express.static('customize'));`
			`app.use(/^\/[^\/]*$/, Express.static('customize.dist'));`
not quite finished 2015-01-30 17:12:20 +00:00
added ability to use https 2014-12-04 09:53:47 +00:00			`var httpsOpts;`
			`if (config.privKeyAndCertFiles) {`
			`var privKeyAndCerts = '';`
reverting the style changes 2016-09-27 10:17:38 +00:00			`config.privKeyAndCertFiles.forEach(function (file) {`
added ability to use https 2014-12-04 09:53:47 +00:00			`privKeyAndCerts = privKeyAndCerts + Fs.readFileSync(file);`
			`});`
			`var array = privKeyAndCerts.split('\n-----BEGIN ');`
address more jshint complaints 2016-02-12 10:39:37 +00:00			`for (var i = 1; i < array.length; i++) { array[i] = '-----BEGIN ' + array[i]; }`
added ability to use https 2014-12-04 09:53:47 +00:00			`var privKey;`
			`for (var i = 0; i < array.length; i++) {`
			`if (array[i].indexOf('PRIVATE KEY-----\n') !== -1) {`
			`privKey = array[i];`
			`array.splice(i, 1);`
			`break;`
			`}`
			`}`
			`if (!privKey) { throw new Error("cannot find private key"); }`
			`httpsOpts = {`
			`cert: array.shift(),`
			`key: privKey,`
			`ca: array`
address more jshint complaints 2016-02-12 10:39:37 +00:00			`};`
added ability to use https 2014-12-04 09:53:47 +00:00			`}`

reverting the style changes 2016-09-27 10:17:38 +00:00			`app.get('/api/config', function(req, res){`
support different ports for websocket and http 2014-11-03 10:13:41 +00:00			`var host = req.headers.host.replace(/\:[0-9]+/, '');`
			`res.setHeader('Content-Type', 'text/javascript');`
			`res.send('define(' + JSON.stringify({`
reverting the style changes 2016-09-27 10:17:38 +00:00			`websocketURL:'ws' + ((httpsOpts) ? 's' : '') + '://' + host + ':' +`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`websocketPort + '/cryptpad_websocket',`
reverting the style changes 2016-09-27 10:17:38 +00:00			`webrtcURL:'ws' + ((httpsOpts) ? 's' : '') + '://' + host + ':' +`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`websocketPort + '/cryptpad_webrtc',`
support different ports for websocket and http 2014-11-03 10:13:41 +00:00			`}) + ');');`
			`});`

added ability to use https 2014-12-04 09:53:47 +00:00			`var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);`

reverting the style changes 2016-09-27 10:17:38 +00:00			`httpServer.listen(config.httpPort,config.httpAddress,function(){`
quieter stdout and stderr logs 2016-09-30 13:51:23 +00:00			`console.log('[%s] listening on port %s', new Date().toISOString(), config.httpPort);`
relocate and rename Storage.js. implement a simple, non-persistent in memory datastore for those who'd rather not bother with mongodb. Continue to default to previous values. 2015-10-25 23:35:25 +00:00			`});`
and so it begins 2014-10-31 15:42:58 +00:00
Improve the server so that both protocol (WebSocket and WebRTC) can use the same port 2016-03-16 15:34:27 +00:00			`var wsConfig = { server: httpServer };`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`if (websocketPort !== config.httpPort) {`
Improve the server so that both protocol (WebSocket and WebRTC) can use the same port 2016-03-16 15:34:27 +00:00			`console.log("setting up a new websocket server");`
Add a Content Security Policy which works for CryptPad 2016-10-06 20:37:25 +00:00			`wsConfig = { port: websocketPort};`
support different ports for websocket and http 2014-11-03 10:13:41 +00:00			`}`
Improve the server so that both protocol (WebSocket and WebRTC) can use the same port 2016-03-16 15:34:27 +00:00			`var wsSrv = new WebSocketServer(wsConfig);`
reverting the style changes 2016-09-27 10:17:38 +00:00			`Storage.create(config, function (store) {`
pass config object into NetfluxServer 2016-05-14 10:52:34 +00:00			`NetfluxSrv.run(store, wsSrv, config);`
Improve the server so that both protocol (WebSocket and WebRTC) can use the same port 2016-03-16 15:34:27 +00:00			`WebRTCSrv.run(wsSrv);`
quieter stdout and stderr logs 2016-09-30 13:51:23 +00:00			`});`