|
1
|
|
|
import express from 'express' |
|
2
|
|
|
import https from 'https' |
|
3
|
|
|
import fse from 'fs-extra' |
|
4
|
|
|
import session from 'express-session' |
|
5
|
|
|
import helmet from 'helmet' |
|
6
|
|
|
import bodyParser from 'body-parser' |
|
7
|
|
|
import exphbs from 'express-secure-handlebars' |
|
8
|
|
|
import path from 'path' |
|
9
|
|
|
//import crypto from 'crypto'; |
|
10
|
|
|
import busboy from 'connect-busboy' |
|
11
|
|
|
import clc from 'cli-color' |
|
12
|
|
|
import openurl from 'openurl' |
|
13
|
|
|
//import uuid from 'uuid' |
|
14
|
|
|
import flash from 'connect-flash' |
|
15
|
|
|
import cookieParser from 'cookie-parser' |
|
16
|
|
|
import csrf from 'csurf' |
|
17
|
|
|
import passport from 'passport' |
|
18
|
|
|
|
|
19
|
|
|
import { |
|
20
|
|
|
config, |
|
21
|
|
|
coreUtils, |
|
22
|
|
|
cmsTemplates, |
|
23
|
|
|
printInput, |
|
24
|
|
|
abeImport, |
|
25
|
|
|
testObj, |
|
26
|
|
|
math, |
|
27
|
|
|
notEmpty, |
|
28
|
|
|
printJson, |
|
29
|
|
|
className, |
|
30
|
|
|
compileAbe, |
|
31
|
|
|
listPage, |
|
32
|
|
|
ifIn, |
|
33
|
|
|
ifCond, |
|
34
|
|
|
moduloIf, |
|
35
|
|
|
attrAbe, |
|
36
|
|
|
folders, |
|
37
|
|
|
printConfig, |
|
38
|
|
|
abeExtend, |
|
39
|
|
|
Manager |
|
40
|
|
|
} from '../cli' |
|
41
|
|
|
|
|
42
|
|
|
import { |
|
43
|
|
|
middleWebsite, |
|
44
|
|
|
middleLogin, |
|
45
|
|
|
middleCheckCsrf, |
|
46
|
|
|
middleIsAuthorized |
|
47
|
|
|
} from './middlewares' |
|
48
|
|
|
|
|
49
|
|
|
var abePort = null |
|
50
|
|
|
|
|
51
|
|
|
if(config.port) abePort = config.port |
|
|
|
|
|
|
52
|
|
|
if(process.env.PORT) abePort = process.env.PORT |
|
|
|
|
|
|
53
|
|
|
|
|
54
|
|
|
abeExtend.lock.deleteAll() // delete all process .lock when abe start |
|
55
|
|
|
|
|
56
|
|
|
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0' |
|
57
|
|
|
|
|
58
|
|
|
var html = exphbs.create({ |
|
59
|
|
|
extname: '.' + config.files.templates.extension, |
|
60
|
|
|
helpers: { |
|
61
|
|
|
abe: compileAbe, |
|
62
|
|
|
listPage: listPage, |
|
63
|
|
|
math: math, |
|
64
|
|
|
printInput: printInput, |
|
65
|
|
|
abeImport: abeImport, |
|
66
|
|
|
moduloIf: moduloIf, |
|
67
|
|
|
testObj: testObj, |
|
68
|
|
|
notEmpty: notEmpty, |
|
69
|
|
|
printJson: printJson, |
|
70
|
|
|
className: className, |
|
71
|
|
|
attrAbe: attrAbe, |
|
72
|
|
|
folders: folders, |
|
73
|
|
|
printConfig: printConfig, |
|
74
|
|
|
ifIn: ifIn, |
|
75
|
|
|
ifCond: ifCond |
|
76
|
|
|
} |
|
77
|
|
|
}) |
|
78
|
|
|
|
|
79
|
|
|
var opts = {} |
|
80
|
|
|
if (coreUtils.file.exist(path.join(config.root, 'cert.pem'))) { |
|
81
|
|
|
opts = { |
|
82
|
|
|
key: fse.readFileSync( path.join(config.root, 'key.pem')), |
|
83
|
|
|
cert: fse.readFileSync( path.join(config.root, 'cert.pem')) |
|
84
|
|
|
} |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
var app = express(opts) |
|
88
|
|
|
|
|
89
|
|
|
// Instantiate Singleton Manager (which lists all blog files) |
|
90
|
|
|
Manager.instance.init() |
|
91
|
|
|
app.set('config', config.getConfigByWebsite()) |
|
92
|
|
|
|
|
93
|
|
|
app.use(flash()) |
|
94
|
|
|
app.use(cookieParser()) |
|
95
|
|
|
app.use(passport.initialize()) |
|
96
|
|
|
app.use(passport.session()) |
|
97
|
|
|
app.use(bodyParser.urlencoded({limit: '1gb', extended: true, parameterLimit: 10000 })) |
|
98
|
|
|
app.use(csrf({ |
|
99
|
|
|
cookie: { |
|
100
|
|
|
secure: config.cookie.secure |
|
101
|
|
|
} |
|
102
|
|
|
})) |
|
103
|
|
|
app.use(function(req, res, next) { |
|
104
|
|
|
if (req.url.indexOf('/abe/') > -1 ) { |
|
105
|
|
|
res.locals._csrf = req.csrfToken() |
|
106
|
|
|
} |
|
107
|
|
|
next() |
|
108
|
|
|
}) |
|
109
|
|
|
|
|
110
|
|
|
app.use(bodyParser.json({limit: '1gb'})) |
|
111
|
|
|
// app.use(function (req, res, next) { |
|
112
|
|
|
// crypto.randomBytes(Math.ceil(6), function(err, buffer){ |
|
113
|
|
|
// res.locals.nonce = buffer |
|
114
|
|
|
// .toString('hex') |
|
115
|
|
|
// .slice(0,12) |
|
116
|
|
|
// }) |
|
117
|
|
|
// //res.locals.nonce = uuid.v4() |
|
118
|
|
|
// next() |
|
119
|
|
|
// }) |
|
120
|
|
|
|
|
121
|
|
|
if(config.security === true){ |
|
122
|
|
|
app.use(helmet()) |
|
123
|
|
|
app.use(helmet.csp({ |
|
124
|
|
|
directives: { |
|
125
|
|
|
defaultSrc: ['\'self\''], |
|
126
|
|
|
scriptSrc: ['\'self\''].concat(config.csp.scriptSrc), |
|
127
|
|
|
styleSrc: ['\'self\'', '\'unsafe-inline\''].concat(config.csp.styleSrc), |
|
128
|
|
|
imgSrc: ['\'self\'', 'data:'].concat(config.csp.imgSrc), |
|
129
|
|
|
// frameSrc: ["'self'"], |
|
130
|
|
|
childSrc: ['\'self\''].concat(config.csp.childSrc), |
|
131
|
|
|
frameAncestors: ['\'self\''].concat(config.csp.frameAncestors), |
|
132
|
|
|
mediaSrc: ['\'self\''].concat(config.csp.mediaSrc), |
|
133
|
|
|
fontSrc: ['\'self\''].concat(config.csp.fontSrc), |
|
134
|
|
|
connectSrc: ['\'self\''].concat(config.csp.connectSrc), |
|
135
|
|
|
sandbox: ['allow-same-origin', 'allow-scripts', 'allow-modals', 'allow-popups', 'allow-forms'], |
|
136
|
|
|
reportUri: '/report-violation', |
|
137
|
|
|
objectSrc: [], // An empty array allows nothing through |
|
138
|
|
|
}, |
|
139
|
|
|
reportOnly: false, // Set to true if you only want browsers to report errors, not block them |
|
140
|
|
|
setAllHeaders: false, // Set to true if you want to blindly set all headers: Content-Security-Policy, X-WebKit-CSP, and X-Content-Security-Policy. |
|
141
|
|
|
disableAndroid: false, // Set to true if you want to disable CSP on Android where it can be buggy. |
|
142
|
|
|
browserSniff: true // Set to false if you want to completely disable any user-agent sniffing. This may make the headers less compatible but it will be much faster. This defaults to `true`. |
|
143
|
|
|
})) |
|
144
|
|
|
} |
|
145
|
|
|
|
|
146
|
|
|
var port = (abePort !== null) ? abePort : 3000 |
|
147
|
|
|
port = abeExtend.hooks.instance.trigger('beforeExpress', port) |
|
148
|
|
|
|
|
149
|
|
|
app.set('views', path.join(__dirname, '/templates')) |
|
150
|
|
|
app.engine('.html', html.engine) |
|
151
|
|
|
app.set('view engine', '.html') |
|
152
|
|
|
|
|
153
|
|
|
app.locals.layout = false |
|
154
|
|
|
|
|
155
|
|
|
app.use(middleCheckCsrf) |
|
156
|
|
|
app.use(middleIsAuthorized) |
|
157
|
|
|
app.use(middleLogin) |
|
158
|
|
|
app.use(middleWebsite) |
|
159
|
|
|
app.use(express.static(__dirname + '/public')) |
|
|
|
|
|
|
160
|
|
|
|
|
161
|
|
|
cmsTemplates.assets.copy() |
|
162
|
|
|
|
|
163
|
|
|
let publish = path.join(config.root, config.publish.url) |
|
164
|
|
|
app.use(express.static(publish)) |
|
165
|
|
|
|
|
166
|
|
|
if(config.partials !== '') { |
|
167
|
|
|
if (coreUtils.file.exist(path.join(config.root, config.partials))) { |
|
168
|
|
|
app.use(express.static(path.join(config.root, config.partials))) |
|
169
|
|
|
} |
|
170
|
|
|
} |
|
171
|
|
|
|
|
172
|
|
|
if(config.custom !== '') { |
|
173
|
|
|
if (coreUtils.file.exist(path.join(config.root, config.custom))) { |
|
174
|
|
|
app.use(express.static(path.join(config.root, config.custom))) |
|
175
|
|
|
} |
|
176
|
|
|
} |
|
177
|
|
|
|
|
178
|
|
|
var pluginsPartials = abeExtend.plugins.instance.getPartials() |
|
179
|
|
|
Array.prototype.forEach.call(pluginsPartials, (pluginPartials) => { |
|
180
|
|
|
app.use(express.static(pluginPartials)) |
|
181
|
|
|
}) |
|
182
|
|
|
|
|
183
|
|
|
app.use(express.static(__dirname + '/node_modules/handlebars/dist')) |
|
|
|
|
|
|
184
|
|
|
app.use(busboy({ |
|
185
|
|
|
limits: { |
|
186
|
|
|
fileSize: config.upload.fileSizelimit |
|
187
|
|
|
} |
|
188
|
|
|
})) |
|
189
|
|
|
app.use(bodyParser.json()) |
|
190
|
|
|
app.use(bodyParser.urlencoded({extended: true})) |
|
191
|
|
|
|
|
192
|
|
|
// depending on the way you serve this app, cookie.secure will be set |
|
193
|
|
|
// in Production, this app has to be reverse-proxified |
|
194
|
|
|
app.use(session({ |
|
195
|
|
|
name: 'sessionId', |
|
196
|
|
|
secret: config.sessionSecret, |
|
197
|
|
|
resave: false, |
|
198
|
|
|
saveUninitialized: true, |
|
199
|
|
|
cookie: {secure: config.cookie.secure}, |
|
200
|
|
|
proxy: true |
|
201
|
|
|
})) |
|
202
|
|
|
|
|
203
|
|
|
abeExtend.hooks.instance.trigger('afterExpress', app, express) |
|
204
|
|
|
|
|
205
|
|
|
if (coreUtils.file.exist(path.join(config.root, 'cert.pem'))) { |
|
206
|
|
|
var server = https.createServer(opts, app) |
|
207
|
|
|
server.listen(port, function() { |
|
208
|
|
|
console.log(clc.green(`\nserver running at https://localhost:${port}/`)) |
|
|
|
|
|
|
209
|
|
|
if(process.env.OPENURL) openurl.open(`https://localhost:${port}/abe/`) |
|
|
|
|
|
|
210
|
|
|
}) |
|
211
|
|
|
}else { |
|
212
|
|
|
app.listen(port, function() { |
|
213
|
|
|
console.log(clc.green(`\nserver running at http://localhost:${port}/`)) |
|
|
|
|
|
|
214
|
|
|
if(process.env.OPENURL) openurl.open(`http://localhost:${port}/abe/`) |
|
|
|
|
|
|
215
|
|
|
}) |
|
216
|
|
|
} |
|
217
|
|
|
|
|
218
|
|
|
// important : require here so config.root is defined |
|
219
|
|
|
var controllers = require('./controllers') |
|
220
|
|
|
app.use(controllers.default) |
|
221
|
|
|
|
|
222
|
|
|
// This static path is mandatory for relative path to statics in templates |
|
223
|
|
|
app.use('/abe', express.static(publish)) |
|
224
|
|
|
|
AdFabConnect /
abejs
gregorybesson
wonknu10
Loading history...
Consider adding curly braces around all statements when they are executed conditionally. This is optional if there is only one statement, but leaving them out can lead to unexpected behaviour if another statement is added later.
Consider:
If you or someone else later decides to put another statement in, only the first statement will be executed.
In this case the statement
b = 42will always be executed, while the logging statement will be executed conditionally.ensures that the proper code will be executed conditionally no matter how many statements are added or removed.