2018-04-02 09:58:32 +00:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const config = require('config');
|
|
|
|
|
const log = require('npmlog');
|
|
|
|
|
|
|
|
|
|
const _ = require('./lib/translate')._;
|
|
|
|
|
|
|
|
|
|
const { nodeifyFunction } = require('./lib/nodeify');
|
|
|
|
|
|
|
|
|
|
const express = require('express');
|
|
|
|
|
const bodyParser = require('body-parser');
|
|
|
|
|
const path = require('path');
|
|
|
|
|
const favicon = require('serve-favicon');
|
|
|
|
|
const logger = require('morgan');
|
|
|
|
|
const cookieParser = require('cookie-parser');
|
|
|
|
|
const session = require('express-session');
|
|
|
|
|
const RedisStore = require('connect-redis')(session);
|
|
|
|
|
const flash = require('connect-flash');
|
|
|
|
|
const hbs = require('hbs');
|
|
|
|
|
const handlebarsHelpers = require('./lib/handlebars-helpers');
|
|
|
|
|
const compression = require('compression');
|
|
|
|
|
const passport = require('./lib/passport');
|
|
|
|
|
const contextHelpers = require('./lib/context-helpers');
|
|
|
|
|
|
|
|
|
|
const getSettings = nodeifyFunction(require('./models/settings').get);
|
|
|
|
|
const api = require('./routes/api');
|
|
|
|
|
|
|
|
|
|
// These are routes for the new React-based client
|
|
|
|
|
const reports = require('./routes/reports');
|
|
|
|
|
const subscription = require('./routes/subscription');
|
|
|
|
|
const mosaico = require('./routes/mosaico');
|
|
|
|
|
const files = require('./routes/files');
|
|
|
|
|
|
|
|
|
|
const namespacesRest = require('./routes/rest/namespaces');
|
2018-04-22 07:00:04 +00:00
|
|
|
const sendConfigurationsRest = require('./routes/rest/send-configurations');
|
2018-04-02 09:58:32 +00:00
|
|
|
const usersRest = require('./routes/rest/users');
|
|
|
|
|
const accountRest = require('./routes/rest/account');
|
|
|
|
|
const reportTemplatesRest = require('./routes/rest/report-templates');
|
|
|
|
|
const reportsRest = require('./routes/rest/reports');
|
|
|
|
|
const campaignsRest = require('./routes/rest/campaigns');
|
|
|
|
|
const listsRest = require('./routes/rest/lists');
|
|
|
|
|
const formsRest = require('./routes/rest/forms');
|
|
|
|
|
const fieldsRest = require('./routes/rest/fields');
|
|
|
|
|
const sharesRest = require('./routes/rest/shares');
|
|
|
|
|
const segmentsRest = require('./routes/rest/segments');
|
|
|
|
|
const subscriptionsRest = require('./routes/rest/subscriptions');
|
|
|
|
|
const templatesRest = require('./routes/rest/templates');
|
2018-04-02 17:05:22 +00:00
|
|
|
const mosaicoTemplatesRest = require('./routes/rest/mosaico-templates');
|
2018-04-02 09:58:32 +00:00
|
|
|
const blacklistRest = require('./routes/rest/blacklist');
|
|
|
|
|
const editorsRest = require('./routes/rest/editors');
|
|
|
|
|
const filesRest = require('./routes/rest/files');
|
2018-04-22 15:33:43 +00:00
|
|
|
const settingsRest = require('./routes/rest/settings');
|
2018-04-02 09:58:32 +00:00
|
|
|
|
2018-04-22 15:33:43 +00:00
|
|
|
const index = require('./routes/index');
|
2018-04-02 09:58:32 +00:00
|
|
|
|
|
|
|
|
const interoperableErrors = require('./shared/interoperable-errors');
|
|
|
|
|
|
|
|
|
|
hbs.registerPartials(__dirname + '/views/partials');
|
|
|
|
|
hbs.registerPartials(__dirname + '/views/subscription/partials/');
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* We need this helper to make sure that we consume flash messages only
|
|
|
|
|
* when we are able to actually display these. Otherwise we might end up
|
|
|
|
|
* in a situation where we consume a flash messages but then comes a redirect
|
|
|
|
|
* and the message is never displayed
|
|
|
|
|
*/
|
|
|
|
|
hbs.registerHelper('flash_messages', function () { // eslint-disable-line prefer-arrow-callback
|
2018-05-20 18:27:35 +00:00
|
|
|
console.log(this.flash);
|
2018-04-02 09:58:32 +00:00
|
|
|
if (typeof this.flash !== 'function') { // eslint-disable-line no-invalid-this
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let messages = this.flash(); // eslint-disable-line no-invalid-this
|
2018-05-20 18:27:35 +00:00
|
|
|
console.log(messages);
|
2018-04-02 09:58:32 +00:00
|
|
|
let response = [];
|
|
|
|
|
|
|
|
|
|
// group messages by type
|
|
|
|
|
Object.keys(messages).forEach(key => {
|
|
|
|
|
let el = '<div class="alert alert-' + key + ' alert-dismissible" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>';
|
|
|
|
|
|
|
|
|
|
if (key === 'danger') {
|
|
|
|
|
el += '<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span> ';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let rows = [];
|
|
|
|
|
|
|
|
|
|
messages[key].forEach(message => {
|
|
|
|
|
message = hbs.handlebars.escapeExpression(message);
|
|
|
|
|
message = message.replace(/(\r\n|\n|\r)/gm, '<br>');
|
|
|
|
|
rows.push(message);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (rows.length > 1) {
|
|
|
|
|
el += '<p>' + rows.join('</p>\n<p>') + '</p>';
|
|
|
|
|
} else {
|
|
|
|
|
el += rows.join('');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
el += '</div>';
|
|
|
|
|
|
|
|
|
|
response.push(el);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return new hbs.handlebars.SafeString(
|
|
|
|
|
response.join('\n')
|
|
|
|
|
);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
handlebarsHelpers.registerHelpers(hbs.handlebars);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function createApp(trusted) {
|
|
|
|
|
const app = express();
|
|
|
|
|
|
|
|
|
|
function install404Fallback(url) {
|
|
|
|
|
app.use(url, (req, res, next) => {
|
|
|
|
|
next(new interoperableErrors.NotFoundError());
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
app.use(url + '/*', (req, res, next) => {
|
|
|
|
|
next(new interoperableErrors.NotFoundError());
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function useWith404Fallback(url, route) {
|
|
|
|
|
app.use(url, route);
|
|
|
|
|
install404Fallback(url);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// view engine setup
|
|
|
|
|
app.set('views', path.join(__dirname, 'views'));
|
|
|
|
|
app.set('view engine', 'hbs');
|
|
|
|
|
|
|
|
|
|
// Handle proxies. Needed to resolve client IP
|
|
|
|
|
if (config.www.proxy) {
|
|
|
|
|
app.set('trust proxy', config.www.proxy);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do not expose software used
|
|
|
|
|
app.disable('x-powered-by');
|
|
|
|
|
|
|
|
|
|
app.use(compression());
|
|
|
|
|
app.use(favicon(path.join(__dirname, 'client', 'public', 'favicon.ico')));
|
|
|
|
|
|
|
|
|
|
app.use(logger(config.www.log, {
|
|
|
|
|
stream: {
|
|
|
|
|
write: message => {
|
|
|
|
|
message = (message || '').toString();
|
|
|
|
|
if (message) {
|
|
|
|
|
log.info('HTTP', message.replace('\n', '').trim());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
app.use(cookieParser());
|
|
|
|
|
app.use(session({
|
|
|
|
|
store: config.redis.enabled ? new RedisStore(config.redis) : false,
|
|
|
|
|
secret: config.www.secret,
|
|
|
|
|
saveUninitialized: false,
|
|
|
|
|
resave: false
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
app.use(flash());
|
|
|
|
|
|
|
|
|
|
app.use(bodyParser.urlencoded({
|
|
|
|
|
extended: true,
|
|
|
|
|
limit: config.www.postSize
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
app.use(bodyParser.text({
|
|
|
|
|
limit: config.www.postSize
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
app.use(bodyParser.json({
|
|
|
|
|
limit: config.www.postSize
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
if (trusted) {
|
|
|
|
|
passport.setup(app);
|
|
|
|
|
} else {
|
|
|
|
|
app.use(passport.tryAuthByRestrictedAccessToken);
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-09 02:07:01 +00:00
|
|
|
useWith404Fallback('/public', express.static(path.join(__dirname, 'client', 'public')));
|
|
|
|
|
useWith404Fallback('/mailtrain', express.static(path.join(__dirname, 'client', 'dist')));
|
|
|
|
|
useWith404Fallback('/locales', express.static(path.join(__dirname, 'client', 'locales')));
|
|
|
|
|
|
2018-04-02 09:58:32 +00:00
|
|
|
|
2018-05-20 18:27:35 +00:00
|
|
|
// Make sure flash messages are available
|
|
|
|
|
// Currently, flash messages are used only from routes/subscription.js
|
|
|
|
|
app.use((req, res, next) => {
|
|
|
|
|
res.locals.flash = req.flash.bind(req);
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/* FIXME - can we remove this???
|
2018-04-02 09:58:32 +00:00
|
|
|
app.use((req, res, next) => {
|
|
|
|
|
res.locals.flash = req.flash.bind(req);
|
|
|
|
|
res.locals.user = req.user;
|
|
|
|
|
res.locals.admin = req.user && req.user.id == 1; // FIXME, this should verify the admin privileges and set this accordingly
|
|
|
|
|
res.locals.ldap = {
|
|
|
|
|
enabled: config.ldap.enabled,
|
|
|
|
|
passwordresetlink: config.ldap.passwordresetlink
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let menu = [{
|
|
|
|
|
title: _('Home'),
|
|
|
|
|
url: '/',
|
|
|
|
|
selected: true
|
|
|
|
|
}];
|
|
|
|
|
|
|
|
|
|
res.setSelectedMenu = key => {
|
|
|
|
|
menu.forEach(item => {
|
|
|
|
|
item.selected = (item.key === key);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
res.locals.menu = menu;
|
|
|
|
|
tools.updateMenu(res);
|
|
|
|
|
|
|
|
|
|
res.locals.customStyles = config.customstyles || [];
|
|
|
|
|
res.locals.customScripts = config.customscripts || [];
|
|
|
|
|
|
|
|
|
|
let bodyClasses = [];
|
|
|
|
|
if (req.user) {
|
|
|
|
|
bodyClasses.push('logged-in user-' + req.user.username);
|
|
|
|
|
}
|
|
|
|
|
res.locals.bodyClass = bodyClasses.join(' ');
|
|
|
|
|
|
|
|
|
|
getSettings(['uaCode', 'shoutout'], (err, configItems) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
return next(err);
|
|
|
|
|
}
|
|
|
|
|
Object.keys(configItems).forEach(key => {
|
|
|
|
|
res.locals[key] = configItems[key];
|
|
|
|
|
});
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Endpoint under /api are authenticated by access token
|
|
|
|
|
app.all('/api/*', passport.authByAccessToken);
|
|
|
|
|
|
|
|
|
|
// Marks the following endpoint to return JSON object when error occurs
|
|
|
|
|
app.all('/api/*', (req, res, next) => {
|
|
|
|
|
req.needsAPIJSONResponse = true;
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
app.all('/rest/*', (req, res, next) => {
|
|
|
|
|
req.needsRESTJSONResponse = true;
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Initializes the request context to be used for authorization
|
|
|
|
|
app.use((req, res, next) => {
|
|
|
|
|
req.context = contextHelpers.getRequestContext(req);
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Regular endpoints
|
|
|
|
|
useWith404Fallback('/subscription', subscription);
|
|
|
|
|
useWith404Fallback('/files', files);
|
2018-04-22 15:33:43 +00:00
|
|
|
useWith404Fallback('/mosaico', mosaico.getRouter(trusted));
|
2018-04-02 09:58:32 +00:00
|
|
|
|
|
|
|
|
if (config.reports && config.reports.enabled === true) {
|
|
|
|
|
useWith404Fallback('/reports', reports);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// API endpoints
|
|
|
|
|
useWith404Fallback('/api', api);
|
|
|
|
|
|
|
|
|
|
// REST endpoints
|
|
|
|
|
app.use('/rest', namespacesRest);
|
2018-04-22 07:00:04 +00:00
|
|
|
app.use('/rest', sendConfigurationsRest);
|
2018-04-02 09:58:32 +00:00
|
|
|
app.use('/rest', usersRest);
|
|
|
|
|
app.use('/rest', accountRest);
|
|
|
|
|
app.use('/rest', campaignsRest);
|
|
|
|
|
app.use('/rest', listsRest);
|
|
|
|
|
app.use('/rest', formsRest);
|
|
|
|
|
app.use('/rest', fieldsRest);
|
|
|
|
|
app.use('/rest', sharesRest);
|
|
|
|
|
app.use('/rest', segmentsRest);
|
|
|
|
|
app.use('/rest', subscriptionsRest);
|
|
|
|
|
app.use('/rest', templatesRest);
|
2018-04-02 17:05:22 +00:00
|
|
|
app.use('/rest', mosaicoTemplatesRest);
|
2018-04-02 09:58:32 +00:00
|
|
|
app.use('/rest', blacklistRest);
|
|
|
|
|
app.use('/rest', editorsRest);
|
|
|
|
|
app.use('/rest', filesRest);
|
2018-04-22 15:33:43 +00:00
|
|
|
app.use('/rest', settingsRest);
|
2018-04-02 09:58:32 +00:00
|
|
|
|
|
|
|
|
if (config.reports && config.reports.enabled === true) {
|
|
|
|
|
app.use('/rest', reportTemplatesRest);
|
|
|
|
|
app.use('/rest', reportsRest);
|
|
|
|
|
}
|
|
|
|
|
install404Fallback('/rest');
|
|
|
|
|
|
2018-04-22 15:33:43 +00:00
|
|
|
app.use('/', index.getRouter(trusted));
|
2018-04-02 09:58:32 +00:00
|
|
|
|
|
|
|
|
// Error handlers
|
|
|
|
|
if (app.get('env') === 'development') {
|
|
|
|
|
// development error handler
|
|
|
|
|
// will print stacktrace
|
|
|
|
|
app.use((err, req, res, next) => {
|
|
|
|
|
if (!err) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (req.needsRESTJSONResponse) {
|
|
|
|
|
const resp = {
|
|
|
|
|
message: err.message,
|
|
|
|
|
error: err
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (err instanceof interoperableErrors.InteroperableError) {
|
|
|
|
|
resp.type = err.type;
|
|
|
|
|
resp.data = err.data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.status(err.status || 500).json(resp);
|
|
|
|
|
|
|
|
|
|
} else if (req.needsAPIJSONResponse) {
|
|
|
|
|
const resp = {
|
|
|
|
|
error: err.message || err,
|
|
|
|
|
data: []
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return status(err.status || 500).json(resp);
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
if (err instanceof interoperableErrors.NotLoggedInError) {
|
|
|
|
|
return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
|
|
|
|
|
} else {
|
|
|
|
|
res.status(err.status || 500);
|
|
|
|
|
res.render('error', {
|
|
|
|
|
message: err.message,
|
|
|
|
|
error: err
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
// production error handler
|
|
|
|
|
// no stacktraces leaked to user
|
|
|
|
|
app.use((err, req, res, next) => {
|
|
|
|
|
if (!err) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
console.log(err);
|
|
|
|
|
if (req.needsRESTJSONResponse) {
|
|
|
|
|
const resp = {
|
|
|
|
|
message: err.message,
|
|
|
|
|
error: {}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (err instanceof interoperableErrors.InteroperableError) {
|
|
|
|
|
resp.type = err.type;
|
|
|
|
|
resp.data = err.data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.status(err.status || 500).json(resp);
|
|
|
|
|
|
|
|
|
|
} else if (req.needsAPIJSONResponse) {
|
|
|
|
|
const resp = {
|
|
|
|
|
error: err.message || err,
|
|
|
|
|
data: []
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return status(err.status || 500).json(resp);
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
// TODO: Render interoperable errors using a special client that does internationalization of the error message
|
|
|
|
|
|
|
|
|
|
if (err instanceof interoperableErrors.NotLoggedInError) {
|
|
|
|
|
return res.redirect('/account/login?next=' + encodeURIComponent(req.originalUrl));
|
|
|
|
|
} else {
|
|
|
|
|
res.status(err.status || 500);
|
|
|
|
|
res.render('error', {
|
|
|
|
|
message: err.message,
|
|
|
|
|
error: {}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return app;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
createApp
|
|
|
|
|
};
|
