1berry/Hemmelig.app
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Hemmelig.app/server.js

179 lines
5.4 KiB
JavaScript
Raw Normal View History

feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
// Boot scripts
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
import('./server/bootstrap.js');
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
feat: add the new rate limit (#263) * feat: add the new rate limit This rate limit will use the method, path and ip as a key, and will be route based rate limiter. Also, this rate limit will be in memory for now using a Map as the store. * chore: remove the commented code * refactor: minor changes * fix: create env vars to config for the rate limit * fix: fix the default options * chore: use arrow function * chore: use spread
2024-01-29 07:24:38 +01:00
import cookie from '@fastify/cookie';
import cors from '@fastify/cors';
import helmet from '@fastify/helmet';
import jwt from '@fastify/jwt';
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
import fastifyStatic from '@fastify/static';
import FastifyVite from '@fastify/vite';
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
import config from 'config';
feat: add the new rate limit (#263) * feat: add the new rate limit This rate limit will use the method, path and ip as a key, and will be route based rate limiter. Also, this rate limit will be in memory for now using a Map as the store. * chore: remove the commented code * refactor: minor changes * fix: create env vars to config for the rate limit * fix: fix the default options * chore: use arrow function * chore: use spread
2024-01-29 07:24:38 +01:00
import importFastify from 'fastify';
fix: make the html in production load the config dynamically
2023-11-15 07:36:47 +01:00
import { JSDOM } from 'jsdom';
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
import fs from 'node:fs';
import path from 'node:path';
import { fileURLToPath } from 'node:url';
fix: make the html in production load the config dynamically
2023-11-15 07:36:47 +01:00
import template from 'y8';
feat: add the new rate limit (#263) * feat: add the new rate limit This rate limit will use the method, path and ip as a key, and will be route based rate limiter. Also, this rate limit will be in memory for now using a Map as the store. * chore: remove the commented code * refactor: minor changes * fix: create env vars to config for the rate limit * fix: fix the default options * chore: use arrow function * chore: use spread
2024-01-29 07:24:38 +01:00
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
import rateLimit from './server/plugins/rate-limit.js';
import adminDecorator from './server/decorators/admin.js';
import allowedIp from './server/decorators/allowed-ip.js';
import attachment from './server/decorators/attachment-upload.js';
import jwtDecorator from './server/decorators/jwt.js';
import userFeatures from './server/decorators/user-features.js';
import readCookieAllRoutesHandler from './server/prehandlers/cookie-all-routes.js';
import disableUserAccountCreationHandler from './server/prehandlers/disable-user-account-creation.js';
import disableUserHandler from './server/prehandlers/disable-users.js';
import readOnlyHandler from './server/prehandlers/read-only.js';
import restrictOrganizationEmailHandler from './server/prehandlers/restrict-organization-email.js';
import accountRoute from './server/controllers/account.js';
import adminSettingsRoute from './server/controllers/admin/settings.js';
import usersRoute from './server/controllers/admin/users.js';
import authenticationRoute from './server/controllers/authentication.js';
import downloadRoute from './server/controllers/download.js';
import healthzRoute from './server/controllers/healthz.js';
import secretRoute from './server/controllers/secret.js';
import statsRoute from './server/controllers/stats.js';
chore: add custom header In this case it is a header to the repository
2024-05-01 18:14:46 +02:00
import customHeaders from './server/plugins/custom-headers.js';
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
refactor: change from cra to vite (#169)
2023-04-02 17:18:19 +02:00
const isDev = process.env.NODE_ENV === 'development';
feat: add file encryption on the client side
2022-09-07 19:19:35 +02:00
const MAX_FILE_BYTES = 1024 * config.get('file.size') * 1000; // Example: 1024 * 2 * 1000 = 2 024 000 bytes
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
const staticPath = path.join(__dirname, !isDev ? 'client/build' : 'client');
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
const fastify = importFastify({
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
logger: config.get('logger'),
feat: add file encryption on the client side
2022-09-07 19:19:35 +02:00
bodyLimit: MAX_FILE_BYTES,
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
});
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
await fastify.register(FastifyVite, {
root: import.meta.url,
dev: process.argv.includes('--dev'),
spa: true,
});
fastify.register(fastifyStatic, {
root: path.join(__dirname, 'public'),
prefix: '/static/',
});
fastify.register(fastifyStatic, {
root: path.join(__dirname, 'public', 'locales'),
prefix: '/locales/',
decorateReply: false,
});
if (!isDev) {
const script = template(
`
try {
window.__SECRET_CONFIG = {{config}}
} catch (e) {
window.__SECRET_CONFIG = '';
}
`,
{ config: `'${JSON.stringify(config.get('__client_config'))}';` }
);
const index = staticPath + '/index.html';
const dom = new JSDOM(fs.readFileSync(index));
dom.window.document.querySelector('#__secret_config').textContent = script;
fs.writeFileSync(index, dom.serialize());
}
chore: add custom header In this case it is a header to the repository
2024-05-01 18:14:46 +02:00
fastify.register(customHeaders);
feat: add sqlite as a database using prisma orm (#170) * feat: add initial sqlite implementation This implementation is based on the wonderful work of @d-513 PR https://github.com/HemmeligOrg/Hemmelig.app/pull/108 * chore: clean up code smells * refactor: use fastify rate limit without redis * chore: use metrics as health data * fix: remove the rate limit decorator * chore: remove all references to redis * chore: run migrate before starting up * chore: set 10000 requests each minutes for now have to look into doing this differently * chore: add data to gitignore * feat: set version to 5.0.0 * fix: the prevent burn and max views logic missing from redis deletion * docs: add more information about sqlite
2023-04-03 22:00:10 +02:00
fastify.register(rateLimit, {
fix: set the rate limit to the api routes only
2023-04-25 17:04:39 +02:00
prefix: '/api/',
feat: add the new rate limit (#263) * feat: add the new rate limit This rate limit will use the method, path and ip as a key, and will be route based rate limiter. Also, this rate limit will be in memory for now using a Map as the store. * chore: remove the commented code * refactor: minor changes * fix: create env vars to config for the rate limit * fix: fix the default options * chore: use arrow function * chore: use spread
2024-01-29 07:24:38 +01:00
max: config.get('rateLimit.max'),
timeWindow: config.get('rateLimit.timeWindow'),
feat: add sqlite as a database using prisma orm (#170) * feat: add initial sqlite implementation This implementation is based on the wonderful work of @d-513 PR https://github.com/HemmeligOrg/Hemmelig.app/pull/108 * chore: clean up code smells * refactor: use fastify rate limit without redis * chore: use metrics as health data * fix: remove the rate limit decorator * chore: remove all references to redis * chore: run migrate before starting up * chore: set 10000 requests each minutes for now have to look into doing this differently * chore: add data to gitignore * feat: set version to 5.0.0 * fix: the prevent burn and max views logic missing from redis deletion * docs: add more information about sqlite
2023-04-03 22:00:10 +02:00
});
Reenable fastify helmet for security
2021-06-22 20:26:25 +02:00
// https://github.com/fastify/fastify-helmet
security(csp): add csp header
2023-02-13 19:16:20 +01:00
fastify.register(helmet, {
contentSecurityPolicy: {
directives: {
feat: no external ressources (#202) * chore: move the fonts locally for no 3rd party integrations * fix: change the root path
2023-08-23 06:39:22 +02:00
'font-src': ["'self'"],
security(csp): add csp header
2023-02-13 19:16:20 +01:00
'script-src': ["'self'", "'unsafe-inline'"],
fix: turn on hsts and turn off upgradeInsecureRequests (#203)
2023-08-23 06:39:08 +02:00
upgradeInsecureRequests: null,
security(csp): add csp header
2023-02-13 19:16:20 +01:00
},
},
crossOriginEmbedderPolicy: false,
});
Reenable fastify helmet for security
2021-06-22 20:26:25 +02:00
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
// https://github.com/fastify/fastify-cors
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
fastify.register(cors, { origin: config.get('cors') });
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
feat(cookie): change the flow to use cookies for sign in / out / up (#164) * feat(cookie): change the flow to use cookies for sign in / out / up
2023-03-11 17:58:35 +01:00
// https://github.com/fastify/fastify-jwt#cookie
fastify.register(jwt, {
secret: config.get('jwt.secret'),
cookie: {
cookieName: config.get('jwt.cookie'),
signed: false,
},
});
fastify.register(cookie);
Account (#22) * initial * Add working sign in / sign up logic * Set expire jwt token in 7 days * Use a JWT secret that is not the encryption secret * Add basic sign in page * Add user verification * Add account page * Add simple api docs * Update basic auth account page * Add more prerender urls * Remove logged in pages * Add basic auth check * Rename SECRET_HOSTNAME to SECRET_LOCAL_HOSTNAME as this is what is defined for fastify * update to localHostname * Add comments * Move account data to its own controller * Minor styling
2021-06-18 14:57:10 +02:00
// Define decorators
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
fastify.register(adminDecorator);
feat(cookie): change the flow to use cookies for sign in / out / up (#164) * feat(cookie): change the flow to use cookies for sign in / out / up
2023-03-11 17:58:35 +01:00
fastify.register(jwtDecorator);
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
fastify.register(userFeatures);
fastify.register(allowedIp);
fastify.register(attachment);
Account (#22) * initial * Add working sign in / sign up logic * Set expire jwt token in 7 days * Use a JWT secret that is not the encryption secret * Add basic sign in page * Add user verification * Add account page * Add simple api docs * Update basic auth account page * Add more prerender urls * Remove logged in pages * Add basic auth check * Rename SECRET_HOSTNAME to SECRET_LOCAL_HOSTNAME as this is what is defined for fastify * update to localHostname * Add comments * Move account data to its own controller * Minor styling
2021-06-18 14:57:10 +02:00
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
// Define pre handlers
fastify.addHook('preHandler', readCookieAllRoutesHandler(fastify));
fastify.addHook('preHandler', disableUserHandler);
feat: add disable user registration setting to the admin page This means it is not allowed to create accounts, but, you as an admin are allowed to create accounts which can use the application
2023-04-11 09:20:38 +02:00
fastify.addHook('preHandler', disableUserAccountCreationHandler);
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
fastify.addHook('preHandler', readOnlyHandler);
chore: rename from whitelist to restrict
2023-04-17 13:19:06 +02:00
fastify.addHook('preHandler', restrictOrganizationEmailHandler);
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
chore: simplify the server html process
2024-10-30 06:25:53 +01:00
fastify.get('/*', (request, reply) => {
if (request.url.startsWith('/api/')) {
return reply.callNotFound();
}
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
return reply.html();
chore: simplify the server html process
2024-10-30 06:25:53 +01:00
});
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
fastify.register(authenticationRoute, {
prefix: '/api/authentication',
});
fastify.register(accountRoute, {
prefix: '/api/account',
});
feat: add initial user management tab (#176) * feat: add initial user management tab * refactor: create a userFetchTemplate for the similar requests
2023-04-10 15:37:14 +02:00
fastify.register(usersRoute, {
prefix: '/api/admin/users',
});
feat: add user management (#172) * feat: add root user creation * feat: add roles Unfortunately enums is not supported by SQLite, which means we manually have to handle roles as strings * feat: add admin settings endpoint and database fields * refactor: move the db cleaner to the bootstrap file * feat: add read only flag this means the user only is allowed to read content and not write * feat: create admin settings to be used by the server * feat: add read only migration * feat: add read only prehandler with configuration * refactor: use the initialized prisma connection * fix: get the decoded cookie token * feat: set the user cookie values available for all routes * refactor: remove the cookie token handling from the handler * chore: change the user fetch behaviour * fix: update admin settings immediately * chore: connect the dots * feat: implement the read only logic for the frontend * feat: add the UI admin settings page * feat: add the UI admin settings page * chore: change the title to success * chore: use translations for parts of the settings Will add it for all when the text is decided * chore: use translations for parts of the settings * fix: error handling if you are not allowed to update settings * refactor: how the user disable feature is working * refactor: how we update the admin settings config * docs: remove comment * docs: remove disable users env var doc * docs: add information about admin settings * chore: handle code smells
2023-04-09 11:36:01 +02:00
fastify.register(adminSettingsRoute, {
prefix: '/api/admin/settings',
});
feat: make it possible to disable user registration This includes using user features as well
2022-09-08 17:06:09 +02:00
fastify.register(downloadRoute, { prefix: '/api/download' });
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
fastify.register(secretRoute, { prefix: '/api/secret' });
feat: add a stats endpoint
2022-08-29 22:28:48 +02:00
fastify.register(statsRoute, { prefix: '/api/stats' });
chore: refactor the application to use es6 import and exports
2022-08-27 19:25:14 +02:00
fastify.register(healthzRoute, { prefix: '/api/healthz' });
fastify.register(healthzRoute, { prefix: '/healthz' });
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
const startServer = async () => {
try {
refactor: use fastify vite for the dev server (#284) * refactor: use fastify vite for the server by doing this we do not need to have local hacks for the routes. No local proxy needed. Everything just works. * fix: update the dockerfile build path * fix: update package.json * fix: fonts path
2024-03-11 13:43:20 +01:00
await fastify.vite.ready();
chore: update fastify to newest version bonus: added gzip encryption
2022-08-27 19:34:22 +02:00
await fastify.listen({ port: config.get('port'), host: config.get('localHostname') });
Initial MVP of Hemmelig.app
2021-06-13 18:11:25 +02:00
} catch (err) {
fastify.log.error(err);
}
};
startServer();
Reference in New Issue Copy Permalink