/** * This module is included by serve.js, which bin/run.sh invokes. It sets up a Express HTTP and a Socket.IO Server. * Static file Requests are answered directly from this module, Socket.IO messages are passed * to MessageHandler and minfied requests are passed to minified. */ /* * 2011 Peter 'Pita' Martischka (Primary Technology Ltd) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS-IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ var ERR = require("async-stacktrace"); var log4js = require('log4js'); var os = require("os"); var socketio = require('socket.io'); var fs = require('fs'); var settings = require('./utils/Settings'); var db = require('./db/DB'); var async = require('async'); var express = require('express'); var path = require('path'); var minify = require('./utils/Minify'); var formidable = require('formidable'); var apiHandler; var exportHandler; var importHandler; var exporthtml; var readOnlyManager; var padManager; var securityManager; var socketIORouter; //try to get the git version var version = ""; try { var ref = fs.readFileSync("../.git/HEAD", "utf-8"); var refPath = "../.git/" + ref.substring(5, ref.indexOf("\n")); version = fs.readFileSync(refPath, "utf-8"); version = version.substring(0, 7); console.log("Your Etherpad Lite git version is " + version); } catch(e) { console.warn("Can't get git version for server header\n" + e.message) } console.log("Report bugs at https://github.com/Pita/etherpad-lite/issues") var serverName = "Etherpad-Lite " + version + " (http://j.mp/ep-lite)"; //cache 6 hours exports.maxAge = 1000*60*60*6; //set loglevel log4js.setGlobalLogLevel(settings.loglevel); function setupDb(callback){ db.init(callback); } function padAccessCombinator(securityManager, req, res, callback, errorback){ function checkback(err, accessObj){ if(err) return errorback(err); if("grant" == accessObj.accessStatus) return callback(); return res.send("403 - Can't touch this", 403); } //works great for one session //but what if there are multiple? //if(!("sessionIDs" in req.cookies)) return securityManager.checkAccess( req.params.pad, req.cookies.sessionid, req.cookies.token, req.cookies.password, checkback ); /*sessIds = JSON.parse(req.cookies.sessionIDs); var tasks = []; function createTask(sid){ return function(cb){ return securityManager.checkAccess( req.params.pad, sid, req.cookies.token, req.cookies.password, cb//function(err, accessObj){return cb(err, accessObj);} ); } } for(var i = 0; i < sessIds.length; i++) tasks[i] = createTasks(sessIds[i]); return async.parallel( tasks, function(err, obs){ if(err) return errorback(err); for(var i = 0; i < obs.length; i++) if("grant" == obs[i].accessStatus) return callback(null); return res.send("none of those IDs worked", 403); } )*/ } function getStatic(req, res){ res.header("Server", serverName); var filePath = path.normalize( __dirname + "/.." + req.url.replace(/\.\./g, '').split("?")[0] ); res.sendfile(filePath, { maxAge: exports.maxAge }); } function getMinified(req, res, next) { res.header("Server", serverName); var id = req.params.id; if(id == "pad.js" || id == "timeslider.js") { minify.minifyJS(req,res,id); } else { next(); } } function checkPadName(padManager, req, res, callback){ //ensure the padname is valid and the url doesn't end with a / if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url)) return res.send("Such a padname is forbidden", 404); return callback(); } function setupIo(socketio, log4js, settings, socketIORouter, app){ //init socket.io and redirect all requests to the MessageHandler var io = socketio.listen(app); //this is only a workaround to ensure it works with all browers behind a proxy //we should remove this when the new socket.io version is more stable io.set('transports', ['xhr-polling']); var socketIOLogger = log4js.getLogger("socket.io"); io.set('logger', { debug: function (str) { socketIOLogger.debug.apply(socketIOLogger, arguments); }, info: function (str) { socketIOLogger.info.apply(socketIOLogger, arguments); }, warn: function (str) { socketIOLogger.warn.apply(socketIOLogger, arguments); }, error: function (str) { socketIOLogger.error.apply(socketIOLogger, arguments); }, }); //minify socket.io javascript if(settings.minify) io.enable('browser client minification'); var padMessageHandler = require("./handler/PadMessageHandler"); var timesliderMessageHandler = require("./handler/TimesliderMessageHandler"); //Initalize the Socket.IO Router socketIORouter.setSocketIO(io); socketIORouter.addComponent("pad", padMessageHandler); socketIORouter.addComponent("timeslider", timesliderMessageHandler); return io; } function setupShutdown(db, app){ var onShutdown = false; var gracefulShutdown = function(err) { if(err && err.stack) { console.error(err.stack); } else if(err) { console.error(err); } //ensure there is only one graceful shutdown running if(onShutdown) return; onShutdown = true; console.log("graceful shutdown..."); //stop the http server app.close(); //do the db shutdown db.db.doShutdown(function() { console.log("db sucessfully closed."); process.exit(0); }); setTimeout(function(){ process.exit(1); }, 3000); } //connect graceful shutdown with sigint and uncaughtexception if(os.type().indexOf("Windows") == -1) { //sigint is so far not working on windows //https://github.com/joyent/node/issues/1553 process.on('SIGINT', gracefulShutdown); } return process.on('uncaughtException', gracefulShutdown); } function sendStatic(path, res, filename, callback){ if("function" != typeof callback) callback = function(){}; res.header("Server", serverName); var filePath = path.normalize(__dirname + "/../static/" + filename); return res.sendfile(filePath, { maxAge: exports.maxAge }, callback); } function translateRoCombinator(managers, req, ERR){ return function translateRo(callback){ function padBack(err, padId){ if(ERR(err, callback)) return; //we need that to tell hasPadAccess about the pad req.params.pad = padId; return callback(err, padId); } return managers.ro.getPadID(req.params.id, padBack); }; } function roAsyncOutCombinator(ERR, callback){ return function(err, data){ if(ERR(err, callback)) return; return callback(err, data); } } function roAccessbackCombinator(exporthtml, padId, callback){ return function accessBack(){ return exporthtml.getPadHTMLDocument(padId, null, false, callback); } } function roRenderCombinator(padAccessp, req, res, exporthtml, ERR){ return function(padId, callback){ if(null == padId) return callback("notfound"); return padAccessp( req, res, roAccessbackCombinator( exporthtml, padId, roAsyncOutCombinator( ERR, callback ) ) ); } } function roBindSendBackCombinator(res){ return function(html, callback){ res.send(html); return callback(null); } } function roErrBackCombinator(ERR, res){ return function(err){ if(!err) return if("notfound" == err) return res.send("404 - Not Found", 404); return ERR(err); } } function getRoCombinator(serverName, managers, padAccessp, ERR, exporthtml){ return function(req, res){ res.header("Server", serverName); return async.waterfall( [ translateRoCombinator(managers), roRenderCombinator(padAccessp, req, res, exporthtml, ERR), roBindSendBackCombinator(res) ], roErrBackCombinator(ERR, res)) ) } } function sendStaticIfPad(goToPad, padManager, path, filename){ return function staticSender(req, res, next){ return goToPad( req, res, function goBack(){ return sendStatic(path, res, filename); } ); }; } function getExportPadCombinator(goToPad, settings, hasPadAccess, exportHandler, serverName){ return function getExportPad(req, res, next){ goToPad(req, res, function padback() { var types = ["pdf", "doc", "txt", "html", "odt", "dokuwiki"]; //send a 404 if we don't support this filetype if(types.indexOf(req.params.type) == -1) { next(); return; } //if abiword is disabled, and this is a format we only support with abiword, output a message if(settings.abiword == null && ["odt", "pdf", "doc"].indexOf(req.params.type) !== -1) { res.send("Abiword is not enabled at this Etherpad Lite instance. Set the path to Abiword in settings.json to enable this feature"); return; } res.header("Access-Control-Allow-Origin", "*"); res.header("Server", serverName); hasPadAccess(req, res, function() { exportHandler.doExport(req, res, req.params.pad, req.params.type); }); }); } } function postImportPadCombinator(goToPad, settings, serverName, hasPadAccess, importHandler){ return function postImportPad(req, res, next){ goToPad(req, res, function padback() { //if abiword is disabled, skip handling this request if(settings.abiword == null) { next(); return; } res.header("Server", serverName); hasPadAccess(req, res, function() { importHandler.doImport(req, res, req.params.pad); }); }); } } function apiCallerCombinator(serverName, apiLogger, apiHandler){ return function apiCaller(req, res, fields){ res.header("Server", serverName); res.header("Content-Type", "application/json; charset=utf-8"); apiLogger.info("REQUEST, " + req.params.func + ", " + JSON.stringify(fields)); //wrap the send function so we can log the response res._send = res.send; res.send = function(response) { response = JSON.stringify(response); apiLogger.info("RESPONSE, " + req.params.func + ", " + response); //is this a jsonp call, if yes, add the function call if(req.query.jsonp) response = req.query.jsonp + "(" + response + ")"; res._send(response); } //call the api handler apiHandler.handle(req.params.func, fields, req, res); } } function logOkPostCombinator(prefix, consoleFn, field){ return function(req, res){ new formidable.IncomingForm().parse( req, function(err, fields, files){ console[consoleFn](prefix + ": " + fields[field]); res.end("OK"); } ); } } function configureCombinator(app, settings, basic_auth, log4js, httpLogger){ return function configBack() { // Activate http basic auth if it has been defined in settings.json if(settings.httpAuth != null) app.use(basic_auth); // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158. // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway. if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR")) app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'})); app.use(express.cookieParser()); }; } //checks for basic http auth function basic_auth (req, res, next) { if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) { // fetch login and password if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) { next(); return; } } res.header('WWW-Authenticate', 'Basic realm="Protected Area"'); if (req.headers.authorization) { setTimeout(function () { res.send('Authentication required', 401); }, 1000); } else { res.send('Authentication required', 401); } } function gotoPadCombinator(checkPadName, padManager){ return function gotoPad(req, res, render){ return checkPadName( padManager, req, res, function callback(){ padManager.sanitizePadId(req.params.pad, function(padId) { //the pad id was sanitized, so we redirect to the sanitized version if(padId != req.params.pad) { var real_path = req.path.replace(/^\/p\/[^\/]+/, '/p/' + padId); res.header('Location', real_path); res.send('You should be redirected to ' + real_path + '', 302); } //the pad id was fine, so just render it else { render(); } }); } ); } } function init(additionalSetup){ if("function" != typeof additionalSetup) additionalSetup = function(){}; async.waterfall([ //initalize the database setupDb, //initalize the http server function (callback) { //create server var app = express.createServer(); //load modules that needs a initalized db readOnlyManager = require("./db/ReadOnlyManager"); exporthtml = require("./utils/ExportHtml"); exportHandler = require('./handler/ExportHandler'); importHandler = require('./handler/ImportHandler'); apiHandler = require('./handler/APIHandler'); padManager = require('./db/PadManager'); securityManager = require('./db/SecurityManager'); socketIORouter = require("./handler/SocketIORouter"); var managers = { ro: readOnlyManager, security: securityManager }; var handlers = { "export": exportHandler, "import": importHandler, api: apiHandler }; //install logging var httpLogger = log4js.getLogger("http"); var apiLogger = log4js.getLogger("API"); //checks for padAccess function hasPadAccess(req, res, callback) { return padAccessCombinator( securityManager, req, res, callback, function errorback(err, accessObj){ return ERR(err, callback); } ); } //redirects browser to the pad's sanitized url if needed. otherwise, renders the html var goToPad = gotoPadCombinator(checkPadName, padManager); //This is for making an api call, collecting all post information and passing it to the apiHandler var apiCaller = apiCallerCombinator(serverName, apiLogger, apiHandler); app.configure(configureCombinator(app, settings, basic_auth, log4js, httpLogger)); app.error(function(err, req, res, next){ res.send(500); console.error(err.stack ? err.stack : err.toString()); gracefulShutdown(); }); var gets = { '/static/*': getStatic, '/minified/:id': getMinified, '/ro/:id': getRoCombinator( serverName, {ro: readOnlyManager}, hasPadAccess, ERR, exporthtml ), '/p/:pad': sendStaticIfPad( goToPad, padManager, path, "pad.html" ) '/p/:pad/timeslider': sendStaticIfPad( goToPad, padManager, path, "timeslider.html" ), '/p/:pad/:rev?/export/:type': getExportPadCombinator( goToPad, settings, hasPadAccess, exportHandler, serverName '/api/1/:func': function(req, res) { apiCaller(req, res, req.query) }, '/': function(req, res) { return sendStatic(path, res, "index.html"); }, '/robots.txt': function(req, res) { return sendStatic(path, res, "robots.txt"); }, '/favicon.ico': function(req, res) { return sendStatic(path, res, "custom/favicon.ico", function(err){ //there is no custom favicon, send the default favicon if(err) { filePath = path.normalize(__dirname + "/../static/favicon.ico"); res.sendfile(filePath, { maxAge: exports.maxAge }); } }); } }; var posts = { '/p/:pad/import': postImportPadCombinator( goToPad, settings, serverName, hasPadAccess, importHandler ), '/api/1/:func': function(req, res){ new formidable.IncomingForm().parse( req, function(err, fields, files) { apiCaller(req, res, fields) }); }, '/ep/pad/connection-diagnostic-info': logOkPostCombinator( "DIAGNOSTIC-INFO", "log", "diagnosticInfo" ), '/jserror': logOkPostCombinator( "CLIENT SIDE JAVASCRIPT ERROR", "error", "errorInfo" ) }; additionalSetup(app, gets, posts, managers, handlers, db); for(var key in gets) app.get(key, gets[key]); for(var key in posts) app.post(key, posts[key]); //let the server listen app.listen(settings.port, settings.ip); console.log("Server is listening at " + settings.ip + ":" + settings.port); setupShutdown(db, app); var io = setupIo(socketio, log4js, settings, socketIORouter, app); callback(null); } ]); } init(function(app, gets, posts, managers, handlers, db){});