From 020e2326b56083c262c368fde21a1d0d21f22c49 Mon Sep 17 00:00:00 2001 From: calzoneman Date: Tue, 19 Aug 2014 00:21:32 -0500 Subject: [PATCH] Replace own static and log functions with serve-static and morgan --- lib/web/account.js | 18 -------- lib/web/acp.js | 1 - lib/web/webserver.js | 101 +++++-------------------------------------- package.json | 2 + 4 files changed, 13 insertions(+), 109 deletions(-) diff --git a/lib/web/account.js b/lib/web/account.js index 1b2e0860..1d502dca 100644 --- a/lib/web/account.js +++ b/lib/web/account.js @@ -5,7 +5,6 @@ */ var webserver = require("./webserver"); -var logRequest = webserver.logRequest; var sendJade = require("./jade").sendJade; var Logger = require("../logger"); var db = require("../database"); @@ -21,7 +20,6 @@ function handleAccountEditPage(req, res) { return; } - logRequest(req); var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -45,7 +43,6 @@ function handleAccountEditPage(req, res) { * Handles a POST request to edit a user"s account */ function handleAccountEdit(req, res) { - logRequest(req); var action = req.body.action; switch(action) { case "change_password": @@ -187,7 +184,6 @@ function handleAccountChannelPage(req, res) { return; } - logRequest(req); var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -221,7 +217,6 @@ function handleAccountChannelPage(req, res) { * Handles a POST request to modify a user"s channels */ function handleAccountChannel(req, res) { - logRequest(req); var action = req.body.action; switch(action) { case "new_channel": @@ -240,7 +235,6 @@ function handleAccountChannel(req, res) { * Handles a request to register a new channel */ function handleNewChannel(req, res) { - logRequest(req); var name = req.body.name; if (typeof name !== "string") { @@ -338,8 +332,6 @@ function handleNewChannel(req, res) { * Handles a request to delete a new channel */ function handleDeleteChannel(req, res) { - logRequest(req); - var name = req.body.name; if (typeof name !== "string") { res.send(400); @@ -429,8 +421,6 @@ function handleAccountProfilePage(req, res) { return; } - logRequest(req); - var loginName = false; if (!req.cookies.auth) { return sendJade(res, "account-profile", { @@ -475,8 +465,6 @@ function handleAccountProfilePage(req, res) { * Handles a POST request to edit a profile */ function handleAccountProfile(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -535,8 +523,6 @@ function handlePasswordResetPage(req, res) { return; } - logRequest(req); - sendJade(res, "account-passwordreset", { reset: false, resetEmail: "", @@ -548,8 +534,6 @@ function handlePasswordResetPage(req, res) { * Handles a POST request to reset a user's password */ function handlePasswordReset(req, res) { - logRequest(req); - var name = req.body.name, email = req.body.email; @@ -668,8 +652,6 @@ function handlePasswordReset(req, res) { * Handles a request for /account/passwordrecover/ */ function handlePasswordRecover(req, res) { - logRequest(req); - var hash = req.params.hash; if (typeof hash !== "string") { res.send(400); diff --git a/lib/web/acp.js b/lib/web/acp.js index b9dbea9e..9a6ba158 100644 --- a/lib/web/acp.js +++ b/lib/web/acp.js @@ -8,7 +8,6 @@ var Config = require("../config"); function checkAdmin(cb) { return function (req, res) { - webserver.logRequest(req); var auth = req.cookies.auth; if (!auth) { res.send(403); diff --git a/lib/web/webserver.js b/lib/web/webserver.js index 3f533f67..43df732e 100644 --- a/lib/web/webserver.js +++ b/lib/web/webserver.js @@ -11,26 +11,8 @@ var Config = require("../config"); var db = require("../database"); var bodyParser = require("body-parser"); var cookieParser = require("cookie-parser"); - -var httplog = new Logger.Logger(path.join(__dirname, "..", "..", "http.log")); - -var suspiciousPath = (/admin|adm|\.\.|\/etc\/passwd|\\x5c|%5c|0x5c|setup|install|php|pma|blog|sql|scripts|aspx?|database/ig); -/** - * Determines whether a request is suspected of being illegitimate - */ -function isSuspicious(req) { - // ZmEu is a penetration script - if (req.header("user-agent") && - req.header("user-agent").toLowerCase() === "zmeu") { - return true; - } - - if (req.path.match(suspiciousPath)) { - return true; - } - - return false; -} +var static = require("serve-static"); +var morgan = require("morgan"); /** * Extracts an IP address from a request. Uses X-Forwarded-For if the IP is localhost @@ -55,22 +37,6 @@ function ipForRequest(req) { return ip; } -/** - * Logs an HTTP request - */ -function logRequest(req, status) { - if (status === undefined) { - status = 200; - } - - httplog.log([ - ipForRequest(req), - req.method, - req.path, - req.header("user-agent") - ].join(" ")); -} - /** * Redirects a request to HTTPS if the server supports it */ @@ -104,14 +70,11 @@ function handleChannel(req, res) { } if (!$util.isValidChannelName(req.params.channel)) { - logRequest(req, 404); res.status(404); res.send("Invalid channel name '" + req.params.channel + "'"); return; } - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -140,8 +103,6 @@ function handleChannel(req, res) { * Handles a request for the index page */ function handleIndex(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -167,8 +128,6 @@ function handleIndex(req, res) { * Handles a request for the socket.io information */ function handleSocketConfig(req, res) { - logRequest(req); - res.type("application/javascript"); var sioconfig = Config.get("sioconfig"); @@ -190,8 +149,6 @@ function handleSocketConfig(req, res) { } function handleUserAgreement(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -205,8 +162,6 @@ function handleUserAgreement(req, res) { } function handleContactPage(req, res) { - logRequest(req); - var loginName = false; if (req.cookies.auth) { loginName = req.cookies.auth.split(":")[0]; @@ -241,40 +196,6 @@ function handleContactPage(req, res) { }); } -function static(dir) { - dir = path.join(__dirname, dir); - return function (req, res) { - try { - if (isSuspicious(req)) { - logRequest(req, 403); - res.status(403); - if (typeof req.header("user-agent") === "string" && - req.header("user-agent").toLowerCase() === "zmeu") { - res.send("This server disallows requests from ZmEu."); - } else { - res.send("The request " + req.method.toUpperCase() + " " + - req.path + " looks pretty fishy to me. Double check that " + - "you typed it correctly."); - } - return; - } - - res.sendFile(req.path.replace(/^\//, ""), { - maxAge: Config.get("http.cache-ttl") * 1000, - root: dir - }, function (err) { - logRequest(req); - if (err) { - res.status(err.status).end(); - } - }); - } catch (e) { - Logger.errlog.log(e); - Logger.errlog.log(e.trace); - } - }; -} - module.exports = { /** * Initializes webserver callbacks @@ -282,6 +203,13 @@ module.exports = { init: function (app) { app.use(bodyParser.urlencoded({ extended: false })); app.use(cookieParser()); + app.use(morgan("combined", { + stream: require("fs").createWriteStream(path.join(__dirname, "..", "..", + "http.log"), { + flags: "a", + encoding: "utf-8" + }) + })); if (Config.get("http.minify")) { var cache = path.join(__dirname, "..", "..", "www", "cache") @@ -293,12 +221,7 @@ module.exports = { })); Logger.syslog.log("Enabled express-minify for CSS and JS"); } - /* Order here is important - * Since I placed /r/:channel above *, the function will - * not apply to the /r/:channel route. This prevents - * duplicate logging, since /r/:channel"s callback does - * its own logging - */ + app.get("/r/:channel", handleChannel); app.get("/", handleIndex); app.get("/sioconfig", handleSocketConfig); @@ -307,7 +230,7 @@ module.exports = { require("./auth").init(app); require("./account").init(app); require("./acp").init(app); - app.use(static(path.join("..", "..", "www"))); + app.use(static(path.join(__dirname, "..", "..", "www"))); app.use(function (err, req, res, next) { if (err) { if (err.message && err.message.match(/failed to decode param/i)) { @@ -321,8 +244,6 @@ module.exports = { }); }, - logRequest: logRequest, - ipForRequest: ipForRequest, redirectHttps: redirectHttps, diff --git a/package.json b/package.json index 8223a7f3..b1333a2c 100644 --- a/package.json +++ b/package.json @@ -15,10 +15,12 @@ "express-minify": "0.0.11", "jade": "~1.1.5", "json-typecheck": "^0.1.0", + "morgan": "^1.2.3", "mysql": "~2.0.1", "nodemailer": "~0.6.0", "oauth": "^0.9.11", "q": "^1.0.0", + "serve-static": "^1.5.3", "socket.io": "~0.9.16", "yamljs": "~0.1.4" }