Replace own static and log functions with serve-static and morgan
This commit is contained in:
parent
5f7adc98ba
commit
020e2326b5
|
@ -5,7 +5,6 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
var webserver = require("./webserver");
|
var webserver = require("./webserver");
|
||||||
var logRequest = webserver.logRequest;
|
|
||||||
var sendJade = require("./jade").sendJade;
|
var sendJade = require("./jade").sendJade;
|
||||||
var Logger = require("../logger");
|
var Logger = require("../logger");
|
||||||
var db = require("../database");
|
var db = require("../database");
|
||||||
|
@ -21,7 +20,6 @@ function handleAccountEditPage(req, res) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logRequest(req);
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -45,7 +43,6 @@ function handleAccountEditPage(req, res) {
|
||||||
* Handles a POST request to edit a user"s account
|
* Handles a POST request to edit a user"s account
|
||||||
*/
|
*/
|
||||||
function handleAccountEdit(req, res) {
|
function handleAccountEdit(req, res) {
|
||||||
logRequest(req);
|
|
||||||
var action = req.body.action;
|
var action = req.body.action;
|
||||||
switch(action) {
|
switch(action) {
|
||||||
case "change_password":
|
case "change_password":
|
||||||
|
@ -187,7 +184,6 @@ function handleAccountChannelPage(req, res) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logRequest(req);
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -221,7 +217,6 @@ function handleAccountChannelPage(req, res) {
|
||||||
* Handles a POST request to modify a user"s channels
|
* Handles a POST request to modify a user"s channels
|
||||||
*/
|
*/
|
||||||
function handleAccountChannel(req, res) {
|
function handleAccountChannel(req, res) {
|
||||||
logRequest(req);
|
|
||||||
var action = req.body.action;
|
var action = req.body.action;
|
||||||
switch(action) {
|
switch(action) {
|
||||||
case "new_channel":
|
case "new_channel":
|
||||||
|
@ -240,7 +235,6 @@ function handleAccountChannel(req, res) {
|
||||||
* Handles a request to register a new channel
|
* Handles a request to register a new channel
|
||||||
*/
|
*/
|
||||||
function handleNewChannel(req, res) {
|
function handleNewChannel(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var name = req.body.name;
|
var name = req.body.name;
|
||||||
if (typeof name !== "string") {
|
if (typeof name !== "string") {
|
||||||
|
@ -338,8 +332,6 @@ function handleNewChannel(req, res) {
|
||||||
* Handles a request to delete a new channel
|
* Handles a request to delete a new channel
|
||||||
*/
|
*/
|
||||||
function handleDeleteChannel(req, res) {
|
function handleDeleteChannel(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var name = req.body.name;
|
var name = req.body.name;
|
||||||
if (typeof name !== "string") {
|
if (typeof name !== "string") {
|
||||||
res.send(400);
|
res.send(400);
|
||||||
|
@ -429,8 +421,6 @@ function handleAccountProfilePage(req, res) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (!req.cookies.auth) {
|
if (!req.cookies.auth) {
|
||||||
return sendJade(res, "account-profile", {
|
return sendJade(res, "account-profile", {
|
||||||
|
@ -475,8 +465,6 @@ function handleAccountProfilePage(req, res) {
|
||||||
* Handles a POST request to edit a profile
|
* Handles a POST request to edit a profile
|
||||||
*/
|
*/
|
||||||
function handleAccountProfile(req, res) {
|
function handleAccountProfile(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -535,8 +523,6 @@ function handlePasswordResetPage(req, res) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
sendJade(res, "account-passwordreset", {
|
sendJade(res, "account-passwordreset", {
|
||||||
reset: false,
|
reset: false,
|
||||||
resetEmail: "",
|
resetEmail: "",
|
||||||
|
@ -548,8 +534,6 @@ function handlePasswordResetPage(req, res) {
|
||||||
* Handles a POST request to reset a user's password
|
* Handles a POST request to reset a user's password
|
||||||
*/
|
*/
|
||||||
function handlePasswordReset(req, res) {
|
function handlePasswordReset(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var name = req.body.name,
|
var name = req.body.name,
|
||||||
email = req.body.email;
|
email = req.body.email;
|
||||||
|
|
||||||
|
@ -668,8 +652,6 @@ function handlePasswordReset(req, res) {
|
||||||
* Handles a request for /account/passwordrecover/<hash>
|
* Handles a request for /account/passwordrecover/<hash>
|
||||||
*/
|
*/
|
||||||
function handlePasswordRecover(req, res) {
|
function handlePasswordRecover(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var hash = req.params.hash;
|
var hash = req.params.hash;
|
||||||
if (typeof hash !== "string") {
|
if (typeof hash !== "string") {
|
||||||
res.send(400);
|
res.send(400);
|
||||||
|
|
|
@ -8,7 +8,6 @@ var Config = require("../config");
|
||||||
|
|
||||||
function checkAdmin(cb) {
|
function checkAdmin(cb) {
|
||||||
return function (req, res) {
|
return function (req, res) {
|
||||||
webserver.logRequest(req);
|
|
||||||
var auth = req.cookies.auth;
|
var auth = req.cookies.auth;
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
res.send(403);
|
res.send(403);
|
||||||
|
|
|
@ -11,26 +11,8 @@ var Config = require("../config");
|
||||||
var db = require("../database");
|
var db = require("../database");
|
||||||
var bodyParser = require("body-parser");
|
var bodyParser = require("body-parser");
|
||||||
var cookieParser = require("cookie-parser");
|
var cookieParser = require("cookie-parser");
|
||||||
|
var static = require("serve-static");
|
||||||
var httplog = new Logger.Logger(path.join(__dirname, "..", "..", "http.log"));
|
var morgan = require("morgan");
|
||||||
|
|
||||||
var suspiciousPath = (/admin|adm|\.\.|\/etc\/passwd|\\x5c|%5c|0x5c|setup|install|php|pma|blog|sql|scripts|aspx?|database/ig);
|
|
||||||
/**
|
|
||||||
* Determines whether a request is suspected of being illegitimate
|
|
||||||
*/
|
|
||||||
function isSuspicious(req) {
|
|
||||||
// ZmEu is a penetration script
|
|
||||||
if (req.header("user-agent") &&
|
|
||||||
req.header("user-agent").toLowerCase() === "zmeu") {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (req.path.match(suspiciousPath)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Extracts an IP address from a request. Uses X-Forwarded-For if the IP is localhost
|
* Extracts an IP address from a request. Uses X-Forwarded-For if the IP is localhost
|
||||||
|
@ -55,22 +37,6 @@ function ipForRequest(req) {
|
||||||
return ip;
|
return ip;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Logs an HTTP request
|
|
||||||
*/
|
|
||||||
function logRequest(req, status) {
|
|
||||||
if (status === undefined) {
|
|
||||||
status = 200;
|
|
||||||
}
|
|
||||||
|
|
||||||
httplog.log([
|
|
||||||
ipForRequest(req),
|
|
||||||
req.method,
|
|
||||||
req.path,
|
|
||||||
req.header("user-agent")
|
|
||||||
].join(" "));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Redirects a request to HTTPS if the server supports it
|
* Redirects a request to HTTPS if the server supports it
|
||||||
*/
|
*/
|
||||||
|
@ -104,14 +70,11 @@ function handleChannel(req, res) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$util.isValidChannelName(req.params.channel)) {
|
if (!$util.isValidChannelName(req.params.channel)) {
|
||||||
logRequest(req, 404);
|
|
||||||
res.status(404);
|
res.status(404);
|
||||||
res.send("Invalid channel name '" + req.params.channel + "'");
|
res.send("Invalid channel name '" + req.params.channel + "'");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -140,8 +103,6 @@ function handleChannel(req, res) {
|
||||||
* Handles a request for the index page
|
* Handles a request for the index page
|
||||||
*/
|
*/
|
||||||
function handleIndex(req, res) {
|
function handleIndex(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -167,8 +128,6 @@ function handleIndex(req, res) {
|
||||||
* Handles a request for the socket.io information
|
* Handles a request for the socket.io information
|
||||||
*/
|
*/
|
||||||
function handleSocketConfig(req, res) {
|
function handleSocketConfig(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
res.type("application/javascript");
|
res.type("application/javascript");
|
||||||
|
|
||||||
var sioconfig = Config.get("sioconfig");
|
var sioconfig = Config.get("sioconfig");
|
||||||
|
@ -190,8 +149,6 @@ function handleSocketConfig(req, res) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function handleUserAgreement(req, res) {
|
function handleUserAgreement(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -205,8 +162,6 @@ function handleUserAgreement(req, res) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function handleContactPage(req, res) {
|
function handleContactPage(req, res) {
|
||||||
logRequest(req);
|
|
||||||
|
|
||||||
var loginName = false;
|
var loginName = false;
|
||||||
if (req.cookies.auth) {
|
if (req.cookies.auth) {
|
||||||
loginName = req.cookies.auth.split(":")[0];
|
loginName = req.cookies.auth.split(":")[0];
|
||||||
|
@ -241,40 +196,6 @@ function handleContactPage(req, res) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function static(dir) {
|
|
||||||
dir = path.join(__dirname, dir);
|
|
||||||
return function (req, res) {
|
|
||||||
try {
|
|
||||||
if (isSuspicious(req)) {
|
|
||||||
logRequest(req, 403);
|
|
||||||
res.status(403);
|
|
||||||
if (typeof req.header("user-agent") === "string" &&
|
|
||||||
req.header("user-agent").toLowerCase() === "zmeu") {
|
|
||||||
res.send("This server disallows requests from ZmEu.");
|
|
||||||
} else {
|
|
||||||
res.send("The request " + req.method.toUpperCase() + " " +
|
|
||||||
req.path + " looks pretty fishy to me. Double check that " +
|
|
||||||
"you typed it correctly.");
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
res.sendFile(req.path.replace(/^\//, ""), {
|
|
||||||
maxAge: Config.get("http.cache-ttl") * 1000,
|
|
||||||
root: dir
|
|
||||||
}, function (err) {
|
|
||||||
logRequest(req);
|
|
||||||
if (err) {
|
|
||||||
res.status(err.status).end();
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} catch (e) {
|
|
||||||
Logger.errlog.log(e);
|
|
||||||
Logger.errlog.log(e.trace);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
/**
|
/**
|
||||||
* Initializes webserver callbacks
|
* Initializes webserver callbacks
|
||||||
|
@ -282,6 +203,13 @@ module.exports = {
|
||||||
init: function (app) {
|
init: function (app) {
|
||||||
app.use(bodyParser.urlencoded({ extended: false }));
|
app.use(bodyParser.urlencoded({ extended: false }));
|
||||||
app.use(cookieParser());
|
app.use(cookieParser());
|
||||||
|
app.use(morgan("combined", {
|
||||||
|
stream: require("fs").createWriteStream(path.join(__dirname, "..", "..",
|
||||||
|
"http.log"), {
|
||||||
|
flags: "a",
|
||||||
|
encoding: "utf-8"
|
||||||
|
})
|
||||||
|
}));
|
||||||
|
|
||||||
if (Config.get("http.minify")) {
|
if (Config.get("http.minify")) {
|
||||||
var cache = path.join(__dirname, "..", "..", "www", "cache")
|
var cache = path.join(__dirname, "..", "..", "www", "cache")
|
||||||
|
@ -293,12 +221,7 @@ module.exports = {
|
||||||
}));
|
}));
|
||||||
Logger.syslog.log("Enabled express-minify for CSS and JS");
|
Logger.syslog.log("Enabled express-minify for CSS and JS");
|
||||||
}
|
}
|
||||||
/* Order here is important
|
|
||||||
* Since I placed /r/:channel above *, the function will
|
|
||||||
* not apply to the /r/:channel route. This prevents
|
|
||||||
* duplicate logging, since /r/:channel"s callback does
|
|
||||||
* its own logging
|
|
||||||
*/
|
|
||||||
app.get("/r/:channel", handleChannel);
|
app.get("/r/:channel", handleChannel);
|
||||||
app.get("/", handleIndex);
|
app.get("/", handleIndex);
|
||||||
app.get("/sioconfig", handleSocketConfig);
|
app.get("/sioconfig", handleSocketConfig);
|
||||||
|
@ -307,7 +230,7 @@ module.exports = {
|
||||||
require("./auth").init(app);
|
require("./auth").init(app);
|
||||||
require("./account").init(app);
|
require("./account").init(app);
|
||||||
require("./acp").init(app);
|
require("./acp").init(app);
|
||||||
app.use(static(path.join("..", "..", "www")));
|
app.use(static(path.join(__dirname, "..", "..", "www")));
|
||||||
app.use(function (err, req, res, next) {
|
app.use(function (err, req, res, next) {
|
||||||
if (err) {
|
if (err) {
|
||||||
if (err.message && err.message.match(/failed to decode param/i)) {
|
if (err.message && err.message.match(/failed to decode param/i)) {
|
||||||
|
@ -321,8 +244,6 @@ module.exports = {
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
logRequest: logRequest,
|
|
||||||
|
|
||||||
ipForRequest: ipForRequest,
|
ipForRequest: ipForRequest,
|
||||||
|
|
||||||
redirectHttps: redirectHttps,
|
redirectHttps: redirectHttps,
|
||||||
|
|
|
@ -15,10 +15,12 @@
|
||||||
"express-minify": "0.0.11",
|
"express-minify": "0.0.11",
|
||||||
"jade": "~1.1.5",
|
"jade": "~1.1.5",
|
||||||
"json-typecheck": "^0.1.0",
|
"json-typecheck": "^0.1.0",
|
||||||
|
"morgan": "^1.2.3",
|
||||||
"mysql": "~2.0.1",
|
"mysql": "~2.0.1",
|
||||||
"nodemailer": "~0.6.0",
|
"nodemailer": "~0.6.0",
|
||||||
"oauth": "^0.9.11",
|
"oauth": "^0.9.11",
|
||||||
"q": "^1.0.0",
|
"q": "^1.0.0",
|
||||||
|
"serve-static": "^1.5.3",
|
||||||
"socket.io": "~0.9.16",
|
"socket.io": "~0.9.16",
|
||||||
"yamljs": "~0.1.4"
|
"yamljs": "~0.1.4"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue