diff --git a/api.js b/api.js index 7b9c38e8..01dad0ce 100644 --- a/api.js +++ b/api.js @@ -12,22 +12,22 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI var Auth = require("./auth"); var Logger = require("./logger"); var apilog = new Logger.Logger("api.log"); -var Config = require("./config"); var ActionLog = require("./actionlog"); var fs = require("fs"); -function getIP(req) { - var raw = req.connection.remoteAddress; - var forward = req.header("x-forwarded-for"); - if(Config.REVERSE_PROXY && forward) { - var ip = forward.split(",")[0]; - Logger.syslog.log("REVPROXY " + raw + " => " + ip); - return ip; - } - return raw; -} module.exports = function (Server) { + function getIP(req) { + var raw = req.connection.remoteAddress; + var forward = req.header("x-forwarded-for"); + if(Server.cfg["trust-x-forward"] && forward) { + var ip = forward.split(",")[0]; + Logger.syslog.log("REVPROXY " + raw + " => " + ip); + return ip; + } + return raw; + } + var API = function () { } @@ -251,7 +251,7 @@ module.exports = function (Server) { return; } - if(!Config.MAIL) { + if(!Server.cfg["enable-mail"]) { this.sendJSON(res, { success: false, error: "This server does not have email enabled. Contact an administrator" @@ -269,24 +269,24 @@ module.exports = function (Server) { "A password reset request was issued for your account `", name, "` on ", - Config.DOMAIN, + Server.cfg["domain"], ". This request is valid for 24 hours. ", "If you did not initiate this, there is no need to take action. ", "To reset your password, copy and paste the following link into ", "your browser: ", - Config.DOMAIN, + Server.cfg["domain"], "/reset.html?", hash ].join(""); var mail = { - from: "CyTube Services <" + Config.MAIL_FROM + ">", + from: "CyTube Services <" + Server.cfg["mail-from"] + ">", to: email, subject: "Password reset request", text: msg }; var api = this; - Config.MAIL.sendMail(mail, function(err, response) { + cfg["nodemailer"].sendMail(mail, function(err, response) { if(err) { Logger.errlog.log("Mail fail: " + err); api.sendJSON(res, { @@ -299,7 +299,7 @@ module.exports = function (Server) { success: true }); - if(Config.DEBUG) { + if(Server.cfg["debug"]) { Logger.syslog.log(response); } } diff --git a/auth.js b/auth.js index 171c7532..89fb8efc 100644 --- a/auth.js +++ b/auth.js @@ -11,7 +11,6 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI var mysql = require("mysql-libmysqlclient"); var Database = require("./database.js"); -var Config = require("./config.js"); var bcrypt = require("bcrypt"); var hashlib = require("node_hash"); var Logger = require("./logger.js"); diff --git a/config.js b/config.js index 3e18c403..22c765d8 100644 --- a/config.js +++ b/config.js @@ -9,38 +9,83 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -exports.MYSQL_SERVER = ""; -exports.MYSQL_DB = ""; -exports.MYSQL_USER = ""; -exports.MYSQL_PASSWORD = ""; -exports.IO_PORT = 1337; // Socket.IO port, DO NOT USE PORT 80. -exports.WEBSERVER_PORT = 8080; // Webserver port. Binding port 80 requires root permissions -exports.MAX_PER_IP = 10; -exports.GUEST_LOGIN_DELAY = 60; // Seconds - -/* - Set to true if your IO_URL and WEB_URL are behind a reverse proxy - (e.g. Cloudflare) so that client IPs are passed through correctly. - - If you are not behind a reverse proxy, leave it as false, otherwise - clients can fake their IP address in the x-forwarded-for header -*/ -exports.REVERSE_PROXY = false; - +var fs = require("fs"); +var Logger = require("./logger"); var nodemailer = require("nodemailer"); -exports.MAIL = false; -/* Example for setting up email: -exports.MAIL = nodemailer.createTransport("SMTP", { - service: "Gmail", - auth: { - user: "some.user@gmail.com", - pass: "supersecretpassword" - } -}); -See https://github.com/andris9/Nodemailer -*/ -exports.MAIL_FROM = "some.user@gmail.com"; -// Domain for password reset link -// Email sent goes to exports.DOMAIN/reset.html?resethash -exports.DOMAIN = "http://localhost"; +var defaults = { + "mysql-server" : "localhost", + "mysql-db" : "cytube", + "mysql-user" : "cytube", + "mysql-pw" : "supersecretpass", + "express-host" : "0.0.0.0", + "asset-cache-ttl" : 0, + "web-port" : 8080, + "io-port" : 1337, + "ip-connection-limit" : 10, + "guest-login-delay" : 60, + "trust-x-forward" : false, + "enable-mail" : false, + "mail-transport" : "SMTP", + "mail-config" : { + "service" : "Gmail", + "auth" : { + "user" : "some.user@gmail.com", + "pass" : "supersecretpassword" + } + }, + "mail-from" : "some.user@gmail.com", + "domain" : "http://localhost" +} + +function save(cfg, file) { + fs.writeFile(file, JSON.stringify(cfg, null, 4), function (err) { + if(err) { + Logger.errlog.log("Failed to save config"); + Logger.errlog.log(err); + } + }); +} + +exports.load = function (Server, file, callback) { + var cfg = {}; + for(var k in defaults) + cfg[k] = defaults[k]; + + fs.readFile(file, function (err, data) { + if(err) { + if(err.code == "ENOENT") { + Logger.syslog.log("Config file not found, generating default"); + Logger.syslog.log("Edit cfg.json to configure"); + data = "{}"; + } + else { + Logger.errlog.log("Config load failed"); + Logger.errlog.log(err); + return; + } + } + + try { + data = JSON.parse(data + ""); + } catch(e) { + Logger.errlog.log("Config JSON is invalid: "); + Logger.errlog.log(e); + return; + } + + for(var k in data) + cfg[k] = data[k]; + + if(cfg["enable-mail"]) { + cfg["nodemailer"] = nodemailer.createTransport( + cfg["mail-transport"], + cfg["mail-config"] + ); + } + + save(cfg, file); + Server.cfg = cfg; + callback(); + }); +} diff --git a/database.js b/database.js index f1068610..9bc4fb62 100644 --- a/database.js +++ b/database.js @@ -24,10 +24,10 @@ var CONFIG = {}; var global_bans = {}; function setup(cfg) { - SERVER = cfg.MYSQL_SERVER; - USER = cfg.MYSQL_USER; - DATABASE = cfg.MYSQL_DB; - PASSWORD = cfg.MYSQL_PASSWORD; + SERVER = cfg["mysql-server"]; + USER = cfg["mysql-user"]; + DATABASE = cfg["mysql-db"]; + PASSWORD = cfg["mysql-pw"]; CONFIG = cfg; } @@ -41,7 +41,7 @@ function getConnection() { Logger.errlog.log("DB connection failed"); return false; } - if(CONFIG.DEBUG) { + if(CONFIG["debug"]) { db._querySync = db.querySync; db.querySync = function(q) { Logger.syslog.log("DEBUG: " + q); diff --git a/server.js b/server.js index 54d71fc3..fe6c204e 100644 --- a/server.js +++ b/server.js @@ -10,7 +10,7 @@ const VERSION = "2.1.2"; function getIP(req) { var raw = req.connection.remoteAddress; var forward = req.header("x-forwarded-for"); - if(Config.REVERSE_PROXY && forward) { + if(Server.cfg["trust-x-forward"] && forward) { var ip = forward.split(",")[0]; Logger.syslog.log("REVPROXY " + raw + " => " + ip); return ip; @@ -20,7 +20,7 @@ function getIP(req) { function getSocketIP(socket) { var raw = socket.handshake.address.address; - if(Config.REVERSE_PROXY) { + if(Server.cfg["trust-x-forward"]) { if(typeof socket.handshake.headers["x-forwarded-for"] == "string") { var ip = socket.handshake.headers["x-forwarded-for"] .split(",")[0]; @@ -126,8 +126,10 @@ var Server = { }); // bind servers - this.httpserv = this.app.listen(Config.WEBSERVER_PORT); - this.ioserv = express().listen(Config.IO_PORT); + this.httpserv = this.app.listen(Server.cfg["web-port"], + Server.cfg["express-host"]); + this.ioserv = express().listen(Server.cfg["io-port"], + Server.cfg["express-host"]); // init socket.io this.io = require("socket.io").listen(this.ioserv); @@ -152,7 +154,7 @@ var Server = { this.ips[ip] = 0; this.ips[ip]++; - if(this.ips[ip] > Config.MAX_PER_IP) { + if(this.ips[ip] > Server.cfg["ip-connection-limit"]) { socket.emit("kick", { reason: "Too many connections from your IP address" }); @@ -167,7 +169,7 @@ var Server = { // init database this.db = require("./database"); - this.db.setup(Config); + this.db.setup(Server.cfg); this.db.init(); // init ACP @@ -190,15 +192,16 @@ var Server = { }; Logger.syslog.log("Starting CyTube v" + VERSION); -Server.init(); +Config.load(Server, "cfg.json", function () { + Server.init(); + if(!Server.cfg["debug"]) { + process.on("uncaughtException", function (err) { + Logger.errlog.log("[SEVERE] Uncaught Exception: " + err); + Logger.errlog.log(err.stack); + }); -if(!Config.DEBUG) { - process.on("uncaughtException", function (err) { - Logger.errlog.log("[SEVERE] Uncaught Exception: " + err); - Logger.errlog.log(err.stack); - }); - - process.on("SIGINT", function () { - Server.shutdown(); - }); -} + process.on("SIGINT", function () { + Server.shutdown(); + }); + } +}); diff --git a/user.js b/user.js index 9207ebe6..6772118d 100644 --- a/user.js +++ b/user.js @@ -14,7 +14,6 @@ var Auth = require("./auth.js"); var Channel = require("./channel.js").Channel; var formatTime = require("./media.js").formatTime; var Logger = require("./logger.js"); -var Config = require("./config.js"); var ActionLog = require("./actionlog"); // Represents a client connected via socket.io @@ -506,11 +505,12 @@ User.prototype.login = function(name, pw, session) { if(pw == "" && session == "") { if(this.ip in lastguestlogin) { var diff = (Date.now() - lastguestlogin[this.ip])/1000; - if(diff < Config.GUEST_LOGIN_DELAY) { + if(diff < this.server.cfg["guest-login-delay"]) { this.socket.emit("login", { success: false, error: ["Guest logins are restricted to one per ", - Config.GUEST_LOGIN_DELAY + " seconds per IP. ", + this.server.cfg["guest-login-delay"] + + " seconds per IP. ", "This restriction does not apply to registered users." ].join("") });