mio-server/services/express.js

// Express JS Configuration and init
'use strict';

const cluster = require('./cluster');
const http = require('http');
const https = require('https');
const express = require('express');
const morgan = require('morgan');
const FileStreamRotator = require('file-stream-rotator');
const PrettyError = require('pretty-error');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const compress = require('compression');
const session = require('express-session');
const cors = require('cors');
const helmet = require('helmet');
const lusca = require('lusca');
const chalk = require('chalk');
const fs = require('fs');
const path = require('path');
const extensionParser = require('mio-extensions');
const jwt = require('jwt-simple');
const netjet = require('netjet');
const rateLimit = require('express-rate-limit');
const killSniff = require('mio-killsniff');
const winston = require('winston');
const moduleComposer = require('./moduleComposer');

// List of modules to load
var bannedModules = [];
function _canILoadModule(name){
  if(!bannedModules || bannedModules.length==0 || bannedModules.indexOf(name)==-1){
    return true;
  }

  return false;
}

// Create Web Server
function create(){
  cluster.printOnce(()=>{
    winston.info('-'.repeat(70));
    winston.info('Init WebServer on', chalk.blue(global.mio.config.http.port), 'port');
  });

  // Init HTTP server
  var app = express();
  global.mio.app = app;
  app.set('port', global.mio.config.http.port);
  var server;

  // Check if it is ssl server and use it if it is
  if(global.mio.config.http.ssl){
    var privateKeyFile = path.join(__dirname, '../', global.mio.config.http.ssl.privateKey);
    var certificateFile = path.join(__dirname, '../', global.mio.config.http.ssl.certificate);

    var privateKey = fs.readFileSync( privateKeyFile );
    var certificate = fs.readFileSync( certificateFile );

    server = https.createServer({
      key: privateKey,
      cert: certificate
    }, app);
  }else{
    server = http.createServer(app);
  }
  server.listen(global.mio.config.http.port);

  // Handle Errors
  server.on('error', onError);
  function onError(error) {
    if (error.syscall !== 'listen') {
      throw error;
    }

    var bind = typeof port === 'string'
      ? 'Pipe ' + global.mio.config.http.port
      : 'Port ' + global.mio.config.http.port;

    // handle specific listen errors with friendly messages
    switch (error.code) {
    case 'EACCES':
      winston.error(bind + ' requires elevated privileges');
      process.exit(1);
      break;
    case 'EADDRINUSE':
      winston.error(bind + ' is already in use');
      process.exit(1);
      break;
    default:
      throw error;
    }
  }

  // Create Empty list of HTTP modules
  app.locals.http = {modules: []};

  return app;
}

// Load template engine
function loadTemplateEngine(app){
  app.set('view engine', 'vash');
  app.set('views', global.mio.appPath);

  app.locals.http.modules.push('vash');
}

// Load body and coockie parsers
function loadParsersModules(app){
  // Configuring HTTP Body Parser
  if(_canILoadModule('bodyParser')){
    app.use(bodyParser.json({ limit: (global.mio.config.http.maxBodySize || '5mb') }));
    app.use(bodyParser.urlencoded({ extended: false }));
    app.locals.http.modules.push('bodyParser('+(global.mio.config.http.maxBodySize || '5mb')+')');
  }

  // Configuring HTTP Compressor
  if(_canILoadModule('compress')){
    app.use(compress());
    app.locals.http.modules.push('compress');
  }

  // Extract requested type
  if(_canILoadModule('extensionParser')){
    app.use(extensionParser.extract);
    app.use((req, res, next)=>{
      req._ext = extensionParser.render;
      return next();
    });
    app.locals.http.modules.push('extensionParser');
  }
}

// Load sessions and cookies moddules
function loadStorageModules(app){
  // Configuring HTTP Cookie Parser
  if(_canILoadModule('cookieParser')){
    app.use(cookieParser());
    app.locals.http.modules.push('cookieParser');
  }

  // Configuring sessions
  if(_canILoadModule('sessions')){
    app.use(session({
      secret: global.mio.config.solt.sessions,
      resave: true,
      saveUninitialized: true,
      cookie: { secure: true }
    }));
    app.locals.http.modules.push('sessions');
  }
}

// Load security modules
function loadSecurityModules(app){
  // Secure User-Agent
  if(_canILoadModule('killSniff')){
    app.use(killSniff({domains: global.mio.config.domains}));
    app.locals.http.modules.push('killSniff');
  }

  // Trust balancer/first proxy
  if(_canILoadModule('trustProxy')){
    app.set('trust proxy', 1);
    app.locals.http.modules.push('trustProxy(1)');
  }

  // Configuring rate limit
  if(_canILoadModule('limiter')){
    var limiter = new rateLimit({
      windowMs: 15*60*1000, // 15 minutes
      max: 300, // limit each IP to 100 requests per windowMs
      delayMs: 0 // disable delaying - full speed until the max limit is reached
    });
    app.use(limiter);
    app.locals.http.modules.push('limiter');
  }

  // Configuring HTTP CORSa/Allow CORS request
  if(_canILoadModule('cors')){
    app.use(cors());
    app.locals.http.modules.push('cors');
  }

  // Configuring HTTP Helmet Security
  if(_canILoadModule('helmet')){
    app.use(helmet());
    app.locals.http.modules.push('helmet');
  }

  // Configuring LUSCA security
  if(_canILoadModule('lusca')){
    app.use(lusca({
      csrf: true,
      xframe: 'SAMEORIGIN',
      p3p: 'ABCDEF',
      hsts: {maxAge: 31536000, includeSubDomains: true, preload: true},
      xssProtection: true,
      nosniff: true
    }));
    app.locals.http.modules.push('lusca');
  }

  // Configuring JWT
  if(_canILoadModule('JWT')){
    app.use((req, res, next)=>{
      if(req.cookies.token){
        req.user = jwt.decode(req.cookies.token, global.mio.config.solt.jwt);

        if(req.user.expire && req.user.expire < Date.now()){
          return res.end('Access token has expired', 400);
        }
      }

      return next();
    });

    app.locals.http.modules.push('JWT');
  }
}

// Use log file
function loadDebugModules(app){
  // Configuring HTTP Morgan Logger
  if(_canILoadModule('morgan')){
    if(global.mio.config.http.logFile){
      var logFile;
      if (fs.existsSync('/var/log/'+global.name)) {
        logFile = path.join('/var/log/', global.name, global.mio.config.http.logFile+'-%DATE%.log');
      }else{
        logFile = path.join(global.mio.appPath, '/log/', global.mio.config.http.logFile+'-%DATE%.log');
      }

      // create a rotating write stream
      var accessLogStream = FileStreamRotator.getStream({
        date_format: 'YYYYMMDD',
        filename: logFile,
        frequency: 'daily',
        verbose: false
      });

      app.use(morgan('combined', {stream: accessLogStream}));
      app.locals.http.modules.push('morgan('+global.mio.config.http.logFile+')');
    }else{
      app.use(morgan('dev'));
      app.locals.http.modules.push('morgan');
    }
  }

  // Showing stack errors
  if(_canILoadModule('showStackError')){
    app.set('showStackError', true);
    app.locals.http.modules.push('showStackError');
  }

  // Add status page module
  if(_canILoadModule('status-page')){
    app.use(require('express-status-monitor')({title: global.name+' Status'}));
    app.locals.http.modules.push('status-page');
  }
}

// Load HTTP steroids
function loadBoosters(app){
  // Add preload headers in html links using netjet
  if(_canILoadModule('netjet')){
    app.use(netjet());
    app.locals.http.modules.push('netjet');
  }
}

// Show Loaded HTTP modules
function loadedModules(app){
  // HTTP Loaded Modules Message
  cluster.printOnce(()=>{
    winston.info('HTTP Modules:', chalk.green(app.locals.http.modules.join(', ')));
  });
}

// Load static routes
function loadStatic(app){
  var staticFilesPath = path.join(global.mio.appPath, global.mio.config.http.assets.static);

  // Add FavIcon
  if(_canILoadModule('favicon')){
    app.use(favicon(staticFilesPath + global.mio.config.http.assets.favicon));
  }

  // Add static files path
  if(_canILoadModule('static')){
    app.use('/', express.static(staticFilesPath));
  }

  cluster.printOnce(()=>{
    winston.info('HTTP Static: '+ chalk.blue(staticFilesPath));
  });
}

// Load Routes
function loadRoutes(app){
  // HTTP Routes
  var modulesNames = [];

  // Load routes
  for (var mod in moduleComposer.modules) {
    if(_canILoadModule(mod)){
      if (moduleComposer.modules.hasOwnProperty(mod)) {
        if(moduleComposer.modules[mod].routes){
          app.use(moduleComposer.modules[mod].routes);
          modulesNames.push(mod);
        }
      }
    }
  }

  cluster.printOnce(()=>{
    winston.info('Loaded routes for modules:', chalk.green(modulesNames.join(', ')));
  });
}

// Load error handlers
function loadErrorHandlers(app){
  // Catch 404 error
  app.use((req, res, next)=>{
    var err = new Error('Not Found');
    err.status = 404;
    next(err);
  });

  // Configure error logger
  var pe = new PrettyError();
  pe.skipNodeFiles();
  pe.skipPackage('express');

  // Error Path
  app.use(function (err, req, res, next) {
    // If the error object doesn't exists
    if (!err) return next();

    // Log it
    winston.info(pe.render(err));

    // Pass with error code
    if(err.status){
      global.mio.error(req, res, err.status);
    }else{
      global.mio.error(req, res, 404);
    }
  });
}

// Magic Init
function init(){
  const app = create();

  // Generate list of modules to load
  bannedModules = global.mio.config.http.bannedModules || [];

  // Load HTTP Modules
  loadTemplateEngine(app);
  loadParsersModules(app);
  loadStorageModules(app);
  loadSecurityModules(app);
  loadDebugModules(app);
  loadBoosters(app);
  loadedModules(app);

  // Load HTTP Routes
  loadStatic(app);
  loadRoutes(app, config);
  loadErrorHandlers(app);

  return app;
}

module.exports = init();