wiki-server

### * Federated Wiki : Node Server * * Copyright Ward Cunningham and other contributors * Licensed under the MIT license. * https://github.com/fedwiki/wiki-server/blob/master/LICENSE.txt ### # **server.coffee** is the main guts of the express version # of (Smallest Federated Wiki)[https://github.com/WardCunningham/Smallest-Federated-Wiki]. # The CLI and Farm are just front ends # for setting arguments, and spawning servers. In a complex system # you would probably want to replace the CLI/Farm with your own code, # and use server.coffee directly. # #### Dependencies #### # anything not in the standard library is included in the repo, or # can be installed with an: # npm install require('coffee-trace') # Standard lib fs = require 'fs' path = require 'path' http = require 'http' # From npm mkdirp = require 'mkdirp' express = require 'express' hbs = require 'express-hbs' glob = require 'glob' es = require 'event-stream' JSONStream = require 'JSONStream' async = require 'async' f = require('flates') sanitize = require 'sanitize-caja' # Express 4 middleware logger = require 'morgan' cookieParser = require 'cookie-parser' methodOverride = require 'method-override' ## session = require 'express-session' sessions = require 'client-sessions' bodyParser = require 'body-parser' errorHandler = require 'errorhandler' request = require 'request' # Local files random = require './random_id' defargs = require './defaultargs' wiki = require 'wiki-client/lib/wiki' pluginsFactory = require './plugins' sitemapFactory = require './sitemap' render = (page) -> return f.div({class: "twins"}, f.p('')) + '\n' + f.div({class: "header"}, f.h1( f.a({href: '/', style: 'text-decoration: none'}, f.img({height: '32px', src: '/favicon.png'})) + ' ' + (page.title))) + '\n' + f.div {class: "story"}, page.story.map((story) -> if story.type is 'paragraph' f.div {class: "item paragraph"}, f.p(wiki.resolveLinks(story.text)) else if story.type is 'image' f.div {class: "item image"}, f.img({class: "thumbnail", src: story.url}), f.p(wiki.resolveLinks(story.text or story.caption or 'uploaded image')) else if story.type is 'html' f.div {class: "item html"}, f.p(wiki.resolveLinks(story.text or '', sanitize)) else f.div {class: "item"}, f.p(wiki.resolveLinks(story.text or '')) ).join('\n') # Set export objects for node and coffee to a function that generates a sfw server. module.exports = exports = (argv) -> # Create the main application object, app. app = express() # remove x-powered-by header app.disable('x-powered-by') # defaultargs.coffee exports a function that takes the argv object # that is passed in and then does its # best to supply sane defaults for any arguments that are missing. argv = defargs(argv) app.startOpts = argv log = (stuff...) -> console.log stuff if argv.debug loga = (stuff...) -> console.log stuff ourErrorHandler = (req, res, next) -> fired = false res.e = (error, status) -> if !fired fired = true res.statusCode = status or 500 res.end 'Server ' + error log "Res sent:", res.statusCode, error else log "Already fired", error next() # Require the database adapter and initialize it with options. app.pagehandler = pagehandler = require(argv.database.type)(argv) # Require the sitemap adapter and initialize it with options. app.sitemaphandler = sitemaphandler = sitemapFactory(argv) # Require the security adapter and initialize it with options. app.securityhandler = securityhandler = require(argv.security_type)(log, loga, argv) # If the site is owned, owner will contain the name of the owner owner = '' # If the user is logged in, user will contain their identity user = '' # Called from authentication when the site is claimed, # to update the name of the owner held here. updateOwner = (id) -> owner = id #### Middleware #### # # Allow json to be got cross origin. cors = (req, res, next) -> res.header('Access-Control-Allow-Origin', '*') next() remoteGet = (remote, slug, cb) -> [host, port] = remote.split(':') getopts = { host: host port: port or 80 path: "/#{slug}.json" } # TODO: This needs more robust error handling, just trying to # keep it from taking down the server. http.get(getopts, (resp) -> responsedata = '' resp.on 'data', (chunk) -> responsedata += chunk resp.on 'error', (e) -> cb(e, 'Page not found', 404) resp.on 'end', -> if resp.statusCode == 404 cb(null, 'Page not found', 404) else if responsedata cb(null, JSON.parse(responsedata), resp.statusCode) else cb(null, 'Page not found', 404) ).on 'error', (e) -> cb(e, 'Page not found', 404) #### Express configuration #### # Set up all the standard express server options, # including hbs to use handlebars/mustache templates # saved with a .html extension, and no layout. app.set('views', path.join(__dirname, '..', '..', 'wiki-client', '/views')) app.set('view engine', 'html') app.engine('html', hbs.express4()) app.set('view options', layout: false) # use logger, at least in development, probably needs a param to configure (or turn off). # use stream to direct to somewhere other than stdout. app.use(logger('tiny')) app.use(cookieParser()) app.use(bodyParser.json({ limit: argv.uploadLimit})) app.use(bodyParser.urlencoded({ extended: true, limit: argv.uploadLimit})) app.use(methodOverride()) cookieValue = { httpOnly: true } cookieValue['domain'] = argv.wiki_domain if argv.wiki_domain # use secureProxy as TLS is terminated in outside the node process cookieValue['secureProxy'] = true if argv.secure_cookie app.use(sessions({ cookieName: 'wikiSession', requestKey: 'session', secret: argv.cookieSecret, # make the session session_duration days long duration: argv.session_duration * 24 * 60 * 60 * 1000, # add 12 hours to session if less than 12 hours to expiry activeDuration: 24 * 60 * 60 * 1000, cookie: cookieValue })) app.use(ourErrorHandler) # Add static route to the client app.use(express.static(argv.client)) # Add static route to assets app.use('/assets', express.static(argv.assets)) # Add static routes to the plugins client. glob "wiki-plugin-*/client", {cwd: argv.packageDir}, (e, plugins) -> plugins.map (plugin) -> pluginName = plugin.slice(12, -7) pluginPath = '/plugins/' + pluginName app.use(pluginPath, express.static(path.join(argv.packageDir, plugin))) # Add static routes to the security client. if argv.security != './security' app.use('/security', express.static(path.join(argv.packageDir, argv.security_type, 'client'))) ##### Set up standard environments. ##### # In dev mode turn on console.log debugging as well as showing the stack on err. if 'development' == app.get('env') app.use(errorHandler()) argv.debug = console? and true # Show all of the options a server is using. log argv #### Routes #### # Routes currently make up the bulk of the Express port of # Smallest Federated Wiki. Most routes use literal names, # or regexes to match, and then access req.params directly. ##### Redirects ##### # Common redirects that may get used throughout the routes. index = argv.home + '.html' oops = '/oops' ##### Get routes ##### # Routes have mostly been kept together by http verb, with the exception # of the openID related routes which are at the end together. # Main route for initial contact. Allows us to # link into a specific set of pages, local and remote. # Can also be handled by the client, but it also sets up # the login status, and related footer html, which the client # relies on to know if it is logged in or not. app.get ///^((/[a-zA-Z0-9:.-]+/[a-z0-9-]+(_rev\d+)?)+)/?$///, (req, res, next) -> urlPages = (i for i in req.params[0].split('/') by 2)[1..] urlLocs = (j for j in req.params[0].split('/')[1..] by 2) if ['plugin', 'auth'].indexOf(urlLocs[0]) > -1 return next() title = urlPages[..].pop().replace(/-+/g,' ') user = securityhandler.getUser(req) info = { title pages: [] authenticated: if user true else false user: user seedNeighbors: argv.neighbors owned: if owner true else false isOwner: if securityhandler.isAuthorized(req) true else false ownedBy: if owner owner else '' } for page, idx in urlPages if urlLocs[idx] is 'view' pageDiv = {page} else pageDiv = {page, origin: """data-site=#{urlLocs[idx]}"""} info.pages.push(pageDiv) res.render('static.html', info) app.get ///([a-z0-9-]+)\.html$///, (req, res, next) -> slug = req.params[0] log(slug) if slug is 'runtests' return next() pagehandler.get slug, (e, page, status) -> if e then return res.e e if status is 404 return res.status(status).send(page) page.title ||= slug.replace(/-+/g,' ') page.story ||= [] user = securityhandler.getUser(req) info = { title: page.title pages: [ page: slug generated: """data-server-generated=true""" story: render(page) ] authenticated: if user true else false user: user seedNeighbors: argv.neighbors owned: if owner true else false isOwner: if securityhandler.isAuthorized(req) true else false ownedBy: if owner owner else '' } res.render('static.html', info) app.get ///system/factories.json///, (req, res) -> res.status(200) res.header('Content-Type', 'application/json') # Plugins are located in packages in argv.packageDir, with package names of the form wiki-plugin-* glob path.join(argv.packageDir, 'wiki-plugin-*', 'factory.json'), (e, files) -> if e then return res.e(e) files = files.map (file) -> return fs.createReadStream(file).on('error', res.e).pipe(JSONStream.parse()) es.concat.apply(null, files) .on('error', res.e) .pipe(JSONStream.stringify()) .pipe(res) ###### Json Routes ###### # Handle fetching local and remote json pages. # Local pages are handled by the pagehandler module. app.get ///^/([a-z0-9-]+)\.json$///, cors, (req, res) -> file = req.params[0] pagehandler.get file, (e, page, status) -> if e then return res.e e res.status(status or 200).send(page) # Remote pages use the http client to retrieve the page # and sends it to the client. TODO: consider caching remote pages locally. app.get ///^/remote/([a-zA-Z0-9:\.-]+)/([a-z0-9-]+)\.json$///, (req, res) -> remoteGet req.params[0], req.params[1], (e, page, status) -> if e log "remoteGet error:", e return res.e e res.status(status or 200).send(page) ###### Theme Routes ###### # If themes doesn't exist send 404 and let the client # deal with it. app.get /^\/theme\/(\w+\.\w+)$/, cors, (req,res) -> res.sendFile(path.join(argv.status, 'theme', req.params[0]), (e) -> if (e) # swallow the error if the theme does not exist... if req.path is '/theme/style.css' res.set('Content-Type', 'text/css') res.send('') else res.sendStatus(404) ) ###### Favicon Routes ###### # If favLoc doesn't exist send 404 and let the client # deal with it. favLoc = path.join(argv.status, 'favicon.png') app.get '/favicon.png', cors, (req,res) -> res.sendFile(favLoc) authorized = (req, res, next) -> if securityhandler.isAuthorized(req) next() else console.log 'rejecting', req.path res.sendStatus(403) # Accept favicon image posted to the server, and if it does not already exist # save it. app.post '/favicon.png', authorized, (req, res) -> favicon = req.body.image.replace(///^data:image/png;base64,///, "") buf = new Buffer(favicon, 'base64') fs.exists argv.status, (exists) -> if exists fs.writeFile favLoc, buf, (e) -> if e then return res.e e res.send('Favicon Saved') else mkdirp argv.status, -> fs.writeFile favLoc, buf, (e) -> if e then return res.e e res.send('Favicon Saved') # Redirect remote favicons to the server they are needed from. app.get ///^/remote/([a-zA-Z0-9:\.-]+/favicon.png)$///, (req, res) -> remotefav = "http://#{req.params[0]}" res.redirect(remotefav) ###### Recycler Routes ###### # These routes are only available to the site's owner # Give the recycler a standard flag - use the Taiwan symbol as the use of # negative space outward pointing arrows nicely indicates that items can be removed recyclerFavLoc = path.join(argv.root, 'default-data', 'status', 'recycler.png') app.get '/recycler/favicon.png', authorized, (req, res) -> res.sendFile(recyclerFavLoc) # Send an array of pages currently in the recycler via json app.get '/recycler/system/slugs.json', authorized, (req, res) -> fs.readdir argv.recycler, (e, files) -> if e then return res.e e doRecyclermap = (file, cb) -> pagehandler.get file, (e, page, status) -> return cb() if file.match /^\./ if e console.log 'Problem building recycler map:', file, 'e: ',e return cb() cb null, { slug: file title: page.title } async.map files, doRecyclermap, (e, recyclermap) -> return cb(e) if e res.send(recyclermap) # Fetching page from the recycler #///^/([a-z0-9-]+)\.json$/// app.get ///^/recycler/([a-z0-9-]+)\.json$///, authorized, (req, res) -> file = 'recycler/' + req.params[0] pagehandler.get file, (e, page, status) -> if e then return res.e e res.status(status or 200).send(page) # Delete page from the recycler app.delete ///^/recycler/([a-z0-9-]+)\.json$///, authorized, (req, res) -> file = 'recycler/' + req.params[0] pagehandler.delete file, (err) -> if err then res.status(500).send(err) res.status(200).send('') ###### Meta Routes ###### # Send an array of pages in the database via json app.get '/system/slugs.json', cors, (req, res) -> fs.readdir argv.db, (e, files) -> if e then return res.e e res.send(files) # Returns a list of installed plugins. (does this get called anymore!) app.get '/system/plugins.json', cors, (req, res) -> glob "wiki-plugin-*", {cwd: argv.packageDir}, (e, files) -> if e then return res.e e # extract the plugin name from the name of the directory it's installed in files = files.map (file) -> file.slice(12) res.send(files) # sitemapLoc = path.join(argv.status, 'sitemap.json') app.get '/system/sitemap.json', cors, (req, res) -> fs.exists sitemapLoc, (exists) -> if exists res.sendFile(sitemapLoc) else # only createSitemap if we are not already creating one sitemaphandler.createSitemap (pagehandler) if !sitemaphandler.isWorking() # wait for the sitemap file to be written, before sending sitemaphandler.once 'finished', -> res.sendFile(sitemapLoc) xmlSitemapLoc = path.join(argv.status, 'sitemap.xml') app.get '/sitemap.xml', (req, res) -> fs.exists sitemapLoc, (exists) -> if exists res.sendFile(xmlSitemapLoc) else sitemaphandler.createSitemap (pagehandler) if !sitemaphandler.isWorking() sitemaphandler.once 'finished', -> res.sendFile(xmlSitemapLoc) app.get '/system/export.json', cors, (req, res) -> pagehandler.pages (e, sitemap) -> return res.e(e) if e async.map( sitemap, (stub, done) -> pagehandler.get(stub.slug, (error, page) -> return done(e) if e done(null, {slug: stub.slug, page}) ) , (e, pages) -> return res.e(e) if e res.json(pages.reduce( (dict, combined) -> dict[combined.slug] = combined.page dict , {})) ) ##### Define security routes ##### securityhandler.defineRoutes app, cors, updateOwner ##### Proxy routes ##### app.get '/proxy/*', authorized, (req, res) -> pathParts = req.path.split('/') remoteHost = pathParts[2] pathParts.splice(0,3) remoteResource = pathParts.join('/') requestURL = 'http://' + remoteHost + '/' + remoteResource console.log("PROXY Request: ", requestURL) if requestURL.endsWith('.json') or requestURL.endsWith('.png') requestOptions = { host: remoteHost port: 80 path: remoteResource } try request .get(requestURL, requestOptions) .on('error', (err) -> console.log("ERROR: Request ", requestURL, err)) .pipe(res) catch error console.log "PROXY Error", error res.status(500).end() else res.status(400).end() ##### Put routes ##### app.put /^\/page\/([a-z0-9-]+)\/action$/i, authorized, (req, res) -> action = JSON.parse(req.body.action) # Handle all of the possible actions to be taken on a page, actionCB = (e, page, status) -> #if e then return res.e e if status is 404 res.status(status).send(page) # Using Coffee-Scripts implicit returns we assign page.story to the # result of a list comprehension by way of a switch expression. try page.story = switch action.type when 'move' action.order.map (id) -> page.story.filter((para) -> id == para.id )[0] or throw('Ignoring move. Try reload.') when 'add' idx = page.story.map((para) -> para.id).indexOf(action.after) + 1 page.story.splice(idx, 0, action.item) page.story when 'remove' page.story.filter (para) -> para?.id != action.id when 'edit' page.story.map (para) -> if para.id is action.id action.item else para when 'create', 'fork' page.story or [] else log "Unfamiliar action:", action #page.story throw('Unfamiliar action ignored') catch e return res.e e # Add a blank journal if it does not exist. # And add what happened to the journal. if not page.journal page.journal = [] if action.fork page.journal.push({type: "fork", site: action.fork}) delete action.fork page.journal.push(action) pagehandler.put req.params[0], page, (e) -> if e then return res.e e res.send('ok') # log 'saved' # update sitemap sitemaphandler.update(req.params[0], page) # log action # If the action is a fork, get the page from the remote server, # otherwise ask pagehandler for it. if action.fork pagehandler.saveToRecycler req.params[0], (err) -> if err then console.log "Error saving #{req.params[0]} before fork: #{err}" remoteGet(action.fork, req.params[0], actionCB) else if action.type is 'create' # Prevent attempt to write circular structure itemCopy = JSON.parse(JSON.stringify(action.item)) pagehandler.get req.params[0], (e, page, status) -> if e then return actionCB(e) unless status is 404 res.status(409).send('Page already exists.') else actionCB(null, itemCopy) else if action.type == 'fork' pagehandler.saveToRecycler req.params[0], (err) -> if err then console.log "Error saving #{req.params[0]} before fork: #{err}" if action.item # push itemCopy = JSON.parse(JSON.stringify(action.item)) delete action.item actionCB(null, itemCopy) else # pull remoteGet(action.site, req.params[0], actionCB) else pagehandler.get(req.params[0], actionCB) # Return the oops page when login fails. app.get '/oops', (req, res) -> res.statusCode = 403 res.render('oops.html', {msg:'This is not your wiki!'}) # Traditional request to / redirects to index :) app.get '/', (req, res) -> res.redirect(index) ##### Delete Routes ##### app.delete ///^/([a-z0-9-]+)\.json$///, authorized, (req, res) -> pageFile = req.params[0] pagehandler.delete pageFile, (err) -> if err res.status(500).send(err) else sitemaphandler.removePage pageFile res.status(200).send('') #### Start the server #### # Wait to make sure owner is known before listening. securityhandler.retrieveOwner (e) -> # Throw if you can't find the initial owner if e then throw e owner = securityhandler.getOwner() console.log "owner: " + owner app.emit 'owner-set' app.on 'running-serv', (server) -> ### Plugins ### # Should replace most WebSocketServers below. plugins = pluginsFactory(argv) plugins.startServers({argv, app}) ### Sitemap ### # create sitemap at start-up sitemaphandler.createSitemap(pagehandler) # Return app when called, so that it can be watched for events and shutdown with .close() externally. app