This repository has been archived by the owner on Sep 17, 2018. It is now read-only.
/
securenotes_server.js
executable file
·90 lines (75 loc) · 2.56 KB
/
securenotes_server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/usr/bin/env node
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const
fs = require('fs'),
path = require('path'),
url = require('url'),
http = require('http'),
urlparse = require('urlparse'),
express = require('express');
const
wsapi = require('../lib/wsapi.js'),
httputils = require('../lib/httputils.js'),
conf = require('../lib/configuration.js'),
logger = require('../lib/logging.js').logger;
var app = express.createServer();
logger.info("securenotes server starting up");
// logging! all requests other than __heartbeat__ are logged
app.use(express.logger({
stream: {
write: function(x) {
logger.info(typeof x === 'string' ? x.trim() : x);
}
}
}));
// limit all content bodies to 10kb, at which point we'll forcefully
// close down the connection.
app.use(express.limit("10kb"));
/*
if (config.get('scheme') === 'https') {
app.use(function(req, resp, next) {
// expires in 30 days, include subdomains like www
resp.setHeader("Strict-Transport-Security", "max-age=2592000; includeSubdomains");
next();
});
}
// #4 - prevent framing of everything. content underneath that needs to be
// framed must explicitly remove the x-frame-options
app.use(function(req, resp, next) {
resp.setHeader('x-frame-options', 'DENY');
next();
});*/
// verify all JSON responses are objects
app.use(function(req, resp, next) {
var realRespJSON = resp.json;
resp.json = function(obj) {
if (!obj || typeof obj !== 'object') {
logger.error("INTERNAL ERROR! *all* json responses must be objects");
return httputils.serverError(resp, "broken internal API implementation");
}
realRespJSON.call(resp, obj);
};
return next();
});
// static files first
app.use(express.static(path.join(__dirname, "..", "static")));
// handle /wsapi requests
wsapi.setup({}, app);
// if nothing else has caught this request, serve static files, but ensure
// that proper vary headers are installed to prevent unwanted caching
app.use(function(req, res, next) {
res.setHeader('Vary', 'Accept-Encoding,Accept-Language');
next();
});
// custom 404 page
app.use(function(req, res,next) {
res.statusCode = 404;
res.write("Cannot find this resource");
res.end();
});
app.listen(conf.get('bind_to').port, function() {
logger.info("running on "+ app.address().address + ":" + app.address().port);
console.log('Login page at: http://' + conf.get('bind_to').host + ":" + app.address().port + "/login");
});