module.exports = function(config) { var app = express(); var nunjucksEnv = new nunjucks.Environment([ new nunjucks.FileSystemLoader(path.join(__dirname, 'views'), true), new nunjucks.FileSystemLoader(path.join(__dirname, '../bower_components'), true), // Weird path because we're inside the bower module you're supposed to use new nunjucks.FileSystemLoader(path.join(__dirname, '../..'), true) ], { autoescape: true }); nunjucksEnv.addFilter('instantiate', function (input) { var tmpl = new nunjucks.Template(input); return tmpl.render(this.getVariables()); }); var login = new WebmakerLogin({ loginURL: config.LOGIN_URL, secretKey: config.SECRET_KEY }); nunjucksEnv.express(app); app.use(express.logger('dev')); app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(login.cookieParser()); app.use(login.cookieSession()); // Setup locales with i18n app.use(i18n.middleware({ supported_languages: ['en-US'], default_lang: 'en-US', mappings: require('webmaker-locale-mapping'), translation_directory: path.resolve(__dirname, '../locale') })); app.use(express.static(__dirname + '/..')); app.locals({ bower_path: '', languages: i18n.getSupportLanguages() }); app.get('/', function(req, res) { res.render('index.nunjucks'); }); app.post('/verify', login.handlers.verify); app.post('/authenticate', login.handlers.authenticate); app.post('/create', login.handlers.create); app.post('/logout', login.handlers.logout); app.post('/check-username', login.handlers.exists); return app; };
module.exports = function(env, db) { var express = require('express'); var WebmakerAuth = require('webmaker-auth'); var routes = require('./routes'); // Check required config if (!env.get('LOGIN_URL')) { console.log('You need to specify LOGIN_URL (The location of the Webmaker login server, e.g. http://localhost:3000) in your .env'); } if (!env.get('ALLOWED_DOMAINS')) { console.log('You need to specify ALLOWED_DOMAINS (The location of the webmaker-events front-end server, e.g. http://localhost:1981) in your .env'); } var app = express(); var auth = new WebmakerAuth({ loginURL: env.get('LOGIN_URL'), secretKey: env.get('SESSION_SECRET'), forceSSL: env.get('FORCE_SSL'), domain: env.get('COOKIE_DOMAIN') }); app.use(function(req, res, next) { res.header('Access-Control-Allow-Origin', env.get('ALLOWED_DOMAINS')); res.header('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE'); res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-CSRF-Token'); res.header('Access-Control-Allow-Credentials', true); next(); }); app.use(express.logger('dev')); app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(auth.cookieParser()); app.use(auth.cookieSession()); // Dev flag sets admin to true app.use(function(req, res, next) { if(env.get('dev')) { req.admin = true; } next(); }); app.use(app.router); // Add routes routes(env, app, db, auth); return app; };
module.exports = function (env, db, userClient) { var express = require('express'); var messina = require('messina')('webmaker-events-service-' + env.get('NODE_ENV')); var WebmakerAuth = require('webmaker-auth'); var routes = require('./routes'); // Check required config if (!env.get('LOGIN_URL')) { console.log('You need to specify LOGIN_URL (The location of the Webmaker login server, e.g. http://localhost:3000) in your .env'); } if (!env.get('ALLOWED_DOMAINS')) { console.log('You need to specify ALLOWED_DOMAINS (The location of the webmaker-events front-end server, e.g. http://localhost:1981) in your .env'); } var app = express(); var auth = new WebmakerAuth({ loginURL: env.get('LOGIN_URL'), authLoginURL: env.get('LOGIN_URL_WITH_AUTH'), loginHost: env.get('EVENTS_FRONTEND_URL'), secretKey: env.get('SESSION_SECRET'), forceSSL: env.get('FORCE_SSL'), domain: env.get('COOKIE_DOMAIN') }); if (env.get('ENABLE_GELF_LOGS')) { messina.init(); app.use(messina.middleware()); } else { app.use(express.logger('dev')); } app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(auth.cookieParser()); app.use(auth.cookieSession()); // Dev flag sets admin to true app.use(function (req, res, next) { if (env.get('dev')) { req.admin = true; } next(); }); app.use(app.router); // Add routes routes(env, app, db, userClient); return app; };
init: function (app) { passport.use(new WebmakerStrategy( function(username, password, done) { process.nextTick(function () { if(!username) { return done(null, false, { message: "No user found in Webmaker session"}); } done(null, username); }); } )); // Setup WebmakerAuth cookie session app.use(webmakerAuth.cookieParser()); app.use(webmakerAuth.cookieSession()); },
module.exports = function(config) { var app = express(); var login = new WebmakerLogin(config); app.use(morgan('dev')); app.use(compression()); app.use(bodyParser.json()); app.use(bodyParser.urlencoded()); app.use(login.cookieParser()); app.use(login.cookieSession()); app.post('/auth/authenticate', login.handlers.authenticate); app.post('/auth/check-username', login.handlers.exists); app.post('/auth/create', login.handlers.create); app.post('/auth/logout', login.handlers.logout); app.post('/auth/verify', login.handlers.verify); app.use('/', express.static(path.join(__dirname, '../.server'))); return app; };
app.configure( function() { var tmpDir = path.normalize( require( "os" ).tmpDir() + "/mozilla.butter/" ), authLocaleJSON; if ( config.ENABLE_GELF_LOGS ) { messina = require( "messina" ); logger = messina( "popcorn.webmaker.org-" + config.NODE_ENV || "development" ); logger.init(); app.use( logger.middleware() ); } else { app.use( express.logger( config.logger ) ); } app.use( function( req, res, next ) { var allowed = [ "/static/bower/font-awesome/font/" ]; for ( var i = 0; i < allowed.length; i++ ) { if ( req.url.substring( 0, allowed[ i ].length ) === allowed[ i ] ) { res.header( "Access-Control-Allow-Origin", "*" ); } } next(); }); app.use(helmet.iexss()); app.use(helmet.contentTypeOptions()); if ( !!config.FORCE_SSL ) { app.use( helmet.hsts() ); app.enable( "trust proxy" ); } app.use( express.compress() ) .use( lessMiddleware({ once: config.OPTIMIZE_CSS, dest: tmpDir, src: WWW_ROOT, compress: config.OPTIMIZE_CSS, yuicompress: config.OPTIMIZE_CSS, optimization: config.OPTIMIZE_CSS ? 0 : 2 })) .use( requirejsMiddleware({ src: WWW_ROOT, dest: tmpDir, debug: config.DEBUG, once: config.OPTIMIZE_JS, modules: { "/src/butter.js": { include: [ "butter" ], mainConfigFile: WWW_ROOT + "/src/popcorn.js", paths: { "make-api": path.resolve( __dirname, "node_modules/makeapi-client/src/make-api" ) } }, "/src/embed.js": { include: [ "embed" ], mainConfigFile: WWW_ROOT + "/src/popcorn.js" } }, defaults: { name: "../external/require/require", baseUrl: WWW_ROOT + "/src/", findNestedDependencies: true, optimize: "none", preserveLicenseComments: false, wrap: { startFile: __dirname + "/tools/wrap.start", endFile: __dirname + "/tools/wrap.end" } } })) .use( function( req, res, next ) { if ( req.url === "/src/layouts/controls.html" || req.url === "/src/layouts/attribution.html" || req.url === "/src/layouts/warn.html") { res.set( "Access-Control-Allow-Origin", "*" ); } process.nextTick( next ); }) .use( express.static( tmpDir, JSON.parse( JSON.stringify( config.staticMiddleware ) ) ) ) .use( express.static( WWW_ROOT, JSON.parse( JSON.stringify( config.staticMiddleware ) ) ) ); // Setup locales with i18n app.use( i18n.middleware({ supported_languages: config.SUPPORTED_LANGS, default_lang: "en-US", mappings: require("webmaker-locale-mapping"), translation_directory: path.resolve( __dirname, "locale" ) })); // Adding an external JSON file to our existing one for the specified locale authLocaleJSON = require( "./public/static/bower/webmaker-auth-client/locale/en_US/create-user-form.json" ); i18n.addLocaleObject({ "en-US": authLocaleJSON }, function () {}); app.locals({ config: { app_hostname: APP_HOSTNAME, audience: config.AUDIENCE, ga_account: config.GA_ACCOUNT, ga_domain: config.GA_DOMAIN, jwplayer_key: config.JWPLAYER_KEY, make_endpoint: config.MAKE_ENDPOINT, node_hubble_endpoint: config.NODE_HUBBLE_ENDPOINT, sync_limit: config.SYNC_LIMIT }, languages: i18n.getSupportLanguages() }); app.use(function (req, res, next) { res.locals({ currentPath: req.path, returnPath: req.param( "page" ) }); next(); }); app.use( express.json() ) .use( express.urlencoded() ) .use( webmakerAuth.cookieParser() ) .use( webmakerAuth.cookieSession() ) .use( express.csrf() ) .use( helmet.xframe() ) /* Show Zeus who's boss * This only affects requests under /api and /persona, not static files * because the static file writes the response header before we hit this middleware */ .use( function( req, res, next ) { res.header( "Cache-Control", "no-store" ); return next(); }) .use( app.router ) /*jslint unused: false */ .use( function( err, req, res, next ) { middleware.errorHandler( err, req, res ); }) /*jslint unused: false */ .use( function( req, res, next ) { var err = { message: req.gettext( "This page doesn't exist" ), status: 404 }; middleware.errorHandler( err, req, res ); }); Project = require( "./lib/project" )( config.database ); filter = require( "./lib/filter" )( Project.isDBOnline ); });
src: '../less', root: WWW_ROOT, compress: optimize, yuicompress: optimize, optimization: optimize ? 0 : 2, sourceMap: !optimize }))); app.use(express.compress()); app.use(express.static(WWW_ROOT)); app.use("/bower_components", express.static(path.join(__dirname, "bower_components"))); app.use(express.json()); app.use(express.urlencoded()); app.use(webmakerAuth.cookieParser()); app.use(webmakerAuth.cookieSession()); // Adding an external JSON file to our existing one for the specified locale var webmakerLoginJSON = require("./bower_components/webmaker-login-ux/locale/en_US/webmaker-login.json"); var weblitLocaleJSON = require("./node_modules/web-literacy-client/dist/weblitmap.json"); i18n.addLocaleObject({ "en-US": webmakerLoginJSON }, function (err, res) { if (err) { console.error(err); } }); i18n.addLocaleObject({ "en-US": weblitLocaleJSON
app.configure(function(){ app.set('port', process.env.PORT || 3000); app.set('views', __dirname + '/views'); app.set('view engine', 'ejs'); app.use(express.logger(function(tokens, req, res) { if (res.statusCode >= 400) // or whatever you want logged return express.logger.dev(tokens, req, res); return null; })); app.use(express.bodyParser()); app.use(webmakerAuth.cookieParser()); app.use(webmakerAuth.cookieSession()); bundles.configure(app); // Setup locales with i18n app.use(i18n.middleware({ supported_languages: ["*"], default_lang: "en-US", mappings: require("webmaker-locale-mapping"), translation_directory: path.resolve( __dirname, "locale" ) })); app.use(express.favicon()); if (process.env.HSTS_DISABLED != 'true') { // Use HSTS app.use(helmet.hsts()); } if (process.env.DISABLE_XFO_HEADERS_DENY != 'true') { // No xframes allowed app.use(helmet.xframe('deny')); } if (process.env.IEXSS_PROTECTION_DISABLED != 'true') { // Use XSS protection app.use(helmet.iexss()); } app.use(function(req, res, next) { res.removeHeader("x-powered-by"); next(); }); app.use(express.methodOverride()); app.use(app.router); app.use(connectFonts.setup({ fonts: [require('connect-fonts-sourcesanspro')], allow_origin: process.env.ASSET_HOST, ua: 'all', maxage: MAX_FONT_AGE_MS })); // enable cors for test relevant assets app.use("/test_assets/ceci/", cors()); app.use("/test_assets/ceci/", express.static(path.join(__dirname, 'public', 'ceci'))); app.use("/test_assets/vendor/", cors()); app.use("/test_assets/vendor/", express.static(path.join(__dirname, 'public', 'vendor'))); app.use(lessMiddleware({ src: __dirname + '/public', compress: true })); app.use('/', cors()); app.use('/', express.static(path.join(__dirname, 'public'))); enableRedirects(app); });
http.configure(function () { nunjucksEnv.express(http); http.disable("x-powered-by"); if (!env.get("DISABLE_HTTP_LOGGING")) { http.use(express.logger()); } http.use(helmet.iexss()); http.use(helmet.contentTypeOptions()); http.use(helmet.xframe()); if (!!env.get("FORCE_SSL")) { http.use(helmet.hsts()); http.enable("trust proxy"); } http.use(express.json()); http.use(express.urlencoded()); http.use(webmakerAuth.cookieParser()); http.use(webmakerAuth.cookieSession()); // Setup locales with i18n http.use(i18n.middleware({ supported_languages: env.get("SUPPORTED_LANGS"), default_lang: "en-US", mappings: require("webmaker-locale-mapping"), translation_directory: path.resolve(__dirname, "../../locale") })); http.locals({ // audience and webmakerorg are duplicated because of i18n AUDIENCE: env.get("WEBMAKERORG"), WEBMAKERORG: env.get("WEBMAKERORG"), profile: env.get("PROFILE"), bower_path: "bower_components", personaHostname: env.get("PERSONA_HOSTNAME", "https://login.persona.org"), languages: i18n.getSupportLanguages() }); // need to make sure router is after i18n.middleware http.use(http.router); var optimize = env.get("NODE_ENV") !== "development", tmpDir = path.join(require("os").tmpDir(), "mozilla.login.webmaker.org.build"); // convert requests for ltr- or rtl-specific CSS back to the real filename, // as the rtltr-for-less package was a hack that was never meant to hit production. http.use(function rtltrRedirect(req, res, next) { var path = req.path; if (path.match(/css\/\w+\.(ltr|rtl)\.css/)) { res.redirect(path.replace(/\.(ltr|rtl)/, "")); } else { next(); } }); http.use(lessMiddleWare({ once: optimize, debug: !optimize, dest: tmpDir, src: path.resolve(__dirname, "public"), compress: optimize, yuicompress: optimize, optimization: optimize ? 0 : 2 })); http.use(express.static(tmpDir)); });
http.configure(function () { nunjucksEnv.express(http); http.disable("x-powered-by"); if (!!env.get("ENABLE_GELF_LOGS")) { messina = require("messina"); logger = messina("login.webmaker.org-" + env.get("NODE_ENV") || "development"); logger.init(); http.use(logger.middleware()); } else if (!env.get("DISABLE_HTTP_LOGGING")) { http.use(express.logger()); } http.use(helmet.iexss()); http.use(helmet.contentTypeOptions()); http.use(helmet.xframe()); if (!!env.get("FORCE_SSL")) { http.use(helmet.hsts()); http.enable("trust proxy"); } http.use(express.json()); http.use(express.urlencoded()); http.use(webmakerAuth.cookieParser()); http.use(webmakerAuth.cookieSession()); // Setup locales with i18n http.use(i18n.middleware({ supported_languages: env.get("SUPPORTED_LANGS"), default_lang: "en-US", mappings: require("webmaker-locale-mapping"), translation_directory: path.resolve(__dirname, "../../locale") })); http.locals({ // audience and webmakerorg are duplicated because of i18n AUDIENCE: env.get("WEBMAKERORG"), WEBMAKERORG: env.get("WEBMAKERORG"), newrelic: newrelic, profile: env.get("PROFILE"), bower_path: "bower_components", personaHostname: env.get("PERSONA_HOSTNAME", "https://login.persona.org"), languages: i18n.getSupportLanguages() }); // need to make sure router is after i18n.middleware http.use(http.router); var optimize = env.get("NODE_ENV") !== "development", tmpDir = path.join(require("os").tmpDir(), "mozilla.login.webmaker.org.build"); http.use(lessMiddleWare(rtltrForLess({ once: optimize, debug: !optimize, dest: tmpDir, src: path.resolve(__dirname, "public"), compress: optimize, yuicompress: optimize, optimization: optimize ? 0 : 2 }))); http.use(express.static(tmpDir)); });
module.exports = function() { var express = require('express'); var i18n = require('webmaker-i18n'); var path = require('path'); var defaultLang = 'en-US'; var csp = require('./csp'); var messina = require('messina')('gallery-maker-' + process.env.NODE_ENV); var wts = require('webmaker-translation-stats'); var WebmakerAuth = require('webmaker-auth'); var nunjucks = require('nunjucks'); var helmet = require("helmet"); var MakeapiClient = require('makeapi-client'); var app = express(); var csrf = express.csrf(); var webmakerAuth = new WebmakerAuth({ loginURL: process.env.LOGIN_URL, secretKey: process.env.SECRET_KEY, domain: process.env.DOMAIN, forceSSL: process.env.FORCE_SSL }); app.use(require('prerender-node')); if (process.env.ENABLE_GELF_LOGS) { messina.init(); app.use(messina.middleware()); } else { app.use(express.logger('dev')); } var nunjucksEnv = new nunjucks.Environment(new nunjucks.FileSystemLoader(path.join(__dirname + '/views')), { autoescape: true }); var makeClient = new MakeapiClient({ apiURL: process.env.MAKEAPI_URL, hawk: { id: process.env.MAKEAPI_ID, key: process.env.MAKEAPI_KEY } }); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.xframe()); app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(webmakerAuth.cookieParser()); app.use(webmakerAuth.cookieSession()); app.use(csrf); app.disable('x-powered-by'); // Setup locales with i18n app.use( i18n.middleware({ supported_languages: JSON.parse(process.env.SUPPORTED_LANGS) || [defaultLang], default_lang: defaultLang, mappings: require('webmaker-locale-mapping'), translation_directory: path.resolve(__dirname, '../locale') })); nunjucksEnv.express( app ); // CSP app.use(csp({ reportToHost: process.env.CSP_LOGGER, eventsLocation: process.env.hostname })); if ( !!process.env.FORCE_SSL ) { app.use(helmet.hsts()); app.enable("trust proxy"); } app.use(express.static(path.join(__dirname, '../app'))); // Health check var healthcheck = { version: require('../package').version, http: 'okay' }; app.get('/healthcheck', function (req, res) { wts(i18n.getSupportLanguages(), path.join(__dirname, '../locale'), function(err, data) { if(err) { healthcheck.locales = err.toString(); } else { healthcheck.locales = data; } res.json(healthcheck); }); }); // Localized Strings app.get('/strings/:lang?', i18n.stringsRoute('en-US')); // Serve up virtual configuration "file" var config = { version: require('../package').version, makeapiURL: process.env.MAKEAPI_URL, ga_account: process.env.GA_ACCOUNT || 'UA-XXXXX-X', ga_domain: process.env.GA_DOMAIN || 'example.com' }; app.get('/config.js', function (req, res) { config.lang = req.localeInfo.lang; config.direction = req.localeInfo.direction; config.csrfToken = req.csrfToken(); config.defaultLang = defaultLang; config.langmap = i18n.getAllLocaleCodes(); config.supported_languages = i18n.getSupportLanguages(); res.setHeader('Content-type', 'text/javascript'); res.send('window.galleryConfig = ' + JSON.stringify(config)); }); app.get('/view/:id', function(req, res) { makeClient.getList(req.params.id, function(err, data) { if ( err ) { return res.json(500, err); } res.render('view.html', { list: data }); }, true ); }); function auth( req, res, next ) { if ( req.session && req.session.user ) { return next(); } res.json(403, 'unauthorised'); } app.post('/list', csrf, auth, function(req, res, next) { makeClient.createList(req.body, function(err, data) { if ( err ) { return res.json(500, err); } res.json(data); }); }); app.put('/list/:id', csrf, auth, function(req, res, next) { makeClient.updateList(req.params.id, { userId: req.session.user.id, makes: req.body.makes, title: req.body.title }, function(err, data) { if ( err ) { return res.json(500, err); } res.json(data); }); }); app.delete('/list/:id', csrf, auth, function(req, res, next) { makeClient.removeList(req.params.id, req.session.user.id, function(err, data) { if ( err ) { return res.json(500, err); } res.json(data); }); }); app.get('/list/:id', function(req, res, next) { makeClient.getList(req.params.id, function(err, data) { if ( err ) { return res.json(500, err); } res.json(data); }, true ); }); app.get('/lists/:user', function(req, res, next) { makeClient.getListsByUser(req.params.user, function(err, data) { if ( err ) { return res.json(500, err); } res.json(data); }); }); app.post('/verify', webmakerAuth.handlers.verify); app.post('/authenticate', webmakerAuth.handlers.authenticate); app.post('/logout', webmakerAuth.handlers.logout); return app; };
// Default! if(!env.get('PORT')) { env.set('PORT', 5000); } var login = new WebmakerLogin({ loginURL: env.get('LOGIN_URL'), secretKey: env.get('SECRET_KEY') }); app.use(express.logger('dev')); app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(login.cookieParser()); app.use(login.cookieSession()); app.use(express.static(__dirname + '/..')); app.post('/verify', login.handlers.verify); app.post('/authenticate', login.handlers.authenticate); app.post('/create', login.handlers.create); app.post('/logout', login.handlers.logout); app.post('/check-username', login.handlers.exists); app.listen(env.get('PORT'), function() { console.log('App listening on ' + env.get('PORT')); });
module.exports = function (env) { var express = require('express'); var i18n = require('webmaker-i18n'); var path = require('path'); var app = express(); var defaultLang = 'en-US'; var csp = require('./csp'); var messina = require('messina')('webmaker-events-2-' + env.get('NODE_ENV')); var wts = require('webmaker-translation-stats'); var WebmakerAuth = require('webmaker-auth'); var auth = new WebmakerAuth({ loginURL: env.get('LOGIN_URL'), secretKey: env.get('SESSION_SECRET'), forceSSL: env.get('FORCE_SSL'), domain: env.get('COOKIE_DOMAIN') }); app.use(require('prerender-node')); if (env.get('ENABLE_GELF_LOGS')) { messina.init(); app.use(messina.middleware()); } else { app.use(express.logger('dev')); } app.use(express.compress()); app.use(express.json()); app.use(express.urlencoded()); app.use(auth.cookieParser()); app.use(auth.cookieSession()); // Setup locales with i18n app.use( i18n.middleware({ supported_languages: env.get('SUPPORTED_LANGS') || [defaultLang], default_lang: defaultLang, mappings: require('webmaker-locale-mapping'), translation_directory: path.resolve(__dirname, '../locale') })); // CSP app.use(csp({ reportToHost: env.get('CSP_LOGGER'), eventsLocation: env.get('eventsLocation') || 'http://localhost:1989' })); // Static files app.use(express.static(path.join(__dirname, '../app'))); // Health check var healthcheck = { version: require('../package').version, http: 'okay' }; app.get('/healthcheck', function (req, res) { wts(i18n.getSupportLanguages(), path.join(__dirname, '../locale'), function(err, data) { if(err) { healthcheck.locales = err.toString(); } else { healthcheck.locales = data; } res.json(healthcheck); }); }); // Login app.post('/verify', auth.handlers.verify); app.post('/authenticate', auth.handlers.authenticate); app.post('/create', auth.handlers.create); app.post('/logout', auth.handlers.logout); app.post('/check-username', auth.handlers.exists); // Serve up virtual configuration "file" var config = { version: require('../package').version, eventsLocation: env.get('eventsLocation') || 'http://localhost:1989', accountSettingsUrl: env.get('accountSettingsUrl') || 'https://login.webmaker.org/account', myMakesUrl: env.get('myMakesUrl') || 'https://webmaker.org/me', webmakerUrl: env.get('WEBMAKER_URL') || 'https://webmaker.org', ga_account: env.get('GA_ACCOUNT') || 'UA-XXXXX-X', ga_domain: env.get('GA_DOMAIN') || 'example.com' }; app.get('/config.js', function (req, res) { config.lang = req.localeInfo.lang; config.direction = req.localeInfo.direction; config.defaultLang = defaultLang; config.langmap = i18n.getAllLocaleCodes(); config.supported_languages = i18n.getSupportLanguages(); res.setHeader('Content-type', 'text/javascript'); res.send('window.eventsConfig = ' + JSON.stringify(config)); }); // Localized Strings app.get('/strings/:lang?', i18n.stringsRoute('en-US')); return app; };