diff --git a/app.js b/app.js index 245d02d35..a3632c881 100644 --- a/app.js +++ b/app.js @@ -35,151 +35,6 @@ var MongoStore = connectMongo(express.session), controllers = all(path.resolve('./app/controllers')), app; -// -// express.oi Setup -// -if (httpsEnabled) { - app = express().https({ - key: fs.readFileSync(settings.https.key), - cert: fs.readFileSync(settings.https.cert), - passphrase: settings.https.passphrase - }).io(); -} else { - app = express().http().io(); -} - -if (settings.env === 'production') { - app.set('env', settings.env); - app.set('json spaces', undefined); - app.enable('view cache'); -} - -// Session -var sessionStore = new MongoStore({ - url: settings.database.uri, - autoReconnect: true -}); - -// Session -var session = { - key: 'connect.sid', - secret: settings.secrets.cookie, - store: sessionStore, - cookie: { secure: httpsEnabled }, - resave: false, - saveUninitialized: true -}; - -// Set compression before any routes -app.use(compression({ threshold: 512 })); - -app.use(cookieParser()); -app.io.session(session); - -auth.setup(app, session, core); - -// Security protections -app.use(helmet.frameguard()); -app.use(helmet.hidePoweredBy()); -app.use(helmet.ieNoOpen()); -app.use(helmet.noSniff()); -app.use(helmet.xssFilter()); -app.use(helmet.hsts({ - maxAge: 31536000, - includeSubdomains: true, - force: httpsEnabled, - preload: true -})); -app.use(helmet.contentSecurityPolicy({ - defaultSrc: ['\'none\''], - connectSrc: ['*'], - scriptSrc: ['\'self\'', '\'unsafe-eval\''], - styleSrc: ['\'self\'', 'fonts.googleapis.com', '\'unsafe-inline\''], - fontSrc: ['\'self\'', 'fonts.gstatic.com'], - mediaSrc: ['\'self\''], - objectSrc: ['\'self\''], - imgSrc: ['* data:'] -})); - -var bundles = {}; -app.use(require('connect-assets')({ - paths: [ - 'media/js', - 'media/less' - ], - helperContext: bundles, - build: settings.env === 'production', - fingerprinting: settings.env === 'production', - servePath: 'media/dist' -})); - -// Public -app.use('/media', express.static(__dirname + '/media', { - maxAge: '364d' -})); - -// Templates -var nun = nunjucks.configure('templates', { - autoescape: true, - express: app, - tags: { - blockStart: '<%', - blockEnd: '%>', - variableStart: '<$', - variableEnd: '$>', - commentStart: '<#', - commentEnd: '#>' - } -}); - -function wrapBundler(func) { - // This method ensures all assets paths start with "./" - // Making them relative, and not absolute - return function() { - return func.apply(func, arguments) - .replace(/href="\//g, 'href="./') - .replace(/src="\//g, 'src="./'); - }; -} - -nun.addFilter('js', wrapBundler(bundles.js)); -nun.addFilter('css', wrapBundler(bundles.css)); -nun.addGlobal('text_search', false); - -// i18n -i18n.configure({ - directory: path.resolve(__dirname, './locales'), - locales: settings.i18n.locales || settings.i18n.locale, - defaultLocale: settings.i18n.locale -}); -app.use(i18n.init); - -// HTTP Middlewares -app.use(bodyParser.json()); -app.use(bodyParser.urlencoded({ - extended: true -})); - -// IE header -app.use(function(req, res, next) { - res.setHeader('X-UA-Compatible', 'IE=Edge,chrome=1'); - next(); -}); - -// -// Controllers -// -_.each(controllers, function(controller) { - controller.apply({ - app: app, - core: core, - settings: settings, - middlewares: middlewares, - models: models, - controllers: controllers - }); -}); - // // Mongo // @@ -192,45 +47,159 @@ mongoose.connection.on('disconnected', function() { throw new Error('Could not connect to database'); }); -// -// Go Time -// +mongoose.connect(settings.database.uri, function(err) { + if (err) { + throw err; + } -function startApp() { - var port = httpsEnabled && settings.https.port || - httpEnabled && settings.http.port; + // + // express.oi Setup + // + if (httpsEnabled) { + app = express().https({ + key: fs.readFileSync(settings.https.key), + cert: fs.readFileSync(settings.https.cert), + passphrase: settings.https.passphrase + }).io(); + } else { + app = express().http().io(); + } - var host = httpsEnabled && settings.https.host || - httpEnabled && settings.http.host || '0.0.0.0'; + if (settings.env === 'production') { + app.set('env', settings.env); + app.set('json spaces', undefined); + app.enable('view cache'); + } + // Session + var sessionStore = new MongoStore({ + mongooseConnection: mongoose.connection + }); + // Session + var session = { + key: 'connect.sid', + secret: settings.secrets.cookie, + store: sessionStore, + cookie: { secure: httpsEnabled }, + resave: false, + saveUninitialized: true + }; - if (httpsEnabled && httpEnabled) { - // Create an HTTP -> HTTPS redirect server - var redirectServer = express(); - redirectServer.get('*', function(req, res) { - var urlPort = port === 80 ? '' : ':' + port; - res.redirect('https://' + req.hostname + urlPort + req.path); - }); - http.createServer(redirectServer) - .listen(settings.http.port || 5000, host); + // Set compression before any routes + app.use(compression({ threshold: 512 })); + + app.use(cookieParser()); + app.io.session(session); + + auth.setup(app, session, core); + + // Security protections + app.use(helmet.frameguard()); + app.use(helmet.hidePoweredBy()); + app.use(helmet.ieNoOpen()); + app.use(helmet.noSniff()); + app.use(helmet.xssFilter()); + app.use(helmet.hsts({ + maxAge: 31536000, + includeSubdomains: true, + force: httpsEnabled, + preload: true + })); + app.use(helmet.contentSecurityPolicy({ + defaultSrc: ['\'none\''], + connectSrc: ['*'], + scriptSrc: ['\'self\'', '\'unsafe-eval\''], + styleSrc: ['\'self\'', 'fonts.googleapis.com', '\'unsafe-inline\''], + fontSrc: ['\'self\'', 'fonts.gstatic.com'], + mediaSrc: ['\'self\''], + objectSrc: ['\'self\''], + imgSrc: ['* data:'] + })); + + var bundles = {}; + app.use(require('connect-assets')({ + paths: [ + 'media/js', + 'media/less' + ], + helperContext: bundles, + build: settings.env === 'production', + fingerprinting: settings.env === 'production', + servePath: 'media/dist' + })); + + // Public + app.use('/media', express.static(__dirname + '/media', { + maxAge: '364d' + })); + + // Templates + var nun = nunjucks.configure('templates', { + autoescape: true, + express: app, + tags: { + blockStart: '<%', + blockEnd: '%>', + variableStart: '<$', + variableEnd: '$>', + commentStart: '<#', + commentEnd: '#>' + } + }); + + function wrapBundler(func) { + // This method ensures all assets paths start with "./" + // Making them relative, and not absolute + return function() { + return func.apply(func, arguments) + .replace(/href="\//g, 'href="./') + .replace(/src="\//g, 'src="./'); + }; } - app.listen(port, host); + nun.addFilter('js', wrapBundler(bundles.js)); + nun.addFilter('css', wrapBundler(bundles.css)); + nun.addGlobal('text_search', false); + + // i18n + i18n.configure({ + directory: path.resolve(__dirname, './locales'), + locales: settings.i18n.locales || settings.i18n.locale, + defaultLocale: settings.i18n.locale + }); + app.use(i18n.init); + + // HTTP Middlewares + app.use(bodyParser.json()); + app.use(bodyParser.urlencoded({ + extended: true + })); + + // IE header + app.use(function(req, res, next) { + res.setHeader('X-UA-Compatible', 'IE=Edge,chrome=1'); + next(); + }); // - // XMPP + // Controllers // - if (settings.xmpp.enable) { - var xmpp = require('./app/xmpp/index'); - xmpp(core); - } + _.each(controllers, function(controller) { + controller.apply({ + app: app, + core: core, + settings: settings, + middlewares: middlewares, + models: models, + controllers: controllers + }); + }); - var art = fs.readFileSync('./app/misc/art.txt', 'utf8'); - console.log('\n' + art + '\n\n' + 'Release ' + psjon.version.yellow + '\n'); -} + // + // Go Time + // -function checkForMongoTextSearch() { if (!mongoose.mongo || !mongoose.mongo.Admin) { // MongoDB API has changed, assume text search is enabled nun.addGlobal('text_search', true); @@ -258,13 +227,34 @@ function checkForMongoTextSearch() { nun.addGlobal('text_search', true); }); -} -mongoose.connect(settings.database.uri, function(err) { - if (err) { - throw err; + var port = httpsEnabled && settings.https.port || + httpEnabled && settings.http.port; + + var host = httpsEnabled && settings.https.host || + httpEnabled && settings.http.host || '0.0.0.0'; + + if (httpsEnabled && httpEnabled) { + // Create an HTTP -> HTTPS redirect server + var redirectServer = express(); + redirectServer.get('*', function(req, res) { + var urlPort = port === 80 ? '' : ':' + port; + res.redirect('https://' + req.hostname + urlPort + req.path); + }); + http.createServer(redirectServer) + .listen(settings.http.port || 5000, host); + } + + app.listen(port, host); + + // + // XMPP + // + if (settings.xmpp.enable) { + var xmpp = require('./app/xmpp/index'); + xmpp(core); } - checkForMongoTextSearch(); - startApp(); + var art = fs.readFileSync('./app/misc/art.txt', 'utf8'); + console.log('\n' + art + '\n\n' + 'Release ' + psjon.version.yellow + '\n'); }); diff --git a/package.json b/package.json index dd67312ae..16bf787f4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "lets-chat", - "version": "0.4.89", + "version": "0.4.90", "description": "A chat app for small teams.", "license": "MIT", "main": "app.js",