-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
executable file
·100 lines (85 loc) · 3.67 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/env nodejs
const express = require('express')
const session = require('express-session');
const session_file_store = require('session-file-store')
const conf = require('./conf')
const db = require('./api/db')
const shib = require('./api/shib')
const api = require('./api/api')
const helpers = require('./api/helpers')
const various = require('./api/various')
const service_reload = require('./api/service_reload')
const html_template = require('./api/html_template')
const session_FileStore = session_file_store(session)
const app = express()
const get_session = session({
resave: false, saveUninitialized: false, ...conf.session,
store: new session_FileStore(conf.session_store),
})
const require_session = (req, res, next) => {
if (req.session.user) {
next()
} else {
res.status(401).json({ ok: false, err: "need relog" })
}
}
const _is_trusted = (req) => {
const bearer = ((req.headers.authorization || '').match(/^Bearer (.*)/) || [])[1]
if (bearer && conf.trusted.bearer_tokens.includes(bearer)) {
return true;
}
const ip = conf.request_to_ip(req);
if (conf.trusted.IPs.includes(ip)) {
return true;
}
if (bearer) console.info(bearer + " is not in trusted.bearer_tokens for trusted upload")
console.info(ip + " is not in trusted.IPs for trusted upload")
return false;
}
const require_trusted = (req, res, next) => {
if (_is_trusted(req)) {
next();
} else {
res.status(403).json({ ok: false, err: "no valid 'Authorization Bearer' or IP not authorized (see conf.trusted)" })
}
}
const require_admin = async (req, res, next) => {
try {
if (await various.is_logged_user_admin(req)) {
next();
return;
}
} catch (e) {}
const err = (await db.get_exemptions()).length === 0 ? "veuillez créer un admin avec le shell mongo : db.exemptions.insertOne({ _id: '" + req.session.user.eppn + "', admin: true })" : "reservé aux admins"
res.status(401).json({ ok: false, err })
}
app.use('/user', get_session, shib.may_create_session, require_session)
app.put('/user/upload', api.handle_upload)
app.post('/user/upload', api.handle_upload)
app.get('/user/upload/partial', api.get_partial_upload_size)
app.get('/user/info', api.user_info)
app.get('/user/files', api.user_files)
app.get('/user/file/:id', api.user_file)
app.delete('/user/file/:id', api.delete_user_file)
app.post('/user/file/:id', api.modify_user_file)
app.use('/trusted', require_trusted)
app.put('/trusted/upload', api.handle_trusted_upload)
app.post('/trusted/upload', api.handle_trusted_upload)
app.get('/get', api.handle_download)
app.get('/get-with-auth', get_session, shib.may_create_session, shib.ensure_connected, api.handle_download)
app.get([/^\/$/, '/manage', '/manage-file'], get_session, shib.may_create_session, shib.ensure_connected, html_template.static)
app.use('/exemptions', get_session, shib.may_create_session, require_admin)
app.get('/exemptions', api.get_exemptions)
app.delete('/exemptions/:userid', api.delete_exemption)
app.put('/exemptions/:userid', api.set_exemption)
app.use('/admin', get_session, shib.may_create_session, shib.ensure_connected, require_admin)
app.get('/admin', html_template.static)
app.use("/node_modules", express.static(__dirname + '/node_modules'))
app.use(express.static(__dirname + '/app'))
app.get('/journal', (_req, res) => res.json({ ok: true }))
const server = app.listen(conf.port, service_reload.may_write_PIDFile)
// allow uploads of more than 5 minutes (ie revert to Node.js < 18 behaviour)
server.requestTimeout = 0;
service_reload.may_handle_reload(server)
various.remove_expired()
setInterval(various.remove_expired, helpers.minutes_to_ms(5))