From cf3e1c69faeb8eb731d8614e94bb347e15ba5a79 Mon Sep 17 00:00:00 2001 From: lesion Date: Sat, 26 Feb 2022 21:27:40 +0100 Subject: [PATCH] refactor res.locals and settings --- middleware/setup.js | 8 +++--- plugins/i18n.js | 8 +++--- server/api/auth.js | 6 ++--- server/api/controller/event.js | 22 ++++++++-------- server/api/controller/export.js | 9 ++++--- server/api/controller/oauth.js | 2 +- server/api/controller/user.js | 16 ++++++------ server/api/index.js | 2 +- server/api/mail.js | 6 +++-- server/api/models/index.js | 4 ++- server/api/oauth.js | 6 ++--- server/federation/follows.js | 17 +++++++------ server/federation/helpers.js | 2 +- server/federation/index.js | 4 +-- server/federation/resources.js | 5 ++-- server/federation/users.js | 13 ++++++---- server/federation/webfinger.js | 37 +++++++++++++++++---------- server/helpers.js | 45 ++++++++++++++++++++------------- server/routes.js | 13 +++++----- store/index.js | 10 ++++---- 20 files changed, 133 insertions(+), 102 deletions(-) diff --git a/middleware/setup.js b/middleware/setup.js index 2847d234..9f5e2342 100644 --- a/middleware/setup.js +++ b/middleware/setup.js @@ -1,14 +1,14 @@ -export default async function ({ $config, req, redirect, route, error }) { +export default async function ({ $config, req, res, redirect, route, error }) { if (process.server) { - if (req.status === 'SETUP' && route.path !== '/setup/0') { + if (res.locals.status === 'SETUP' && route.path !== '/setup/0') { return redirect('/setup/0') } - if (req.status === 'DBCONF' && route.path !== '/setup/1') { + if (res.locals.status === 'DBCONF' && route.path !== '/setup/1') { return redirect('/setup/1') } - if (req.status === 'READY' && route.path.startsWith('/setup')) { + if (res.locals.status === 'READY' && route.path.startsWith('/setup')) { return redirect('/') } } diff --git a/plugins/i18n.js b/plugins/i18n.js index 9d532797..fcb5c9f2 100644 --- a/plugins/i18n.js +++ b/plugins/i18n.js @@ -4,12 +4,12 @@ import merge from 'lodash/merge' Vue.use(VueI18n) -export default async ({ app, store, req }) => { +export default async ({ app, store, res }) => { const messages = {} if (process.server) { - store.commit('setLocale', req.acceptedLocale) - if (req.user_locale) { - store.commit('setUserLocale', req.user_locale) + store.commit('setLocale', res.locals.acceptedLocale) + if (res.locals.user_locale) { + store.commit('setUserLocale', res.locals.user_locale) } } diff --git a/server/api/auth.js b/server/api/auth.js index b6860cd0..e57792b3 100644 --- a/server/api/auth.js +++ b/server/api/auth.js @@ -16,13 +16,13 @@ const Auth = { } oauth.oauthServer.authenticate()(req, res, () => { - req.user = get(res, 'locals.oauth.token.user', null) + res.locals.user = get(res, 'locals.oauth.token.user', null) next() }) }, isAuth (req, res, next) { - if (req.user) { + if (res.locals.user) { next() } else { res.sendStatus(404) @@ -30,7 +30,7 @@ const Auth = { }, isAdmin (req, res, next) { - if (req.user.is_admin) { + if (res.locals.user.is_admin) { next() } else { res.status(404) diff --git a/server/api/controller/event.js b/server/api/controller/event.js index 3dd3634c..bc4d8703 100644 --- a/server/api/controller/event.js +++ b/server/api/controller/event.js @@ -100,7 +100,7 @@ const eventController = { async get (req, res) { const format = req.params.format || 'json' - const is_admin = req.user && req.user.is_admin + const is_admin = res.locals.user && res.locals.user.is_admin const slug = req.params.event_slug // retrocompatibility, old events URL does not use slug, use id as fallback @@ -206,7 +206,7 @@ const eventController = { log.warn(`Trying to confirm a unknown event, id: ${id}`) return res.sendStatus(404) } - if (!req.user.is_admin && req.user.id !== event.userId) { + if (!res.locals.user.is_admin && res.locals.user.id !== event.userId) { log.warn(`Someone unallowed is trying to confirm -> "${event.title} `) return res.sendStatus(403) } @@ -232,7 +232,7 @@ const eventController = { const id = Number(req.params.event_id) const event = await Event.findByPk(id) if (!event) { return req.sendStatus(404) } - if (!req.user.is_admin && req.user.id !== event.userId) { + if (!res.locals.user.is_admin && res.locals.user.id !== event.userId) { return res.sendStatus(403) } @@ -315,7 +315,7 @@ const eventController = { end_datetime: body.end_datetime, recurrent, // publish this event only if authenticated - is_visible: !!req.user + is_visible: !!res.locals.user } if (req.file || body.image_url) { @@ -358,9 +358,9 @@ const eventController = { } // associate user to event and reverse - if (req.user) { - await req.user.addEvent(event) - await event.setUser(req.user) + if (res.locals.user) { + await res.locals.user.addEvent(event) + await event.setUser(res.locals.user) } // return created event to the client @@ -382,15 +382,15 @@ const eventController = { }, async update (req, res) { - if (req.err) { - return res.status(400).json(req.err.toString()) + if (res.locals.err) { + return res.status(400).json(res.locals.err.toString()) } try { const body = req.body const event = await Event.findByPk(body.id) if (!event) { return res.sendStatus(404) } - if (!req.user.is_admin && event.userId !== req.user.id) { + if (!res.locals.user.is_admin && event.userId !== res.locals.user.id) { return res.sendStatus(403) } @@ -470,7 +470,7 @@ const eventController = { async remove (req, res) { const event = await Event.findByPk(req.params.id) // check if event is mine (or user is admin) - if (event && (req.user.is_admin || req.user.id === event.userId)) { + if (event && (res.locals.user.is_admin || res.locals.user.id === event.userId)) { if (event.media && event.media.length && !event.recurrent) { const old_path = path.join(config.upload_path, event.media[0].url) const old_thumb_path = path.join(config.upload_path, 'thumb', event.media[0].url) diff --git a/server/api/controller/export.js b/server/api/controller/export.js index 4c9cc360..63322369 100644 --- a/server/api/controller/export.js +++ b/server/api/controller/export.js @@ -5,6 +5,7 @@ const Tag = require('../models/tag') const { Op, literal } = require('sequelize') const moment = require('dayjs') const ics = require('ics') +const settingsController = require('./settings') const exportController = { @@ -69,8 +70,9 @@ const exportController = { }, feed (req, res, events) { + const settings = settingsController.settings res.type('application/rss+xml; charset=UTF-8') - res.render('feed/rss.pug', { events, settings: req.settings, moment }) + res.render('feed/rss.pug', { events, settings, moment }) }, /** @@ -79,6 +81,7 @@ const exportController = { * @param {*} alarms https://github.com/adamgibbons/ics#attributes (alarms) */ ics (req, res, events, alarms = []) { + const settings = settingsController.settings const eventsMap = events.map(e => { const tmpStart = moment.unix(e.start_datetime) const tmpEnd = moment.unix(e.end_datetime) @@ -89,10 +92,10 @@ const exportController = { // startOutputType: 'utc', end, // endOutputType: 'utc', - title: `[${req.settings.title}] ${e.title}`, + title: `[${settings.title}] ${e.title}`, description: e.description, location: `${e.place.name} - ${e.place.address}`, - url: `${req.settings.baseurl}/event/${e.slug || e.id}`, + url: `${settings.baseurl}/event/${e.slug || e.id}`, alarms } }) diff --git a/server/api/controller/oauth.js b/server/api/controller/oauth.js index 0822e66f..7eef9277 100644 --- a/server/api/controller/oauth.js +++ b/server/api/controller/oauth.js @@ -63,7 +63,7 @@ const oauthController = { async getClients (req, res) { const tokens = await OAuthToken.findAll({ - include: [{ model: User, where: { id: req.user.id } }, { model: OAuthClient, as: 'client' }], + include: [{ model: User, where: { id: res.locals.user.id } }, { model: OAuthClient, as: 'client' }], raw: true, nest: true }) diff --git a/server/api/controller/user.js b/server/api/controller/user.js index 3e98c019..f1f7bf96 100644 --- a/server/api/controller/user.js +++ b/server/api/controller/user.js @@ -15,7 +15,7 @@ const userController = { if (!user) { return res.sendStatus(200) } user.recover_code = crypto.randomBytes(16).toString('hex') - mail.send(user.email, 'recover', { user, config }, req.settings.locale) + mail.send(user.email, 'recover', { user, config }, res.locals.locale) await user.save() res.sendStatus(200) @@ -44,13 +44,13 @@ const userController = { }, async current (req, res) { - if (!req.user) { return res.status(400).send('Not logged') } - const user = await User.scope('withoutPassword').findByPk(req.user.id) + if (!res.locals.user) { return res.status(400).send('Not logged') } + const user = await User.scope('withoutPassword').findByPk(res.locals.user.id) res.json(user) }, async getAll (req, res) { - const users = await User.scope(req.user.is_admin ? 'withRecover' : 'withoutPassword').findAll({ + const users = await User.scope(res.locals.user.is_admin ? 'withRecover' : 'withoutPassword').findAll({ order: [['is_admin', 'DESC'], ['createdAt', 'DESC']] }) res.json(users) @@ -62,14 +62,14 @@ const userController = { if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) } - if (req.body.id !== req.user.id && !req.user.is_admin) { + if (req.body.id !== res.locals.user.id && !res.locals.user.is_admin) { return res.status(400).json({ succes: false, message: 'Not allowed' }) } if (!req.body.password) { delete req.body.password } if (!user.is_active && req.body.is_active && user.recover_code) { - mail.send(user.email, 'confirm', { user, config }, req.settings.locale) + mail.send(user.email, 'confirm', { user, config }, res.locals.settings.locale) } await user.update(req.body) @@ -99,7 +99,7 @@ const userController = { log.info('Register user ', req.body.email) const user = await User.create(req.body) log.info(`Sending registration email to ${user.email}`) - mail.send(user.email, 'register', { user, config }, req.settings.locale) + mail.send(user.email, 'register', { user, config }, res.locales.locale) mail.send(settingsController.settings.admin_email, 'admin_register', { user, config }) res.sendStatus(200) } catch (e) { @@ -113,7 +113,7 @@ const userController = { req.body.is_active = true req.body.recover_code = crypto.randomBytes(16).toString('hex') const user = await User.scope('withRecover').create(req.body) - mail.send(user.email, 'user_confirm', { user, config }, req.settings.locale) + mail.send(user.email, 'user_confirm', { user, config }, res.locales.locale) res.json(user) } catch (e) { log.error('User creation error:', e) diff --git a/server/api/index.js b/server/api/index.js index 9d90589f..8622a84f 100644 --- a/server/api/index.js +++ b/server/api/index.js @@ -56,7 +56,7 @@ if (config.status !== 'READY') { ``` */ api.get('/ping', (req, res) => res.sendStatus(200)) - api.get('/user', isAuth, (req, res) => res.json(req.user)) + api.get('/user', isAuth, (req, res) => res.json(res.locals.user)) api.post('/user/recover', userController.forgotPassword) diff --git a/server/api/mail.js b/server/api/mail.js index 32d50b92..16867b65 100644 --- a/server/api/mail.js +++ b/server/api/mail.js @@ -7,7 +7,8 @@ const { Task, TaskManager } = require('../taskManager') const locales = require('../../locales') const mail = { - send (addresses, template, locals, locale = settingsController.settings.instance_locale) { + send (addresses, template, locals, locale) { + locale = locale || settingsController.settings.instance_locale if (process.env.NODE_ENV === 'production' && (!settingsController.settings.admin_email || !settingsController.settings.smtp)) { log.error(`Cannot send any email: SMTP Email configuration not completed!`) return @@ -21,7 +22,8 @@ const mail = { TaskManager.add(task) }, - _send (addresses, template, locals, locale = settingsController.settings.instance_locale) { + _send (addresses, template, locals, locale) { + locale = locale || settingsController.settings.instance_locale const settings = settingsController.settings log.info(`Send ${template} email to ${addresses} with locale ${locale}`) const email = new Email({ diff --git a/server/api/models/index.js b/server/api/models/index.js index 4ee532d5..b26cddfa 100644 --- a/server/api/models/index.js +++ b/server/api/models/index.js @@ -3,6 +3,7 @@ const Umzug = require('umzug') const path = require('path') const config = require('../../config') const log = require('../../log') +const settingsController = require('../controller/settings') const db = { sequelize: null, @@ -45,7 +46,8 @@ const db = { try { await db.connect() log.debug('Running migrations') - return db.runMigrations() + await db.runMigrations() + return settingsController.load() } catch (e) { log.warn(` ⚠️ Cannot connect to db, check your configuration => ${e}`) process.exit(1) diff --git a/server/api/oauth.js b/server/api/oauth.js index 54e8df4e..96690131 100644 --- a/server/api/oauth.js +++ b/server/api/oauth.js @@ -12,11 +12,11 @@ const oauthServer = new OAuthServer({ debug: true, requireClientAuthentication: { password: false }, authenticateHandler: { - handle (req) { - if (!req.user) { + handle (req, res) { + if (!res.locals.user) { throw new Error('Not authenticated!') } - return req.user + return res.locals.user } } }) diff --git a/server/federation/follows.js b/server/federation/follows.js index 45f7321e..74354cf2 100644 --- a/server/federation/follows.js +++ b/server/federation/follows.js @@ -2,6 +2,7 @@ const config = require('../config') const Helpers = require('./helpers') const crypto = require('crypto') const log = require('../log') +const settingsController = require('../api/controller/settings') module.exports = { // follow request from fediverse @@ -9,8 +10,8 @@ module.exports = { const body = req.body if (typeof body.object !== 'string') { return } const username = body.object.replace(`${config.baseurl}/federation/u/`, '') - if (username !== req.settings.instance_name) { - log.warn(`Following the wrong user: ${username} instead of ${req.settings.instance_name} (could be a wrong config.baseurl)`) + if (username !== settingsController.settings.instance_name) { + log.warn(`Following the wrong user: ${username} instead of ${settingsController.settings.instance_name} (could be a wrong config.baseurl)`) return res.status(404).send('User not found') } @@ -18,7 +19,7 @@ module.exports = { // if (!user.followers.includes(body.actor)) { // await user.addFollowers([req.fedi_user.id]) // await user.update({ followers: [...user.followers, body.actor] }) - await req.fedi_user.update({ follower: true }) + await res.locals.fedi_user.update({ follower: true }) log.info(`Followed by ${body.actor}`) const guid = crypto.randomBytes(16).toString('hex') const message = { @@ -28,7 +29,7 @@ module.exports = { actor: `${config.baseurl}/federation/u/${username}`, object: body } - Helpers.signAndSend(JSON.stringify(message), req.fedi_user.object.inbox) + Helpers.signAndSend(JSON.stringify(message), res.locals.fedi_user.object.inbox) res.sendStatus(200) }, @@ -36,16 +37,16 @@ module.exports = { async unfollow (req, res) { const body = req.body const username = body.object.object.replace(`${config.baseurl}/federation/u/`, '') - if (username !== req.settings.instance_name) { - log.warn(`Unfollowing wrong user: ${username} instead of ${req.settings.instance_name}`) + if (username !== settingsController.settings.instance_name) { + log.warn(`Unfollowing wrong user: ${username} instead of ${settingsController.settings.instance_name}`) return res.status(404).send('User not found') } - if (body.actor !== body.object.actor || body.actor !== req.fedi_user.ap_id) { + if (body.actor !== body.object.actor || body.actor !== res.locals.fedi_user.ap_id) { log.info('Unfollow an user created by a different actor !?!?') return res.status(400).send('Bad things') } - await req.fedi_user.update({ follower: false }) + await res.locals.fedi_user.update({ follower: false }) log.info(`Unfollowed by ${body.actor}`) res.sendStatus(200) } diff --git a/server/federation/helpers.js b/server/federation/helpers.js index 1ec9ad2f..a84b0c70 100644 --- a/server/federation/helpers.js +++ b/server/federation/helpers.js @@ -192,7 +192,7 @@ const Helpers = { return res.status(401).send('User blocked') } - req.fedi_user = user + res.locals.fedi_user = user // TODO: check Digest // cannot do this with json bodyparser // const digest = crypto.createHash('sha256') diff --git a/server/federation/index.js b/server/federation/index.js index 615959cc..3c1aa333 100644 --- a/server/federation/index.js +++ b/server/federation/index.js @@ -6,6 +6,7 @@ const Event = require('../api/models/event') const User = require('../api/models/user') const Tag = require('../api/models/tag') const Place = require('../api/models/place') +const settingsController = require('../api/controller/settings') const Helpers = require('./helpers') const Inbox = require('./inbox') @@ -20,7 +21,6 @@ router.use(cors()) // is federation enabled? middleware router.use((req, res, next) => { - const settingsController = require('../api/controller/settings') if (settingsController.settings.enable_federation) { return next() } log.debug('Federation disabled!') return res.status(401).send('Federation disabled') @@ -36,7 +36,7 @@ router.get('/m/:event_id', async (req, res) => { const event = await Event.findByPk(req.params.event_id, { include: [User, Tag, Place] }) if (!event) { return res.status(404).send('Not found') } - return res.json(event.toAP(settingsController.settings.instance_name, req.settings.instance_locale)) + return res.json(event.toAP(settingsController.settings.instance_name, settingsController.settings.instance_locale)) }) // get any message coming from federation diff --git a/server/federation/resources.js b/server/federation/resources.js index 6afc19d4..ff2f853e 100644 --- a/server/federation/resources.js +++ b/server/federation/resources.js @@ -1,6 +1,7 @@ const Event = require('../api/models/event') const Resource = require('../api/models/resource') const APUser = require('../api/models/ap_user') +const settingsController = require('../api/controller/settings') const log = require('../log') const helpers = require('../helpers') @@ -10,7 +11,7 @@ module.exports = { // create a resource from AP Note async create (req, res) { - if (!req.settings.enable_resources) { + if (!settingsController.settings.enable_resources) { log.info('Ignore resource as it is disabled in settings') return } @@ -67,7 +68,7 @@ module.exports = { } // check if fedi_user that requested resource removal // is the same that created the resource at first place - if (req.fedi_user.ap_id === resource.ap_user.ap_id) { + if (res.locals.fedi_user.ap_id === resource.ap_user.ap_id) { await resource.destroy() log.info(`Comment ${req.body.object.id} removed`) res.sendStatus(201) diff --git a/server/federation/users.js b/server/federation/users.js index ec00cf30..82f6f768 100644 --- a/server/federation/users.js +++ b/server/federation/users.js @@ -7,16 +7,18 @@ const config = require('../config') const log = require('../log') const utc = require('dayjs/plugin/utc') const dayjs = require('dayjs') +const settingsController = require('../api/controller/settings') dayjs.extend(utc) module.exports = { get (req, res) { log.debug('Get actor') if (req.accepts('html')) { return res.redirect(301, '/') } + const settings = settingsController.settings const name = req.params.name if (!name) { return res.status(400).send('Bad request.') } - if (name !== req.settings.instance_name) { return res.status(404).send(`No record found for ${escape(name)}`) } + if (name !== settings.instance_name) { return res.status(404).send(`No record found for ${escape(name)}`) } const ret = { '@context': [ 'https://www.w3.org/ns/activitystreams', @@ -50,7 +52,7 @@ module.exports = { publicKey: { id: `${config.baseurl}/federation/u/${name}#main-key`, owner: `${config.baseurl}/federation/u/${name}`, - publicKeyPem: req.settings.publicKey + publicKeyPem: settings.publicKey } } res.type('application/activity+json; charset=utf-8') @@ -62,7 +64,7 @@ module.exports = { const page = req.query.page log.debug(`Retrieve ${name} followers`) if (!name) { return res.status(400).send('Bad request.') } - if (name !== req.settings.instance_name) { + if (name !== settings.instance_name) { log.warn('No record found') return res.status(404).send(`No record found for ${escape(name)}`) } @@ -95,12 +97,13 @@ module.exports = { async outbox (req, res) { const name = req.params.name const page = req.query.page + const settings = settingsController.settings if (!name) { log.info('[AP] Bad /outbox request') return res.status(400).send('Bad request.') } - if (name !== req.settings.instance_name) { + if (name !== settings.instance_name) { log.info(`No record found for ${name}`) return res.status(404).send(`No record found for ${escape(name)}`) } @@ -132,7 +135,7 @@ module.exports = { cc: [`${config.baseurl}/federation/u/${name}/followers`], published: dayjs(e.createdAt).utc().format(), actor: `${config.baseurl}/federation/u/${name}`, - object: e.toAP(name, req.settings.instance_locale) + object: e.toAP(name, settings.instance_locale) })) } }) diff --git a/server/federation/webfinger.js b/server/federation/webfinger.js index 593dd3ba..3680fd6f 100644 --- a/server/federation/webfinger.js +++ b/server/federation/webfinger.js @@ -11,9 +11,9 @@ const url = require('url') const log = require('../log') router.use(cors()) -function allowFederation (req,res,next) { +function allowFederation (req, res, next) { // is federation enabled ? - if (req.settings.enable_federation) { + if (settingsController.settings.enable_federation) { return next() } log.debug('Federation disabled') @@ -21,19 +21,20 @@ function allowFederation (req,res,next) { } router.get('/webfinger', allowFederation, (req, res) => { + const settings = settingsController.settings if (!req.query || !req.query.resource || !req.query.resource.includes('acct:')) { log.debug('Bad webfinger request => ', req.query && req.query.resource) return res.status(400).send('Bad request. Please make sure "acct:USER@DOMAIN" is what you are sending as the "resource" query parameter.') } const resource = req.query.resource - const domain = (new url.URL(req.settings.baseurl)).host + const domain = (new url.URL(settings.baseurl)).host const [, name, req_domain] = resource.match(/acct:(.*)@(.*)/) if (domain !== req_domain) { log.warn(`Bad webfinger request, requested domain "${req_domain}" instead of "${domain}"`) return res.status(400).send('Bad request. Please make sure "acct:USER@DOMAIN" is what you are sending as the "resource" query parameter.') } - if (name !== req.settings.instance_name) { + if (name !== settings.instance_name) { log.warn(`User not found: ${name}`) return res.status(404).send(`No record found for ${name}`) } @@ -45,7 +46,7 @@ router.get('/webfinger', allowFederation, (req, res) => { { rel: 'self', type: 'application/activity+json', - href: `${req.settings.baseurl}/federation/u/${name}` + href: `${settings.baseurl}/federation/u/${name}` } ] } @@ -54,17 +55,19 @@ router.get('/webfinger', allowFederation, (req, res) => { }) router.get('/nodeinfo/:nodeinfo_version', async (req, res) => { + const settings = settingsController.settings + const usersCount = (await User.findAndCountAll()).count const eventsCount = (await Event.findAndCountAll()).count const resourcesCount = (await Resource.findAndCountAll()).count const ret = { metadata: { - nodeDescription: req.settings.description, - nodeName: req.settings.title, - nodeLabel: req.settings.instance_place + nodeDescription: settings.description, + nodeName: settings.title, + nodeLabel: settings.instance_place }, - openRegistrations: settingsController.settings.allow_registration, + openRegistrations: settings.allow_registration, protocols: ['activitypub'], services: { inbound: [], outbound: ['rss2.0'] }, software: { @@ -88,6 +91,8 @@ router.get('/nodeinfo/:nodeinfo_version', async (req, res) => { }) router.get('/x-nodeinfo2', async (req, res) => { + const settings = settingsController.settings + const usersCount = (await User.findAndCountAll()).count const eventsCount = (await Event.findAndCountAll()).count const resourcesCount = (await Resource.findAndCountAll()).count @@ -95,8 +100,8 @@ router.get('/x-nodeinfo2', async (req, res) => { const ret = { version: '1.0', server: { - baseUrl: req.settings.baseurl, - name: req.settings.title, + baseUrl: settings.baseurl, + name: settings.title, software: 'Gancio', version }, @@ -114,21 +119,25 @@ router.get('/x-nodeinfo2', async (req, res) => { }) router.get('/nodeinfo', (req, res) => { + const settings = settingsController.settings + const ret = { links: [ - { href: `${req.settings.baseurl}/.well-known/nodeinfo/2.0`, rel: 'http://nodeinfo.diaspora.software/ns/schema/2.0' }, - { href: `${req.settings.baseurl}/.well-known/nodeinfo/2.1`, rel: 'http://nodeinfo.diaspora.software/ns/schema/2.1' } + { href: `${settings.baseurl}/.well-known/nodeinfo/2.0`, rel: 'http://nodeinfo.diaspora.software/ns/schema/2.0' }, + { href: `${settings.baseurl}/.well-known/nodeinfo/2.1`, rel: 'http://nodeinfo.diaspora.software/ns/schema/2.1' } ] } res.json(ret) }) router.use('/host-meta', (req, res) => { + const settings = settingsController.settings + log.debug('host-meta') res.type('application/xml') res.send(` - + `) }) diff --git a/server/helpers.js b/server/helpers.js index 5e88beb6..16fc9068 100644 --- a/server/helpers.js +++ b/server/helpers.js @@ -62,43 +62,52 @@ module.exports = { }) }, + async setUserLocale (req, res, next) { + // select locale based on cookie? and accept-language header + acceptLanguage.languages(Object.keys(locales)) + res.locals.acceptedLocale = acceptLanguage.get(req.headers['accept-language']) + dayjs.locale(res.locals.acceptedLocale) + next() + }, + async initSettings (req, res, next) { // initialize settings - req.settings = cloneDeep(settingsController.settings) + const settings = settingsController.settings + res.locals.settings = cloneDeep(settingsController.settings) - if (req.settings.smtp && req.settings.smtp.auth && req.settings.smtp.auth.pass) { - delete req.settings.smtp.auth.pass + if (res.locals.settings.smtp && res.locals.settings.smtp.auth) { + if (res.locals.user.is_admin) { + delete res.locals.settings.smtp.auth.pass + } else { + delete res.locals.settings.smtp + } } - delete req.settings.publicKey - req.settings.baseurl = config.baseurl - req.settings.hostname = config.hostname - req.settings.title = req.settings.title || config.title - req.settings.description = req.settings.description || config.description - req.settings.version = pkg.version + delete res.locals.settings.publicKey + res.locals.settings.baseurl = config.baseurl + res.locals.settings.hostname = config.hostname + res.locals.settings.title = settings.title || config.title + res.locals.settings.description = settings.description || config.description + res.locals.settings.version = pkg.version - // select locale based on cookie and accept-language header - acceptLanguage.languages(Object.keys(locales)) - req.acceptedLocale = acceptLanguage.get(req.headers['accept-language']) - - // set locale and user locale - req.user_locale = settingsController.user_locale[req.acceptedLocale] - dayjs.locale(req.acceptedLocale) + // set user locale + res.locals.user_locale = settingsController.user_locale[res.locals.acceptedLocale] next() }, serveStatic () { + const settings = settingsController.settings const router = express.Router() // serve event's images/thumb router.use('/media/', express.static(config.upload_path, { immutable: true, maxAge: '1y' } )) router.use('/noimg.svg', express.static('./static/noimg.svg')) router.use('/logo.png', (req, res, next) => { - const logoPath = req.settings.logo || './static/gancio' + const logoPath = settings.logo || './static/gancio' return express.static(logoPath + '.png')(req, res, next) }) router.use('/favicon.ico', (req, res, next) => { - const faviconPath = req.settings.logo || './assets/favicon' + const faviconPath = settings.logo || './assets/favicon' return express.static(faviconPath + '.ico')(req, res, next) }) diff --git a/server/routes.js b/server/routes.js index 3035c4c5..f5a5e3b1 100644 --- a/server/routes.js +++ b/server/routes.js @@ -37,8 +37,7 @@ const app = express() app.enable('trust proxy') app.use(helpers.logRequest) -// initialize instance settings / authentication / locale -app.use(helpers.initSettings) +app.use(helpers.setUserLocale) app.use(helpers.serveStatic()) app.use(cookieParser()) @@ -65,7 +64,7 @@ if (config.status === 'READY') { // ignore unimplemented ping url from fediverse app.use(spamFilter) - // fill req.user if request is authenticated + // fill res.locals.user if request is authenticated app.use(auth.fillUser) app.use('/oauth', oauth) @@ -84,16 +83,18 @@ app.use((error, req, res, next) => { // remaining request goes to nuxt // first nuxt component is ./pages/index.vue (with ./layouts/default.vue) // prefill current events, tags, places and announcements (used in every path) +app.use(helpers.initSettings) app.use(async (req, res, next) => { // const start_datetime = getUnixTime(startOfWeek(startOfMonth(new Date()))) // req.events = await eventController._select(start_datetime, 100) if (config.status === 'READY') { + const eventController = require('./api/controller/event') const announceController = require('./api/controller/announce') - req.meta = await eventController._getMeta() - req.announcements = await announceController._getVisible() + res.locals.meta = await eventController._getMeta() + res.locals.announcements = await announceController._getVisible() } - req.status = config.status + res.locals.status = config.status next() }) diff --git a/store/index.js b/store/index.js index cd182e11..6a3bf6ef 100644 --- a/store/index.js +++ b/store/index.js @@ -52,11 +52,11 @@ export const mutations = { export const actions = { // this method is called server side only for each request for nuxt // we use it to get configuration from db, set locale, etc... - nuxtServerInit ({ commit }, { req }) { - commit('setSettings', req.settings) - if (req.status === 'READY') { - commit('setAnnouncements', req.announcements) - commit('update', req.meta) + nuxtServerInit ({ commit }, { req, res }) { + commit('setSettings', res.locals.settings) + if (res.locals.status === 'READY') { + commit('setAnnouncements', res.locals.announcements) + commit('update', res.locals.meta) } }, async updateAnnouncements ({ commit }) {