2014-12-23 00:16:10 +00:00
|
|
|
require('dotenv').load();
|
2015-06-16 13:42:55 +00:00
|
|
|
require('pmx').init();
|
2015-03-23 05:18:01 +00:00
|
|
|
// handle uncaught exceptions. Forever will restart process on shutdown
|
2014-01-12 03:53:31 +00:00
|
|
|
|
2015-06-17 19:40:44 +00:00
|
|
|
var R = require('ramda'),
|
2015-06-16 18:30:16 +00:00
|
|
|
assign = require('lodash').assign,
|
|
|
|
loopback = require('loopback'),
|
|
|
|
boot = require('loopback-boot'),
|
|
|
|
accepts = require('accepts'),
|
|
|
|
cookieParser = require('cookie-parser'),
|
|
|
|
compress = require('compression'),
|
|
|
|
session = require('express-session'),
|
|
|
|
logger = require('morgan'),
|
|
|
|
errorHandler = require('errorhandler'),
|
|
|
|
methodOverride = require('method-override'),
|
|
|
|
bodyParser = require('body-parser'),
|
|
|
|
helmet = require('helmet'),
|
|
|
|
MongoStore = require('connect-mongo')(session),
|
|
|
|
flash = require('express-flash'),
|
|
|
|
path = require('path'),
|
|
|
|
expressValidator = require('express-validator'),
|
|
|
|
lessMiddleware = require('less-middleware'),
|
|
|
|
pmx = require('pmx'),
|
|
|
|
|
|
|
|
passportProviders = require('./passport-providers'),
|
|
|
|
/**
|
|
|
|
* API keys and Passport configuration.
|
|
|
|
*/
|
|
|
|
secrets = require('./../config/secrets');
|
2013-11-27 04:15:13 +00:00
|
|
|
|
2015-06-04 21:20:37 +00:00
|
|
|
var generateKey =
|
2015-06-04 21:32:59 +00:00
|
|
|
require('loopback-component-passport/lib/models/utils').generateKey;
|
2014-02-02 10:38:38 +00:00
|
|
|
/**
|
|
|
|
* Create Express server.
|
|
|
|
*/
|
2015-06-03 00:27:02 +00:00
|
|
|
var app = loopback();
|
2015-06-04 17:52:12 +00:00
|
|
|
var PassportConfigurator =
|
|
|
|
require('loopback-component-passport').PassportConfigurator;
|
|
|
|
var passportConfigurator = new PassportConfigurator(app);
|
2015-02-17 23:35:16 +00:00
|
|
|
|
2014-01-12 03:53:31 +00:00
|
|
|
app.set('port', process.env.PORT || 3000);
|
|
|
|
app.set('views', path.join(__dirname, 'views'));
|
|
|
|
app.set('view engine', 'jade');
|
2015-04-22 21:53:58 +00:00
|
|
|
|
2015-06-13 01:09:12 +00:00
|
|
|
//if (process.env.NODE_ENV === 'production') {
|
|
|
|
// app.use(forceDomain({
|
|
|
|
// hostname: 'www.freecodecamp.com'
|
|
|
|
// }));
|
|
|
|
//}
|
2015-04-22 21:53:58 +00:00
|
|
|
|
2014-06-06 18:58:30 +00:00
|
|
|
app.use(compress());
|
2015-06-01 23:23:53 +00:00
|
|
|
app.use(lessMiddleware(path.join(__dirname, '/public')));
|
2014-04-12 16:43:07 +00:00
|
|
|
app.use(logger('dev'));
|
|
|
|
app.use(bodyParser.json());
|
2015-06-17 19:40:44 +00:00
|
|
|
app.use(bodyParser.urlencoded({
|
|
|
|
extended: true
|
|
|
|
}));
|
2014-12-24 02:20:53 +00:00
|
|
|
app.use(expressValidator({
|
2015-05-25 23:55:18 +00:00
|
|
|
customValidators: {
|
2015-06-17 19:40:44 +00:00
|
|
|
matchRegex: function(param, regex) {
|
2015-05-25 23:55:18 +00:00
|
|
|
return regex.test(param);
|
2014-12-24 02:20:53 +00:00
|
|
|
}
|
2015-05-25 23:55:18 +00:00
|
|
|
}
|
2014-12-24 02:20:53 +00:00
|
|
|
}));
|
2014-04-12 16:43:07 +00:00
|
|
|
app.use(methodOverride());
|
2015-06-04 19:42:13 +00:00
|
|
|
app.use(cookieParser(secrets.cookieSecret));
|
2014-04-12 16:43:07 +00:00
|
|
|
app.use(session({
|
2015-04-14 19:36:02 +00:00
|
|
|
resave: true,
|
|
|
|
saveUninitialized: true,
|
|
|
|
secret: secrets.sessionSecret,
|
|
|
|
store: new MongoStore({
|
|
|
|
url: secrets.db,
|
2015-04-17 06:16:55 +00:00
|
|
|
'autoReconnect': true
|
2015-04-14 19:36:02 +00:00
|
|
|
})
|
2014-01-29 05:49:09 +00:00
|
|
|
}));
|
2015-06-04 19:03:53 +00:00
|
|
|
|
2014-06-01 15:52:28 +00:00
|
|
|
app.use(flash());
|
2014-12-11 04:44:33 +00:00
|
|
|
app.disable('x-powered-by');
|
2014-12-23 16:48:28 +00:00
|
|
|
|
2014-12-11 04:44:33 +00:00
|
|
|
app.use(helmet.xssFilter());
|
2015-01-09 23:10:34 +00:00
|
|
|
app.use(helmet.noSniff());
|
2015-05-06 23:10:03 +00:00
|
|
|
app.use(helmet.frameguard());
|
2015-02-17 23:35:16 +00:00
|
|
|
app.use(function(req, res, next) {
|
2015-05-25 23:55:18 +00:00
|
|
|
res.header('Access-Control-Allow-Origin', '*');
|
|
|
|
res.header('Access-Control-Allow-Headers',
|
|
|
|
'Origin, X-Requested-With, Content-Type, Accept'
|
|
|
|
);
|
|
|
|
next();
|
2015-02-17 23:35:16 +00:00
|
|
|
});
|
2014-12-23 16:48:28 +00:00
|
|
|
|
2014-12-22 20:36:45 +00:00
|
|
|
var trusted = [
|
2015-04-14 19:36:02 +00:00
|
|
|
"'self'",
|
2015-05-06 22:14:00 +00:00
|
|
|
'blob:',
|
2015-06-16 04:14:33 +00:00
|
|
|
'104.236.218.15',
|
2015-04-14 19:36:02 +00:00
|
|
|
'*.freecodecamp.com',
|
2015-05-06 23:10:03 +00:00
|
|
|
'http://www.freecodecamp.com',
|
2015-06-16 13:18:59 +00:00
|
|
|
'https://www.freecodecamp.com',
|
|
|
|
'https://freecodecamp.com',
|
2015-06-16 15:44:25 +00:00
|
|
|
'https://freecodecamp.org',
|
|
|
|
'*.freecodecamp.org',
|
2015-05-06 23:10:03 +00:00
|
|
|
'ws://freecodecamp.com/',
|
|
|
|
'ws://www.freecodecamp.com/',
|
2015-04-14 19:36:02 +00:00
|
|
|
'*.gstatic.com',
|
|
|
|
'*.google-analytics.com',
|
|
|
|
'*.googleapis.com',
|
|
|
|
'*.google.com',
|
|
|
|
'*.gstatic.com',
|
|
|
|
'*.doubleclick.net',
|
|
|
|
'*.twitter.com',
|
|
|
|
'*.twitch.tv',
|
|
|
|
'*.twimg.com',
|
|
|
|
"'unsafe-eval'",
|
|
|
|
"'unsafe-inline'",
|
|
|
|
'*.bootstrapcdn.com',
|
|
|
|
'*.cloudflare.com',
|
|
|
|
'https://*.cloudflare.com',
|
|
|
|
'localhost:3001',
|
|
|
|
'ws://localhost:3001/',
|
|
|
|
'http://localhost:3001',
|
|
|
|
'localhost:3000',
|
|
|
|
'ws://localhost:3000/',
|
|
|
|
'http://localhost:3000',
|
|
|
|
'*.ionicframework.com',
|
|
|
|
'https://syndication.twitter.com',
|
|
|
|
'*.youtube.com',
|
|
|
|
'*.jsdelivr.net',
|
|
|
|
'https://*.jsdelivr.net',
|
|
|
|
'*.ytimg.com',
|
2015-04-15 03:04:54 +00:00
|
|
|
'*.bitly.com',
|
|
|
|
'http://cdn.inspectlet.com/',
|
2015-06-16 16:28:05 +00:00
|
|
|
'https://cdn.inspeclet.com/',
|
2015-05-28 23:40:22 +00:00
|
|
|
'wss://inspectletws.herokuapp.com/',
|
2015-06-16 15:51:07 +00:00
|
|
|
'http://hn.inspectlet.com/',
|
|
|
|
'*.googleapis.com',
|
2015-06-16 19:59:22 +00:00
|
|
|
'*.gstatic.com',
|
|
|
|
'https://hn.inspectlet.com/'
|
2014-12-22 20:36:45 +00:00
|
|
|
];
|
2014-12-22 21:38:48 +00:00
|
|
|
|
2015-05-06 23:10:03 +00:00
|
|
|
app.use(helmet.csp({
|
2015-05-25 23:55:18 +00:00
|
|
|
defaultSrc: trusted,
|
|
|
|
scriptSrc: [
|
|
|
|
'*.optimizely.com',
|
|
|
|
'*.aspnetcdn.com',
|
2015-06-16 16:28:05 +00:00
|
|
|
'*.d3js.org',
|
|
|
|
'https://cdn.inspectlet.com/inspectlet.js',
|
|
|
|
'http://cdn.inspectlet.com/inspectlet.js'
|
2015-05-25 23:55:18 +00:00
|
|
|
].concat(trusted),
|
2015-06-17 19:40:44 +00:00
|
|
|
'connect-src': [].concat(trusted),
|
2015-06-16 15:54:58 +00:00
|
|
|
styleSrc: [
|
2015-06-16 16:04:26 +00:00
|
|
|
'*.googleapis.com',
|
|
|
|
'*.gstatic.com'
|
2015-06-16 15:54:58 +00:00
|
|
|
].concat(trusted),
|
2015-05-25 23:55:18 +00:00
|
|
|
imgSrc: [
|
|
|
|
/* allow all input since we have user submitted images for public profile*/
|
|
|
|
'*'
|
|
|
|
].concat(trusted),
|
2015-06-16 13:33:34 +00:00
|
|
|
fontSrc: [
|
|
|
|
'*.googleapis.com',
|
|
|
|
'*.gstatic.com'
|
|
|
|
].concat(trusted),
|
2015-05-25 23:55:18 +00:00
|
|
|
mediaSrc: [
|
|
|
|
'*.amazonaws.com',
|
|
|
|
'*.twitter.com'
|
|
|
|
].concat(trusted),
|
|
|
|
frameSrc: [
|
|
|
|
'*.gitter.im',
|
|
|
|
'*.gitter.im https:',
|
|
|
|
'*.vimeo.com',
|
|
|
|
'*.twitter.com',
|
|
|
|
'*.ghbtns.com'
|
|
|
|
].concat(trusted),
|
2015-06-01 23:23:53 +00:00
|
|
|
// set to true if you only want to report errors
|
|
|
|
reportOnly: false,
|
|
|
|
// set to true if you want to set all headers
|
|
|
|
setAllHeaders: false,
|
|
|
|
// set to true if you want to force buggy CSP in Safari 5
|
|
|
|
safari5: false
|
2014-12-11 04:44:33 +00:00
|
|
|
}));
|
2014-11-19 23:30:36 +00:00
|
|
|
|
2015-06-04 17:52:12 +00:00
|
|
|
passportConfigurator.init();
|
2015-06-03 00:27:02 +00:00
|
|
|
|
2015-06-17 19:40:44 +00:00
|
|
|
app.use(function(req, res, next) {
|
2015-04-14 19:36:02 +00:00
|
|
|
// Make user object available in templates.
|
|
|
|
res.locals.user = req.user;
|
|
|
|
next();
|
2014-01-12 03:53:31 +00:00
|
|
|
});
|
2014-11-19 23:30:36 +00:00
|
|
|
|
2015-06-01 23:23:53 +00:00
|
|
|
app.use(
|
2015-06-17 19:40:44 +00:00
|
|
|
loopback.static(path.join(__dirname, '../public'), {
|
|
|
|
maxAge: 86400000
|
|
|
|
})
|
2015-06-01 23:23:53 +00:00
|
|
|
);
|
2015-05-06 13:10:15 +00:00
|
|
|
|
2015-06-04 17:52:12 +00:00
|
|
|
boot(app, {
|
|
|
|
appRootDir: __dirname,
|
|
|
|
dev: process.env.NODE_ENV
|
|
|
|
});
|
|
|
|
|
2015-06-17 19:40:44 +00:00
|
|
|
app.use(function(req, res, next) {
|
2015-05-25 23:55:18 +00:00
|
|
|
// Remember original destination before login.
|
|
|
|
var path = req.path.split('/')[1];
|
|
|
|
if (/auth|login|logout|signin|signup|fonts|favicon/i.test(path)) {
|
|
|
|
return next();
|
|
|
|
} else if (/\/stories\/comments\/\w+/i.test(req.path)) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
req.session.returnTo = req.path;
|
|
|
|
next();
|
2014-03-08 19:58:27 +00:00
|
|
|
});
|
2014-11-19 23:30:36 +00:00
|
|
|
|
2015-06-04 17:52:12 +00:00
|
|
|
passportConfigurator.setupModels({
|
|
|
|
userModel: app.models.user,
|
|
|
|
userIdentityModel: app.models.userIdentity,
|
|
|
|
userCredentialModel: app.models.userCredential
|
|
|
|
});
|
|
|
|
|
2015-06-04 21:20:37 +00:00
|
|
|
var passportOptions = {
|
2015-06-10 22:12:48 +00:00
|
|
|
emailOptional: true,
|
2015-06-04 21:20:37 +00:00
|
|
|
profileToUser: function(provider, profile) {
|
|
|
|
var emails = profile.emails;
|
|
|
|
// NOTE(berks): get email or set to null.
|
|
|
|
// MongoDB indexs email but can be sparse(blank)
|
|
|
|
var email = emails && emails[0] && emails[0].value ?
|
2015-06-16 18:30:16 +00:00
|
|
|
emails[0].value :
|
|
|
|
null;
|
2015-06-04 21:20:37 +00:00
|
|
|
|
2015-06-10 22:22:57 +00:00
|
|
|
var username = (profile.username || profile.id);
|
2015-06-17 19:40:44 +00:00
|
|
|
username = typeof username === 'string' ? username.toLowerCase() :
|
|
|
|
username;
|
2015-06-04 21:20:37 +00:00
|
|
|
var password = generateKey('password');
|
|
|
|
var userObj = {
|
|
|
|
username: username,
|
2015-06-09 18:37:22 +00:00
|
|
|
password: password
|
2015-06-04 21:20:37 +00:00
|
|
|
};
|
2015-06-09 18:37:22 +00:00
|
|
|
|
|
|
|
if (email) {
|
|
|
|
userObj.email = email;
|
|
|
|
}
|
2015-06-04 21:20:37 +00:00
|
|
|
return userObj;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2015-06-04 17:52:12 +00:00
|
|
|
R.keys(passportProviders).map(function(strategy) {
|
|
|
|
var config = passportProviders[strategy];
|
|
|
|
config.session = config.session !== false;
|
2015-06-10 22:12:48 +00:00
|
|
|
passportConfigurator.configureProvider(
|
|
|
|
strategy,
|
|
|
|
assign(config, passportOptions)
|
|
|
|
);
|
2015-06-04 17:52:12 +00:00
|
|
|
});
|
|
|
|
|
2014-02-01 08:30:14 +00:00
|
|
|
/**
|
2014-06-06 18:58:30 +00:00
|
|
|
* OAuth sign-in routes.
|
2014-02-01 08:30:14 +00:00
|
|
|
*/
|
2014-12-23 21:50:14 +00:00
|
|
|
|
2014-11-19 23:30:36 +00:00
|
|
|
/**
|
|
|
|
* 500 Error Handler.
|
|
|
|
*/
|
2015-06-16 13:42:55 +00:00
|
|
|
|
2015-06-18 03:26:59 +00:00
|
|
|
//if (process.env.NODE_ENV === 'development') {
|
|
|
|
if (true) {
|
2015-06-17 19:40:44 +00:00
|
|
|
app.use(errorHandler({
|
|
|
|
log: true
|
|
|
|
}));
|
2015-03-24 15:03:59 +00:00
|
|
|
} else {
|
2015-06-16 13:42:55 +00:00
|
|
|
app.use(pmx.expressErrorHandler());
|
2015-06-01 23:23:53 +00:00
|
|
|
// error handling in production disabling eslint due to express parity rules
|
|
|
|
// for error handlers
|
|
|
|
app.use(function(err, req, res, next) { // eslint-disable-line
|
2015-03-24 15:03:59 +00:00
|
|
|
|
|
|
|
// respect err.status
|
|
|
|
if (err.status) {
|
|
|
|
res.statusCode = err.status;
|
|
|
|
}
|
|
|
|
|
|
|
|
// default status code to 500
|
|
|
|
if (res.statusCode < 400) {
|
|
|
|
res.statusCode = 500;
|
|
|
|
}
|
|
|
|
|
|
|
|
// parse res type
|
|
|
|
var accept = accepts(req);
|
|
|
|
var type = accept.type('html', 'json', 'text');
|
|
|
|
|
|
|
|
var message = 'opps! Something went wrong. Please try again later';
|
|
|
|
if (type === 'html') {
|
2015-06-17 19:40:44 +00:00
|
|
|
req.flash('errors', {
|
|
|
|
msg: message
|
|
|
|
});
|
2015-03-24 15:03:59 +00:00
|
|
|
return res.redirect('/');
|
2015-04-14 19:36:02 +00:00
|
|
|
// json
|
2015-03-24 15:03:59 +00:00
|
|
|
} else if (type === 'json') {
|
|
|
|
res.setHeader('Content-Type', 'application/json');
|
2015-06-17 19:40:44 +00:00
|
|
|
return res.send({
|
|
|
|
message: message
|
|
|
|
});
|
2015-04-14 19:36:02 +00:00
|
|
|
// plain text
|
2015-03-24 15:03:59 +00:00
|
|
|
} else {
|
|
|
|
res.setHeader('Content-Type', 'text/plain');
|
|
|
|
return res.send(message);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
2014-11-19 23:30:36 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Start Express server.
|
|
|
|
*/
|
2015-04-22 21:53:58 +00:00
|
|
|
|
2015-06-03 00:27:02 +00:00
|
|
|
|
2015-06-17 19:40:44 +00:00
|
|
|
app.listen(app.get('port'), function() {
|
|
|
|
console.log(
|
|
|
|
'FreeCodeCamp server listening on port %d in %s mode',
|
|
|
|
app.get('port'),
|
|
|
|
app.get('env')
|
|
|
|
);
|
|
|
|
});
|
2015-06-16 18:30:16 +00:00
|
|
|
|
2015-06-03 00:27:02 +00:00
|
|
|
// start the server if `$ node server.js`
|
2015-06-16 19:38:22 +00:00
|
|
|
|
2014-11-19 23:30:36 +00:00
|
|
|
|
|
|
|
module.exports = app;
|