X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=e76959978eddab7a554dbe80eb4d31ffa9c10d8a;hb=HEAD;hp=6dcde1ec201b1a212beb704d99c61edebcd75be9;hpb=3c547e314b79a31fb3f15412a47707a22dc3eefd;p=websub-hub diff --git a/src/service.js b/src/service.js index 6dcde1e..fbbb1c4 100644 --- a/src/service.js +++ b/src/service.js @@ -10,17 +10,18 @@ const common = require('./common'); const Enum = require('./enum'); const Manager = require('./manager'); const { Authenticator, SessionManager } = require('@squeep/authentication-module'); +const { initContext, navLinks } = require('./template/template-helper'); const path = require('path'); const _fileScope = common.fileScope(__filename); class Service extends Dingus { - constructor(logger, db, options) { + constructor(logger, db, options, asyncLocalStorage) { super(logger, { ...options.dingus, ignoreTrailingSlash: false, }); - + this.asyncLocalStorage = asyncLocalStorage; this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); this.sessionManager = new SessionManager(logger, this.authenticator, options); @@ -31,10 +32,10 @@ class Service extends Dingus { this.on('POST', '/', this.handlerPostRoot.bind(this)); // Information page about service - this.on(['GET', 'HEAD'], '/', this.handlerGetRoot.bind(this)); + this.on(['GET'], '/', this.handlerGetRoot.bind(this)); // Give load-balancers something to check - this.on(['GET', 'HEAD'], '/healthcheck', this.handlerGetHealthcheck.bind(this)); + this.on(['GET'], '/healthcheck', this.handlerGetHealthcheck.bind(this)); // Public information about topics this.on('GET', '/info', this.handlerGetInfo.bind(this)); @@ -42,16 +43,17 @@ class Service extends Dingus { // These routes are intended for accessing static content during development. // In production, a proxy server would likely handle these first. - this.on(['GET', 'HEAD'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); - this.on(['GET', 'HEAD'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html'); - this.on(['GET', 'HEAD'], '/static/:file', this.handlerGetStaticFile.bind(this)); - this.on(['GET', 'HEAD'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico'); - this.on(['GET', 'HEAD'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt'); + this.on(['GET'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); + this.on(['GET'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html'); + this.on(['GET'], '/static/:file', this.handlerGetStaticFile.bind(this)); + this.on(['GET'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico'); + this.on(['GET'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt'); // Private informational endpoints - this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); - this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this)); - this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this)); + this.on(['GET'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); + this.on(['GET'], '/admin/', this.handlerGetAdminOverview.bind(this)); + this.on(['GET'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this)); + this.on(['GET'], '/admin/topic/:topicId/history.svg', this.handlerGetHistorySVG.bind(this)); // Private data-editing endpoints this.on(['PATCH', 'DELETE'], '/admin/topic/:topicId', this.handlerUpdateTopic.bind(this)); @@ -61,22 +63,51 @@ class Service extends Dingus { this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this)); // Admin login - this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this)); + this.on(['GET'], '/admin/login', this.handlerGetAdminLogin.bind(this)); this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this)); + this.on(['GET'], '/admin/settings', this.handlerGetAdminSettings.bind(this)); + this.on(['POST'], '/admin/settings', this.handlerPostAdminSettings.bind(this)); } + /** + * @typedef {import('node:http')} http + */ /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * Rearrange logging data. + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async preHandler(req, res, ctx) { + await super.preHandler(req, res, ctx); + ctx.url = req.url; // Persisted for logout redirect + + const logObject = this.asyncLocalStorage.getStore(); + // FIXME: for some reason, returning from the super.preHandler sometimes loses async context? + // Workaround until cause and solution are found. + if (logObject) { + logObject.requestId = ctx.requestId; + delete ctx.requestId; + } else { + this.logger.debug(_fileScope('preHandler'), 'lost async context', { req, ctx }); + } + } + + + /** + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); await this.ingestBody(req, res, ctx); @@ -86,35 +117,35 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); const responseTypes = [ Enum.ContentType.TextHTML, ]; - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); - Dingus.setHeadHandler(req, res, ctx); + initContext(ctx); this.setResponseType(responseTypes, req, res, ctx); + await this.authenticator.sessionOptional(req, res, ctx, this.loginPath); + await this.manager.getRoot(req, res, ctx); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - - Dingus.setHeadHandler(req, res, ctx); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); @@ -123,88 +154,94 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetInfo(req, res, ctx) { const _scope = _fileScope('handlerGetInfo'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); const responseTypes = [...this.responseTypes, Enum.ContentType.ImageSVG]; - Dingus.setHeadHandler(req, res, ctx); - this.setResponseType(responseTypes, req, res, ctx); await this.manager.getInfo(res, ctx); } + async handlerGetHistorySVG(req, res, ctx) { + const _scope = _fileScope('handlerGetHist'); + this.logger.debug(_scope, 'called', { req, ctx }); + + const responseTypes = [Enum.ContentType.ImageSVG]; + + this.setResponseType(responseTypes, req, res, ctx); + + await this.manager.getHistorySVG(res, ctx); + } + + /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminOverview(req, res, ctx) { const _scope = _fileScope('handlerGetAdminOverview'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); - Dingus.setHeadHandler(req, res, ctx); + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); - - await this.manager.getAdminOverview(res, ctx); + if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) { + await this.manager.getAdminOverview(res, ctx); + } } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminTopicDetails(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTopicDetails'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); - Dingus.setHeadHandler(req, res, ctx); + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); - - await this.manager.getTopicDetails(res, ctx); + if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) { + await this.manager.getTopicDetails(res, ctx); + } } /** - * Similar to super.ingestBody, but if no body was sent, do not parse (and - * thus avoid possible unsupported media type error). - * Also removes raw body from context, to simplify scrubbing sensitive data from logs. - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * If no body was sent, do not parse (and thus avoid possible unsupported media type error). + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + * @returns {Promise} parsed body */ async maybeIngestBody(req, res, ctx) { - ctx.rawBody = await this.bodyData(req); - const contentType = Dingus.getRequestContentType(req); - if (ctx.rawBody) { - this.parseBody(contentType, ctx); - delete ctx.rawBody; - } + return super.ingestBody(req, res, ctx, { + parseEmptyBody: false, + }); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerUpdateTopic(req, res, ctx) { const _scope = _fileScope('handlerUpdateTopic'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); @@ -217,13 +254,13 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerUpdateSubscription(req, res, ctx) { const _scope = _fileScope('handlerUpdateSubscription'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); @@ -233,16 +270,16 @@ class Service extends Dingus { ctx.method = req.method; await this.manager.updateSubscription(res, ctx); } - + /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAdminProcess(req, res, ctx) { const _scope = _fileScope('handlerPostAdminProcess'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); @@ -254,15 +291,15 @@ class Service extends Dingus { /** * Delegate login to authentication module. - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminLogin(req, res, ctx) { const _scope = _fileScope('handlerGetAdminLogin'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); - Dingus.setHeadHandler(req, res, ctx); + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); @@ -272,13 +309,15 @@ class Service extends Dingus { /** * Delegate login to authentication module. - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAdminLogin(req, res, ctx) { const _scope = _fileScope('handlerPostAdminLogin'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); @@ -290,15 +329,58 @@ class Service extends Dingus { } + /** + * Delegate account settings to authentication module. + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async handlerGetAdminSettings(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminSettings'); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + if (await this.authenticator.sessionRequiredLocal(req, res, ctx)) { + await this.sessionManager.getAdminSettings(res, ctx, navLinks); + } + } + + + /** + * Delegate account settings to authentication module. + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async handlerPostAdminSettings(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminSettings'); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + if (await this.authenticator.sessionRequiredLocal(req, res, ctx)) { + await this.maybeIngestBody(req, res, ctx); + await this.sessionManager.postAdminSettings(res, ctx, navLinks); + } + } + + /** * Delegate login to authentication module. - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminLogout(req, res, ctx) { const _scope = _fileScope('handlerGetAdminLogout'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); this.setResponseType(this.responseTypes, req, res, ctx); @@ -310,18 +392,17 @@ class Service extends Dingus { /** * Delegate login to authentication module. - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.ClientRequest} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminIA(req, res, ctx) { const _scope = _fileScope('handlerGetAdminIA'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); - this.setResponseType(this.responseTypes, req, res, ctx); + initContext(ctx); - // Special case here, to see cookie before session established - ctx.cookie = req.getHeader(Enum.Header.Cookie); + this.setResponseType(this.responseTypes, req, res, ctx); await this.sessionManager.getAdminIA(res, ctx); }