From 3368fe855249f45bdf1e4c1e509d325d44e80fbe Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 13 Apr 2018 06:06:18 +0900 Subject: wip --- src/server/api/index.ts | 60 ++++++++++++++++++++----------------------------- 1 file changed, 24 insertions(+), 36 deletions(-) (limited to 'src/server/api/index.ts') diff --git a/src/server/api/index.ts b/src/server/api/index.ts index 5fbacd8a0e..d2427d30ae 100644 --- a/src/server/api/index.ts +++ b/src/server/api/index.ts @@ -2,53 +2,41 @@ * API Server */ -import * as express from 'express'; -import * as bodyParser from 'body-parser'; -import * as cors from 'cors'; -import * as multer from 'multer'; +import * as Koa from 'koa'; +import * as Router from 'koa-router'; +import * as multer from 'koa-multer'; import endpoints from './endpoints'; -/** - * Init app - */ -const app = express(); - -app.disable('x-powered-by'); -app.set('etag', false); -app.use(bodyParser.urlencoded({ extended: true })); -app.use(bodyParser.json({ - type: ['application/json', 'text/plain'], - verify: (req, res, buf, encoding) => { - if (buf && buf.length) { - (req as any).rawBody = buf.toString(encoding || 'utf8'); - } - } -})); -app.use(cors()); - -app.get('/', (req, res) => { - res.send('YEE HAW'); +const handler = require('./api-handler').default; + +// Init app +const app = new Koa(); + +// Init multer instance +const upload = multer({ + storage: multer.diskStorage({}) }); +// Init router +const router = new Router(); + /** * Register endpoint handlers */ -endpoints.forEach(endpoint => - endpoint.withFile ? - app.post(`/${endpoint.name}`, - endpoint.withFile ? multer({ storage: multer.diskStorage({}) }).single('file') : null, - require('./api-handler').default.bind(null, endpoint)) : - app.post(`/${endpoint.name}`, - require('./api-handler').default.bind(null, endpoint)) +endpoints.forEach(endpoint => endpoint.withFile + ? router.post(`/${endpoint.name}`, upload.single('file'), handler.bind(null, endpoint)) + : router.post(`/${endpoint.name}`, handler.bind(null, endpoint)) ); -app.post('/signup', require('./private/signup').default); -app.post('/signin', require('./private/signin').default); +router.post('/signup', require('./private/signup').default); +router.post('/signin', require('./private/signin').default); -require('./service/github')(app); -require('./service/twitter')(app); +router.use(require('./service/github').routes()); +router.use(require('./service/twitter').routes()); +router.use(require('./bot/interfaces/line').routes()); -require('./bot/interfaces/line')(app); +// Register router +app.use(router.routes()); module.exports = app; -- cgit v1.2.3-freya From 61f21594a9edbb3102d6a0f45c1e95ed82c3f606 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 13 Apr 2018 07:34:27 +0900 Subject: wip --- src/server/api/index.ts | 2 ++ src/server/file/pour.ts | 5 +++-- src/server/index.ts | 16 +++++++--------- src/server/web/index.ts | 17 ++++++++--------- 4 files changed, 20 insertions(+), 20 deletions(-) (limited to 'src/server/api/index.ts') diff --git a/src/server/api/index.ts b/src/server/api/index.ts index d2427d30ae..c383e1cf8d 100644 --- a/src/server/api/index.ts +++ b/src/server/api/index.ts @@ -5,6 +5,7 @@ import * as Koa from 'koa'; import * as Router from 'koa-router'; import * as multer from 'koa-multer'; +import * as bodyParser from 'koa-bodyparser'; import endpoints from './endpoints'; @@ -12,6 +13,7 @@ const handler = require('./api-handler').default; // Init app const app = new Koa(); +app.use(bodyParser); // Init multer instance const upload = multer({ diff --git a/src/server/file/pour.ts b/src/server/file/pour.ts index 2a31cb5898..b38b969c2d 100644 --- a/src/server/file/pour.ts +++ b/src/server/file/pour.ts @@ -80,10 +80,11 @@ export default function(readable: stream.Readable, type: string, ctx: Koa.Contex } if (ctx.query.download !== undefined) { - ctx.header('Content-Disposition', 'attachment'); + ctx.set('Content-Disposition', 'attachment'); } - ctx.header('Content-Type', data.contentType); + ctx.set('Cache-Control', 'max-age=31536000, immutable'); + ctx.set('Content-Type', data.contentType); data.stream.pipe(ctx.res); diff --git a/src/server/index.ts b/src/server/index.ts index 02362037ee..a637e8598b 100644 --- a/src/server/index.ts +++ b/src/server/index.ts @@ -4,10 +4,9 @@ import * as fs from 'fs'; import * as http from 'http'; -import * as https from 'https'; +import * as http2 from 'http2'; import * as Koa from 'koa'; import * as Router from 'koa-router'; -import * as bodyParser from 'koa-bodyparser'; import * as mount from 'koa-mount'; import activityPub from './activitypub'; @@ -17,14 +16,13 @@ import config from '../config'; // Init app const app = new Koa(); app.proxy = true; -app.use(bodyParser); // HSTS // 6months (15552000sec) if (config.url.startsWith('https')) { - app.use((ctx, next) => { + app.use(async (ctx, next) => { ctx.set('strict-transport-security', 'max-age=15552000; preload'); - next(); + await next(); }); } @@ -38,20 +36,20 @@ const router = new Router(); router.use(activityPub.routes()); router.use(webFinger.routes()); -app.use(mount(require('./web'))); - // Register router app.use(router.routes()); +app.use(mount(require('./web'))); + function createServer() { if (config.https) { const certs = {}; Object.keys(config.https).forEach(k => { certs[k] = fs.readFileSync(config.https[k]); }); - return https.createServer(certs, app.callback); + return http2.createSecureServer(certs, app.callback()); } else { - return http.createServer(app.callback); + return http.createServer(app.callback()); } } diff --git a/src/server/web/index.ts b/src/server/web/index.ts index b28ad5592c..dd296f875d 100644 --- a/src/server/web/index.ts +++ b/src/server/web/index.ts @@ -2,15 +2,13 @@ * Web Client Server */ -import * as path from 'path'; import ms = require('ms'); - import * as Koa from 'koa'; import * as Router from 'koa-router'; import * as send from 'koa-send'; import * as favicon from 'koa-favicon'; -const client = path.resolve(`${__dirname}/../../client/`); +const client = `${__dirname}/../../client/`; // Init app const app = new Koa(); @@ -19,10 +17,10 @@ const app = new Koa(); app.use(favicon(`${client}/assets/favicon.ico`)); // Common request handler -app.use((ctx, next) => { +app.use(async (ctx, next) => { // IFrameの中に入れられないようにする ctx.set('X-Frame-Options', 'DENY'); - next(); + await next(); }); // Init router @@ -30,9 +28,9 @@ const router = new Router(); //#region static assets -router.get('/assets', async ctx => { +router.get('/assets/*', async ctx => { await send(ctx, ctx.path, { - root: `${client}/assets`, + root: client, maxage: ms('7 days'), immutable: true }); @@ -63,8 +61,9 @@ router.get('url', require('./url-preview')); // Render base html for all requests router.get('*', async ctx => { - await send(ctx, `${client}/app/base.html`, { - maxage: ms('7 days'), + await send(ctx, `app/base.html`, { + root: client, + maxage: ms('3 days'), immutable: true }); }); -- cgit v1.2.3-freya From 22d2f2051c4cbe3da5b9ece674f36a6555f8c953 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 13 Apr 2018 09:44:00 +0900 Subject: wip --- src/client/app/common/mios.ts | 5 +++-- src/server/api/api-handler.ts | 16 +++++++++++++--- src/server/api/bot/interfaces/line.ts | 2 +- src/server/api/call.ts | 4 +--- src/server/api/index.ts | 4 +++- src/server/api/private/signin.ts | 6 +++--- src/server/api/private/signup.ts | 6 +++--- src/server/api/service/github.ts | 8 ++++++-- src/server/file/index.ts | 7 ++++++- src/server/file/pour.ts | 8 +------- 10 files changed, 40 insertions(+), 26 deletions(-) (limited to 'src/server/api/index.ts') diff --git a/src/client/app/common/mios.ts b/src/client/app/common/mios.ts index a09af799be..ccc73eebc3 100644 --- a/src/client/app/common/mios.ts +++ b/src/client/app/common/mios.ts @@ -444,9 +444,10 @@ export default class MiOS extends EventEmitter { // Append a credential if (this.isSignedIn) (data as any).i = this.i.token; - const viaStream = localStorage.getItem('apiViaStream') ? localStorage.getItem('apiViaStream') == 'true' : true; - return new Promise((resolve, reject) => { + const viaStream = this.stream.hasConnection && + (localStorage.getItem('apiViaStream') ? localStorage.getItem('apiViaStream') == 'true' : true); + if (viaStream) { const stream = this.stream.borrow(); const id = Math.random().toString(); diff --git a/src/server/api/api-handler.ts b/src/server/api/api-handler.ts index 2c50234317..947794a20e 100644 --- a/src/server/api/api-handler.ts +++ b/src/server/api/api-handler.ts @@ -25,11 +25,21 @@ export default async (endpoint: Endpoint, ctx: Koa.Context) => { // Authentication try { - [user, app] = await authenticate(ctx.body['i']); + [user, app] = await authenticate(ctx.request.body['i']); } catch (e) { - return reply(403, 'AUTHENTICATION_FAILED'); + reply(403, 'AUTHENTICATION_FAILED'); + return; } + let res; + // API invoking - call(endpoint, user, app, ctx.body, ctx.req).then(reply).catch(e => reply(400, e)); + try { + res = await call(endpoint, user, app, ctx.request.body, ctx.req); + } catch (e) { + reply(400, e); + return; + } + + reply(res); }; diff --git a/src/server/api/bot/interfaces/line.ts b/src/server/api/bot/interfaces/line.ts index 454630161a..733315391d 100644 --- a/src/server/api/bot/interfaces/line.ts +++ b/src/server/api/bot/interfaces/line.ts @@ -226,7 +226,7 @@ if (config.line_bot) { // シグネチャ比較 if (sig1 === sig2) { - ctx.body.events.forEach(ev => { + ctx.request.body.events.forEach(ev => { handler.emit('event', ev); }); } else { diff --git a/src/server/api/call.ts b/src/server/api/call.ts index c25f55ed3f..cc40294657 100644 --- a/src/server/api/call.ts +++ b/src/server/api/call.ts @@ -6,11 +6,9 @@ import limitter from './limitter'; import { IUser } from '../../models/user'; import { IApp } from '../../models/app'; -export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => { +export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => { const isSecure = user != null && app == null; - //console.log(endpoint, user, app, data); - const ep = typeof endpoint == 'string' ? endpoints.find(e => e.name == endpoint) : endpoint; if (ep.secure && !isSecure) { diff --git a/src/server/api/index.ts b/src/server/api/index.ts index c383e1cf8d..2ea5fccb5b 100644 --- a/src/server/api/index.ts +++ b/src/server/api/index.ts @@ -13,7 +13,9 @@ const handler = require('./api-handler').default; // Init app const app = new Koa(); -app.use(bodyParser); +app.use(bodyParser({ + detectJSON: () => true +})); // Init multer instance const upload = multer({ diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index 55326deeaf..1737007206 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -11,9 +11,9 @@ export default async (ctx: Koa.Context) => { ctx.set('Access-Control-Allow-Origin', config.url); ctx.set('Access-Control-Allow-Credentials', 'true'); - const username = ctx.body['username']; - const password = ctx.body['password']; - const token = ctx.body['token']; + const username = ctx.request.body['username']; + const password = ctx.request.body['password']; + const token = ctx.request.body['token']; if (typeof username != 'string') { ctx.status = 400; diff --git a/src/server/api/private/signup.ts b/src/server/api/private/signup.ts index a4554be4ae..15257b869f 100644 --- a/src/server/api/private/signup.ts +++ b/src/server/api/private/signup.ts @@ -37,7 +37,7 @@ export default async (ctx: Koa.Context) => { // Verify recaptcha // ただしテスト時はこの機構は障害となるため無効にする if (process.env.NODE_ENV !== 'test') { - const success = await recaptcha(ctx.body['g-recaptcha-response']); + const success = await recaptcha(ctx.request.body['g-recaptcha-response']); if (!success) { ctx.throw(400, 'recaptcha-failed'); @@ -45,8 +45,8 @@ export default async (ctx: Koa.Context) => { } } - const username = ctx.body['username']; - const password = ctx.body['password']; + const username = ctx.request.body['username']; + const password = ctx.request.body['password']; // Validate username if (!validateUsername(username)) { diff --git a/src/server/api/service/github.ts b/src/server/api/service/github.ts index ee226cc5cc..cd9760a36d 100644 --- a/src/server/api/service/github.ts +++ b/src/server/api/service/github.ts @@ -35,10 +35,14 @@ if (config.github_bot != null) { const secret = config.github_bot.hook_secret; router.post('/hooks/github', ctx => { + const body = JSON.stringify(ctx.request.body); + const hash = crypto.createHmac('sha1', secret).update(body).digest('hex'); const sig1 = new Buffer(ctx.headers['x-hub-signature']); - const sig2 = new Buffer(`sha1=${crypto.createHmac('sha1', secret).update(JSON.stringify(ctx.body)).digest('hex')}`); + const sig2 = new Buffer(`sha1=${hash}`); + + // シグネチャ比較 if (sig1.equals(sig2)) { - handler.emit(ctx.headers['x-github-event'], ctx.body); + handler.emit(ctx.headers['x-github-event'], ctx.request.body); ctx.status = 204; } else { ctx.status = 400; diff --git a/src/server/file/index.ts b/src/server/file/index.ts index d58939f1be..d305286d12 100644 --- a/src/server/file/index.ts +++ b/src/server/file/index.ts @@ -13,6 +13,11 @@ import sendDriveFile from './send-drive-file'; const app = new Koa(); app.use(cors()); +app.use(async (ctx, next) => { + ctx.set('Cache-Control', 'max-age=31536000, immutable'); + await next(); +}); + // Init router const router = new Router(); @@ -27,7 +32,7 @@ router.get('/app-default.jpg', ctx => { }); router.get('/:id', sendDriveFile); -router.get('/:id/:name', sendDriveFile); +router.get('/:id/*', sendDriveFile); // Register router app.use(router.routes()); diff --git a/src/server/file/pour.ts b/src/server/file/pour.ts index b38b969c2d..0fd0ad0e60 100644 --- a/src/server/file/pour.ts +++ b/src/server/file/pour.ts @@ -83,12 +83,6 @@ export default function(readable: stream.Readable, type: string, ctx: Koa.Contex ctx.set('Content-Disposition', 'attachment'); } - ctx.set('Cache-Control', 'max-age=31536000, immutable'); ctx.set('Content-Type', data.contentType); - - data.stream.pipe(ctx.res); - - data.stream.on('end', () => { - ctx.res.end(); - }); + ctx.body = data.stream; } -- cgit v1.2.3-freya From e2e7babee0de35385eb74830c82eaccdb28f013a Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 13 Apr 2018 11:44:39 +0900 Subject: wip --- src/server/api/api-handler.ts | 6 ++++-- src/server/api/call.ts | 7 +++---- src/server/api/common/signin.ts | 4 +++- src/server/api/index.ts | 3 ++- src/server/api/private/signin.ts | 4 ++-- 5 files changed, 14 insertions(+), 10 deletions(-) (limited to 'src/server/api/index.ts') diff --git a/src/server/api/api-handler.ts b/src/server/api/api-handler.ts index 947794a20e..e716dcdc01 100644 --- a/src/server/api/api-handler.ts +++ b/src/server/api/api-handler.ts @@ -7,6 +7,8 @@ import { IUser } from '../../models/user'; import { IApp } from '../../models/app'; export default async (endpoint: Endpoint, ctx: Koa.Context) => { + const body = ctx.is('multipart/form-data') ? (ctx.req as any).body : ctx.request.body; + const reply = (x?: any, y?: any) => { if (x === undefined) { ctx.status = 204; @@ -25,7 +27,7 @@ export default async (endpoint: Endpoint, ctx: Koa.Context) => { // Authentication try { - [user, app] = await authenticate(ctx.request.body['i']); + [user, app] = await authenticate(body['i']); } catch (e) { reply(403, 'AUTHENTICATION_FAILED'); return; @@ -35,7 +37,7 @@ export default async (endpoint: Endpoint, ctx: Koa.Context) => { // API invoking try { - res = await call(endpoint, user, app, ctx.request.body, ctx.req); + res = await call(endpoint, user, app, body, (ctx.req as any).file); } catch (e) { reply(400, e); return; diff --git a/src/server/api/call.ts b/src/server/api/call.ts index cc40294657..713add566a 100644 --- a/src/server/api/call.ts +++ b/src/server/api/call.ts @@ -1,4 +1,3 @@ -import * as http from 'http'; import * as multer from 'koa-multer'; import endpoints, { Endpoint } from './endpoints'; @@ -6,7 +5,7 @@ import limitter from './limitter'; import { IUser } from '../../models/user'; import { IApp } from '../../models/app'; -export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => { +export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, file?: any) => new Promise(async (ok, rej) => { const isSecure = user != null && app == null; const ep = typeof endpoint == 'string' ? endpoints.find(e => e.name == endpoint) : endpoint; @@ -36,8 +35,8 @@ export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, let exec = require(`${__dirname}/endpoints/${ep.name}`); - if (ep.withFile && req) { - exec = exec.bind(null, (req as multer.MulterIncomingMessage).file); + if (ep.withFile && file) { + exec = exec.bind(null, file); } let res; diff --git a/src/server/api/common/signin.ts b/src/server/api/common/signin.ts index f57c38414c..44e1336f27 100644 --- a/src/server/api/common/signin.ts +++ b/src/server/api/common/signin.ts @@ -3,7 +3,7 @@ import * as Koa from 'koa'; import config from '../../../config'; import { ILocalUser } from '../../../models/user'; -export default function(ctx: Koa.Context, user: ILocalUser, redirect: boolean) { +export default function(ctx: Koa.Context, user: ILocalUser, redirect = false) { const expires = 1000 * 60 * 60 * 24 * 365; // One Year ctx.cookies.set('i', user.token, { path: '/', @@ -16,5 +16,7 @@ export default function(ctx: Koa.Context, user: ILocalUser, redirect: boolean) { if (redirect) { ctx.redirect(config.url); + } else { + ctx.status = 204; } } diff --git a/src/server/api/index.ts b/src/server/api/index.ts index 2ea5fccb5b..009c99acae 100644 --- a/src/server/api/index.ts +++ b/src/server/api/index.ts @@ -14,7 +14,8 @@ const handler = require('./api-handler').default; // Init app const app = new Koa(); app.use(bodyParser({ - detectJSON: () => true + // リクエストが multipart/form-data でない限りはJSONだと見なす + detectJSON: ctx => !ctx.is('multipart/form-data') })); // Init multer instance diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index 1737007206..5450c7ad27 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -60,14 +60,14 @@ export default async (ctx: Koa.Context) => { }); if (verified) { - signin(ctx, user, false); + signin(ctx, user); } else { ctx.throw(400, { error: 'invalid token' }); } } else { - signin(ctx, user, false); + signin(ctx, user); } } else { ctx.throw(400, { -- cgit v1.2.3-freya