Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

server.js 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. /**
  2. * Express based http & https server
  3. *
  4. * Requires express >= 4
  5. */
  6. /*
  7. var common = require ('./server/common'),
  8. authorize = require ('./server/authorization'),
  9. dbs = require ('./server/dbs'),
  10. files = require ('./server/files');
  11. */
  12. const fs = require ('fs'),
  13. http = require ('http'),
  14. https = require ('https'),
  15. express = require ('express'),
  16. session = require ('express-session'), // session management
  17. morgan = require ('morgan'), // logger
  18. //serveFavicon = require ('serve-favicon'),
  19. bodyParser = require ('body-parser');
  20. //MongoStore = require ('connect-mongo')(session); // uss mongodb as session storage
  21. var app = express();
  22. var http_port=8888;
  23. https_port=8889;
  24. /*
  25. * Init
  26. */
  27. /*ll
  28. common .init ();
  29. authorize.init (common);
  30. dbs .init (common);
  31. files .init (common);
  32. */
  33. // Security
  34. app.disable ('x-powered-by'); // TODO: Disable Header information: Powerd by Express -> Information disclosure
  35. /*
  36. * Route Control
  37. */
  38. // Logger
  39. app.use (morgan ('dev'));
  40. //app.use(express.logger ( { format: 'default', stream: output_stream } ));
  41. // Fastpaths
  42. //app.use (serveFavicon (__dirname + '/public/favicon.ico'));
  43. // Session Management
  44. app.use (session({
  45. secret: 'adluhohks',
  46. resave: false,
  47. saveUninitialized: false,
  48. cookie: {
  49. maxAge: 30*24*3600*1000, // TODO: ttl for session as well (Store)
  50. secure: false, // true for https only
  51. },
  52. name: 'om.sid',
  53. //store: new MongoStore ({mongooseConnection: dbs.mongoose.connection, ttl: 30*24*3600}), // mongoose + connect-mongo
  54. //store: new MemoryStore ({checkPeriod: 24*3600*1000}), // memorystore
  55. }));
  56. // Args
  57. app.use (bodyParser.json());
  58. app.use (bodyParser.urlencoded({extended: true}));
  59. // API
  60. //var api_routes = express.Router(); // express app-object routing
  61. //app.use ('/api', api_routes);
  62. // Static Files
  63. app.use (express.static(__dirname + '/public')); // Allow server access to 'public' folder
  64. // Other stuff is NOT authorized unless logged in
  65. //app.use (authorize.genCheckAuthorized ('user'));
  66. // Uploaded files
  67. //app.use ('/uploads', express.static(__dirname + '/uploads'));
  68. // Errors
  69. // No error so far? Then it's a 404!
  70. //app.use (function (req, res, next) { next (common.genError (404, req.url)); });
  71. //app.use (routes.errorHandler (true)); /* true: show stack traces */ // TODO: Error Handler
  72. /*
  73. * API
  74. */
  75. /*
  76. // API allowed for all
  77. api_routes.post ('/login', authorize.login); // /api/login
  78. // Validate all other API calls
  79. api_routes.use (authorize.genCheckAuthorized ('user'));
  80. api_routes.post ('/logout', authorize.logout);
  81. function addRoutes (r) {
  82. for (var e in r.routes) {
  83. var params = r.routes[e].params ? "/" + r.routes[e].params : "";
  84. console.log ("Adding routes for /" + e + params + ":" +
  85. (r.routes[e].get ? " get":" ") + (r.routes[e].post ? " post":" ") +
  86. (r.routes[e].put ? " put":" ") + (r.routes[e].delete ? " delete":" "));
  87. if (r.routes[e].get)
  88. api_routes.get ('/' + e + params, r.routes[e].get);
  89. if (r.routes[e].post)
  90. api_routes.post ('/' + e + params, r.routes[e].post);
  91. if (r.routes[e].put)
  92. api_routes.put ('/' + e + params, r.routes[e].put);
  93. if (r.routes[e].delete)
  94. api_routes.delete ('/' + e + params, r.routes[e].delete);
  95. }
  96. }
  97. addRoutes (dbs);
  98. addRoutes (files);
  99. */
  100. /*
  101. * Servers
  102. */
  103. http.createServer (app) .listen (http_port, function () {
  104. console.log ("Express http server listening on port " + http_port);
  105. });
  106. /*
  107. * SSL certificates
  108. *
  109. * Keys + Certificate in current dir (not servable!)
  110. * to create (self-signed) SSL certs:
  111. *
  112. * openssl genrsa -out privatekey.pem 1024
  113. * openssl req -new -key privatekey.pem -out certrequest.csr
  114. * openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
  115. * rm certrequest.csr
  116. */
  117. var options;
  118. try {
  119. try {
  120. // In case it's a real certificate: add CA chain cersts (TODO: use array if required)
  121. /* Uncomment if real certificate is required and available
  122. var ca = fs.readFileSync ('keys/ca_cert.pem');
  123. } catch (e) {
  124. ca = undefined;
  125. console.log ("Note: Can't read CA bundle: "+e);
  126. }
  127. */
  128. options = {
  129. key: fs.readFileSync ('keys/omkey.pem'),
  130. cert: fs.readFileSync ('keys/certificate.pem'),
  131. ca: ca
  132. };
  133. https.createServer (options, app) .listen (https_port, function () {
  134. console.log ("Express https server listening on port " + https_port);
  135. });
  136. } catch (e) {
  137. console.log ("Note: Can't read SSL keys/certs: "+e+"\nDisabling https server");
  138. }
  139. /*
  140. * Uncaught Exceptions
  141. */
  142. process.on ("uncaughtException", function (err) {
  143. console.error ("*** Uncaught Exception:");
  144. console.error (err.stack);
  145. });