var bodyParser = require('body-parser') var Cookies = require('cookies') var express = require('express') var fs = require('fs') var marked = require('marked') var Handlebars = require('handlebars') var Error = require('http-errors') var Search = require('./search') var Middleware = require('./middleware') var match = Middleware.match var validate_name = Middleware.validate_name var validate_pkg = Middleware.validate_package module.exports = function(config, auth, storage) { var app = express.Router() var can = Middleware.allow(config) // validate all of these params as a package name // this might be too harsh, so ask if it causes trouble app.param('package', validate_pkg) app.param('filename', validate_name) app.param('version', validate_name) app.param('anything', match(/.*/)) app.use(Cookies.express()) app.use(bodyParser.urlencoded({ extended: false })) app.use(auth.cookie_middleware()) app.use(function(req, res, next) { // disable loading in frames (clickjacking, etc.) res.header('X-Frame-Options', 'deny') next() }) Search.configureStorage(storage) Handlebars.registerPartial('entry', fs.readFileSync(require.resolve('./GUI/entry.hbs'), 'utf8')) var template = Handlebars.compile(fs.readFileSync(require.resolve('./GUI/index.hbs'), 'utf8')) app.get('/', function(req, res, next) { var base = config.url_prefix || req.protocol + '://' + req.get('host') res.setHeader('Content-Type', 'text/html') storage.get_local(function(err, packages) { if (err) throw err // that function shouldn't produce any next(template({ name: config.web && config.web.title ? config.web.title : 'Sinopia', packages: packages.filter(allow), baseUrl: base, username: req.remote_user.name, })) }) function allow(package) { return config.allow_access(package.name, req.remote_user) } }) // Static app.get('/-/static/:filename', function(req, res, next) { var file = __dirname + '/static/' + req.params.filename res.sendFile(file, function(err) { if (!err) return if (err.status === 404) { next() } else { next(err) } }) }) app.get('/-/logo', function(req, res, next) { res.sendFile(config.web.logo ? config.web.logo : __dirname + '/static/logo.png') }) app.get('/-/logo-sm', function(req, res, next) { res.sendFile(config.web.logosm ? config.web.logosm : __dirname + '/static/logo-sm.png') }) app.post('/-/login', function(req, res, next) { auth.authenticate(req.body.user, req.body.pass, function(err, user) { if (!err) { req.remote_user = user //res.cookies.set('token', auth.issue_token(req.remote_user)) var str = req.body.user + ':' + req.body.pass res.cookies.set('token', auth.aes_encrypt(str).toString('base64')) } var base = config.url_prefix || req.protocol + '://' + req.get('host') res.redirect(base) }) }) app.post('/-/logout', function(req, res, next) { var base = config.url_prefix || req.protocol + '://' + req.get('host') res.cookies.set('token', '') res.redirect(base) }) // Search app.get('/-/search/:anything', function(req, res, next) { var results = Search.query(req.params.anything) var packages = [] var getData = function(i) { storage.get_package(results[i].ref, function(err, entry) { if (!err && entry) { packages.push(entry.versions[entry['dist-tags'].latest]) } if (i >= results.length - 1) { next(packages) } else { getData(i + 1) } }) } if (results.length) { getData(0) } else { next([]) } }) // Readme marked.setOptions({ highlight: function (code) { return require('highlight.js').highlightAuto(code).value } }) app.get('/-/readme/:package/:version?', can('access'), function(req, res, next) { storage.get_package(req.params.package, {req: req}, function(err, info) { if (err) return next(err) next( marked(info.readme || 'ERROR: No README data found!') ) }) }) return app }