traffic_portal/server.js - trafficcontrol - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 var constants = require('constants'),
     express = require('express'),
     http = require('http'),
     https = require('https'),
     fs = require('fs'),
     morgan = require('morgan'),
     modRewrite = require('connect-modrewrite'),
     timeout = require('connect-timeout');

 var config;

 // forward-compatible in case this script becomes executable with a node
 // shebang.
 if (process.argv.length === 3 || process.argv.length === 4 && process.argv.slice(-2)[0] === "-c") {
     config = require(process.argv.slice(-1)[0]);
 } else {
     try {
         config = require('/etc/traffic_portal/conf/config');
     }
     catch(e) {
         let file = "./conf/config";
         if((process.env.NODE_ENV || "prod") === "dev")
             file = './conf/configDev';
         config = require(file);
     }
 }

 const useSSL = config.useSSL;
 let logStream;
 if (!Object.prototype.hasOwnProperty.call(config, "log") || !config.log || !Object.prototype.hasOwnProperty.call(config.log, "stream") || !config.log.stream) {
     logStream = null;
 } else {
     logStream = fs.createWriteStream(config.log.stream, { flags: 'a' })
 }
 // Disable for self-signed certs in dev/test
 process.env.NODE_TLS_REJECT_UNAUTHORIZED = config.reject_unauthorized;

 var app = express();
 app.use(function(_, resp, next) {
     resp.setHeader("Permissions-Policy", "interest-cohort=()")
     next();
 });

 app.use(function(req, res, next) {
     var err = null;
     try {
         decodeURIComponent(req.path);
     }
     catch(e) {
         err = e;
     }
     if (err){
         console.log(err, req.url);
     }
     next();
 });

 // Add a handler to inspect the req.secure flag (see
 // http://expressjs.com/api#req.secure). This allows us
 // to know whether the request was via http or https.
 app.all ("/*", function (req, res, next) {
     if (useSSL && !req.secure) {
         // request was via http, so redirect to https
         return res.redirect(['https://', req.get('Host'), ':', config.sslPort, req.url].join(''));
     } else {
         // request was via https or useSSL=false, so do no special handling
         next();
     }
 });

 app.use(modRewrite([
     '^/api/(.*?)\\?(.*)$ ' + config.api.base_url + '$1?$2 [P]',
     '^/api/(.*)$ ' + config.api.base_url + '$1 [P]',
     '^/sso\\?(.*)$ ' + '#!/sso?$1 [R]'
 ]));

 app.use(express.static(config.files.static));

 let morganOpts = {
     skip: (_, res) => res.statusCode < 400
 };
 if (logStream !== null) {
     morganOpts.stream = logStream;
 }

 app.use(morgan('combined', morganOpts));
 app.use(timeout(config.timeout));

 if (app.get('env') === 'dev') {
     app.use(require('connect-livereload')({
         port: 35728,
         excludeList: ['.woff', '.flv']
     }));
 } else {
     app.set('env', 'production');
 }

 // Enable reverse proxy support in Express. This causes the
 // the "X-Forwarded-Proto" header field to be trusted so its
 // value can be used to determine the protocol. See
 // http://expressjs.com/api#app-settings for more details.
 app.enable('trust proxy');

 // Startup HTTP Server
 var httpServer = http.createServer(app);
 httpServer.listen(config.port);

 if (useSSL) {
     //
     // Supply `SSL_OP_NO_SSLv3` constant as secureOption to disable SSLv3
     // from the list of supported protocols that SSLv23_method supports.
     //
     var sslOptions = {};
     sslOptions['secureOptions'] = constants.SSL_OP_NO_TLSv1;

     sslOptions['key'] = fs.readFileSync(config.ssl.key);
     sslOptions['cert'] = fs.readFileSync(config.ssl.cert);
     sslOptions['ca'] = config.ssl.ca.map(function(cert){
         return fs.readFileSync(cert);
     });

     // Startup HTTPS Server
     var httpsServer = https.createServer(sslOptions, app);
     httpsServer.listen(config.sslPort);

     sslOptions.agent = new https.Agent(sslOptions);
 }

 console.log("Traffic Portal Port         : %s", config.port);
 console.log("Traffic Portal SSL Port     : %s", config.sslPort);
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	var constants = require('constants'),
	express = require('express'),
	http = require('http'),
	https = require('https'),
	fs = require('fs'),
	morgan = require('morgan'),
	modRewrite = require('connect-modrewrite'),
	timeout = require('connect-timeout');

	var config;

	// forward-compatible in case this script becomes executable with a node
	// shebang.
	if (process.argv.length === 3 \|\| process.argv.length === 4 && process.argv.slice(-2)[0] === "-c") {
	config = require(process.argv.slice(-1)[0]);
	} else {
	try {
	config = require('/etc/traffic_portal/conf/config');
	}
	catch(e) {
	let file = "./conf/config";
	if((process.env.NODE_ENV \|\| "prod") === "dev")
	file = './conf/configDev';
	config = require(file);
	}
	}

	const useSSL = config.useSSL;
	let logStream;
	if (!Object.prototype.hasOwnProperty.call(config, "log") \|\| !config.log \|\| !Object.prototype.hasOwnProperty.call(config.log, "stream") \|\| !config.log.stream) {
	logStream = null;
	} else {
	logStream = fs.createWriteStream(config.log.stream, { flags: 'a' })
	}
	// Disable for self-signed certs in dev/test
	process.env.NODE_TLS_REJECT_UNAUTHORIZED = config.reject_unauthorized;

	var app = express();
	app.use(function(_, resp, next) {
	resp.setHeader("Permissions-Policy", "interest-cohort=()")
	next();
	});

	app.use(function(req, res, next) {
	var err = null;
	try {
	decodeURIComponent(req.path);
	}
	catch(e) {
	err = e;
	}
	if (err){
	console.log(err, req.url);
	}
	next();
	});

	// Add a handler to inspect the req.secure flag (see
	// http://expressjs.com/api#req.secure). This allows us
	// to know whether the request was via http or https.
	app.all ("/*", function (req, res, next) {
	if (useSSL && !req.secure) {
	// request was via http, so redirect to https
	return res.redirect(['https://', req.get('Host'), ':', config.sslPort, req.url].join(''));
	} else {
	// request was via https or useSSL=false, so do no special handling
	next();
	}
	});

	app.use(modRewrite([
	'^/api/(.?)\\?(.)$ ' + config.api.base_url + '$1?$2 [P]',
	'^/api/(.*)$ ' + config.api.base_url + '$1 [P]',
	'^/sso\\?(.*)$ ' + '#!/sso?$1 [R]'
	]));

	app.use(express.static(config.files.static));

	let morganOpts = {
	skip: (_, res) => res.statusCode < 400
	};
	if (logStream !== null) {
	morganOpts.stream = logStream;
	}

	app.use(morgan('combined', morganOpts));
	app.use(timeout(config.timeout));

	if (app.get('env') === 'dev') {
	app.use(require('connect-livereload')({
	port: 35728,
	excludeList: ['.woff', '.flv']
	}));
	} else {
	app.set('env', 'production');
	}

	// Enable reverse proxy support in Express. This causes the
	// the "X-Forwarded-Proto" header field to be trusted so its
	// value can be used to determine the protocol. See
	// http://expressjs.com/api#app-settings for more details.
	app.enable('trust proxy');

	// Startup HTTP Server
	var httpServer = http.createServer(app);
	httpServer.listen(config.port);

	if (useSSL) {
	//
	// Supply `SSL_OP_NO_SSLv3` constant as secureOption to disable SSLv3
	// from the list of supported protocols that SSLv23_method supports.
	//
	var sslOptions = {};
	sslOptions['secureOptions'] = constants.SSL_OP_NO_TLSv1;

	sslOptions['key'] = fs.readFileSync(config.ssl.key);
	sslOptions['cert'] = fs.readFileSync(config.ssl.cert);
	sslOptions['ca'] = config.ssl.ca.map(function(cert){
	return fs.readFileSync(cert);
	});

	// Startup HTTPS Server
	var httpsServer = https.createServer(sslOptions, app);
	httpsServer.listen(config.sslPort);

	sslOptions.agent = new https.Agent(sslOptions);
	}

	console.log("Traffic Portal Port : %s", config.port);
	console.log("Traffic Portal SSL Port : %s", config.sslPort);