refactor: moved server content to /server

2017-04-28 17:58:38 -04:00
parent 86eb7a427d
commit d4b73be1e7
97 changed files with 7452 additions and 73 deletions
--- a/server/middlewares/auth.js
+++ b/server/middlewares/auth.js
@@ -0,0 +1,50 @@
+'use strict'
+
+/* global appdata, rights */
+
+const moment = require('moment-timezone')
+
+/**
+ * Authentication middleware
+ *
+ * @param      {Express Request}   req     Express Request object
+ * @param      {Express Response}  res     Express Response object
+ * @param      {Function}          next    Next callback function
+ * @return     {any}               void
+ */
+module.exports = (req, res, next) => {
+  // Is user authenticated ?
+
+  if (!req.isAuthenticated()) {
+    if (!appdata.capabilities.guest || req.app.locals.appconfig.public !== true) {
+      return res.redirect('/login')
+    } else {
+      req.user = rights.guest
+      res.locals.isGuest = true
+    }
+  } else if (appdata.capabilities.guest) {
+    res.locals.isGuest = false
+  }
+
+  // Check permissions
+
+  if (appdata.capabilities.rights) {
+    res.locals.rights = rights.check(req)
+
+    if (!res.locals.rights.read) {
+      return res.render('error-forbidden')
+    }
+  }
+
+  // Set i18n locale
+
+  req.i18n.changeLanguage(req.user.lang)
+  res.locals.userMoment = moment
+  res.locals.userMoment.locale(req.user.lang)
+
+  // Expose user data
+
+  res.locals.user = req.user
+
+  return next()
+}
--- a/server/middlewares/flash.js
+++ b/server/middlewares/flash.js
@@ -0,0 +1,15 @@
+'use strict'
+
+/**
+ * Flash middleware
+ *
+ * @param      {Express Request}   req     Express Request object
+ * @param      {Express Response}  res     Express Response object
+ * @param      {Function}          next    Next callback function
+ * @return     {any}               void
+ */
+module.exports = (req, res, next) => {
+  res.locals.appflash = req.flash('alert')
+
+  next()
+}
--- a/server/middlewares/security.js
+++ b/server/middlewares/security.js
@@ -0,0 +1,30 @@
+'use strict'
+
+/* global app */
+
+/**
+ * Security Middleware
+ *
+ * @param      {Express Request}   req     Express request object
+ * @param      {Express Response}  res     Express response object
+ * @param      {Function}          next    next callback function
+ * @return     {any}               void
+ */
+module.exports = function (req, res, next) {
+  // -> Disable X-Powered-By
+  app.disable('x-powered-by')
+
+  // -> Disable Frame Embedding
+  res.set('X-Frame-Options', 'deny')
+
+  // -> Re-enable XSS Fitler if disabled
+  res.set('X-XSS-Protection', '1; mode=block')
+
+  // -> Disable MIME-sniffing
+  res.set('X-Content-Type-Options', 'nosniff')
+
+  // -> Disable IE Compatibility Mode
+  res.set('X-UA-Compatible', 'IE=edge')
+
+  return next()
+}
--- a/server/middlewares/seo.js
+++ b/server/middlewares/seo.js
@@ -0,0 +1,20 @@
+'use strict'
+
+const _ = require('lodash')
+
+/**
+ * SEO Middleware
+ *
+ * @param      {Express Request}   req     Express request object
+ * @param      {Express Response}  res     Express response object
+ * @param      {Function}          next    next callback function
+ * @return     {any}               void
+ */
+module.exports = function (req, res, next) {
+  if (req.path.length > 1 && _.endsWith(req.path, '/')) {
+    let query = req.url.slice(req.path.length) || ''
+    res.redirect(301, req.path.slice(0, -1) + query)
+  } else {
+    return next()
+  }
+}