src/server/index.tsx

   1 import express from "express";
   2 import { IncomingHttpHeaders } from "http";
   3 import { Helmet } from "inferno-helmet";
   4 import { matchPath, StaticRouter } from "inferno-router";
   5 import { renderToString } from "inferno-server";
   6 import IsomorphicCookie from "isomorphic-cookie";
   7 import { GetSite, GetSiteResponse, LemmyHttp } from "lemmy-js-client";
   8 import path from "path";
   9 import process from "process";
  10 import serialize from "serialize-javascript";
  11 import { App } from "../shared/components/app/app";
  12 import { SYMBOLS } from "../shared/components/common/symbols";
  13 import { httpBaseInternal } from "../shared/env";
  14 import {
  15   ILemmyConfig,
  16   InitialFetchRequest,
  17   IsoData,
  18 } from "../shared/interfaces";
  19 import { routes } from "../shared/routes";
  20 import { initializeSite, setOptionalAuth } from "../shared/utils";
  21
  22 const server = express();
  23 const [hostname, port] = process.env["LEMMY_UI_HOST"]
  24   ? process.env["LEMMY_UI_HOST"].split(":")
  25   : ["0.0.0.0", "1234"];
  26
  27 server.use(express.json());
  28 server.use(express.urlencoded({ extended: false }));
  29 server.use("/static", express.static(path.resolve("./dist")));
  30
  31 const robotstxt = `User-Agent: *
  32 Disallow: /login
  33 Disallow: /settings
  34 Disallow: /create_community
  35 Disallow: /create_post
  36 Disallow: /create_private_message
  37 Disallow: /inbox
  38 Disallow: /setup
  39 Disallow: /admin
  40 Disallow: /password_change
  41 Disallow: /search/
  42 `;
  43
  44 server.get("/robots.txt", async (_req, res) => {
  45   res.setHeader("content-type", "text/plain; charset=utf-8");
  46   res.send(robotstxt);
  47 });
  48
  49 // server.use(cookieParser());
  50 server.get("/*", async (req, res) => {
  51   try {
  52     const activeRoute = routes.find(route => matchPath(req.path, route)) || {};
  53     const context = {} as any;
  54     let auth: string = IsomorphicCookie.load("jwt", req);
  55
  56     let getSiteForm: GetSite = {};
  57     setOptionalAuth(getSiteForm, auth);
  58
  59     let promises: Promise<any>[] = [];
  60
  61     let headers = setForwardedHeaders(req.headers);
  62
  63     let initialFetchReq: InitialFetchRequest = {
  64       client: new LemmyHttp(httpBaseInternal, headers),
  65       auth,
  66       path: req.path,
  67     };
  68
  69     // Get site data first
  70     // This bypasses errors, so that the client can hit the error on its own,
  71     // in order to remove the jwt on the browser. Necessary for wrong jwts
  72     let try_site: any = await initialFetchReq.client.getSite(getSiteForm);
  73     if (try_site.error == "not_logged_in") {
  74       console.error(
  75         "Incorrect JWT token, skipping auth so frontend can remove jwt cookie"
  76       );
  77       delete getSiteForm.auth;
  78       delete initialFetchReq.auth;
  79       try_site = await initialFetchReq.client.getSite(getSiteForm);
  80     }
  81     let site: GetSiteResponse = try_site;
  82     initializeSite(site);
  83
  84     if (activeRoute.fetchInitialData) {
  85       promises.push(...activeRoute.fetchInitialData(initialFetchReq));
  86     }
  87
  88     let routeData = await Promise.all(promises);
  89
  90     // Redirect to the 404 if there's an API error
  91     if (routeData[0] && routeData[0].error) {
  92       let errCode = routeData[0].error;
  93       console.error(errCode);
  94       if (errCode == "instance_is_private") {
  95         return res.redirect(`/signup`);
  96       } else {
  97         return res.redirect(`/404?err=${errCode}`);
  98       }
  99     }
 100
 101     let isoData: IsoData = {
 102       path: req.path,
 103       site_res: site,
 104       routeData,
 105     };
 106
 107     const wrapper = (
 108       <StaticRouter location={req.url} context={isoData}>
 109         <App siteRes={isoData.site_res} />
 110       </StaticRouter>
 111     );
 112     if (context.url) {
 113       return res.redirect(context.url);
 114     }
 115
 116     const cspHtml = (
 117       <meta
 118         http-equiv="Content-Security-Policy"
 119         content="default-src data: 'self'; connect-src * ws: wss:; frame-src *; img-src * data:; script-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'"
 120       />
 121     );
 122
 123     const root = renderToString(wrapper);
 124     const symbols = renderToString(SYMBOLS);
 125     const cspStr = process.env.LEMMY_EXTERNAL_HOST
 126       ? renderToString(cspHtml)
 127       : "";
 128     const helmet = Helmet.renderStatic();
 129
 130     const config: ILemmyConfig = { wsHost: process.env.LEMMY_WS_HOST };
 131
 132     res.send(`
 133            <!DOCTYPE html>
 134            <html ${helmet.htmlAttributes.toString()} lang="en">
 135            <head>
 136            <script>window.isoData = ${serialize(isoData)}</script>
 137            <script>window.lemmyConfig = ${serialize(config)}</script>
 138
 139            <!-- A remote debugging utility for mobile
 140            <script src="//cdn.jsdelivr.net/npm/eruda"></script>
 141            <script>eruda.init();</script>
 142            -->
 143
 144            ${helmet.title.toString()}
 145            ${helmet.meta.toString()}
 146
 147            <!-- Required meta tags -->
 148            <meta name="Description" content="Lemmy">
 149            <meta charset="utf-8">
 150            <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 151
 152            <!-- Content Security Policy -->
 153            ${cspStr}
 154
 155            <!-- Web app manifest -->
 156            <link rel="manifest" href="/static/assets/manifest.webmanifest">
 157
 158            <!-- Styles -->
 159            <link rel="stylesheet" type="text/css" href="/static/styles/styles.css" />
 160
 161            <!-- Current theme and more -->
 162            ${helmet.link.toString()}
 163
 164            <!-- Icons -->
 165            ${symbols}
 166
 167            </head>
 168
 169            <body ${helmet.bodyAttributes.toString()}>
 170              <noscript>
 171                <div class="alert alert-danger rounded-0" role="alert">
 172                  <b>Javascript is disabled. Actions will not work.</b>
 173                </div>
 174              </noscript>
 175
 176              <div id='root'>${root}</div>
 177              <script defer src='/static/js/client.js'></script>
 178            </body>
 179          </html>
 180 `);
 181   } catch (err) {
 182     console.error(err);
 183     return res.redirect(`/404?err=${err}`);
 184   }
 185 });
 186
 187 server.listen(Number(port), hostname, () => {
 188   console.log(`http://${hostname}:${port}`);
 189 });
 190
 191 function setForwardedHeaders(headers: IncomingHttpHeaders): {
 192   [key: string]: string;
 193 } {
 194   let out = {
 195     host: headers.host,
 196   };
 197   if (headers["x-real-ip"]) {
 198     out["x-real-ip"] = headers["x-real-ip"];
 199   }
 200   if (headers["x-forwarded-for"]) {
 201     out["x-forwarded-for"] = headers["x-forwarded-for"];
 202   }
 203
 204   return out;
 205 }
 206
 207 process.on("SIGINT", () => {
 208   console.info("Interrupted");
 209   process.exit(0);
 210 });