forked from jpvanoosten/discord-user-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
190 lines (165 loc) · 5.6 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
// eslint-disable-next-line no-unused-vars
const debug = require("debug")("discord-user-manager:app");
const createError = require("http-errors");
const cookieParser = require("cookie-parser");
const express = require("express");
const flash = require("connect-flash");
const helmet = require("helmet");
const logger = require("morgan");
const session = require("express-session");
const passport = require("passport");
const path = require("path");
const settings = require("./settings");
// initalize Sequelize with session store
const SequelizeStore = require("connect-session-sequelize")(session.Store);
const models = require("./models");
const indexRouter = require("./routes/index");
const loginRouter = require("./routes/login");
const logoutRouter = require("./routes/logout");
const usersRouter = require("./routes/users");
const azureRouter = require("./routes/azure");
const googleRouter = require("./routes/google");
const discordRouter = require("./routes/discord");
// Simple route middleware to ensure user is authenticated.
// Use this route middleware on any resource that needs to be protected. If
// the request is authenticated (typically via a persistent login session),
// the request will proceed. Otherwise, the user will be redirected to the
// login page.
function isAuthenticated(req, res, next) {
if (req.isAuthenticated()) {
return next();
}
// Otherwise redirect to the login page.
res.redirect("/login");
}
function isAdmin(req, res, next) {
if (req.isAuthenticated() && req.user.isAdmin) {
return next();
}
// Otherwise redirect to the login page.
res.redirect("/login");
}
// Route middleware that checks if the user has agreed to the code of conduct.
function isCodeOfConduct(req, res, next) {
if (req.cookies.codeOfConduct === "true") {
return next();
}
// Otherwise redirect to the home page.
res.redirect("/");
}
// Route middleware that checks if the user has accepted the privacy policy
function isPrivacyPolicy(req, res, next) {
if (req.cookies.privacyPolicy === "true") {
return next();
}
// Otherwise redirect to the home page.
res.redirect("/");
}
// Setup passport
// Source: https://github.com/pferretti/passport-local-token/blob/master/examples/login/app.js
// Only serialize the username of the user.
passport.serializeUser((user, done) => {
done(null, user.username);
});
// Deserialize the user from the username address.
passport.deserializeUser((username, done) => {
models.User.findOne({
where: {
username,
},
})
.then((user) => {
done(null, user);
})
.catch((err) => {
done(err);
});
});
const app = express();
// Specify app settings on the app's locals object so that
// they can be used by the pug template renderer.
app.locals = {
...settings,
};
// Use browser-sync to refresh the browser if a file changes.
// https://github.com/schmich/connect-browser-sync
if (process.env.USE_BROWSER_SYNC === "true") {
const browserSync = require("browser-sync");
const bs = browserSync.create().init({
files: ["**/*.js", "views/*.pug", "public/**"],
ignore: ["node_modules"],
logSnippet: true,
open: false,
proxy: "localhost:3000",
port: 3001,
ui: {
port: 3002,
},
});
app.use(require("connect-browser-sync")(bs));
}
// view engine setup
app.set("views", path.join(__dirname, "views"));
app.set("view engine", "pug");
// Remove the next line in production environments.
app.disable("view cache");
// Use Helmet
// see: https://expressjs.com/en/advanced/best-practice-security.html#use-helmet
app.use(helmet());
// Using Morgan, logs all HTTP requests. The "dev" option gives it a specific styling.
// https://github.com/expressjs/morgan#dev
app.use(logger("dev"));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(
session({
name: "sid", // This is the name of the cookie that is used to store the session id.
secret: process.env.SESSION_SECRET,
store: new SequelizeStore({
db: models.sequelize,
}),
saveUninitialized: false,
resave: false,
cookie: {
maxAge: 8.64e7, // 1 day
httpOnly: true,
secure: "auto",
},
})
);
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use(express.static(path.join(__dirname, "public")));
// Add local variables so they are available to all PUG templates.
app.use(function (req, res, next) {
// Has the user agreed to the code of conduct?
res.locals.codeOfConduct = req.query.codeOfConduct === "true" || req.cookies.codeOfConduct === "true";
res.locals.privacyPolicy = req.query.privacyPolicy === "true" || req.cookies.privacyPolicy === "true";
res.locals.path = req.path;
res.locals.user = req.user;
next();
});
app.use("/", indexRouter);
app.use("/login", isPrivacyPolicy, isCodeOfConduct, loginRouter);
app.use("/logout", isAuthenticated, logoutRouter);
app.use("/azure", isPrivacyPolicy, isCodeOfConduct, azureRouter);
app.use("/google", isPrivacyPolicy, isCodeOfConduct, googleRouter);
app.use("/discord", isPrivacyPolicy, isCodeOfConduct, isAuthenticated, discordRouter);
// Make sure only logged in admins can access the /users page.
app.use("/users", isAdmin, usersRouter);
// catch 404 and forward to error handler
app.use(function (req, res, next) {
next(createError(404));
});
// error handler
app.use(function (err, req, res) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get("env") === "development" ? err : {};
// render the error page
res.status(err.status || 500);
res.render("error");
});
module.exports = app;