walnut.js/lib/worker.js

'use strict';

module.exports.create = function (webserver, info, state) {
  if (!state) {
    state = {};
  }

  var PromiseA = state.Promise || require('bluebird');
  var path = require('path');
  //var vhostsdir = path.join(__dirname, 'vhosts');
  var express = require('express-lazy');
  var app = express();
  var memstore;
  var sqlstores = {};
  var models = {};
  var systemFactory = require('sqlite3-cluster/client').createClientFactory({
      dirname: path.join(__dirname, '..', '..', 'var') // TODO info.conf
    , prefix: 'com.example.'
    //, dbname: 'config'
    , suffix: ''
    , ext: '.sqlite3'
    , sock: info.conf.sqlite3Sock
    , ipcKey: info.conf.ipcKey
  });
  var clientFactory = require('sqlite3-cluster/client').createClientFactory({
      algorithm: 'aes'
    , bits: 128
    , mode: 'cbc'
    , dirname: path.join(__dirname, '..', '..', 'var') // TODO info.conf
    , prefix: 'com.example.'
    //, dbname: 'cluster'
    , suffix: ''
    , ext: '.sqlcipher'
    , sock: info.conf.sqlite3Sock
    , ipcKey: info.conf.ipcKey
  });
  var cstore = require('cluster-store');
  var redirectives;

  app.disable('x-powered-by');
  if (info.conf.trustProxy) {
    console.info('[Trust Proxy]');
    app.set('trust proxy', ['loopback']);
    //app.set('trust proxy', function (ip) { console.log('[ip]', ip); return true; });
  } else {
    console.info('[DO NOT trust proxy]');
    // TODO make sure the gzip module loads if there isn't a proxy gzip-ing for us
    // app.use(compression())
  }

  /*
  function unlockDevice(conf, state) {
    return require('./lib/unlock-device').create().then(function (result) {
      result.promise.then(function (_rootMasterKey) {
        process.send({
          type: 'walnut.keys.root'
          conf: {
            rootMasterKey: _rootMasterkey
          }
        });
        conf.locked = false;
        if (state.caddy) {
          state.caddy.update(conf);
        }
        conf.rootMasterKey = _rootMasterKey;
      });

      return result.app;
    });
  }
  */

  // TODO handle insecure to actual redirect
  // blog.coolaj86.com -> coolaj86.com/blog
  // hmm... that won't really matter with hsts
  // I guess I just needs letsencrypt

  function scrubTheDub(req, res, next) {
    var host = req.hostname;

    if (!host || 'string' !== typeof host) {
      next();
      return;
    }

    // TODO test if this is even necessary
    host = host.toLowerCase();

    // TODO this should be hot loadable / changeable
    if (!redirectives && info.conf.redirects) {
      redirectives = require('./hostname-redirects').compile(info.conf.redirects);
    }

    if (!/^www\./.test(host) && !redirectives) {
      next();
      return;
    }

    // TODO misnomer, handles all exact redirects
    if (!require('./no-www').scrubTheDub(req, res, redirectives)) {
      next();
      return;
    }
  }

  function caddyBugfix(req, res, next) {
    // workaround for Caddy
    // https://github.com/mholt/caddy/issues/341
    if (app.get('trust proxy')) {
      if (req.headers['x-forwarded-proto']) {
        req.headers['x-forwarded-proto'] = (req.headers['x-forwarded-proto'] || '').split(/,\s+/g)[0] || undefined;
      }
      if (req.headers['x-forwarded-host']) {
        req.headers['x-forwarded-host'] = (req.headers['x-forwarded-host'] || '').split(/,\s+/g)[0] || undefined;
      }
    }

    next();
  }

  // TODO misnomer, this can handle nowww, yeswww, and exact hostname redirects
  app.use('/', scrubTheDub);
  app.use('/', caddyBugfix);

  return PromiseA.all([
    // TODO security on memstore
    // TODO memstoreFactory.create
    cstore.create({
      sock: info.conf.memstoreSock
    , connect: info.conf.memstoreSock
      // TODO implement
    , key: info.conf.ipcKey
    }).then(function (_memstore) {
      memstore = _memstore;
      return memstore;
    })
    // TODO mark a device as lost, stolen, missing in DNS records
    // (and in turn allow other devices to lock it, turn on location reporting, etc)
  , systemFactory.create({
        init: true
      , dbname: 'config'
    })
  , clientFactory.create({
        init: true
      , key: '00000000000000000000000000000000'
      // TODO only complain if the values are different
      //, algo: 'aes'
      , dbname: 'auth'
    })
  , clientFactory.create({
        init: false
      , dbname: 'system'
    })
  ]).then(function (args) {
    memstore = args[0];
    sqlstores.config = args[1];
    sqlstores.auth = args[2];
    sqlstores.system = args[3];
    sqlstores.create = clientFactory.create;

    return require('../lib/schemes-config').create(sqlstores.config).then(function (tables) {
      models.Config = tables;
      return models.Config.Config.get().then(function (vhostsMap) {
        // TODO the core needs to be replacable in one shot
        // rm -rf /tmp/walnut/; tar xvf -C /tmp/walnut/; mv /srv/walnut /srv/walnut.{{version}}; mv /tmp/walnut /srv/
        // this means that any packages must be outside, perhaps /srv/walnut/{boot,core,packages}
        var pkgConf = {
          pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep
        , apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep
        , servicespath: path.join(__dirname, '..', '..', 'packages', 'services')
        , vhostsMap: vhostsMap
        , vhostPatterns: null
        , server: webserver
        , externalPort: info.conf.externalPort
        , primaryNameserver: info.conf.primaryNameserver
        , nameservers: info.conf.nameservers
        , privkey: info.conf.privkey
        , pubkey: info.conf.pubkey
        , redirects: info.conf.redirects
        , apiPrefix: '/api'
        , 'org.oauth3.consumer': info.conf['org.oauth3.consumer']
        , 'org.oauth3.provider': info.conf['org.oauth3.provider']
        , keys: info.conf.keys
        };
        var pkgDeps = {
          memstore: memstore
        , sqlstores: sqlstores
        , clientSqlFactory: clientFactory
        , systemSqlFactory: systemFactory
        //, handlePromise: require('./lib/common').promisableRequest;
        //, handleRejection: require('./lib/common').rejectableRequest;
        //, localPort: info.conf.localPort
        , Promise: PromiseA
        , express: express
        , app: app
        };
        var Services = require('./services-loader').create(pkgConf, {
          memstore: memstore
        , sqlstores: sqlstores
        , clientSqlFactory: clientFactory
        , systemSqlFactory: systemFactory
        , Promise: PromiseA
        });
        var recase = require('connect-recase')({
          // TODO allow explicit and or default flag
          explicit: false
        , default: 'snake'
        , prefixes: ['/api']
          // TODO allow exclude
        //, exclusions: [config.oauthPrefix]
        , exceptions: {}
        //, cancelParam: 'camel'
        });

        function handlePackages(req, res, next) {
          // TODO move to caddy parser?
          if (/(^|\.)proxyable\./.test(req.hostname)) {
            // device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com
            // proxyable.myapp.mydomain.com => myapp.mydomain.com
            // TODO myapp.mydomain.com.example.proxyable.com => myapp.mydomain.com
            req.hostname = req.hostname.replace(/.*\.?proxyable\./, '');
          }

          require('./package-server').mapToApp({
            config: pkgConf
          , deps: pkgDeps
          , services: Services
          , conf: info.conf
          }, req, res, next);
        }

        // TODO recase

        //
        // Generic Template API
        //
        app
          .use('/api', require('body-parser').json({
            strict: true // only objects and arrays
          , inflate: true
            // limited to due performance issues with JSON.parse and JSON.stringify
            // http://josh.zeigler.us/technology/web-development/how-big-is-too-big-for-json/
          //, limit: 128 * 1024
          , limit: 1.5 * 1024 * 1024
          , reviver: undefined
          , type: 'json'
          , verify: undefined
          }))
          // DO NOT allow urlencoded at any point, it is expressly forbidden
          //.use(require('body-parser').urlencoded({
          //  extended: true
          //, inflate: true
          //, limit: 100 * 1024
          //, type: 'urlencoded'
          //, verify: undefined
          //}))
          .use(require('connect-send-error').error())
          ;

        app.use('/api', recase);

        app.use('/', handlePackages);
        app.use('/', function (err, req, res, next) {
          console.error('[Error Handler]');
          console.error(err.stack);
          if (req.xhr) {
            res.send({ error: { message: "kinda unknownish error" } });
          } else {
            res.send('<html><head><title>ERROR</title></head><body>Error</body></html>');
          }

          // sadly express uses arity checking
          // so the fourth parameter must exist
          if (false) {
            next();
          }
        });

        return app;
      });
    });
  });
};
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`'use strict';`

reworking vhost routes 2015-11-12 11:14:59 +00:00			`module.exports.create = function (webserver, info, state) {`
			`if (!state) {`
			`state = {};`
			`}`

			`var PromiseA = state.Promise \|\| require('bluebird');`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`var path = require('path');`
load apps from DB 2015-11-14 04:25:12 +00:00			`//var vhostsdir = path.join(__dirname, 'vhosts');`
			`var express = require('express-lazy');`
			`var app = express();`
reworking vhost routes 2015-11-12 11:14:59 +00:00			`var memstore;`
			`var sqlstores = {};`
			`var models = {};`
			`var systemFactory = require('sqlite3-cluster/client').createClientFactory({`
separate core code from data and apps 2015-11-19 22:13:20 +00:00			`dirname: path.join(__dirname, '..', '..', 'var') // TODO info.conf`
generalization, updates 2015-11-28 05:57:07 +00:00			`, prefix: 'com.example.'`
reworking vhost routes 2015-11-12 11:14:59 +00:00			`//, dbname: 'config'`
			`, suffix: ''`
			`, ext: '.sqlite3'`
			`, sock: info.conf.sqlite3Sock`
			`, ipcKey: info.conf.ipcKey`
			`});`
			`var clientFactory = require('sqlite3-cluster/client').createClientFactory({`
			`algorithm: 'aes'`
			`, bits: 128`
			`, mode: 'cbc'`
separate core code from data and apps 2015-11-19 22:13:20 +00:00			`, dirname: path.join(__dirname, '..', '..', 'var') // TODO info.conf`
generalization, updates 2015-11-28 05:57:07 +00:00			`, prefix: 'com.example.'`
reworking vhost routes 2015-11-12 11:14:59 +00:00			`//, dbname: 'cluster'`
			`, suffix: ''`
			`, ext: '.sqlcipher'`
			`, sock: info.conf.sqlite3Sock`
			`, ipcKey: info.conf.ipcKey`
			`});`
			`var cstore = require('cluster-store');`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`var redirectives;`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00
add key pairs 2015-11-19 12:34:59 +00:00			`app.disable('x-powered-by');`
clustering works (re-started work for standalone) 2015-11-17 08:18:56 +00:00			`if (info.conf.trustProxy) {`
			`console.info('[Trust Proxy]');`
			`app.set('trust proxy', ['loopback']);`
			`//app.set('trust proxy', function (ip) { console.log('[ip]', ip); return true; });`
			`} else {`
			`console.info('[DO NOT trust proxy]');`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`// TODO make sure the gzip module loads if there isn't a proxy gzip-ing for us`
			`// app.use(compression())`
clustering works (re-started work for standalone) 2015-11-17 08:18:56 +00:00			`}`

Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`/*`
			`function unlockDevice(conf, state) {`
			`return require('./lib/unlock-device').create().then(function (result) {`
			`result.promise.then(function (_rootMasterKey) {`
			`process.send({`
generalization, updates 2015-11-28 05:57:07 +00:00			`type: 'walnut.keys.root'`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`conf: {`
			`rootMasterKey: _rootMasterkey`
			`}`
			`});`
			`conf.locked = false;`
			`if (state.caddy) {`
			`state.caddy.update(conf);`
			`}`
			`conf.rootMasterKey = _rootMasterKey;`
			`});`

			`return result.app;`
			`});`
			`}`
			`*/`

reworking vhost routes 2015-11-12 11:14:59 +00:00			`// TODO handle insecure to actual redirect`
			`// blog.coolaj86.com -> coolaj86.com/blog`
			`// hmm... that won't really matter with hsts`
			`// I guess I just needs letsencrypt`

Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`function scrubTheDub(req, res, next) {`
			`var host = req.hostname;`

			`if (!host \|\| 'string' !== typeof host) {`
			`next();`
			`return;`
			`}`

load apps from DB 2015-11-14 04:25:12 +00:00			`// TODO test if this is even necessary`
			`host = host.toLowerCase();`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`// TODO this should be hot loadable / changeable`
			`if (!redirectives && info.conf.redirects) {`
			`redirectives = require('./hostname-redirects').compile(info.conf.redirects);`
			`}`

			`if (!/^www\./.test(host) && !redirectives) {`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`next();`
			`return;`
			`}`

now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`// TODO misnomer, handles all exact redirects`
			`if (!require('./no-www').scrubTheDub(req, res, redirectives)) {`
			`next();`
			`return;`
			`}`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`}`

clustering works (re-started work for standalone) 2015-11-17 08:18:56 +00:00			`function caddyBugfix(req, res, next) {`
			`// workaround for Caddy`
			`// https://github.com/mholt/caddy/issues/341`
			`if (app.get('trust proxy')) {`
			`if (req.headers['x-forwarded-proto']) {`
			`req.headers['x-forwarded-proto'] = (req.headers['x-forwarded-proto'] \|\| '').split(/,\s+/g)[0] \|\| undefined;`
			`}`
			`if (req.headers['x-forwarded-host']) {`
			`req.headers['x-forwarded-host'] = (req.headers['x-forwarded-host'] \|\| '').split(/,\s+/g)[0] \|\| undefined;`
			`}`
			`}`

			`next();`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`}`
clustering works (re-started work for standalone) 2015-11-17 08:18:56 +00:00
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`// TODO misnomer, this can handle nowww, yeswww, and exact hostname redirects`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`app.use('/', scrubTheDub);`
clustering works (re-started work for standalone) 2015-11-17 08:18:56 +00:00			`app.use('/', caddyBugfix);`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00
reworking vhost routes 2015-11-12 11:14:59 +00:00			`return PromiseA.all([`
load services 2015-11-18 11:44:22 +00:00			`// TODO security on memstore`
			`// TODO memstoreFactory.create`
reworking vhost routes 2015-11-12 11:14:59 +00:00			`cstore.create({`
			`sock: info.conf.memstoreSock`
			`, connect: info.conf.memstoreSock`
			`// TODO implement`
			`, key: info.conf.ipcKey`
			`}).then(function (_memstore) {`
			`memstore = _memstore;`
			`return memstore;`
			`})`
			`// TODO mark a device as lost, stolen, missing in DNS records`
			`// (and in turn allow other devices to lock it, turn on location reporting, etc)`
			`, systemFactory.create({`
			`init: true`
			`, dbname: 'config'`
			`})`
			`, clientFactory.create({`
			`init: true`
			`, key: '00000000000000000000000000000000'`
			`// TODO only complain if the values are different`
			`//, algo: 'aes'`
			`, dbname: 'auth'`
			`})`
			`, clientFactory.create({`
			`init: false`
			`, dbname: 'system'`
			`})`
			`]).then(function (args) {`
			`memstore = args[0];`
			`sqlstores.config = args[1];`
			`sqlstores.auth = args[2];`
			`sqlstores.system = args[3];`
			`sqlstores.create = clientFactory.create;`

			`return require('../lib/schemes-config').create(sqlstores.config).then(function (tables) {`
			`models.Config = tables;`
load apps from DB 2015-11-14 04:25:12 +00:00			`return models.Config.Config.get().then(function (vhostsMap) {`
load services 2015-11-18 11:44:22 +00:00			`// TODO the core needs to be replacable in one shot`
			`// rm -rf /tmp/walnut/; tar xvf -C /tmp/walnut/; mv /srv/walnut /srv/walnut.{{version}}; mv /tmp/walnut /srv/`
			`// this means that any packages must be outside, perhaps /srv/walnut/{boot,core,packages}`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`var pkgConf = {`
apppath => pagespath 2015-11-21 20:47:28 +00:00			`pagespath: path.join(__dirname, '..', '..', 'packages', 'pages') + path.sep`
separate core code from data and apps 2015-11-19 22:13:20 +00:00			`, apipath: path.join(__dirname, '..', '..', 'packages', 'apis') + path.sep`
			`, servicespath: path.join(__dirname, '..', '..', 'packages', 'services')`
load services 2015-11-18 11:44:22 +00:00			`, vhostsMap: vhostsMap`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`, vhostPatterns: null`
load services 2015-11-18 11:44:22 +00:00			`, server: webserver`
			`, externalPort: info.conf.externalPort`
			`, primaryNameserver: info.conf.primaryNameserver`
			`, nameservers: info.conf.nameservers`
add key pairs 2015-11-19 12:34:59 +00:00			`, privkey: info.conf.privkey`
			`, pubkey: info.conf.pubkey`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`, redirects: info.conf.redirects`
load services 2015-11-18 11:44:22 +00:00			`, apiPrefix: '/api'`
stub out keys and token parsing 2015-12-04 07:00:30 +00:00			`, 'org.oauth3.consumer': info.conf['org.oauth3.consumer']`
			`, 'org.oauth3.provider': info.conf['org.oauth3.provider']`
			`, keys: info.conf.keys`
load services 2015-11-18 11:44:22 +00:00			`};`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`var pkgDeps = {`
			`memstore: memstore`
			`, sqlstores: sqlstores`
			`, clientSqlFactory: clientFactory`
			`, systemSqlFactory: systemFactory`
			`//, handlePromise: require('./lib/common').promisableRequest;`
			`//, handleRejection: require('./lib/common').rejectableRequest;`
			`//, localPort: info.conf.localPort`
			`, Promise: PromiseA`
			`, express: express`
			`, app: app`
			`};`
			`var Services = require('./services-loader').create(pkgConf, {`
load services 2015-11-18 11:44:22 +00:00			`memstore: memstore`
			`, sqlstores: sqlstores`
			`, clientSqlFactory: clientFactory`
			`, systemSqlFactory: systemFactory`
			`, Promise: PromiseA`
			`});`
stub out keys and token parsing 2015-12-04 07:00:30 +00:00			`var recase = require('connect-recase')({`
			`// TODO allow explicit and or default flag`
			`explicit: false`
			`, default: 'snake'`
			`, prefixes: ['/api']`
			`// TODO allow exclude`
			`//, exclusions: [config.oauthPrefix]`
			`, exceptions: {}`
			`//, cancelParam: 'camel'`
			`});`
load apps from DB 2015-11-14 04:25:12 +00:00
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`function handlePackages(req, res, next) {`
load apps from DB 2015-11-14 04:25:12 +00:00			`// TODO move to caddy parser?`
			`if (/(^\|\.)proxyable\./.test(req.hostname)) {`
			`// device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com`
			`// proxyable.myapp.mydomain.com => myapp.mydomain.com`
generalization, updates 2015-11-28 05:57:07 +00:00			`// TODO myapp.mydomain.com.example.proxyable.com => myapp.mydomain.com`
load apps from DB 2015-11-14 04:25:12 +00:00			`req.hostname = req.hostname.replace(/.*\.?proxyable\./, '');`
			`}`

now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`require('./package-server').mapToApp({`
			`config: pkgConf`
			`, deps: pkgDeps`
			`, services: Services`
(still) half-baked oauth3 layer 2015-12-08 00:51:48 +00:00			`, conf: info.conf`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`}, req, res, next);`
load apps from DB 2015-11-14 04:25:12 +00:00			`}`

			`// TODO recase`

			`//`
			`// Generic Template API`
			`//`
			`app`
stub out keys and token parsing 2015-12-04 07:00:30 +00:00			`.use('/api', require('body-parser').json({`
load apps from DB 2015-11-14 04:25:12 +00:00			`strict: true // only objects and arrays`
			`, inflate: true`
			`// limited to due performance issues with JSON.parse and JSON.stringify`
			`// http://josh.zeigler.us/technology/web-development/how-big-is-too-big-for-json/`
			`//, limit: 128 * 1024`
			`, limit: 1.5 * 1024 * 1024`
			`, reviver: undefined`
			`, type: 'json'`
			`, verify: undefined`
			`}))`
			`// DO NOT allow urlencoded at any point, it is expressly forbidden`
			`//.use(require('body-parser').urlencoded({`
			`// extended: true`
			`//, inflate: true`
			`//, limit: 100 * 1024`
			`//, type: 'urlencoded'`
			`//, verify: undefined`
			`//}))`
			`.use(require('connect-send-error').error())`
			`;`
now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00
stub out keys and token parsing 2015-12-04 07:00:30 +00:00			`app.use('/api', recase);`

now does redirects, static apps, and api mounting 2015-11-21 12:36:22 +00:00			`app.use('/', handlePackages);`
fix app loader issue 2015-11-19 07:42:20 +00:00			`app.use('/', function (err, req, res, next) {`
			`console.error('[Error Handler]');`
			`console.error(err.stack);`
			`if (req.xhr) {`
			`res.send({ error: { message: "kinda unknownish error" } });`
			`} else {`
			`res.send('<html><head><title>ERROR</title></head><body>Error</body></html>');`
			`}`
add key pairs 2015-11-19 12:34:59 +00:00
			`// sadly express uses arity checking`
			`// so the fourth parameter must exist`
			`if (false) {`
			`next();`
			`}`
fix app loader issue 2015-11-19 07:42:20 +00:00			`});`
reworking vhost routes 2015-11-12 11:14:59 +00:00
			`return app;`
			`});`
			`});`
			`});`
Near-minimal app boot Aside from a few external process calls there are now zero external dependencies required as part of the node.js boot process. Yay! 2015-11-06 11:05:32 +00:00			`};`