node-red/packages/node_modules/@node-red/editor-api/lib/index.js

/**
 * Copyright JS Foundation and other contributors, http://js.foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/


 /**
  * This module provides an Express application to serve the Node-RED editor.
  *
  * It implements the Node-RED HTTP Admin API the Editor uses to interact
  * with the Node-RED runtime.
  *
  * @namespace @node-red/editor-api
  */

var express = require("express");
var bodyParser = require("body-parser");
var util = require('util');
var passport = require('passport');
var cors = require('cors');

var auth = require("./auth");
var apiUtil = require("./util");

var adminApp;
var server;
var editor;


/**
 * Initialise the module.
 * @param  {Object}     settings   The runtime settings
 * @param  {HTTPServer} _server     An instance of HTTP Server
 * @param  {Storage}    storage    An instance of Node-RED Storage
 * @param  {Runtime}    runtimeAPI An instance of Node-RED Runtime
 * @memberof @node-red/editor-api
 */
function init(settings,_server,storage,runtimeAPI) {
    server = _server;
    if (settings.httpAdminRoot !== false) {
        adminApp = express();

        var cors = require('cors');
        var corsHandler = cors({
           origin: "*",
           methods: "GET,PUT,POST,DELETE"
        });
        adminApp.use(corsHandler);

        if (settings.httpAdminMiddleware) {
            if (typeof settings.httpAdminMiddleware === "function" || Array.isArray(settings.httpAdminMiddleware)) {
                adminApp.use(settings.httpAdminMiddleware);
            }
        }

        var defaultServerSettings = {
            "x-powered-by": false
        }
        var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
        for (var eOption in serverSettings) {
            adminApp.set(eOption, serverSettings[eOption]);
        }

        auth.init(settings,storage);

        var maxApiRequestSize = settings.apiMaxLength || '5mb';
        adminApp.use(bodyParser.json({limit:maxApiRequestSize}));
        adminApp.use(bodyParser.urlencoded({limit:maxApiRequestSize,extended:true}));

        adminApp.get("/auth/login",auth.login,apiUtil.errorHandler);
        if (settings.adminAuth) {
            if (settings.adminAuth.type === "strategy") {
                auth.genericStrategy(adminApp,settings.adminAuth.strategy);
            } else if (settings.adminAuth.type === "credentials") {
                adminApp.use(passport.initialize());
                adminApp.post("/auth/token",
                    auth.ensureClientSecret,
                    auth.authenticateClient,
                    auth.getToken,
                    auth.errorHandler
                );
            }
            adminApp.post("/auth/revoke",auth.needsPermission(""),auth.revoke,apiUtil.errorHandler);
        }

        // Editor
        if (!settings.disableEditor) {
            editor = require("./editor");
            var editorApp = editor.init(server, settings, runtimeAPI);
            adminApp.use(editorApp);
        }

        if (settings.httpAdminCors) {
            var corsHandler = cors(settings.httpAdminCors);
            adminApp.use(corsHandler);
        }

        var adminApiApp = require("./admin").init(settings, runtimeAPI);
        adminApp.use(adminApiApp);
    } else {
        adminApp = null;
    }
}

/**
 * Start the module.
 * @return {Promise} resolves when the application is ready to handle requests
 * @memberof @node-red/editor-api
 */
async function start() {
    if (editor) {
        return editor.start();
    }
}

/**
 * Stop the module.
 * @return {Promise} resolves when the application is stopped
 * @memberof @node-red/editor-api
 */
async function stop() {
    if (editor) {
        editor.stop();
    }
}
module.exports = {
    init: init,
    start: start,
    stop: stop,

    /**
    * @memberof @node-red/editor-api
    * @mixes @node-red/editor-api_auth
    */
    auth: {
        needsPermission: auth.needsPermission
    },
    /**
     * The Express app used to serve the Node-RED Editor
     * @type ExpressApplication
     * @memberof @node-red/editor-api
     */
    get httpAdmin() { return adminApp; }
};
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`/**`
Update copyright header for JS Foundation 2017-01-11 16:24:33 +01:00			`* Copyright JS Foundation and other contributors, http://js.foundation`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`**/`

More api documentation updates 2019-01-28 15:40:24 +01:00
			`/**`
			`* This module provides an Express application to serve the Node-RED editor.`
			`*`
			`* It implements the Node-RED HTTP Admin API the Editor uses to interact`
			`* with the Node-RED runtime.`
			`*`
			`* @namespace @node-red/editor-api`
			`*/`

Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`var express = require("express");`
Move to express 4.x 2015-07-15 23:43:24 +02:00			`var bodyParser = require("body-parser");`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`var util = require('util');`
Add oauth grant 2014-11-06 23:59:48 +01:00			`var passport = require('passport');`
Option to enable cors for editor (#886) Adds httpAdminCors setting 2016-05-31 15:55:03 +02:00			`var cors = require('cors');`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`var auth = require("./auth");`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`var apiUtil = require("./util");`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`var adminApp;`
Tidy up API passed to node modules 2015-11-24 23:38:42 +01:00			`var server;`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`var editor;`
Warn if editor routes are accessed but runtime not started Closes #816 2016-03-12 01:03:50 +01:00
More api documentation updates 2019-01-28 15:40:24 +01:00
			`/**`
			`* Initialise the module.`
			`* @param {Object} settings The runtime settings`
Fixed jsdoc descriptions 2019-10-21 17:35:35 +02:00			`* @param {HTTPServer} _server An instance of HTTP Server`
More api documentation updates 2019-01-28 15:40:24 +01:00			`* @param {Storage} storage An instance of Node-RED Storage`
			`* @param {Runtime} runtimeAPI An instance of Node-RED Runtime`
			`* @memberof @node-red/editor-api`
			`*/`
Documentation updates for node-red and runtime modules 2018-12-01 00:01:09 +01:00			`function init(settings,_server,storage,runtimeAPI) {`
Tidy up API passed to node modules 2015-11-24 23:38:42 +01:00			`server = _server;`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`if (settings.httpAdminRoot !== false) {`
			`adminApp = express();`
WIP - url rewriting to support debug 2018-05-14 15:32:58 +02:00
			`var cors = require('cors');`
			`var corsHandler = cors({`
			`origin: "*",`
			`methods: "GET,PUT,POST,DELETE"`
			`});`
			`adminApp.use(corsHandler);`

Add httpAdminMiddleware for admin routes 2020-05-05 19:13:21 +02:00			`if (settings.httpAdminMiddleware) {`
allow for adding an array of middleware functions 2020-12-22 23:28:33 +01:00			`if (typeof settings.httpAdminMiddleware === "function" \|\| Array.isArray(settings.httpAdminMiddleware)) {`
			`adminApp.use(settings.httpAdminMiddleware);`
Add httpAdminMiddleware for admin routes 2020-05-05 19:13:21 +02:00			`}`
			`}`

Ensure httpServerOptions gets applied to ALL the express apps This is silly. Turns out setting options at a top level app does not percolate down to sub apps (and vice versa). You have to apply the options to ALL express apps. 2021-06-08 22:17:42 +02:00			`var defaultServerSettings = {`
			`"x-powered-by": false`
			`}`
			`var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions\|\|{});`
			`for (var eOption in serverSettings) {`
			`adminApp.set(eOption, serverSettings[eOption]);`
			`}`

Split comms across api and runtime 2018-04-23 12:21:02 +02:00			`auth.init(settings,storage);`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00
Increase default apiMaxLength to 5mb and add to default settings Closes #1001 2016-10-10 11:14:08 +02:00			`var maxApiRequestSize = settings.apiMaxLength \|\| '5mb';`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`adminApp.use(bodyParser.json({limit:maxApiRequestSize}));`
			`adminApp.use(bodyParser.urlencoded({limit:maxApiRequestSize,extended:true}));`

Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`adminApp.get("/auth/login",auth.login,apiUtil.errorHandler);`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`if (settings.adminAuth) {`
Rename oauth auth scheme to strategy as it works for openid 2017-04-21 22:54:48 +02:00			`if (settings.adminAuth.type === "strategy") {`
			`auth.genericStrategy(adminApp,settings.adminAuth.strategy);`
Add support for oauth adminAuth configs 2017-04-12 11:09:03 +02:00			`} else if (settings.adminAuth.type === "credentials") {`
			`adminApp.use(passport.initialize());`
			`adminApp.post("/auth/token",`
			`auth.ensureClientSecret,`
			`auth.authenticateClient,`
			`auth.getToken,`
			`auth.errorHandler`
			`);`
			`}`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`adminApp.post("/auth/revoke",auth.needsPermission(""),auth.revoke,apiUtil.errorHandler);`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`}`
Merge branch '0.18' into projects 2018-01-16 12:21:54 +01:00
Allow committer details to be set per-user 2017-12-04 12:42:44 +01:00			`// Editor`
			`if (!settings.disableEditor) {`
			`editor = require("./editor");`
Split comms across api and runtime 2018-04-23 12:21:02 +02:00			`var editorApp = editor.init(server, settings, runtimeAPI);`
Allow committer details to be set per-user 2017-12-04 12:42:44 +01:00			`adminApp.use(editorApp);`
			`}`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00
Option to enable cors for editor (#886) Adds httpAdminCors setting 2016-05-31 15:55:03 +02:00			`if (settings.httpAdminCors) {`
			`var corsHandler = cors(settings.httpAdminCors);`
			`adminApp.use(corsHandler);`
			`}`
Add oauth grant 2014-11-06 23:59:48 +01:00
Move runtime settings back to adminApi from editorApi Fixes #2662 2020-07-31 16:26:21 +02:00			`var adminApiApp = require("./admin").init(settings, runtimeAPI);`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`adminApp.use(adminApiApp);`
			`} else {`
			`adminApp = null;`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`}`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`}`
More api documentation updates 2019-01-28 15:40:24 +01:00
			`/**`
			`* Start the module.`
			`* @return {Promise} resolves when the application is ready to handle requests`
			`* @memberof @node-red/editor-api`
			`*/`
Fully remove when.js dependency 2020-11-30 15:38:48 +01:00			`async function start() {`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`if (editor) {`
			`return editor.start();`
			`}`
Move comms from runtime to api component 2015-11-12 10:03:03 +01:00			`}`
More api documentation updates 2019-01-28 15:40:24 +01:00
			`/**`
			`* Stop the module.`
			`* @return {Promise} resolves when the application is stopped`
			`* @memberof @node-red/editor-api`
			`*/`
Fully remove when.js dependency 2020-11-30 15:38:48 +01:00			`async function stop() {`
Reorganise red/api layout to better componentise 2017-08-22 23:26:29 +02:00			`if (editor) {`
			`editor.stop();`
			`}`
Move comms from runtime to api component 2015-11-12 10:03:03 +01:00			`}`
Reorganise how adminApp is setup 2014-11-04 12:34:49 +01:00			`module.exports = {`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`init: init,`
Move comms from runtime to api component 2015-11-12 10:03:03 +01:00			`start: start,`
			`stop: stop,`
More api documentation updates 2019-01-28 15:40:24 +01:00
			`/**`
			`* @memberof @node-red/editor-api`
			`* @mixes @node-red/editor-api_auth`
			`*/`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`auth: {`
			`needsPermission: auth.needsPermission`
			`},`
More api documentation updates 2019-01-28 15:40:24 +01:00			`/**`
			`* The Express app used to serve the Node-RED Editor`
			`* @type ExpressApplication`
			`* @memberof @node-red/editor-api`
			`*/`
Fix up unit tests 2018-12-04 16:59:43 +01:00			`get httpAdmin() { return adminApp; }`
Functionality to get installed module info from the cli 2014-11-06 11:00:25 +01:00			`};`