Ensure express server options are applied consistently

Fixes #4169
This commit is contained in:
Nick O'Leary 2023-05-22 10:54:37 +01:00
parent 55a9a29f76
commit 57359d1659
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
12 changed files with 62 additions and 44 deletions

View File

@ -14,8 +14,6 @@
* limitations under the License. * limitations under the License.
**/ **/
var express = require("express");
var nodes = require("./nodes"); var nodes = require("./nodes");
var flows = require("./flows"); var flows = require("./flows");
var flow = require("./flow"); var flow = require("./flow");
@ -37,18 +35,9 @@ module.exports = {
plugins.init(runtimeAPI); plugins.init(runtimeAPI);
diagnostics.init(settings, runtimeAPI); diagnostics.init(settings, runtimeAPI);
var needsPermission = auth.needsPermission; const needsPermission = auth.needsPermission;
var adminApp = express();
var defaultServerSettings = {
"x-powered-by": false
}
var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
for (var eOption in serverSettings) {
adminApp.set(eOption, serverSettings[eOption]);
}
const adminApp = apiUtil.createExpressApp(settings)
// Flows // Flows
adminApp.get("/flows",needsPermission("flows.read"),flows.get,apiUtil.errorHandler); adminApp.get("/flows",needsPermission("flows.read"),flows.get,apiUtil.errorHandler);

View File

@ -46,14 +46,15 @@ module.exports = {
runtimeAPI = _runtimeAPI; runtimeAPI = _runtimeAPI;
needsPermission = auth.needsPermission; needsPermission = auth.needsPermission;
if (!settings.disableEditor) { if (!settings.disableEditor) {
info.init(runtimeAPI); info.init(settings, runtimeAPI);
comms.init(server,settings,runtimeAPI); comms.init(server,settings,runtimeAPI);
var ui = require("./ui"); var ui = require("./ui");
ui.init(runtimeAPI); ui.init(runtimeAPI);
var editorApp = express(); const editorApp = apiUtil.createExpressApp(settings)
if (settings.requireHttps === true) { if (settings.requireHttps === true) {
editorApp.enable('trust proxy'); editorApp.enable('trust proxy');
editorApp.use(function (req, res, next) { editorApp.use(function (req, res, next) {
@ -86,7 +87,7 @@ module.exports = {
//Projects //Projects
var projects = require("./projects"); var projects = require("./projects");
projects.init(runtimeAPI); projects.init(settings, runtimeAPI);
editorApp.use("/projects",projects.app()); editorApp.use("/projects",projects.app());
// Locales // Locales

View File

@ -14,9 +14,9 @@
* limitations under the License. * limitations under the License.
**/ **/
var express = require("express");
var apiUtils = require("../util"); var apiUtils = require("../util");
var settings;
var runtimeAPI; var runtimeAPI;
var needsPermission = require("../auth").needsPermission; var needsPermission = require("../auth").needsPermission;
@ -77,11 +77,12 @@ function getProjectRemotes(req,res) {
}) })
} }
module.exports = { module.exports = {
init: function(_runtimeAPI) { init: function(_settings, _runtimeAPI) {
settings = _settings;
runtimeAPI = _runtimeAPI; runtimeAPI = _runtimeAPI;
}, },
app: function() { app: function() {
var app = express(); var app = apiUtils.createExpressApp(settings)
app.use(function(req,res,next) { app.use(function(req,res,next) {
runtimeAPI.projects.available().then(function(available) { runtimeAPI.projects.available().then(function(available) {

View File

@ -18,9 +18,9 @@ var runtimeAPI;
var sshkeys = require("./sshkeys"); var sshkeys = require("./sshkeys");
module.exports = { module.exports = {
init: function(_runtimeAPI) { init: function(settings, _runtimeAPI) {
runtimeAPI = _runtimeAPI; runtimeAPI = _runtimeAPI;
sshkeys.init(runtimeAPI); sshkeys.init(settings, runtimeAPI);
}, },
userSettings: function(req, res) { userSettings: function(req, res) {
var opts = { var opts = {

View File

@ -17,13 +17,15 @@
var apiUtils = require("../util"); var apiUtils = require("../util");
var express = require("express"); var express = require("express");
var runtimeAPI; var runtimeAPI;
var settings;
module.exports = { module.exports = {
init: function(_runtimeAPI) { init: function(_settings, _runtimeAPI) {
runtimeAPI = _runtimeAPI; runtimeAPI = _runtimeAPI;
settings = _settings;
}, },
app: function() { app: function() {
var app = express(); const app = apiUtils.createExpressApp(settings);
// List all SSH keys // List all SSH keys
app.get("/", function(req,res) { app.get("/", function(req,res) {

View File

@ -19,6 +19,7 @@ var util = require("util");
var path = require("path"); var path = require("path");
var fs = require("fs"); var fs = require("fs");
var clone = require("clone"); var clone = require("clone");
const apiUtil = require("../util")
var defaultContext = { var defaultContext = {
page: { page: {
@ -40,6 +41,7 @@ var defaultContext = {
vendorMonaco: "" vendorMonaco: ""
} }
}; };
var settings;
var theme = null; var theme = null;
var themeContext = clone(defaultContext); var themeContext = clone(defaultContext);
@ -92,7 +94,8 @@ function serveFilesFromTheme(themeValue, themeApp, directory, baseDirectory) {
} }
module.exports = { module.exports = {
init: function(settings, _runtimeAPI) { init: function(_settings, _runtimeAPI) {
settings = _settings;
runtimeAPI = _runtimeAPI; runtimeAPI = _runtimeAPI;
themeContext = clone(defaultContext); themeContext = clone(defaultContext);
if (process.env.NODE_ENV == "development") { if (process.env.NODE_ENV == "development") {
@ -113,7 +116,15 @@ module.exports = {
var url; var url;
themeSettings = {}; themeSettings = {};
themeApp = express(); themeApp = apiUtil.createExpressApp(settings);
const defaultServerSettings = {
"x-powered-by": false
}
const serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
for (const eOption in serverSettings) {
themeApp.set(eOption, serverSettings[eOption]);
}
if (theme.page) { if (theme.page) {

View File

@ -37,7 +37,6 @@ var adminApp;
var server; var server;
var editor; var editor;
/** /**
* Initialise the module. * Initialise the module.
* @param {Object} settings The runtime settings * @param {Object} settings The runtime settings
@ -49,7 +48,7 @@ var editor;
function init(settings,_server,storage,runtimeAPI) { function init(settings,_server,storage,runtimeAPI) {
server = _server; server = _server;
if (settings.httpAdminRoot !== false) { if (settings.httpAdminRoot !== false) {
adminApp = express(); adminApp = apiUtil.createExpressApp(settings);
var cors = require('cors'); var cors = require('cors');
var corsHandler = cors({ var corsHandler = cors({
@ -64,14 +63,6 @@ function init(settings,_server,storage,runtimeAPI) {
} }
} }
var defaultServerSettings = {
"x-powered-by": false
}
var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
for (var eOption in serverSettings) {
adminApp.set(eOption, serverSettings[eOption]);
}
auth.init(settings,storage); auth.init(settings,storage);
var maxApiRequestSize = settings.apiMaxLength || '5mb'; var maxApiRequestSize = settings.apiMaxLength || '5mb';
@ -136,10 +127,11 @@ async function stop() {
editor.stop(); editor.stop();
} }
} }
module.exports = { module.exports = {
init: init, init,
start: start, start,
stop: stop, stop,
/** /**
* @memberof @node-red/editor-api * @memberof @node-red/editor-api

View File

@ -14,10 +14,9 @@
* limitations under the License. * limitations under the License.
**/ **/
const express = require("express");
var log = require("@node-red/util").log; // TODO: separate module const { log, i18n } = require("@node-red/util");
var i18n = require("@node-red/util").i18n; // TODO: separate module
module.exports = { module.exports = {
errorHandler: function(err,req,res,next) { errorHandler: function(err,req,res,next) {
@ -64,5 +63,17 @@ module.exports = {
path: req.path, path: req.path,
ip: (req.headers && req.headers['x-forwarded-for']) || (req.connection && req.connection.remoteAddress) || undefined ip: (req.headers && req.headers['x-forwarded-for']) || (req.connection && req.connection.remoteAddress) || undefined
} }
},
createExpressApp: function(settings) {
const app = express();
const defaultServerSettings = {
"x-powered-by": false
}
const serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
for (let eOption in serverSettings) {
app.set(eOption, serverSettings[eOption]);
}
return app
} }
} }

View File

@ -89,6 +89,15 @@ function init(userSettings,httpServer,_adminApi) {
nodeApp = express(); nodeApp = express();
adminApp = express(); adminApp = express();
const defaultServerSettings = {
"x-powered-by": false
}
const serverSettings = Object.assign({},defaultServerSettings,userSettings.httpServerOptions||{});
for (let eOption in serverSettings) {
nodeApp.set(eOption, serverSettings[eOption]);
adminApp.set(eOption, serverSettings[eOption]);
}
if (_adminApi) { if (_adminApi) {
adminApi = _adminApi; adminApi = _adminApi;

View File

@ -61,12 +61,14 @@ describe("api/editor/index", function() {
sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m),"init").callsFake(function(){}); sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m),"init").callsFake(function(){});
}); });
sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme"),"app").callsFake(function(){ return express()}); sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme"),"app").callsFake(function(){ return express()});
sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/settings"),"sshkeys").callsFake(function(){ return express()});
}); });
after(function() { after(function() {
mockList.forEach(function(m) { mockList.forEach(function(m) {
NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m).init.restore(); NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m).init.restore();
}) })
NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme").app.restore(); NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme").app.restore();
NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/settings").sshkeys.restore();
auth.needsPermission.restore(); auth.needsPermission.restore();
log.error.restore(); log.error.restore();
}); });

View File

@ -41,7 +41,7 @@ describe("api/editor/settings", function() {
}); });
it('returns the user settings', function(done) { it('returns the user settings', function(done) {
info.init({ info.init({}, {
settings: { settings: {
getUserSettings: function(opts) { getUserSettings: function(opts) {
if (opts.user !== "fred") { if (opts.user !== "fred") {
@ -67,7 +67,7 @@ describe("api/editor/settings", function() {
}); });
it('updates the user settings', function(done) { it('updates the user settings', function(done) {
var update; var update;
info.init({ info.init({}, {
settings: { settings: {
updateUserSettings: function(opts) { updateUserSettings: function(opts) {
if (opts.user !== "fred") { if (opts.user !== "fred") {

View File

@ -34,7 +34,7 @@ describe("api/editor/sshkeys", function() {
} }
} }
before(function() { before(function() {
sshkeys.init(mockRuntime); sshkeys.init({}, mockRuntime);
app = express(); app = express();
app.use(bodyParser.json()); app.use(bodyParser.json());
app.use("/settings/user/keys", sshkeys.app()); app.use("/settings/user/keys", sshkeys.app());