Merge pull request #4178 from node-red/4169-remove-express-header

Ensure express server options are applied consistently

packages/node_modules/@node-red/editor-api/lib/admin/index.js

@@ -14,8 +14,6 @@
  * limitations under the License.
  **/
 
-var express = require("express");
-
 var nodes = require("./nodes");
 var flows = require("./flows");
 var flow = require("./flow");
@@ -37,18 +35,9 @@ module.exports = {
         plugins.init(runtimeAPI);
         diagnostics.init(settings, runtimeAPI);
 
-        var needsPermission = auth.needsPermission;
-
-        var adminApp = express();
-
-        var defaultServerSettings = {
-            "x-powered-by": false
-        }
-        var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
-        for (var eOption in serverSettings) {
-            adminApp.set(eOption, serverSettings[eOption]);
-        }
+        const needsPermission = auth.needsPermission;
 
+        const adminApp = apiUtil.createExpressApp(settings)
 
         // Flows
         adminApp.get("/flows",needsPermission("flows.read"),flows.get,apiUtil.errorHandler);

packages/node_modules/@node-red/editor-api/lib/editor/index.js

@@ -46,14 +46,15 @@ module.exports = {
         runtimeAPI = _runtimeAPI;
         needsPermission = auth.needsPermission;
         if (!settings.disableEditor) {
-            info.init(runtimeAPI);
+            info.init(settings, runtimeAPI);
             comms.init(server,settings,runtimeAPI);
 
             var ui = require("./ui");
 
             ui.init(runtimeAPI);
 
-            var editorApp = express();
+            const editorApp = apiUtil.createExpressApp(settings)
+
             if (settings.requireHttps === true) {
                 editorApp.enable('trust proxy');
                 editorApp.use(function (req, res, next) {
@@ -86,7 +87,7 @@ module.exports = {
 
             //Projects
             var projects = require("./projects");
-            projects.init(runtimeAPI);
+            projects.init(settings, runtimeAPI);
             editorApp.use("/projects",projects.app());
 
             // Locales

packages/node_modules/@node-red/editor-api/lib/editor/projects.js

@@ -14,9 +14,9 @@
  * limitations under the License.
  **/
 
-var express = require("express");
 var apiUtils = require("../util");
 
+var settings;
 var runtimeAPI;
 var needsPermission = require("../auth").needsPermission;
 
@@ -77,11 +77,12 @@ function getProjectRemotes(req,res) {
     })
 }
 module.exports = {
-    init: function(_runtimeAPI) {
+    init: function(_settings, _runtimeAPI) {
+        settings = _settings;
         runtimeAPI = _runtimeAPI;
     },
     app: function() {
-        var app = express();
+        var app = apiUtils.createExpressApp(settings)
 
         app.use(function(req,res,next) {
             runtimeAPI.projects.available().then(function(available) {

packages/node_modules/@node-red/editor-api/lib/editor/settings.js

@@ -18,9 +18,9 @@ var runtimeAPI;
 var sshkeys = require("./sshkeys");
 
 module.exports = {
-    init: function(_runtimeAPI) {
+    init: function(settings, _runtimeAPI) {
         runtimeAPI = _runtimeAPI;
-        sshkeys.init(runtimeAPI);
+        sshkeys.init(settings, runtimeAPI);
     },
     userSettings: function(req, res) {
         var opts = {

packages/node_modules/@node-red/editor-api/lib/editor/sshkeys.js

@@ -17,13 +17,15 @@
 var apiUtils = require("../util");
 var express = require("express");
 var runtimeAPI;
+var settings;
 
 module.exports = {
-    init: function(_runtimeAPI) {
+    init: function(_settings, _runtimeAPI) {
         runtimeAPI = _runtimeAPI;
+        settings = _settings;
     },
     app: function() {
-        var app = express();
+        const app = apiUtils.createExpressApp(settings);
 
         // List all SSH keys
         app.get("/", function(req,res) {

packages/node_modules/@node-red/editor-api/lib/editor/theme.js

@@ -19,6 +19,7 @@ var util = require("util");
 var path = require("path");
 var fs = require("fs");
 var clone = require("clone");
+const apiUtil = require("../util")
 
 var defaultContext = {
     page: {
@@ -39,6 +40,7 @@ var defaultContext = {
         vendorMonaco: ""
     }
 };
+var settings;
 
 var theme = null;
 var themeContext = clone(defaultContext);
@@ -91,7 +93,8 @@ function serveFilesFromTheme(themeValue, themeApp, directory, baseDirectory) {
 }
 
 module.exports = {
-    init: function(settings, _runtimeAPI) {
+    init: function(_settings, _runtimeAPI) {
+        settings = _settings;
         runtimeAPI = _runtimeAPI;
         themeContext = clone(defaultContext);
         if (process.env.NODE_ENV == "development") {
@@ -112,7 +115,15 @@ module.exports = {
         var url;
         themeSettings = {};
 
-        themeApp = express();
+        themeApp = apiUtil.createExpressApp(settings);
+        
+        const defaultServerSettings = {
+            "x-powered-by": false
+        }
+        const serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
+        for (const eOption in serverSettings) {
+            themeApp.set(eOption, serverSettings[eOption]);
+        }
 
         if (theme.page) {
 

packages/node_modules/@node-red/editor-api/lib/index.js

@@ -37,7 +37,6 @@ var adminApp;
 var server;
 var editor;
 
-
 /**
  * Initialise the module.
  * @param  {Object}     settings   The runtime settings
@@ -49,7 +48,7 @@ var editor;
 function init(settings,_server,storage,runtimeAPI) {
     server = _server;
     if (settings.httpAdminRoot !== false) {
-        adminApp = express();
+        adminApp = apiUtil.createExpressApp(settings);
 
         var cors = require('cors');
         var corsHandler = cors({
@@ -64,14 +63,6 @@ function init(settings,_server,storage,runtimeAPI) {
             }
         }
 
-        var defaultServerSettings = {
-            "x-powered-by": false
-        }
-        var serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
-        for (var eOption in serverSettings) {
-            adminApp.set(eOption, serverSettings[eOption]);
-        }
-
         auth.init(settings,storage);
 
         var maxApiRequestSize = settings.apiMaxLength || '5mb';
@@ -136,10 +127,11 @@ async function stop() {
         editor.stop();
     }
 }
+
 module.exports = {
-    init: init,
-    start: start,
-    stop: stop,
+    init,
+    start,
+    stop,
 
     /**
     * @memberof @node-red/editor-api

packages/node_modules/@node-red/editor-api/lib/util.js

@@ -14,10 +14,9 @@
  * limitations under the License.
  **/
 
+const express = require("express");
 
-var log = require("@node-red/util").log; // TODO: separate module
-var i18n = require("@node-red/util").i18n; // TODO: separate module
-
+const { log, i18n } = require("@node-red/util");
 
 module.exports = {
     errorHandler: function(err,req,res,next) {
@@ -64,5 +63,17 @@ module.exports = {
             path: req.path,
             ip: (req.headers && req.headers['x-forwarded-for']) || (req.connection && req.connection.remoteAddress) || undefined
         }
+    },
+    createExpressApp: function(settings) {
+        const app = express();
+    
+        const defaultServerSettings = {
+            "x-powered-by": false
+        }
+        const serverSettings = Object.assign({},defaultServerSettings,settings.httpServerOptions||{});
+        for (let eOption in serverSettings) {
+            app.set(eOption, serverSettings[eOption]);
+        }
+        return app
     }
 }

packages/node_modules/@node-red/runtime/lib/index.js

@@ -89,6 +89,15 @@ function init(userSettings,httpServer,_adminApi) {
 
     nodeApp = express();
     adminApp = express();
+    const defaultServerSettings = {
+        "x-powered-by": false
+    }
+    const serverSettings = Object.assign({},defaultServerSettings,userSettings.httpServerOptions||{});
+    for (let eOption in serverSettings) {
+        nodeApp.set(eOption, serverSettings[eOption]);
+        adminApp.set(eOption, serverSettings[eOption]);
+    }
+
 
     if (_adminApi) {
         adminApi = _adminApi;

test/unit/@node-red/editor-api/lib/editor/index_spec.js

@@ -61,12 +61,14 @@ describe("api/editor/index", function() {
                 sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m),"init").callsFake(function(){});
             });
             sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme"),"app").callsFake(function(){ return express()});
+            sinon.stub(NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/settings"),"sshkeys").callsFake(function(){ return express()});
         });
         after(function() {
             mockList.forEach(function(m) {
                 NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/"+m).init.restore();
             })
             NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/theme").app.restore();
+            NR_TEST_UTILS.require("@node-red/editor-api/lib/editor/settings").sshkeys.restore();
             auth.needsPermission.restore();
             log.error.restore();
         });

test/unit/@node-red/editor-api/lib/editor/settings_spec.js

@@ -41,7 +41,7 @@ describe("api/editor/settings", function() {
     });
 
     it('returns the user settings', function(done) {
-        info.init({
+        info.init({}, {
             settings: {
                 getUserSettings: function(opts) {
                     if (opts.user !== "fred") {
@@ -67,7 +67,7 @@ describe("api/editor/settings", function() {
     });
     it('updates the user settings', function(done) {
         var update;
-        info.init({
+        info.init({}, {
             settings: {
                 updateUserSettings: function(opts) {
                     if (opts.user !== "fred") {

test/unit/@node-red/editor-api/lib/editor/sshkeys_spec.js

@@ -34,7 +34,7 @@ describe("api/editor/sshkeys", function() {
         }
     }
     before(function() {
-        sshkeys.init(mockRuntime);
+        sshkeys.init({}, mockRuntime);
         app = express();
         app.use(bodyParser.json());
         app.use("/settings/user/keys", sshkeys.app());