pigallery2/src/backend/middlewares/RenderingMWs.ts

import {NextFunction, Request, Response} from 'express';
import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';
import {Message} from '../../common/entities/Message';
import {Config, PrivateConfigClass} from '../../common/config/private/Config';
import {UserDTO, UserRoles} from '../../common/entities/UserDTO';
import {NotificationManager} from '../model/NotifocationManager';
import {Logger} from '../Logger';
import {SharingDTO} from '../../common/entities/SharingDTO';
import {Utils} from '../../common/Utils';
import {LoggerRouter} from '../routes/LoggerRouter';

export class RenderingMWs {

  public static renderResult(req: Request, res: Response, next: NextFunction): any {
    if (typeof req.resultPipe === 'undefined') {
      return next();
    }

    return RenderingMWs.renderMessage(res, req.resultPipe);
  }


  public static renderSessionUser(req: Request, res: Response, next: NextFunction): any {
    if (!(req.session.user)) {
      return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR, 'User not exists'));
    }

    const user = {
      id: req.session.user.id,
      name: req.session.user.name,
      csrfToken: req.session.user.csrfToken || req.csrfToken(),
      role: req.session.user.role,
      usedSharingKey: req.session.user.usedSharingKey,
      permissions: req.session.user.permissions
    } as UserDTO;

    if (!user.csrfToken && req.csrfToken) {
      user.csrfToken = req.csrfToken();
    }

    RenderingMWs.renderMessage(res, user);
  }

  public static renderSharing(req: Request, res: Response, next: NextFunction): any {
    if (!req.resultPipe) {
      return next();
    }

    const {password, creator, ...sharing} = req.resultPipe;
    RenderingMWs.renderMessage(res, sharing);
  }


  public static renderSharingList(req: Request, res: Response, next: NextFunction): any {
    if (!req.resultPipe) {
      return next();
    }

    const shares: SharingDTO[] = Utils.clone(req.resultPipe);
    shares.forEach((s): void => {
      delete s.password;
      delete s.creator.password;
    });
    return RenderingMWs.renderMessage(res, shares);
  }

  public static renderFile(req: Request, res: Response, next: NextFunction): any {
    if (!req.resultPipe) {
      return next();
    }
    return res.sendFile(req.resultPipe, {maxAge: 31536000, dotfiles: 'allow'});
  }

  public static renderOK(req: Request, res: Response, next: NextFunction): void {
    const message = new Message<string>(null, 'ok');
    res.json(message);
  }


  public static async renderConfig(req: Request, res: Response, next: NextFunction): Promise<void> {
    const originalConf = await Config.original();
    // These are sensitive information, do not send to the client side
    originalConf.Server.sessionSecret = null;
    originalConf.Server.Database.enforcedUsers = null;
    const message = new Message<PrivateConfigClass>(null, originalConf.toJSON({
      attachState: true,
      attachVolatile: true
    }) as any);
    res.json(message);
  }


  public static renderError(err: any, req: Request, res: Response, next: NextFunction): any {

    if (err instanceof ErrorDTO) {
      if (err.details) {
        Logger.warn('Handled error:');
        LoggerRouter.log(Logger.warn, req, res);
        console.log(err);
        delete (err.details); // do not send back error object to the client side

        // hide error details for non developers
        if (!(req.session && req.session.user && req.session.user.role >= UserRoles.Developer)) {
          delete (err.detailsStr);
        }
      }
      const message = new Message<any>(err, null);
      return res.json(message);
    }
    NotificationManager.error('Unknown server error', err, req);
    return next(err);
  }


  protected static renderMessage<T>(res: Response, content: T): void {
    const message = new Message<T>(null, content);
    res.json(message);
  }


}
improving tests 2018-03-30 15:30:30 -04:00			`import {NextFunction, Request, Response} from 'express';`
			`import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';`
			`import {Message} from '../../common/entities/Message';`
upgrading to typeconfig2.0 2020-01-28 18:36:52 +01:00			`import {Config, PrivateConfigClass} from '../../common/config/private/Config';`
implementing csrf security for posts 2020-01-07 22:17:54 +01:00			`import {UserDTO, UserRoles} from '../../common/entities/UserDTO';`
improving tests 2018-03-30 15:30:30 -04:00			`import {NotificationManager} from '../model/NotifocationManager';`
			`import {Logger} from '../Logger';`
implementing share management backend features #145 2020-09-06 14:44:25 +02:00			`import {SharingDTO} from '../../common/entities/SharingDTO';`
Implementing sharing listing and deleting. Fixes: #145 2020-09-06 16:12:30 +02:00			`import {Utils} from '../../common/Utils';`
Improving error logging for handled server side errors. Looking for: "ForbiddenError: invalid csrf token" 2020-12-25 10:36:49 +01:00			`import {LoggerRouter} from '../routes/LoggerRouter';`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
			`export class RenderingMWs {`

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderResult(req: Request, res: Response, next: NextFunction): any {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (typeof req.resultPipe === 'undefined') {`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return RenderingMWs.renderMessage(res, req.resultPipe);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderSessionUser(req: Request, res: Response, next: NextFunction): any {`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`if (!(req.session.user)) {`
improving tests 2018-03-30 15:30:30 -04:00			`return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR, 'User not exists'));`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00			`}`

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`const user = {`
implementing csrf security for posts 2020-01-07 22:17:54 +01:00			`id: req.session.user.id,`
			`name: req.session.user.name,`
			`csrfToken: req.session.user.csrfToken \|\| req.csrfToken(),`
			`role: req.session.user.role,`
			`usedSharingKey: req.session.user.usedSharingKey,`
			`permissions: req.session.user.permissions`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`} as UserDTO;`
implementing csrf security for posts 2020-01-07 22:17:54 +01:00
			`if (!user.csrfToken && req.csrfToken) {`
			`user.csrfToken = req.csrfToken();`
			`}`

adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`RenderingMWs.renderMessage(res, user);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderSharing(req: Request, res: Response, next: NextFunction): any {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (!req.resultPipe) {`
implementing sharing 2017-07-03 19:17:49 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
implementing sharing 2017-07-03 19:17:49 +02:00
implementing csrf security for posts 2020-01-07 22:17:54 +01:00			`const {password, creator, ...sharing} = req.resultPipe;`
implementing sharing 2017-07-03 19:17:49 +02:00			`RenderingMWs.renderMessage(res, sharing);`
			`}`

implementing share management backend features #145 2020-09-06 14:44:25 +02:00
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderSharingList(req: Request, res: Response, next: NextFunction): any {`
implementing share management backend features #145 2020-09-06 14:44:25 +02:00			`if (!req.resultPipe) {`
			`return next();`
			`}`

Implementing sharing listing and deleting. Fixes: #145 2020-09-06 16:12:30 +02:00			`const shares: SharingDTO[] = Utils.clone(req.resultPipe);`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`shares.forEach((s): void => {`
Implementing sharing listing and deleting. Fixes: #145 2020-09-06 16:12:30 +02:00			`delete s.password;`
			`delete s.creator.password;`
			`});`
			`return RenderingMWs.renderMessage(res, shares);`
implementing share management backend features #145 2020-09-06 14:44:25 +02:00			`}`

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderFile(req: Request, res: Response, next: NextFunction): any {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (!req.resultPipe) {`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
adding dotfile support 2019-12-29 23:25:22 +01:00			`return res.sendFile(req.resultPipe, {maxAge: 31536000, dotfiles: 'allow'});`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`}`

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static renderOK(req: Request, res: Response, next: NextFunction): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`const message = new Message<string>(null, 'ok');`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`res.json(message);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
implementing database settings 2017-07-08 12:43:42 +02:00
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`public static async renderConfig(req: Request, res: Response, next: NextFunction): Promise<void> {`
upgrading to typeconfig2.0 2020-01-28 18:36:52 +01:00			`const originalConf = await Config.original();`
improving security on enforced users #220 2022-01-14 11:02:17 +01:00			`// These are sensitive information, do not send to the client side`
improving code quality. restricting secret to be accessible through rest api 2020-01-03 20:28:03 +01:00			`originalConf.Server.sessionSecret = null;`
improving security on enforced users #220 2022-01-14 11:02:17 +01:00			`originalConf.Server.Database.enforcedUsers = null;`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`const message = new Message<PrivateConfigClass>(null, originalConf.toJSON({`
implementing advanced settings 2020-02-04 19:37:47 +01:00			`attachState: true,`
			`attachVolatile: true`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`}) as any);`
implementing database settings 2017-07-08 12:43:42 +02:00			`res.json(message);`
			`}`


adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`public static renderError(err: any, req: Request, res: Response, next: NextFunction): any {`
implementing improved error handling 2017-07-09 14:23:50 +02:00
implementing thumbnail settings 2017-07-15 12:47:11 +02:00			`if (err instanceof ErrorDTO) {`
improving config check and setting 2017-07-13 23:39:09 +02:00			`if (err.details) {`
fixing language switching error 2019-01-02 21:21:20 +01:00			`Logger.warn('Handled error:');`
Improving error logging for handled server side errors. Looking for: "ForbiddenError: invalid csrf token" 2020-12-25 10:36:49 +01:00			`LoggerRouter.log(Logger.warn, req, res);`
fixing language switching error 2019-01-02 21:21:20 +01:00			`console.log(err);`
minor bugfixes 2019-12-10 14:50:20 +01:00			`delete (err.details); // do not send back error object to the client side`

			`// hide error details for non developers`
Fixing issue with filenames containing # and % fixes #276 and fixes #272 2021-05-04 22:43:19 +02:00			`if (!(req.session && req.session.user && req.session.user.role >= UserRoles.Developer)) {`
minor bugfixes 2019-12-10 14:50:20 +01:00			`delete (err.detailsStr);`
improving config check and setting 2017-07-13 23:39:09 +02:00			`}`
implementing improved error handling 2017-07-09 14:23:50 +02:00			`}`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`const message = new Message<any>(err, null);`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return res.json(message);`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00			`}`
Improving notification and CSRF error logging 2020-12-27 18:57:02 +01:00			`NotificationManager.error('Unknown server error', err, req);`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next(err);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`protected static renderMessage<T>(res: Response, content: T): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`const message = new Message<T>(null, content);`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`res.json(message);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00

adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`}`