pigallery2/src/backend/middlewares/RenderingMWs.ts

import {NextFunction, Request, Response} from 'express';
import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';
import {Message} from '../../common/entities/Message';
import {PrivateConfigClass} from '../../common/config/private/PrivateConfigClass';
import {UserDTO, UserRoles} from '../../common/entities/UserDTO';
import {NotificationManager} from '../model/NotifocationManager';
import {Logger} from '../Logger';
import {SharingDTO} from '../../common/entities/SharingDTO';
import {Utils} from '../../common/Utils';
import {LoggerRouter} from '../routes/LoggerRouter';
import {TAGS} from '../../common/config/public/ClientConfig';
import {ExtensionConfigWrapper} from '../model/extension/ExtensionConfigWrapper';

const forcedDebug = process.env['NODE_ENV'] === 'debug';

export class RenderingMWs {
  public static renderResult(
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (typeof req.resultPipe === 'undefined') {
      return next();
    }

    return RenderingMWs.renderMessage(res, req.resultPipe);
  }

  public static renderSessionUser(
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (!req.session['user']) {
      return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR, 'User not exists'));
    }

    const user = {
      id: req.session['user'].id,
      name: req.session['user'].name,
      csrfToken: req.session['user'].csrfToken || req.csrfToken(),
      role: req.session['user'].role,
      usedSharingKey: req.session['user'].usedSharingKey,
      permissions: req.session['user'].permissions,
    } as UserDTO;

    if (!user.csrfToken && req.csrfToken) {
      user.csrfToken = req.csrfToken();
    }

    RenderingMWs.renderMessage(res, user);
  }

  public static renderSharing(
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (!req.resultPipe) {
      return next();
    }

    // eslint-disable-next-line @typescript-eslint/no-unused-vars
    const {password, creator, ...sharing} = req.resultPipe as SharingDTO;
    RenderingMWs.renderMessage(res, sharing);
  }

  public static renderSharingList(
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (!req.resultPipe) {
      return next();
    }

    const shares = Utils.clone(req.resultPipe as SharingDTO[]);
    shares.forEach((s): void => {
      delete s.password;
      delete s.creator.password;
    });
    return RenderingMWs.renderMessage(res, shares);
  }

  public static renderFile(
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (!req.resultPipe) {
      return next();
    }
    return res.sendFile(req.resultPipe as string, {
      maxAge: 31536000,
      dotfiles: 'allow',
    });
  }

  public static renderOK(
    req: Request,
    res: Response
  ): void {
    const message = new Message<string>(null, 'ok');
    res.json(message);
  }

  public static async renderConfig(
    req: Request,
    res: Response
  ): Promise<void> {
    const originalConf = await ExtensionConfigWrapper.original();
    // These are sensitive information, do not send to the client side
    originalConf.Server.sessionSecret = null;
    const originalConfJSON = JSON.parse(JSON.stringify(originalConf.toJSON({
      attachState: true,
      attachVolatile: true,
      skipTags: {secret: true} as TAGS
    }) as PrivateConfigClass));

    const message = new Message<PrivateConfigClass>(
      null,
      originalConfJSON
    );
    res.json(message);
  }

  public static renderError(
    err: Error,
    req: Request,
    res: Response,
    next: NextFunction
  ): void {
    if (err instanceof ErrorDTO) {
      if (err.details) {
        LoggerRouter.log(logFn, req, res);
        // use separate rendering for detailsStr
        const d = err.detailsStr;
        delete err.detailsStr;
        console.log(err);
        err.detailsStr = d;
        delete err.details; // do not send back error object to the client side

        // hide error details for non developers
        if (
          !(
            forcedDebug ||
            (req.session &&
              req.session['user'] &&
              req.session['user'].role >= UserRoles.Developer)
          )
        ) {
          delete err.detailsStr;
        }
      }
      const message = new Message<null>(err, null);
      res.json(message);
      return;
    }
    NotificationManager.error('Unknown server error', err, req);
    return next(err);
  }

  protected static renderMessage<T>(res: Response, content: T): void {
    const message = new Message<T>(null, content);
    res.json(message);
  }
}
Implementing template config savings #569 2022-12-28 22:12:53 +01:00			`import {NextFunction, Request, Response} from 'express';`
			`import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';`
			`import {Message} from '../../common/entities/Message';`
Fix extension loading #784, #847, fixes #855 2024-03-25 21:38:09 +01:00			`import {PrivateConfigClass} from '../../common/config/private/PrivateConfigClass';`
Implementing template config savings #569 2022-12-28 22:12:53 +01:00			`import {UserDTO, UserRoles} from '../../common/entities/UserDTO';`
			`import {NotificationManager} from '../model/NotifocationManager';`
			`import {Logger} from '../Logger';`
			`import {SharingDTO} from '../../common/entities/SharingDTO';`
			`import {Utils} from '../../common/Utils';`
			`import {LoggerRouter} from '../routes/LoggerRouter';`
			`import {TAGS} from '../../common/config/public/ClientConfig';`
Add basic configuring options #753 2023-11-13 16:51:25 +01:00			`import {ExtensionConfigWrapper} from '../model/extension/ExtensionConfigWrapper';`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
Improving debugging and error handling. 2023-01-08 11:09:16 +01:00			`const forcedDebug = process.env['NODE_ENV'] === 'debug';`

refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00			`export class RenderingMWs {`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderResult(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (typeof req.resultPipe === 'undefined') {`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return RenderingMWs.renderMessage(res, req.resultPipe);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderSessionUser(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`if (!req.session['user']) {`
improving tests 2018-03-30 15:30:30 -04:00			`return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR, 'User not exists'));`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00			`}`

fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`const user = {`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`id: req.session['user'].id,`
			`name: req.session['user'].name,`
			`csrfToken: req.session['user'].csrfToken \|\| req.csrfToken(),`
			`role: req.session['user'].role,`
			`usedSharingKey: req.session['user'].usedSharingKey,`
			`permissions: req.session['user'].permissions,`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`} as UserDTO;`
implementing csrf security for posts 2020-01-07 22:17:54 +01:00
			`if (!user.csrfToken && req.csrfToken) {`
			`user.csrfToken = req.csrfToken();`
			`}`

adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`RenderingMWs.renderMessage(res, user);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderSharing(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (!req.resultPipe) {`
implementing sharing 2017-07-03 19:17:49 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
implementing sharing 2017-07-03 19:17:49 +02:00
Code cleanup 2022-12-10 00:32:31 +01:00			`// eslint-disable-next-line @typescript-eslint/no-unused-vars`
Implementing template config savings #569 2022-12-28 22:12:53 +01:00			`const {password, creator, ...sharing} = req.resultPipe as SharingDTO;`
implementing sharing 2017-07-03 19:17:49 +02:00			`RenderingMWs.renderMessage(res, sharing);`
			`}`

upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderSharingList(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
implementing share management backend features #145 2020-09-06 14:44:25 +02:00			`if (!req.resultPipe) {`
			`return next();`
			`}`

Fixing lint errors 2022-04-25 18:09:06 +02:00			`const shares = Utils.clone(req.resultPipe as SharingDTO[]);`
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`shares.forEach((s): void => {`
Implementing sharing listing and deleting. Fixes: #145 2020-09-06 16:12:30 +02:00			`delete s.password;`
			`delete s.creator.password;`
			`});`
			`return RenderingMWs.renderMessage(res, shares);`
implementing share management backend features #145 2020-09-06 14:44:25 +02:00			`}`

upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderFile(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`if (!req.resultPipe) {`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next();`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`}`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`return res.sendFile(req.resultPipe as string, {`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`maxAge: 31536000,`
			`dotfiles: 'allow',`
			`});`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`}`

upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderOK(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`const message = new Message<string>(null, 'ok');`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`res.json(message);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static async renderConfig(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`req: Request,`
			`res: Response`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`): Promise<void> {`
Add basic configuring options #753 2023-11-13 16:51:25 +01:00			`const originalConf = await ExtensionConfigWrapper.original();`
improving security on enforced users #220 2022-01-14 11:02:17 +01:00			`// These are sensitive information, do not send to the client side`
improving code quality. restricting secret to be accessible through rest api 2020-01-03 20:28:03 +01:00			`originalConf.Server.sessionSecret = null;`
Improving integration tests. 2024-03-25 23:10:10 +01:00			`const originalConfJSON = JSON.parse(JSON.stringify(originalConf.toJSON({`
			`attachState: true,`
			`attachVolatile: true,`
			`skipTags: {secret: true} as TAGS`
			`}) as PrivateConfigClass));`

upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`const message = new Message<PrivateConfigClass>(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`null,`
Improving integration tests. 2024-03-25 23:10:10 +01:00			`originalConfJSON`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`);`
implementing database settings 2017-07-08 12:43:42 +02:00			`res.json(message);`
			`}`

upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`public static renderError(`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`err: Error,`
			`req: Request,`
			`res: Response,`
			`next: NextFunction`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`): void {`
implementing thumbnail settings 2017-07-15 12:47:11 +02:00			`if (err instanceof ErrorDTO) {`
improving config check and setting 2017-07-13 23:39:09 +02:00			`if (err.details) {`
Revert "Always use Logger class and try to log once per event" This reverts commit a57a717717a676555b4e28d5746828477c2f9811. 2024-03-31 09:28:04 +11:00			`LoggerRouter.log(logFn, req, res);`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`// use separate rendering for detailsStr`
			`const d = err.detailsStr;`
			`delete err.detailsStr;`
Revert "Always use Logger class and try to log once per event" This reverts commit a57a717717a676555b4e28d5746828477c2f9811. 2024-03-31 09:28:04 +11:00			`console.log(err);`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`err.detailsStr = d;`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`delete err.details; // do not send back error object to the client side`
minor bugfixes 2019-12-10 14:50:20 +01:00
			`// hide error details for non developers`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`if (`
making file reading issues only a warning #731 2023-10-14 19:06:12 +02:00			`!(`
			`forcedDebug \|\|`
			`(req.session &&`
			`req.session['user'] &&`
			`req.session['user'].role >= UserRoles.Developer)`
			`)`
upgrading to bootstrap 5 2022-04-04 19:37:31 +02:00			`) {`
			`delete err.detailsStr;`
improving config check and setting 2017-07-13 23:39:09 +02:00			`}`
implementing improved error handling 2017-07-09 14:23:50 +02:00			`}`
Fixing lint errors 2022-04-25 18:09:06 +02:00			`const message = new Message<null>(err, null);`
			`res.json(message);`
			`return;`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00			`}`
Improving notification and CSRF error logging 2020-12-27 18:57:02 +01:00			`NotificationManager.error('Unknown server error', err, req);`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`return next(err);`
			`}`
refactoring middleware rendering methods 2016-03-26 11:19:10 +01:00
fixing linting erros. adding tslint to pretest 2021-04-18 15:48:35 +02:00			`protected static renderMessage<T>(res: Response, content: T): void {`
adding url base, improving code quality 2018-05-12 12:19:51 -04:00			`const message = new Message<T>(null, content);`
adding angular-cli support (causes major refactoring) 2017-06-10 22:32:56 +02:00			`res.json(message);`
			`}`
			`}`