gancio-upstream/server/helpers.js

const settingsController = require('./api/controller/settings')
const acceptLanguage = require('accept-language')
const moment = require('moment-timezone')
const config = require('config')
const debug = require('debug')('helpers')
const pkg = require('../package.json')
const fs = require('fs')
const path = require('path')
const sharp = require('sharp')
const axios = require('axios')
const crypto = require('crypto')

const DOMPurify = require('dompurify')
const { JSDOM } = require('jsdom')
const { window } = new JSDOM('<!DOCTYPE html>')
const domPurify = DOMPurify(window)
const URL = require('url')
const locales = require('../locales')

domPurify.addHook('beforeSanitizeElements', node => {
  if (node.hasAttribute && node.hasAttribute('href')) {
    const href = node.getAttribute('href')
    const text = node.textContent
    if (href.includes('fbclid=')) {
      try {
        const url = new URL.URL(href)
        url.searchParams.delete('fbclid')
        node.setAttribute('href', url.href)
        if (text.includes('fbclid=')) {
          node.textContent = url.href
        }
      } catch (e) {
        return node
      }
    }
  }
  return node
})

module.exports = {
  sanitizeHTML (html) {
    return domPurify.sanitize(html, {
      ALLOWED_TAGS: ['p', 'h1', 'h2', 'h3', 'h4', 'h5',
        'h6', 'b', 'a', 'li', 'ul', 'ol', 'code', 'blockquote', 'u', 's', 'strong'],
      ALLOWED_ATTR: ['href']
    })
  },

  async initSettings (req, res, next) {
    await settingsController.load()
    // initialize settings
    req.settings = settingsController.settings
    req.secretSettings = settingsController.secretSettings

    req.settings.baseurl = config.baseurl
    req.settings.title = req.settings.title || config.title
    req.settings.description = req.settings.description || config.description
    req.settings.version = pkg.version

    // set locale and user locale
    const acceptedLanguages = req.headers['accept-language']
    acceptLanguage.languages(Object.keys(locales))
    req.settings.locale = acceptLanguage.get(acceptedLanguages)
    req.settings.user_locale = settingsController.user_locale[req.settings.locale]
    moment.locale(req.settings.locale)
    moment.tz.setDefault(req.settings.instance_timezone)
    next()
  },

  async getImageFromURL (url) {
    debug(`getImageFromURL ${url}`)
    const filename = crypto.randomBytes(16).toString('hex') + '.webp'
    const finalPath = path.resolve(config.upload_path, filename)
    const thumbPath = path.resolve(config.upload_path, 'thumb', filename)
    const outStream = fs.createWriteStream(finalPath)
    const thumbStream = fs.createWriteStream(thumbPath)

    const resizer = sharp().resize(1200).webp({ quality: 95 })
    const thumbnailer = sharp().resize(400).webp({ quality: 90 })

    const response = await axios({ method: 'GET', url, responseType: 'stream' })

    return new Promise((resolve, reject) => {
      let onError = false
      const err = e => {
        if (onError) {
          return
        }
        onError = true
        reject(e)
      }

      response.data
        .pipe(thumbnailer)
        .on('error', err)
        .pipe(thumbStream)
        .on('error', err)

      response.data
        .pipe(resizer)
        .on('error', err)
        .pipe(outStream)
        .on('error', err)

      outStream.on('finish', () => resolve(filename))
    })
  }

}
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`const settingsController = require('./api/controller/settings')`
			`const acceptLanguage = require('accept-language')`
[mega] settings, timezone 2019-10-20 14:22:55 +02:00			`const moment = require('moment-timezone')`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`const config = require('config')`
event's API support update and image_url 2020-05-14 22:36:58 +02:00			`const debug = require('debug')('helpers')`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`const pkg = require('../package.json')`
event's API support update and image_url 2020-05-14 22:36:58 +02:00			`const fs = require('fs')`
			`const path = require('path')`
			`const sharp = require('sharp')`
			`const axios = require('axios')`
			`const crypto = require('crypto')`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00
use dompurify instead of sanitize-html 2020-02-10 00:40:23 +01:00			`const DOMPurify = require('dompurify')`
			`const { JSDOM } = require('jsdom')`
			`const { window } = new JSDOM('<!DOCTYPE html>')`
			`const domPurify = DOMPurify(window)`
			`const URL = require('url')`
refactoring locales management 2020-02-20 18:37:10 +01:00			`const locales = require('../locales')`
use dompurify instead of sanitize-html 2020-02-10 00:40:23 +01:00
			`domPurify.addHook('beforeSanitizeElements', node => {`
			`if (node.hasAttribute && node.hasAttribute('href')) {`
			`const href = node.getAttribute('href')`
			`const text = node.textContent`
			`if (href.includes('fbclid=')) {`
			`try {`
			`const url = new URL.URL(href)`
			`url.searchParams.delete('fbclid')`
			`node.setAttribute('href', url.href)`
			`if (text.includes('fbclid=')) {`
			`node.textContent = url.href`
			`}`
			`} catch (e) {`
			`return node`
			`}`
			`}`
			`}`
			`return node`
			`})`

[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`module.exports = {`
use dompurify instead of sanitize-html 2020-02-10 00:40:23 +01:00			`sanitizeHTML (html) {`
			`return domPurify.sanitize(html, {`
			`ALLOWED_TAGS: ['p', 'h1', 'h2', 'h3', 'h4', 'h5',`
			`'h6', 'b', 'a', 'li', 'ul', 'ol', 'code', 'blockquote', 'u', 's', 'strong'],`
			`ALLOWED_ATTR: ['href']`
			`})`
			`},`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00
			`async initSettings (req, res, next) {`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`await settingsController.load()`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`// initialize settings`
			`req.settings = settingsController.settings`
			`req.secretSettings = settingsController.secretSettings`

			`req.settings.baseurl = config.baseurl`
minors + set Favicon 2020-01-15 23:51:09 +01:00			`req.settings.title = req.settings.title \|\| config.title`
			`req.settings.description = req.settings.description \|\| config.description`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`req.settings.version = pkg.version`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00
			`// set locale and user locale`
			`const acceptedLanguages = req.headers['accept-language']`
refactoring locales management 2020-02-20 18:37:10 +01:00			`acceptLanguage.languages(Object.keys(locales))`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`req.settings.locale = acceptLanguage.get(acceptedLanguages)`
			`req.settings.user_locale = settingsController.user_locale[req.settings.locale]`
[mega] settings, timezone 2019-10-20 14:22:55 +02:00			`moment.locale(req.settings.locale)`
minors + set Favicon 2020-01-15 23:51:09 +01:00			`moment.tz.setDefault(req.settings.instance_timezone)`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`next()`
event's API support update and image_url 2020-05-14 22:36:58 +02:00			`},`

			`async getImageFromURL (url) {`
			debug(`getImageFromURL ${url}`)
			`const filename = crypto.randomBytes(16).toString('hex') + '.webp'`
			`const finalPath = path.resolve(config.upload_path, filename)`
			`const thumbPath = path.resolve(config.upload_path, 'thumb', filename)`
			`const outStream = fs.createWriteStream(finalPath)`
			`const thumbStream = fs.createWriteStream(thumbPath)`

			`const resizer = sharp().resize(1200).webp({ quality: 95 })`
			`const thumbnailer = sharp().resize(400).webp({ quality: 90 })`

			`const response = await axios({ method: 'GET', url, responseType: 'stream' })`

			`return new Promise((resolve, reject) => {`
			`let onError = false`
			`const err = e => {`
			`if (onError) {`
			`return`
			`}`
			`onError = true`
			`reject(e)`
			`}`

			`response.data`
			`.pipe(thumbnailer)`
			`.on('error', err)`
			`.pipe(thumbStream)`
			`.on('error', err)`

			`response.data`
			`.pipe(resizer)`
			`.on('error', err)`
			`.pipe(outStream)`
			`.on('error', err)`

			`outStream.on('finish', () => resolve(filename))`
			`})`
[refactoring] settings middleware 2019-10-11 18:34:14 +02:00			`}`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00			`}`