صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
wiki
/
weseek__growi
mirrorاز https://github.com/weseek/growi
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 7eccd2fa39
شاخه‌ها تگ‌ها
weseek__growi
/
packages
/
app
/
src
/
server
/
routes
/
index.js

index.js 16 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221 
  1. import express from 'express';
    2. 

  2. 

  3. import injectResetOrderByTokenMiddleware from '../middlewares/inject-reset-order-by-token-middleware';
    4. 

  4. import injectUserRegistrationOrderByTokenMiddleware from '../middlewares/inject-user-registration-order-by-token-middleware';
    5. 

  5. import apiV1FormValidator from '../middlewares/apiv1-form-validator';
    6. 

  6. 

  7. import * as loginFormValidator from '../middlewares/login-form-validator';
    8. 

  8. import * as registerFormValidator from '../middlewares/register-form-validator';
    9. 

  9. 

  10. import * as forgotPassword from './forgot-password';
    11. 

  11. import * as privateLegacyPages from './private-legacy-pages';
    12. 

  12. import * as allInAppNotifications from './all-in-app-notifications';
    13. 

  13. import * as userActivation from './user-activation';
    14. 

  14. 

  15. const multer = require('multer');
    16. 

  16. const autoReap = require('multer-autoreap');
    17. 

  17. const rateLimit = require('express-rate-limit');
    18. 

  18. 

  19. const apiLimiter = rateLimit({
    20. 

  20.   windowMs: 15 * 60 * 1000, // 15 minutes
    21. 

  21.   max: 10, // limit each IP to 10 requests per windowMs
    22. 

  22.   message:
    23. 

  23.     'Too many requests sent from this IP, please try again after 15 minutes',
    24. 

  24. });
    25. 

  25. 

  26. autoReap.options.reapOnError = true; // continue reaping the file even if an error occurs
    27. 

  27. 

  28. module.exports = function(crowi, app) {
    29. 

  29.   const autoReconnectToSearch = require('../middlewares/auto-reconnect-to-search')(crowi);
    30. 

  30.   const applicationNotInstalled = require('../middlewares/application-not-installed')(crowi);
    31. 

  31.   const applicationInstalled = require('../middlewares/application-installed')(crowi);
    32. 

  32.   const accessTokenParser = require('../middlewares/access-token-parser')(crowi);
    33. 

  33.   const loginRequiredStrictly = require('../middlewares/login-required')(crowi);
    34. 

  34.   const loginRequired = require('../middlewares/login-required')(crowi, true);
    35. 

  35.   const adminRequired = require('../middlewares/admin-required')(crowi);
    36. 

  36.   const certifySharedFile = require('../middlewares/certify-shared-file')(crowi);
    37. 

  37.   const csrf = require('../middlewares/csrf')(crowi);
    38. 

  38.   const injectUserUISettings = require('../middlewares/inject-user-ui-settings-to-localvars')();
    39. 

  39. 

  40.   const uploads = multer({ dest: `${crowi.tmpDir}uploads` });
    41. 

  41.   const page = require('./page')(crowi, app);
    42. 

  42.   const login = require('./login')(crowi, app);
    43. 

  43.   const loginPassport = require('./login-passport')(crowi, app);
    44. 

  44.   const logout = require('./logout')(crowi, app);
    45. 

  45.   const me = require('./me')(crowi, app);
    46. 

  46.   const admin = require('./admin')(crowi, app);
    47. 

  47.   const user = require('./user')(crowi, app);
    48. 

  48.   const attachment = require('./attachment')(crowi, app);
    49. 

  49.   const comment = require('./comment')(crowi, app);
    50. 

  50.   const tag = require('./tag')(crowi, app);
    51. 

  51.   const search = require('./search')(crowi, app);
    52. 

  52.   const hackmd = require('./hackmd')(crowi, app);
    53. 

  53.   const ogp = require('./ogp')(crowi);
    54. 

  54. 

  55.   const isInstalled = crowi.configManager.getConfig('crowi', 'app:installed');
    56. 

  56. 

  57.   /* eslint-disable max-len, comma-spacing, no-multi-spaces */
    58. 

  58. 

  59.   // API v3
    60. 

  60.   app.use('/api-docs', require('./apiv3/docs')(crowi));
    61. 

  61.   app.use('/_api/v3', require('./apiv3')(crowi));
    62. 

  62. 

  63.   app.get('/'                         , applicationInstalled, loginRequired, autoReconnectToSearch, injectUserUISettings, page.showTopPage);
    64. 

  64. 

  65.   app.get('/login/error/:reason'      , applicationInstalled, login.error);
    66. 

  66.   app.get('/login'                    , applicationInstalled, login.preLogin, login.login);
    67. 

  67.   app.get('/login/invited'            , applicationInstalled, login.invited);
    68. 

  68.   app.post('/login/activateInvited'   , apiLimiter , applicationInstalled, loginFormValidator.inviteRules(), loginFormValidator.inviteValidation, csrf, login.invited);
    69. 

  69.   app.post('/login'                   , apiLimiter , applicationInstalled, loginFormValidator.loginRules(), loginFormValidator.loginValidation, csrf, loginPassport.loginWithLocal, loginPassport.loginWithLdap, loginPassport.loginFailure);
    70. 

  70. 

  71.   app.post('/register'                , apiLimiter , applicationInstalled, registerFormValidator.registerRules(), registerFormValidator.registerValidation, csrf, login.register);
    72. 

  72.   app.get('/register'                 , applicationInstalled, login.preLogin, login.register);
    73. 

  73.   app.get('/logout'                   , applicationInstalled, logout.logout);
    74. 

  74. 

  75.   app.get('/admin'                    , applicationInstalled, loginRequiredStrictly , adminRequired , admin.index);
    76. 

  76.   app.get('/admin/app'                , applicationInstalled, loginRequiredStrictly , adminRequired , admin.app.index);
    77. 

  77. 

  78.   // installer
    79. 

  79.   if (!isInstalled) {
    80. 

  80.     const installer = require('./installer')(crowi);
    81. 

  81.     app.get('/installer'              , applicationNotInstalled , installer.index);
    82. 

  82.     app.post('/installer'             , apiLimiter , applicationNotInstalled , registerFormValidator.registerRules(), registerFormValidator.registerValidation, csrf, installer.install);
    83. 

  83.     return;
    84. 

  84.   }
    85. 

  85. 

  86.   // OAuth
    87. 

  87.   app.get('/passport/google'                      , loginPassport.loginWithGoogle, loginPassport.loginFailure);
    88. 

  88.   app.get('/passport/github'                      , loginPassport.loginWithGitHub, loginPassport.loginFailure);
    89. 

  89.   app.get('/passport/twitter'                     , loginPassport.loginWithTwitter, loginPassport.loginFailure);
    90. 

  90.   app.get('/passport/oidc'                        , loginPassport.loginWithOidc, loginPassport.loginFailure);
    91. 

  91.   app.get('/passport/saml'                        , loginPassport.loginWithSaml, loginPassport.loginFailure);
    92. 

  92.   app.get('/passport/basic'                       , loginPassport.loginWithBasic, loginPassport.loginFailure);
    93. 

  93.   app.get('/passport/google/callback'             , loginPassport.loginPassportGoogleCallback   , loginPassport.loginFailure);
    94. 

  94.   app.get('/passport/github/callback'             , loginPassport.loginPassportGitHubCallback   , loginPassport.loginFailure);
    95. 

  95.   app.get('/passport/twitter/callback'            , loginPassport.loginPassportTwitterCallback  , loginPassport.loginFailure);
    96. 

  96.   app.get('/passport/oidc/callback'               , loginPassport.loginPassportOidcCallback     , loginPassport.loginFailure);
    97. 

  97.   app.post('/passport/saml/callback'              , loginPassport.loginPassportSamlCallback     , loginPassport.loginFailure);
    98. 

  98. 

  99.   app.post('/_api/login/testLdap'    , apiLimiter , loginRequiredStrictly , loginFormValidator.loginRules() , loginFormValidator.loginValidation , loginPassport.testLdapCredentials);
    100. 

  100. 

  101.   // security admin
    102. 

  102.   app.get('/admin/security'          , loginRequiredStrictly , adminRequired , admin.security.index);
    103. 

  103. 

  104.   // markdown admin
    105. 

  105.   app.get('/admin/markdown'          , loginRequiredStrictly , adminRequired , admin.markdown.index);
    106. 

  106. 

  107.   // customize admin
    108. 

  108.   app.get('/admin/customize'         , loginRequiredStrictly , adminRequired , admin.customize.index);
    109. 

  109. 

  110.   // search admin
    111. 

  111.   app.get('/admin/search'            , loginRequiredStrictly , adminRequired , admin.search.index);
    112. 

  112. 

  113.   // notification admin
    114. 

  114.   app.get('/admin/notification'                         , loginRequiredStrictly , adminRequired , admin.notification.index);
    115. 

  115.   app.get('/admin/notification/slackAuth'               , loginRequiredStrictly , adminRequired , admin.notification.slackAuth);
    116. 

  116.   app.get('/admin/notification/slackSetting/disconnect' , loginRequiredStrictly , adminRequired , admin.notification.disconnectFromSlack);
    117. 

  117.   app.get('/admin/global-notification/new'              , loginRequiredStrictly , adminRequired , admin.globalNotification.detail);
    118. 

  118.   app.get('/admin/global-notification/:id'              , loginRequiredStrictly , adminRequired , admin.globalNotification.detail);
    119. 

  119.   app.get('/admin/slack-integration-legacy'             , loginRequiredStrictly , adminRequired,  admin.slackIntegrationLegacy);
    120. 

  120.   app.get('/admin/slack-integration'                    , loginRequiredStrictly , adminRequired,  admin.slackIntegration);
    121. 

  121. 

  122.   app.get('/admin/users'                                , loginRequiredStrictly , adminRequired , admin.user.index);
    123. 

  123. 

  124.   app.get('/admin/users/external-accounts'              , loginRequiredStrictly , adminRequired , admin.externalAccount.index);
    125. 

  125. 

  126.   // user-groups admin
    127. 

  127.   app.get('/admin/user-groups'                          , loginRequiredStrictly, adminRequired, admin.userGroup.index);
    128. 

  128.   app.get('/admin/user-group-detail/:id'                , loginRequiredStrictly, adminRequired, admin.userGroup.detail);
    129. 

  129. 

  130.   // importer management for admin
    131. 

  131.   app.get('/admin/importer'                     , loginRequiredStrictly , adminRequired , admin.importer.index);
    132. 

  132.   app.post('/_api/admin/settings/importerEsa'   , loginRequiredStrictly , adminRequired , csrf, admin.importer.api.validators.importer.esa(),admin.api.importerSettingEsa);
    133. 

  133.   app.post('/_api/admin/settings/importerQiita' , loginRequiredStrictly , adminRequired , csrf , admin.importer.api.validators.importer.qiita(), admin.api.importerSettingQiita);
    134. 

  134.   app.post('/_api/admin/import/esa'             , loginRequiredStrictly , adminRequired , admin.api.importDataFromEsa);
    135. 

  135.   app.post('/_api/admin/import/testEsaAPI'      , loginRequiredStrictly , adminRequired , csrf, admin.api.testEsaAPI);
    136. 

  136.   app.post('/_api/admin/import/qiita'           , loginRequiredStrictly , adminRequired , admin.api.importDataFromQiita);
    137. 

  137.   app.post('/_api/admin/import/testQiitaAPI'    , loginRequiredStrictly , adminRequired , csrf, admin.api.testQiitaAPI);
    138. 

  138. 

  139.   // export management for admin
    140. 

  140.   app.get('/admin/export'                       , loginRequiredStrictly , adminRequired ,admin.export.index);
    141. 

  141.   app.get('/admin/export/:fileName'             , loginRequiredStrictly , adminRequired ,admin.export.api.validators.export.download(), admin.export.download);
    142. 

  142. 

  143.   app.get('/admin/*'                            , loginRequiredStrictly ,adminRequired, admin.notFound.index);
    144. 

  144. 

  145.   app.get('/me'                                 , loginRequiredStrictly, injectUserUISettings, me.index);
    146. 

  146.   // external-accounts
    147. 

  147.   // my in-app-notifications
    148. 

  148.   app.get('/me/all-in-app-notifications'   , loginRequiredStrictly, allInAppNotifications.list);
    149. 

  149.   app.get('/me/external-accounts'               , loginRequiredStrictly, injectUserUISettings, me.externalAccounts.list);
    150. 

  150.   // my drafts
    151. 

  151.   app.get('/me/drafts'                          , loginRequiredStrictly, injectUserUISettings, me.drafts.list);
    152. 

  152. 

  153.   app.get('/attachment/:id([0-9a-z]{24})' , certifySharedFile , loginRequired, attachment.api.get);
    154. 

  154.   app.get('/attachment/profile/:id([0-9a-z]{24})' , loginRequired, attachment.api.get);
    155. 

  155.   app.get('/attachment/:pageId/:fileName'       , loginRequired, attachment.api.obsoletedGetForMongoDB); // DEPRECATED: remains for backward compatibility for v3.3.x or below
    156. 

  156.   app.get('/download/:id([0-9a-z]{24})'         , loginRequired, attachment.api.download);
    157. 

  157. 

  158.   app.get('/_search'                            , loginRequired, injectUserUISettings, search.searchPage);
    159. 

  159.   app.get('/_api/search'                        , accessTokenParser , loginRequired , search.api.search);
    160. 

  160. 

  161.   app.get('/_api/check_username'           , user.api.checkUsername);
    162. 

  162.   app.get('/_api/me/user-group-relations'  , accessTokenParser , loginRequiredStrictly , me.api.userGroupRelations);
    163. 

  163. 

  164.   // HTTP RPC Styled API (に徐々に移行していいこうと思う)
    165. 

  165.   app.get('/_api/pages.list'          , accessTokenParser , loginRequired , page.api.list);
    166. 

  166.   app.post('/_api/pages.update'       , accessTokenParser , loginRequiredStrictly , csrf, page.api.update);
    167. 

  167.   app.get('/_api/pages.exist'         , accessTokenParser , loginRequired , page.api.exist);
    168. 

  168.   app.get('/_api/pages.updatePost'    , accessTokenParser, loginRequired, page.api.getUpdatePost);
    169. 

  169.   app.get('/_api/pages.getPageTag'    , accessTokenParser , loginRequired , page.api.getPageTag);
    170. 

  170.   // allow posting to guests because the client doesn't know whether the user logged in
    171. 

  171.   app.post('/_api/pages.remove'       , loginRequiredStrictly , csrf, page.validator.remove, apiV1FormValidator, page.api.remove); // (Avoid from API Token)
    172. 

  172.   app.post('/_api/pages.revertRemove' , loginRequiredStrictly , csrf, page.validator.revertRemove, apiV1FormValidator, page.api.revertRemove); // (Avoid from API Token)
    173. 

  173.   app.post('/_api/pages.unlink'       , loginRequiredStrictly , csrf, page.api.unlink); // (Avoid from API Token)
    174. 

  174.   app.post('/_api/pages.duplicate'    , accessTokenParser, loginRequiredStrictly, csrf, page.api.duplicate);
    175. 

  175.   app.get('/tags'                     , loginRequired, tag.showPage);
    176. 

  176.   app.get('/_api/tags.list'           , accessTokenParser, loginRequired, tag.api.list);
    177. 

  177.   app.get('/_api/tags.search'         , accessTokenParser, loginRequired, tag.api.search);
    178. 

  178.   app.post('/_api/tags.update'        , accessTokenParser, loginRequiredStrictly, tag.api.update);
    179. 

  179.   app.get('/_api/comments.get'        , accessTokenParser , loginRequired , comment.api.get);
    180. 

  180.   app.post('/_api/comments.add'       , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , csrf, comment.api.add);
    181. 

  181.   app.post('/_api/comments.update'    , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , csrf, comment.api.update);
    182. 

  182.   app.post('/_api/comments.remove'    , accessTokenParser , loginRequiredStrictly , csrf, comment.api.remove);
    183. 

  183.   app.post('/_api/attachments.add'                  , uploads.single('file'), autoReap, accessTokenParser, loginRequiredStrictly ,csrf, attachment.api.add);
    184. 

  184.   app.post('/_api/attachments.uploadProfileImage'   , uploads.single('file'), autoReap, accessTokenParser, loginRequiredStrictly ,csrf, attachment.api.uploadProfileImage);
    185. 

  185.   app.post('/_api/attachments.remove'               , accessTokenParser , loginRequiredStrictly , csrf, attachment.api.remove);
    186. 

  186.   app.post('/_api/attachments.removeProfileImage'   , accessTokenParser , loginRequiredStrictly , csrf, attachment.api.removeProfileImage);
    187. 

  187.   app.get('/_api/attachments.limit'   , accessTokenParser , loginRequiredStrictly, attachment.api.limit);
    188. 

  188. 

  189.   app.get('/trash$'                   , loginRequired, injectUserUISettings, page.trashPageShowWrapper);
    190. 

  190.   app.get('/trash/$'                  , loginRequired, (req, res) => res.redirect('/trash'));
    191. 

  191.   app.get('/trash/*/$'                , loginRequired, injectUserUISettings, page.deletedPageListShowWrapper);
    192. 

  192. 

  193.   app.get('/_hackmd/load-agent'          , hackmd.loadAgent);
    194. 

  194.   app.get('/_hackmd/load-styles'         , hackmd.loadStyles);
    195. 

  195.   app.post('/_api/hackmd.integrate'      , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.integrate);
    196. 

  196.   app.post('/_api/hackmd.discard'        , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.discard);
    197. 

  197.   app.post('/_api/hackmd.saveOnHackmd'   , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.saveOnHackmd);
    198. 

  198. 

  199.   app.use('/forgot-password', express.Router()
    200. 

  200.     .use(forgotPassword.checkForgotPasswordEnabledMiddlewareFactory(crowi))
    201. 

  201.     .get('/', forgotPassword.forgotPassword)
    202. 

  202.     .get('/:token', apiLimiter, injectResetOrderByTokenMiddleware, forgotPassword.resetPassword)
    203. 

  203.     .use(forgotPassword.handleErrosMiddleware));
    204. 

  204. 

  205.   app.use('/_private-legacy-pages', express.Router()
    206. 

  206.     .get('/', privateLegacyPages.renderPrivateLegacyPages));
    207. 

  207.   app.use('/user-activation', express.Router()
    208. 

  208.     .get('/:token', apiLimiter, applicationInstalled, injectUserRegistrationOrderByTokenMiddleware, userActivation.form)
    209. 

  209.     .use(userActivation.tokenErrorHandlerMiddeware));
    210. 

  210.   app.post('/user-activation/register', apiLimiter, applicationInstalled, csrf, userActivation.registerRules(), userActivation.validateRegisterForm, userActivation.registerAction(crowi));
    211. 

  211. 

  212.   app.get('/share/:linkId', page.showSharedPage);
    213. 

  213. 

  214.   app.use('/ogp', express.Router().get('/:pageId([0-9a-z]{0,})', loginRequired, ogp.pageIdRequired, ogp.ogpValidator, ogp.renderOgp));
    215. 

  215. 

  216.   app.get('/:id([0-9a-z]{24})'       , loginRequired , injectUserUISettings, page.showPage);
    217. 

  217. 

  218.   app.get('/*/$'                   , loginRequired , injectUserUISettings, page.redirectorWithEndOfSlash);
    219. 

  219.   app.get('/*'                     , loginRequired , autoReconnectToSearch, injectUserUISettings, page.redirector);
    220. 

  220. 

  221. };
    222.