v3.0.0/src/api/structures/Server.js

require('dotenv').config();

if (!process.env.SERVER_PORT) {
	console.log('Run the setup script first or fill the .env file manually before starting');
	process.exit(0);
}

const express = require('express');
const helmet = require('helmet');
const cors = require('cors');
const RateLimit = require('express-rate-limit');
const bodyParser = require('body-parser');
const jetpack = require('fs-jetpack');
const path = require('path');
const morgan = require('morgan');
const rfs = require('rotating-file-stream');
const log = require('../utils/Log');

// eslint-disable-next-line no-unused-vars
const rateLimiter = new RateLimit({
	windowMs: parseInt(process.env.RATE_LIMIT_WINDOW, 10),
	max: parseInt(process.env.RATE_LIMIT_MAX, 10),
	delayMs: 0
});

class Server {
	constructor() {
		this.port = parseInt(process.env.SERVER_PORT, 10);
		this.server = express();
		this.server.set('trust proxy', 1);
		this.server.use(helmet());
		this.server.use(cors({ allowedHeaders: ['Accept', 'Authorization', 'Cache-Control', 'X-Requested-With', 'Content-Type', 'albumId'] }));
		this.server.use((req, res, next) => {
			// This bypasses the headers.accept for album download, since it's accesed directly through the browser.
			if ((req.url.includes('/api/album/') || req.url.includes('/zip')) && req.method === 'GET') return next();
			// This bypasses the headers.accept if we are accessing the frontend
			if (!req.url.includes('/api/') && req.method === 'GET') return next();
			if (req.headers.accept && req.headers.accept.includes('application/vnd.chibisafe.json')) return next();
			return res.status(405).json({ message: 'Incorrect `Accept` header provided' });
		});
		this.server.use(bodyParser.urlencoded({ extended: true }));
		this.server.use(bodyParser.json());

		if (process.env.NODE_ENV === 'production') {
			const accessLogStream = rfs.createStream('access.log', {
				interval: '1d', // rotate daily
				path: path.join(__dirname, '../../../logs', 'log')
			});
			this.server.use(morgan('combined', { stream: accessLogStream }));
		}

		// Apply rate limiting to the api only
		this.server.use('/api/', rateLimiter);

		// Serve the uploads
		this.server.use(express.static(path.join(__dirname, '../../../uploads')));
		this.routesFolder = path.join(__dirname, '../routes');
	}

	registerAllTheRoutes() {
		jetpack.find(this.routesFolder, { matching: '*.js' }).forEach(routeFile => {
			const RouteClass = require(path.join('../../../', routeFile));
			let routes = [RouteClass];
			if (Array.isArray(RouteClass)) routes = RouteClass;
			for (const File of routes) {
				try {
					const route = new File();
					this.server[route.method](process.env.ROUTE_PREFIX + route.path, route.authorize.bind(route));
					log.info(`Found route ${route.method.toUpperCase()} ${process.env.ROUTE_PREFIX}${route.path}`);
				} catch (e) {
					log.error(`Failed loading route from file ${routeFile} with error: ${e.message}`);
				}
			}
		});
	}

	serveNuxt() {
		// Serve the frontend if we are in production mode
		if (process.env.NODE_ENV === 'production') {
			this.server.use(express.static(path.join(__dirname, '../../../dist')));
		}

		/*
			For vue router to work with express we need this fallback.
			After all the routes are loaded and the static files handled and if the
			user is trying to access a non-mapped route we serve the website instead
			since it has routes of it's own that don't work if accessed directly
		*/
		this.server.all('*', (_req, res) => {
			try {
				res.sendFile(path.join(__dirname, '../../../dist/index.html'));
			} catch (error) {
				res.json({ success: false, message: 'Something went wrong' });
			}
		});
	}

	start() {
		jetpack.dir('uploads/chunks');
		jetpack.dir('uploads/thumbs/square');
		jetpack.dir('uploads/thumbs/preview');
		this.registerAllTheRoutes();
		this.serveNuxt();
		const server = this.server.listen(this.port, () => {
			log.success(`Backend ready and listening on port ${this.port}`);
		});
		server.setTimeout(600000);
	}
}

new Server().start();