/**
|
* HTTP Server Settings
|
* (sails.config.http)
|
*
|
* Configuration for the underlying HTTP server in Sails.
|
* Only applies to HTTP requests (not WebSockets)
|
*
|
* For more information on configuration, check out:
|
* http://sailsjs.org/#/documentation/reference/sails.config/sails.config.http.html
|
*/
|
|
var requestIp = require("request-ip");
|
var uuid = require("node-uuid");
|
const cookieParserUtils = require("client-sessions").util;
|
|
const authCookieDefine = {
|
cookieName: "auth_cookie",
|
secret: "86ut6a6is23tijkz5fs51xugzcxcfi4v3kqobrax9wa8pmuu5emnv2pvzg8jgvqx",
|
cookie: {
|
maxAge: 1000 * 60 * 60 * 24 * 365 * 2, // 1000 milli seconds * 60 seconds * 60 minutes * 24 hours * 365 days * 2 years
|
httpOnly: true
|
}
|
};
|
|
module.exports.http = {
|
|
/****************************************************************************
|
* *
|
* Express middleware to use for every Sails request. To add custom *
|
* middleware to the mix, add a function to the middleware config object and *
|
* add its key to the "order" array. The $custom key is reserved for *
|
* backwards-compatibility with Sails v0.9.x apps that use the *
|
* `customMiddleware` config option. *
|
* *
|
****************************************************************************/
|
|
middleware: {
|
|
/***************************************************************************
|
* *
|
* The order in which middleware should be run for HTTP request. (the Sails *
|
* router is invoked by the "router" middleware below.) *
|
* *
|
***************************************************************************/
|
|
order: [
|
"startRequestTimer",
|
"cookieParser",
|
//'session', // use connects cookie-session instead
|
"clientSessions",
|
"myRequestLogger",
|
"bodyParser",
|
"requestIp",
|
"multiSession",
|
"handleBodyParserError",
|
"compress",
|
"methodOverride",
|
"poweredBy",
|
"$custom",
|
"router",
|
"www",
|
"favicon",
|
"404",
|
"500"
|
],
|
|
/*
|
* use client-sessions to store session encrypted in cookie for node cluster operation
|
*/
|
clientSessions: require("client-sessions")(authCookieDefine),
|
|
/****************************************************************************
|
* *
|
* Example custom middleware; logs each request to the console. *
|
* *
|
****************************************************************************/
|
|
// myRequestLogger: function (req, res, next) {
|
// console.log("Requested :: ", req.method, req.url);
|
// return next();
|
// }
|
|
compress: require("compression")({
|
filter: function (res, req) {
|
return true;
|
}
|
}),
|
|
requestIp: function (req, res, next) {
|
req.clientIp = requestIp.getClientIp(req);
|
next();
|
},
|
|
/**
|
* Adds a users object to the session for multiple furnview sessions
|
*/
|
multiSession: function (req, res, next) {
|
let aToken = "";
|
let reverseExtendToken = req.query.aToken;
|
|
// TODO: once in a while, req.auth_cookie.id seems to be an array (cause is unknown), but should be fixed somehow / somewhen
|
// temporary fix => if array, use only first element as _id
|
if (req.auth_cookie.id instanceof Array) {
|
req.auth_cookie.id = req.auth_cookie.id[0];
|
}
|
|
if (reverseExtendToken) {
|
|
for (let t = reverseExtendToken.length - 2; t >= 0; t -= 2) {
|
aToken += reverseExtendToken[t];
|
}
|
aToken = new Buffer(aToken, "base64").toString("utf-8");
|
} else {
|
if (typeof req.auth_cookie.id !== "undefined" && req.auth_cookie.id !== "0") {
|
aToken = req.auth_cookie.id;
|
}
|
}
|
|
if (aToken) {
|
if (/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}){1}/.test(aToken)) {
|
req.auth_cookie.id = aToken;
|
} else {
|
let data = cookieParserUtils.decode(authCookieDefine, aToken);
|
if (data && data.content) {
|
req.auth_cookie.id = data.content.id;
|
} else {
|
req.auth_cookie.id = uuid.v4();
|
}
|
res.cookie("auth_cookie", aToken, {
|
expire: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 2),
|
httpOnly: true
|
});
|
}
|
} else if (typeof req.auth_cookie.id === "undefined" || req.auth_cookie.id === "0") {
|
if (typeof req.query.auth_id !== "undefined" && req.query.auth_id !== "0") {
|
if (req.query.auth_id instanceof Array) {
|
req.auth_cookie.id = req.query.auth_id[0];
|
} else {
|
req.auth_cookie.id = req.query.auth_id;
|
}
|
} else {
|
req.auth_cookie.id = uuid.v4();
|
}
|
}
|
|
Session
|
.findOne({_id: req.auth_cookie.id})
|
.select("-users.lastSessionState")
|
.then(function (session) {
|
if (!session) {
|
// TODO: once in a while, req.auth_cookie.id seems to be an array (cause is unknown), but should be fixed somehow / somewhen
|
// temporary fix => if array, use only first element as _id
|
if (req.auth_cookie.id instanceof Array) {
|
req.auth_cookie.id = req.auth_cookie.id[0];
|
}
|
|
session = Session.create({_id: req.auth_cookie.id});
|
}
|
|
return session;
|
})
|
.then(function (session) {
|
req.user = session.users.id(req.query.session) || null;
|
req.session = session;
|
})
|
.catch(function (error) {
|
console.log("Unable to get session: " + error.message);
|
req.session = new Session();
|
req.user = null;
|
})
|
.finally(function () {
|
next();
|
});
|
},
|
/***************************************************************************
|
* *
|
* The body parser that will handle incoming multipart HTTP requests. By *
|
* default as of v0.10, Sails uses *
|
* [skipper](http://github.com/balderdashy/skipper). See *
|
* http://www.senchalabs.org/connect/multipart.html for other options. *
|
* *
|
***************************************************************************/
|
|
bodyParser: (function _configureBodyParser() {
|
const skipper = require('skipper');
|
const middlewareFn = skipper({
|
strict: true,
|
maxTimeToBuffer: 1000 * 60,
|
limit: "50mb"
|
});
|
return middlewareFn;
|
})(),
|
|
|
/***************************************************************************
|
* *
|
* The number of seconds to cache flat files on disk being served by *
|
* Express static middleware (by default, these files are in `.tmp/public`) *
|
* *
|
* The HTTP static cache is only active in a 'production' environment, *
|
* since that's the only time Express will cache flat-files. *
|
* *
|
***************************************************************************/
|
|
// cache: 31557600000
|
|
}
|
};
|
