unleash.unleash/src/lib/app.ts

import { responseTimeMetrics } from './middleware/response-time-metrics';
import rbacMiddleware from './middleware/rbac-middleware';
import apiTokenMiddleware from './middleware/api-token-middleware';
import { AuthenticationType } from './types/core';

const express = require('express');

const compression = require('compression');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const path = require('path');
const errorHandler = require('errorhandler');
const IndexRouter = require('./routes');
const unleashDbSession = require('./middleware/session-db');

const requestLogger = require('./middleware/request-logger');
const simpleAuthentication = require('./middleware/simple-authentication');
const ossAuthentication = require('./middleware/oss-authentication');
const noAuthentication = require('./middleware/no-authentication');
const secureHeaders = require('./middleware/secure-headers');

module.exports = function(config, services = {}) {
    const app = express();

    const baseUriPath = config.baseUriPath || '';

    app.set('trust proxy', true);
    app.disable('x-powered-by');
    app.set('port', config.port);
    app.locals.baseUriPath = baseUriPath;

    if (typeof config.preHook === 'function') {
        config.preHook(app, config, services);
    }

    app.use(compression());
    app.use(cookieParser());
    app.use(express.json({ strict: false }));
    app.use(unleashDbSession(config));
    app.use(responseTimeMetrics(config));
    app.use(requestLogger(config));
    app.use(secureHeaders(config));
    app.use(express.urlencoded({ extended: true }));

    if (config.publicFolder) {
        app.use(favicon(path.join(config.publicFolder, 'favicon.ico')));
        app.use(baseUriPath, express.static(config.publicFolder));
    }

    if (config.enableOAS) {
        app.use(`${baseUriPath}/oas`, express.static('docs/api/oas'));
    }

    if (config.adminAuthentication === AuthenticationType.none) {
        noAuthentication(baseUriPath, app);
    }

    // Deprecated. Will go away in v4.
    if (config.adminAuthentication === AuthenticationType.unsecure) {
        app.use(baseUriPath, apiTokenMiddleware(config, services));
        simpleAuthentication(app, config, services);
    }

    if (config.adminAuthentication === AuthenticationType.openSource) {
        app.use(baseUriPath, apiTokenMiddleware(config, services));
        ossAuthentication(app, config, services);
    }

    if (config.adminAuthentication === AuthenticationType.enterprise) {
        app.use(baseUriPath, apiTokenMiddleware(config, services));
        config.authentication.customHook(app, config, services);
    }

    if (config.adminAuthentication === AuthenticationType.custom) {
        app.use(baseUriPath, apiTokenMiddleware(config, services));
        config.authentication.customHook(app, config, services);
    }

    app.use(baseUriPath, rbacMiddleware(config, services));

    if (typeof config.preRouterHook === 'function') {
        config.preRouterHook(app);
    }

    // Setup API routes
    app.use(`${baseUriPath}/`, new IndexRouter(config, services).router);

    if (process.env.NODE_ENV !== 'production') {
        app.use(errorHandler());
    }

    return app;
};
feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00			`import { responseTimeMetrics } from './middleware/response-time-metrics';`
			`import rbacMiddleware from './middleware/rbac-middleware';`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`import apiTokenMiddleware from './middleware/api-token-middleware';`
			`import { AuthenticationType } from './types/core';`
feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00
codemods 2016-06-18 21:53:18 +02:00			`const express = require('express');`
fix: add optional helmet security headers Allow users to enable the helmet middleware to enable security headers by default. https://github.com/helmetjs/helmet 2020-09-01 21:19:46 +02:00
fix(gzip): Add gzip support 2018-08-22 17:39:09 +02:00			`const compression = require('compression');`
codemods 2016-06-18 21:53:18 +02:00			`const favicon = require('serve-favicon');`
			`const cookieParser = require('cookie-parser');`
			`const path = require('path');`
hoist require 2016-11-13 15:31:28 +01:00			`const errorHandler = require('errorhandler');`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`const IndexRouter = require('./routes');`
feat: add db-session store (#722) * Moves to db managed sessions. 2021-02-18 09:03:21 +01:00			`const unleashDbSession = require('./middleware/session-db');`
feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00
Implement cookie-session support. Sessions will be required to solve admin-auth. I also refactored a few middlewares into seperate files to make the code easier to read. closes #262 2017-11-16 15:41:33 +01:00			`const requestLogger = require('./middleware/request-logger');`
Implement authentication support for Unleash UI. Closes: #261, #233, #232, #231 2017-11-16 16:45:01 +01:00			`const simpleAuthentication = require('./middleware/simple-authentication');`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`const ossAuthentication = require('./middleware/oss-authentication');`
fix: none authentication should have a mock user (#449) This also fix the bug introduces where authentication mode triggers readOnly mode in the UI. 2019-06-08 12:50:59 +02:00			`const noAuthentication = require('./middleware/no-authentication');`
fix: add secureHeaders option for HSTS 2020-10-01 21:47:40 +02:00			`const secureHeaders = require('./middleware/secure-headers');`
Server Metrics: add response time and status codes 2016-12-01 17:43:08 +01:00
fix: stateService undefined 2020-12-17 19:43:01 +01:00			`module.exports = function(config, services = {}) {`
codemods 2016-06-18 21:53:18 +02:00			`const app = express();`
Introduces the /api path. Some endpoints are provided on both / and /api to support older clients. Closes #162 2016-11-09 22:31:49 +01:00
fix lint 2016-12-27 21:03:50 +01:00			`const baseUriPath = config.baseUriPath \|\| '';`
Split app and server. No need to start the server for these tests. 2014-12-03 15:22:03 +01:00
fix: enable trust-proxy 2020-10-02 16:40:42 +02:00			`app.set('trust proxy', true);`
Disable x-powered-by express header 2017-06-29 11:12:44 +02:00			`app.disable('x-powered-by');`
formatting 2016-05-01 22:59:43 +02:00			`app.set('port', config.port);`
Start injecting config to app. 2016-05-01 18:20:10 +02:00			`app.locals.baseUriPath = baseUriPath;`
add app hooks 2016-12-28 21:04:26 +01:00
			`if (typeof config.preHook === 'function') {`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`config.preHook(app, config, services);`
add app hooks 2016-12-28 21:04:26 +01:00			`}`

fix(gzip): Add gzip support 2018-08-22 17:39:09 +02:00			`app.use(compression());`
formatting 2016-05-01 22:59:43 +02:00			`app.use(cookieParser());`
refactor: use body-parser bundled with express (#304) 2018-02-14 15:46:42 +01:00			`app.use(express.json({ strict: false }));`
feat: add db-session store (#722) * Moves to db managed sessions. 2021-02-18 09:03:21 +01:00			`app.use(unleashDbSession(config));`
chore: Begin converting files from JS to TypeScript 2021-02-16 14:30:08 +01:00			`app.use(responseTimeMetrics(config));`
Implement cookie-session support. Sessions will be required to solve admin-auth. I also refactored a few middlewares into seperate files to make the code easier to read. closes #262 2017-11-16 15:41:33 +01:00			`app.use(requestLogger(config));`
fix: add secureHeaders option for HSTS 2020-10-01 21:47:40 +02:00			`app.use(secureHeaders(config));`
feat: Add technical support for projects 2020-09-28 21:54:44 +02:00			`app.use(express.urlencoded({ extended: true }));`
Implement cookie-session support. Sessions will be required to solve admin-auth. I also refactored a few middlewares into seperate files to make the code easier to read. closes #262 2017-11-16 15:41:33 +01:00
			`if (config.publicFolder) {`
			`app.use(favicon(path.join(config.publicFolder, 'favicon.ico')));`
			`app.use(baseUriPath, express.static(config.publicFolder));`
fix lint 2016-12-04 14:09:37 +01:00			`}`
Reduce logging in production. 2015-03-10 16:30:56 +01:00
feat: First draft of admin Open API specification (OAS) (#652) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2020-12-03 21:09:16 +01:00			`if (config.enableOAS) {`
			app.use(`${baseUriPath}/oas`, express.static('docs/api/oas'));
			`}`

Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`if (config.adminAuthentication === AuthenticationType.none) {`
			`noAuthentication(baseUriPath, app);`
			`}`

			`// Deprecated. Will go away in v4.`
			`if (config.adminAuthentication === AuthenticationType.unsecure) {`
			`app.use(baseUriPath, apiTokenMiddleware(config, services));`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`simpleAuthentication(app, config, services);`
			`}`

			`if (config.adminAuthentication === AuthenticationType.openSource) {`
			`app.use(baseUriPath, apiTokenMiddleware(config, services));`
			`ossAuthentication(app, config, services);`
Implement authentication support for Unleash UI. Closes: #261, #233, #232, #231 2017-11-16 16:45:01 +01:00			`}`

Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`if (config.adminAuthentication === AuthenticationType.enterprise) {`
			`app.use(baseUriPath, apiTokenMiddleware(config, services));`
			`config.authentication.customHook(app, config, services);`
fix: none authentication should have a mock user (#449) This also fix the bug introduces where authentication mode triggers readOnly mode in the UI. 2019-06-08 12:50:59 +02:00			`}`

Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`if (config.adminAuthentication === AuthenticationType.custom) {`
			`app.use(baseUriPath, apiTokenMiddleware(config, services));`
			`config.authentication.customHook(app, config, services);`
add app hooks 2016-12-28 21:04:26 +01:00			`}`

feat: Default roles and RBAC permission checker. (#735) This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles. 2021-03-11 22:51:58 +01:00			`app.use(baseUriPath, rbacMiddleware(config, services));`

Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`if (typeof config.preRouterHook === 'function') {`
			`config.preRouterHook(app);`
			`}`

Statefull modules should be injected from top 2016-05-01 22:53:09 +02:00			`// Setup API routes`
fix: stateService undefined 2020-12-17 19:43:01 +01:00			app.use(`${baseUriPath}/`, new IndexRouter(config, services).router);
Split app and server. No need to start the server for these tests. 2014-12-03 15:22:03 +01:00
use lerna for multipackaging 2016-06-18 09:19:57 +02:00			`if (process.env.NODE_ENV !== 'production') {`
hoist require 2016-11-13 15:31:28 +01:00			`app.use(errorHandler());`
use lerna for multipackaging 2016-06-18 09:19:57 +02:00			`}`

Start injecting config to app. 2016-05-01 18:20:10 +02:00			`return app;`
			`};`