2016-05-26 07:58:50 +00:00
|
|
|
/**
|
|
|
|
|
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
|
|
|
|
* Copyright (C) 2016 Mailvelope GmbH
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License version 3
|
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const co = require('co');
|
|
|
|
|
const app = require('koa')();
|
|
|
|
|
const log = require('npmlog');
|
2016-05-27 17:57:48 +00:00
|
|
|
const config = require('config');
|
2016-06-21 06:32:19 +00:00
|
|
|
const serve = require('koa-static');
|
2016-05-26 07:58:50 +00:00
|
|
|
const router = require('koa-router')();
|
2016-06-10 10:06:08 +00:00
|
|
|
const util = require('./service/util');
|
2016-05-26 07:58:50 +00:00
|
|
|
const Mongo = require('./dao/mongo');
|
2016-06-01 06:59:25 +00:00
|
|
|
const Email = require('./email/email');
|
2016-06-09 16:08:15 +00:00
|
|
|
const PGP = require('./service/pgp');
|
2016-05-28 13:17:46 +00:00
|
|
|
const PublicKey = require('./service/public-key');
|
|
|
|
|
const HKP = require('./route/hkp');
|
|
|
|
|
const REST = require('./route/rest');
|
2016-05-26 07:58:50 +00:00
|
|
|
|
2016-06-09 16:08:15 +00:00
|
|
|
let mongo, email, pgp, publicKey, hkp, rest;
|
2016-05-26 07:58:50 +00:00
|
|
|
|
|
|
|
|
//
|
2016-05-26 11:45:32 +00:00
|
|
|
// Configure koa HTTP server
|
2016-05-26 07:58:50 +00:00
|
|
|
//
|
|
|
|
|
|
2016-05-26 11:45:32 +00:00
|
|
|
// HKP routes
|
2016-06-09 16:08:15 +00:00
|
|
|
router.post('/pks/add', function *() {
|
2016-05-26 11:45:32 +00:00
|
|
|
yield hkp.add(this);
|
|
|
|
|
});
|
2016-06-09 16:08:15 +00:00
|
|
|
router.get('/pks/lookup', function *() {
|
2016-05-26 07:58:50 +00:00
|
|
|
yield hkp.lookup(this);
|
|
|
|
|
});
|
2016-05-26 11:45:32 +00:00
|
|
|
|
|
|
|
|
// REST api routes
|
2016-06-09 16:08:15 +00:00
|
|
|
router.post('/api/v1/key', function *() {
|
2016-05-26 11:45:32 +00:00
|
|
|
yield rest.create(this);
|
|
|
|
|
});
|
2016-06-09 16:08:15 +00:00
|
|
|
router.get('/api/v1/key', function *() {
|
2016-06-14 10:10:53 +00:00
|
|
|
yield rest.query(this);
|
2016-05-26 11:45:32 +00:00
|
|
|
});
|
2016-06-14 14:46:17 +00:00
|
|
|
router.del('/api/v1/key', function *() {
|
|
|
|
|
yield rest.remove(this);
|
|
|
|
|
});
|
2016-05-26 11:45:32 +00:00
|
|
|
|
2016-06-10 15:48:41 +00:00
|
|
|
// Redirect all http traffic to https
|
|
|
|
|
app.use(function *(next) {
|
2016-06-10 17:42:00 +00:00
|
|
|
if (util.isTrue(config.server.httpsUpgrade) && util.checkHTTP(this)) {
|
2016-06-10 15:48:41 +00:00
|
|
|
this.redirect('https://' + this.hostname + this.url);
|
|
|
|
|
} else {
|
|
|
|
|
yield next;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2016-05-26 11:45:32 +00:00
|
|
|
// Set HTTP response headers
|
|
|
|
|
app.use(function *(next) {
|
2016-06-11 12:27:46 +00:00
|
|
|
// HSTS
|
2016-06-10 17:42:00 +00:00
|
|
|
if (util.isTrue(config.server.httpsUpgrade)) {
|
2016-06-10 15:58:19 +00:00
|
|
|
this.set('Strict-Transport-Security', 'max-age=16070400');
|
2016-06-10 15:48:41 +00:00
|
|
|
}
|
2016-06-11 12:27:46 +00:00
|
|
|
// HPKP
|
2016-06-10 17:42:00 +00:00
|
|
|
if (config.server.httpsKeyPin && config.server.httpsKeyPinBackup) {
|
|
|
|
|
this.set('Public-Key-Pins', 'pin-sha256="' + config.server.httpsKeyPin + '"; pin-sha256="' + config.server.httpsKeyPinBackup + '"; max-age=16070400');
|
2016-06-10 15:48:41 +00:00
|
|
|
}
|
2016-06-11 12:27:46 +00:00
|
|
|
// CSP
|
2016-06-14 18:19:56 +00:00
|
|
|
this.set('Content-Security-Policy', "default-src 'self'; object-src 'none'; script-src 'self' code.jquery.com; style-src 'self' maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com");
|
2016-06-11 12:27:46 +00:00
|
|
|
// Prevent rendering website in foreign iframe (Clickjacking)
|
|
|
|
|
this.set('X-Frame-Options', 'DENY');
|
|
|
|
|
// CORS
|
2016-05-26 11:45:32 +00:00
|
|
|
this.set('Access-Control-Allow-Origin', '*');
|
|
|
|
|
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
|
|
|
|
|
this.set('Access-Control-Allow-Headers', 'Content-Type');
|
|
|
|
|
this.set('Connection', 'keep-alive');
|
|
|
|
|
yield next;
|
2016-05-26 07:58:50 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
app.use(router.routes());
|
|
|
|
|
app.use(router.allowedMethods());
|
2016-05-27 17:57:48 +00:00
|
|
|
|
2016-06-10 23:06:14 +00:00
|
|
|
// serve static files
|
2016-06-29 09:29:30 +00:00
|
|
|
app.use(serve(__dirname + '/static'));
|
2016-06-10 23:06:14 +00:00
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
app.on('error', (error, ctx) => {
|
|
|
|
|
if (error.status) {
|
2016-05-28 13:37:29 +00:00
|
|
|
log.verbose('app', 'Request faild: %s, %s', error.status, error.message);
|
2016-05-27 17:57:48 +00:00
|
|
|
} else {
|
2016-05-28 13:37:29 +00:00
|
|
|
log.error('app', 'Unknown error', error, ctx);
|
2016-05-27 17:57:48 +00:00
|
|
|
}
|
|
|
|
|
});
|
2016-05-26 07:58:50 +00:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Module initialization
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
function injectDependencies() {
|
2016-06-09 16:08:15 +00:00
|
|
|
mongo = new Mongo();
|
|
|
|
|
email = new Email();
|
|
|
|
|
pgp = new PGP();
|
|
|
|
|
publicKey = new PublicKey(pgp, mongo, email);
|
2016-05-26 07:58:50 +00:00
|
|
|
hkp = new HKP(publicKey);
|
2016-06-09 16:08:15 +00:00
|
|
|
rest = new REST(publicKey);
|
2016-05-26 07:58:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Start app ... connect to the database and start listening
|
|
|
|
|
//
|
|
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
if (!global.testing) { // don't automatically start server in tests
|
|
|
|
|
co(function *() {
|
|
|
|
|
let app = yield init();
|
|
|
|
|
app.listen(config.server.port);
|
2016-05-29 14:47:45 +00:00
|
|
|
log.info('app', 'Ready to rock! Listening on http://localhost:' + config.server.port);
|
2016-05-28 13:37:29 +00:00
|
|
|
}).catch(err => log.error('app', 'Initialization failed!', err));
|
2016-05-27 17:57:48 +00:00
|
|
|
}
|
2016-05-26 07:58:50 +00:00
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
function *init() {
|
2016-05-28 21:31:25 +00:00
|
|
|
log.level = config.log.level; // set log level depending on process.env.NODE_ENV
|
2016-05-26 07:58:50 +00:00
|
|
|
injectDependencies();
|
2016-06-09 16:08:15 +00:00
|
|
|
email.init(config.email);
|
2016-05-29 14:47:45 +00:00
|
|
|
log.info('app', 'Connecting to MongoDB ...');
|
2016-06-09 16:08:15 +00:00
|
|
|
yield mongo.init(config.mongo);
|
2016-05-27 17:57:48 +00:00
|
|
|
return app;
|
|
|
|
|
}
|
2016-05-26 07:58:50 +00:00
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
module.exports = init;
|
