notes.kaplon.us/server.js

var express = require('express');
var app = express();
var bodyParser = require('body-parser');
app.use(bodyParser.text());   // Use defaults for now, size limit is 100kb.
app.use(bodyParser.urlencoded({ extended: true }));   // Also need url encoding to handle login form.
var winston = require('winston');
winston.add(winston.transports.File, { filename: './logs/notes.kaplon.us.log', maxsize: 5000000 });  // 5MB
var fileSystem = require('fs');
var notePath = __dirname + '/note-data/allNotes.txt';
var favicon = require('serve-favicon');
app.use(favicon(__dirname + '/assets/favicon.ico'));  // Put this before setting static dir.
app.use(express.static(__dirname + '/assets'));

/*-----------------------------------------
Ordering of these configs is important, don't shuffle them around.
------------------------------------------*/
var passport = require('passport');
var Strategy = require('passport-local').Strategy;
var db = require('./db');
var Session = require('express-session');
var SessionStore = require('session-file-store')(Session);
var session = Session({ secret: 'here kitty kitty', resave: false, saveUninitialized: false, store: new SessionStore({path: __dirname+'/tmp/sessions'}) });
app.use(session);

//----------------------------
// Configure the local strategy for use by Passport.
// The local strategy require a `verify` function which receives the credentials
// (`username` and `password`) submitted by the user.  The function must verify
// that the password is correct and then invoke `cb` with a user object, which
// will be set at `req.user` in route handlers after authentication.
passport.use(new Strategy(
  function(username, password, cb) {
    db.users.findByUsername(username, function(err, user) {
      winston.info('trying to lookup user.');
      if (err) { winston.info('db.users.findByUsername error.'); return cb(err); }
      if (!user) { winston.info('bad user'); return cb(null, false); }
      if (user.password != password) { winston.info('bad pw'); return cb(null, false); }
      return cb(null, user);
    });
  }));

// Configure Passport authenticated session persistence.
//
// In order to restore authentication state across HTTP requests, Passport needs
// to serialize users into and deserialize users out of the session.  The
// typical implementation of this is as simple as supplying the user ID when
// serializing, and querying the user record by ID from the database when
// deserializing.
passport.serializeUser(function(user, cb) {
  cb(null, user.id);
});
passport.deserializeUser(function(id, cb) {
  db.users.findById(id, function (err, user) {
    if (err) { return cb(err); }
    cb(null, user);
  });
});

// Initialize Passport and restore authentication state, if any, from the session.
app.use(passport.initialize());
app.use(passport.session());

// As with any middleware it is quintessential to call next() if the user is authenticated
var isAuthenticated = function (req, res, next) {
    if (req.isAuthenticated()) {
        return next();
        res.redirect('/');
    } else {
        // If user NOT authenticated, redirect to login page, do not call next().
        res.redirect('/login');
    }
}

app.get('/', isAuthenticated, function(req, res){
    winston.info("GET /");
    // Respond with static file, contents will be loaded via websocket.
    res.sendFile('index.html', { root: __dirname + '/views/' });
});

app.get('/login', function(req, res){
    winston.info('GET /login');
    res.sendFile('login.html', { root: __dirname + '/views/' });
});
  
app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login' }),
  function(req, res) {
    winston.info('sucessful login for user, ' + req.user.username);
    res.redirect('/');
});
  
app.get('/logout', function(req, res){
    req.logout();
    res.redirect('/');
});

var http = require('http').Server(app);
var io = require('socket.io')(http);

//io.set('authorization', function (handshakeData, accept) {
    //if (handshakeData.headers.cookie) {
	//if (handshakeData.headers.cookie) {
            //winston.info('cookie object test, ' + handshakeData.headers.cookie);
	    //winston.info('parse test 1, ' + cookieParser.signedCookies(handshakeData.headers.cookie, 'here kitty kitty'));
	    //winston.info('parse test 2, ' + cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty'));
	    //winston.info('parse test 3, ' + cookieParser.signedCookie(handshakeData.headers.cookie, 'here kitty kitty'));
	    //handshakeData.sessionID = cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty');
            //winston.info('sess test 1, ' + session);  // this prints alot!
            //winston.info('sess test 2, ' + session.id);  // undefined
            //winston.info('Got session ID = ' + handshakeData.sessionID);  // undefined
	    // save the session store to the data object 
	    // (as required by the Session constructor)
	    //handshakeData.sessionStore = session.store;
	    //session.store.get(handshakeData.sessionID, function (err, session) {
		//if (err || !session) {
		    //accept('Error', false);
		//} else {
		    // create a session object, passing data as request and our
		    // just acquired session data
		    //handshakeData.session = new Session(handshakeData, session);
		    //accept(null, true);
		//}
	    //});
	//} else {
	    //return accept('No cookie transmitted.', false);
	//}
    //}
//});

io.on('connection', function(socket){
    //winston.info('a user connected');
    fileSystem.readFile(notePath, {encoding: 'utf-8'}, function(err,data){
        if (!err){
            winston.info('file read on connection');
            socket.emit('download allNotes',data);  // Send content only to newly connected client.
        } else { winston.error(err); }
    });
    socket.on('upload allNotes', function(msg){
        winston.info('WS data received');
        var now = Date.now();
        // Overwrite allNotes.txt with new contents from client.
        fileSystem.readFile(notePath, 'utf-8', function(err, data){
            if (err) { 
                winston.error(err); 
            } else {
                fileSystem.writeFile(notePath, msg, 'utf-8', function(err) {
                    if (err) { winston.error(err); }
                    var exec = require('child_process').exec;
                    var cmd = `
                        cd note-data && \
                        git checkout -b ${now} && \
                        git commit -am "Notes modified via websocket, ${now}" && \
                        git checkout master && \
                        git merge ${now}
                    `;
                    //winston.info(cmd);
                    exec(cmd, function(error, stdout, stderr) {
                        if (error) { winston.error(error); }
                        if (!stdout.includes('CONFLICT')) {   // Case-sensitivity seems brittle here. Better to check return code rather than stdout? Can child_process be called w/signature to include return code?
                            var cmd2 = `cd note-data && git branch -d ${now}`
                            exec(cmd2, function(error, stdout, stderr) {
                                if (error) { winston.error(error); }
                                winston.info('temp branch deleted; new content written to allNotes.txt');
                                // Send new content to all other clients EXCEPT the orig sender.
                                socket.broadcast.emit('download allNotes',msg);
                                winston.info('sent content update to other clients');
                            });
                        } else {
                            // Auto-merge failed, keep the new branch.
                            // Send a conflict warning message to socket.io clients (prompt for IAP ;-).
                            socket.emit('conflict', `Auto-merge failed, manually merge ${now} branch to rescue recent edit.`);
                            socket.emit('download allNotes',data);  // Send pre-conflict content back down to client.
                            winston.info(`Auto-merge failed, manually merge ${now} branch to rescue recent edit.`);
                            // MVP for now, can deal w/merge conflicts with git on the server if the cotent needs to be saved.
                        }
                        winston.info(stdout);
                    });
                });
            }
        });
    });
    socket.on('cm-save', function(msg){
        winston.info(msg);
    });
});

http.listen(3000, function() {
    winston.info("Started on PORT 3000");
});
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00			`var express = require('express');`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00			`var app = express();`
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00			`var bodyParser = require('body-parser');`
			`app.use(bodyParser.text()); // Use defaults for now, size limit is 100kb.`
			`app.use(bodyParser.urlencoded({ extended: true })); // Also need url encoding to handle login form.`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00			`var winston = require('winston');`
			`winston.add(winston.transports.File, { filename: './logs/notes.kaplon.us.log', maxsize: 5000000 }); // 5MB`
			`var fileSystem = require('fs');`
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00			`var notePath = __dirname + '/note-data/allNotes.txt';`
			`var favicon = require('serve-favicon');`
			`app.use(favicon(__dirname + '/assets/favicon.ico')); // Put this before setting static dir.`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`app.use(express.static(__dirname + '/assets'));`
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00
			`/*-----------------------------------------`
			`Ordering of these configs is important, don't shuffle them around.`
			`------------------------------------------*/`
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`var passport = require('passport');`
			`var Strategy = require('passport-local').Strategy;`
			`var db = require('./db');`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`var Session = require('express-session');`
			`var SessionStore = require('session-file-store')(Session);`
			`var session = Session({ secret: 'here kitty kitty', resave: false, saveUninitialized: false, store: new SessionStore({path: __dirname+'/tmp/sessions'}) });`
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00			`app.use(session);`
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`//----------------------------`
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`// Configure the local strategy for use by Passport.`
			// The local strategy require a `verify` function which receives the credentials
			// (`username` and `password`) submitted by the user. The function must verify
			// that the password is correct and then invoke `cb` with a user object, which
			// will be set at `req.user` in route handlers after authentication.
			`passport.use(new Strategy(`
			`function(username, password, cb) {`
			`db.users.findByUsername(username, function(err, user) {`
			`winston.info('trying to lookup user.');`
			`if (err) { winston.info('db.users.findByUsername error.'); return cb(err); }`
			`if (!user) { winston.info('bad user'); return cb(null, false); }`
			`if (user.password != password) { winston.info('bad pw'); return cb(null, false); }`
			`return cb(null, user);`
			`});`
			`}));`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`// Configure Passport authenticated session persistence.`
			`//`
			`// In order to restore authentication state across HTTP requests, Passport needs`
			`// to serialize users into and deserialize users out of the session. The`
			`// typical implementation of this is as simple as supplying the user ID when`
			`// serializing, and querying the user record by ID from the database when`
			`// deserializing.`
			`passport.serializeUser(function(user, cb) {`
			`cb(null, user.id);`
			`});`
			`passport.deserializeUser(function(id, cb) {`
			`db.users.findById(id, function (err, user) {`
			`if (err) { return cb(err); }`
			`cb(null, user);`
			`});`
			`});`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`// Initialize Passport and restore authentication state, if any, from the session.`
			`app.use(passport.initialize());`
			`app.use(passport.session());`

Basic login and redirects working. 2016-06-17 10:02:51 -04:00			`// As with any middleware it is quintessential to call next() if the user is authenticated`
			`var isAuthenticated = function (req, res, next) {`
			`if (req.isAuthenticated()) {`
			`return next();`
			`res.redirect('/');`
			`} else {`
			`// If user NOT authenticated, redirect to login page, do not call next().`
			`res.redirect('/login');`
			`}`
			`}`

			`app.get('/', isAuthenticated, function(req, res){`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00			`winston.info("GET /");`
Refactor to get rid of handlebars templates, no longer needed with websocket working. 2016-11-22 11:22:22 -05:00			`// Respond with static file, contents will be loaded via websocket.`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`res.sendFile('index.html', { root: __dirname + '/views/' });`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00			`});`

Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`app.get('/login', function(req, res){`
			`winston.info('GET /login');`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`res.sendFile('login.html', { root: __dirname + '/views/' });`
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`});`

			`app.post('/login',`
			`passport.authenticate('local', { failureRedirect: '/login' }),`
			`function(req, res) {`
Refactor to prep for accessing cookie/session data from within socket.io connections. 2017-04-14 11:42:15 -04:00			`winston.info('sucessful login for user, ' + req.user.username);`
Login w/local strategy finally working; still need to protect main page, might be some syntax issues there with having to add more arguments to the render function. 2016-05-30 11:16:01 -04:00			`res.redirect('/');`
			`});`

			`app.get('/logout', function(req, res){`
			`req.logout();`
			`res.redirect('/');`
			`});`

Basic socket.io event is working. 2016-11-09 11:14:32 -05:00			`var http = require('http').Server(app);`
			`var io = require('socket.io')(http);`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00
			`//io.set('authorization', function (handshakeData, accept) {`
			`//if (handshakeData.headers.cookie) {`
			`//if (handshakeData.headers.cookie) {`
			`//winston.info('cookie object test, ' + handshakeData.headers.cookie);`
			`//winston.info('parse test 1, ' + cookieParser.signedCookies(handshakeData.headers.cookie, 'here kitty kitty'));`
			`//winston.info('parse test 2, ' + cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty'));`
			`//winston.info('parse test 3, ' + cookieParser.signedCookie(handshakeData.headers.cookie, 'here kitty kitty'));`
			`//handshakeData.sessionID = cookieParser.signedCookie(handshakeData.headers.cookie['connect.sid'], 'here kitty kitty');`
			`//winston.info('sess test 1, ' + session); // this prints alot!`
			`//winston.info('sess test 2, ' + session.id); // undefined`
			`//winston.info('Got session ID = ' + handshakeData.sessionID); // undefined`
			`// save the session store to the data object`
			`// (as required by the Session constructor)`
			`//handshakeData.sessionStore = session.store;`
			`//session.store.get(handshakeData.sessionID, function (err, session) {`
			`//if (err \|\| !session) {`
			`//accept('Error', false);`
			`//} else {`
			`// create a session object, passing data as request and our`
			`// just acquired session data`
			`//handshakeData.session = new Session(handshakeData, session);`
			`//accept(null, true);`
			`//}`
			`//});`
			`//} else {`
			`//return accept('No cookie transmitted.', false);`
			`//}`
			`//}`
			`//});`

Basic socket.io event is working. 2016-11-09 11:14:32 -05:00			`io.on('connection', function(socket){`
			`//winston.info('a user connected');`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`fileSystem.readFile(notePath, {encoding: 'utf-8'}, function(err,data){`
			`if (!err){`
Interim commit; want to retain chokidar file watcher code, even if it's not needed; not sure if socket.io sync is working yet. 2016-11-23 14:05:15 -05:00			`winston.info('file read on connection');`
			`socket.emit('download allNotes',data); // Send content only to newly connected client.`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`} else { winston.error(err); }`
			`});`
Refactor to get rid of handlebars templates, no longer needed with websocket working. 2016-11-22 11:22:22 -05:00			`socket.on('upload allNotes', function(msg){`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`winston.info('WS data received');`
			`var now = Date.now();`
			`// Overwrite allNotes.txt with new contents from client.`
			`fileSystem.readFile(notePath, 'utf-8', function(err, data){`
			`if (err) {`
			`winston.error(err);`
			`} else {`
			`fileSystem.writeFile(notePath, msg, 'utf-8', function(err) {`
			`if (err) { winston.error(err); }`
			`var exec = require('child_process').exec;`
Create temp git branch when content changes, try to handle merge conflicts (though conflicts are not possible w/current architecture). 2016-12-08 12:30:19 -05:00			var cmd = `
			`cd note-data && \`
			`git checkout -b ${now} && \`
			`git commit -am "Notes modified via websocket, ${now}" && \`
			`git checkout master && \`
			`git merge ${now}`
			`;
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`//winston.info(cmd);`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`exec(cmd, function(error, stdout, stderr) {`
			`if (error) { winston.error(error); }`
Create temp git branch when content changes, try to handle merge conflicts (though conflicts are not possible w/current architecture). 2016-12-08 12:30:19 -05:00			`if (!stdout.includes('CONFLICT')) { // Case-sensitivity seems brittle here. Better to check return code rather than stdout? Can child_process be called w/signature to include return code?`
			var cmd2 = `cd note-data && git branch -d ${now}`
			`exec(cmd2, function(error, stdout, stderr) {`
			`if (error) { winston.error(error); }`
Add file storage for sessions; Fix unstable restarts from nodemon (started notes-app Dockerfile to isolate npm packages and add nodemon.json config to ignore some dirs, but no real difference from alertmon/Dockerfile). 2017-04-20 08:33:12 -04:00			`winston.info('temp branch deleted; new content written to allNotes.txt');`
Create temp git branch when content changes, try to handle merge conflicts (though conflicts are not possible w/current architecture). 2016-12-08 12:30:19 -05:00			`// Send new content to all other clients EXCEPT the orig sender.`
			`socket.broadcast.emit('download allNotes',msg);`
			`winston.info('sent content update to other clients');`
			`});`
			`} else {`
			`// Auto-merge failed, keep the new branch.`
			`// Send a conflict warning message to socket.io clients (prompt for IAP ;-).`
			socket.emit('conflict', `Auto-merge failed, manually merge ${now} branch to rescue recent edit.`);
			`socket.emit('download allNotes',data); // Send pre-conflict content back down to client.`
			winston.info(`Auto-merge failed, manually merge ${now} branch to rescue recent edit.`);
			`// MVP for now, can deal w/merge conflicts with git on the server if the cotent needs to be saved.`
			`}`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`winston.info(stdout);`
			`});`
			`});`
Socket.io sync looks to be working now...YAY! 2016-11-23 14:51:18 -05:00			`}`
Interim commit; want to retain chokidar file watcher code, even if it's not needed; not sure if socket.io sync is working yet. 2016-11-23 14:05:15 -05:00			`});`
Websocket conversion basically working (I think); interim commit. 2016-11-21 12:54:29 -05:00			`});`
Basic socket.io event is working. 2016-11-09 11:14:32 -05:00			`socket.on('cm-save', function(msg){`
			`winston.info(msg);`
			`});`
			`});`

			`http.listen(3000, function() {`
Initial commit, all currently broken. 2016-02-16 17:52:38 -05:00			`winston.info("Started on PORT 3000");`
			`});`