first commit

2023-01-04 11:17:41 +11:00 · 2023-01-04 11:17:41 +11:00 · 40f6ade790
commit 40f6ade790
15 changed files with 2573 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .env
 *.db
--- a/cli.js
+++ b/cli.js
@ -0,0 +1,40 @@
 const { argv } = require('node:process');
 const { addUser, resetPassword } = require('./utilities')
 function userCreate(username, directory) {
    if (!username || !directory) {
        console.log('    User-create requires a username and directory.')
        console.log('    e.g. `user-create sam gemini.example.com`.\n')
    } else {
        addUser(username, directory, password => {
            console.log(`    User ${username} created with password ${password}`)
            console.log('    Keep it secret, keep it safe.\n')
        })
    }
 }
 function passwordReset(username) {
    if (!username) {
        console.log('    User-create requires a username.')
        console.log('    e.g. `password-reset sam`.\n')
    } else {
        resetPassword(username, null, password => {
            console.log(`    Password for ${username} is now ${password}`)
            console.log('    Keep it secret, keep it safe.\n')
    })
 }
 }
 // TODO: delete user from database, (and user's files?)
 switch (argv[2]) {
    case 'user-create':
        userCreate(argv[3], argv[4]);
        break;
    case 'password-reset':
        passwordReset(argv[3]);
        break;
    default:
        console.log('    Command not recognised.')
        console.log('    Possible commands are `user-create` or `password-reset`\n')
 }
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -0,0 +1,26 @@
 {
  "name": "soyuz-web",
  "version": "0.1.0",
  "description": "Web app for publishing Gemini posts",
  "main": "server.js",
  "scripts": {
    "password-reset": "node cli.js password-reset",
    "user-create": "node cli.js user-create"
  },
  "author": "Hugh Rundle <hugh@hughrundle.net> (https://www.hughrundle.net/)",
  "license": "AGPL-3.0-or-later",
  "keywords": ["gemini"],
  "repository": {
    "type": "git",
    "url": "https://github.com/hughrun/soyuz-web.git"
  },
  "dependencies": {
    "better-sqlite3": "^8.0.1",
    "better-sqlite3-session-store": "^0.1.0",
    "body-parser": "^1.20.1",
    "dotenv": "^16.0.3",
    "express": "^4.18.2",
    "express-session": "^1.17.3",
    "sprightly": "^1.0.3"
  }
 }
--- a/server.js
+++ b/server.js
@ -0,0 +1,136 @@
 require('dotenv').config()
 const express = require('express')
 const { getLatestPost, getNow, publishNewPost, requireLoggedIn, resetPassword, saveFile, updatePost, verifyUser, getSavedFile } = require('./utilities')
 const bodyParser = require('body-parser')
 const Database = require('better-sqlite3');
 const session = require('express-session')
 const sprightly = require('sprightly');
 const SqliteStore = require("better-sqlite3-session-store")(session)
 // configure Express
 const app = express()
 const PORT = process.env.SOYUZ_PORT
 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(express.static('static'))
 // configure session store
 db = new Database('soyuz.db', {});
 app.use(
  session({
    store: new SqliteStore({
      client: db,
      expired: {
        clear: true,
        intervalMs: 900000 //ms = 15min
      }
    }),
    saveUninitialized: false,
    secret: process.env.SOYUZ_SESSION_SECRET,
    resave: false,
    cookie: {
        sameSite: 'strict',
        maxAge: 1.21e+9 // 2 weeks
    },
    name: 'soyuz-web'
  })
 )
 // configure template engine
 app.engine('spy', sprightly);
 app.set('views', './templates');
 app.set('view engine', 'spy');
 /**
 * ROUTES
 */
 // GET
 app.get('/', requireLoggedIn, (req, res) => {
    let data = {
        disabled: '', 
        message: getSavedFile(req.session.user.username)}
    let today = getNow().toISOString().slice(0,10)
    let latestPost = req.session.user.latest_post
    if (today === latestPost) {
        data.disabled = 'disabled'
        data.message = `Relax, ${req.session.user.username}, you have already posted today.`
    }
    res.render('index.spy', data)
 })
 app.get('/login', (req, res) => {
    if (req.session.user) {
        res.redirect('/')
    } else {
        res.render('login.spy') 
    }
 })
 app.get('/edit', requireLoggedIn, (req, res) => {
    getLatestPost( req.session.user.directory, (data, path) => {
        res.render('edit.spy', {data: data, path: path})
    })
 })
 app.get('/settings', requireLoggedIn, (req, res) => {
    res.render('settings.spy') 
 })
 app.get('/try-again', requireLoggedIn, (req, res, next) => {
    res.render('try-again.spy') 
 })
 // POST
 app.post('/login', verifyUser,
    function(req, res){
        if (req.session.user) {
            res.redirect('/')
        } else {
            res.redirect('/try-again')
        }
 })
 app.post('/logout', function(req, res, next){
    req.session.destroy( (err) => {
        if (err) {console.error(err)}
        res.redirect('/login')
    })
 })
 app.post('/publish', requireLoggedIn, (req, res) => {
    publishNewPost(req, () => {
        res.redirect('/')
    })
 })
 app.post('/save', requireLoggedIn, (req, res) => {
    saveFile(req.session.user, req.body.textarea, () => {
        res.redirect('/')
    })
 })
 app.post('/update', requireLoggedIn, (req, res) => {
    updatePost(req, () => {
        res.redirect('/')
    })
 })
 app.post('/reset-password', requireLoggedIn, (req, res) => {
    resetPassword(req.session.user.username, req.body.password, password => {
        return req.session.destroy( (err) => {
            if (err) {console.error(err)}
            res.redirect('/login')
        })
    })
 })
 /**
 * Let's go!
 */
 app.listen(PORT, () => {
  console.log(`Soyuz Web listening on port ${PORT}`)
 })
--- a/static/soyuz.js
+++ b/static/soyuz.js
@ -0,0 +1,2 @@
 // use this regex to find links that are the wrong way around:
 // /=>\s[^:\/]*\s/
--- a/static/style.css
+++ b/static/style.css
@ -0,0 +1,94 @@
 html {
    margin: 0;
    padding: 0;
    height: 100%;
 }
 body {
    color: #3d3d3d;
    padding: 0;
    margin: auto;
    min-height: 100%;
    display: grid;
    grid-template-rows: 2fr auto 1fr;
 }
 header,
 footer {
    background-color: #3d3d3d;
    color: #ddd;
    padding: 1em;
    text-align: center;
 }
 header {
    grid-row-start: 1;
    grid-row-end: 2;
 }
 footer {
    grid-row-start: 3;
    grid-row-end: 4;
 }
 .login {
    margin: 1em auto 0;
    min-height: 80vh;
 }
 .textarea {
    text-align: center;
    margin: 1em auto 0;
    width: 100%;
    height: 100%;
 }
 header form {
    display: inline-block;
 }
 textarea,
 main {
    outline: none;
    width: 90%;
    height:80vh;
    border: none;
    resize: none;
 }
 main {
    padding: 1em;
 }
 .post-buttons {
    background-color: #3d3d3d;
    color: #ddd;
    padding: 1em;
 }
 .action-button {
    background: none;
 	color: inherit;
 	border: none;
 	padding: 0;
 	font: inherit;
 	cursor: pointer;
 	outline: inherit;
    text-decoration: none;
 }
 .disabled {
    background-color: #999;
    color: #000;
 }
 .password-reset {
    width: 100%;
    margin-bottom: 1em;
 }
 #settings section:nth-of-type(even) {
    margin-top: 1em;
    border-top: 1px solid #999;
    padding-top: 1em;
 }
--- a/templates/edit.spy
+++ b/templates/edit.spy
@ -0,0 +1,18 @@
 << partials/head >>
 <body>
    << partials/header >>
    <section class="textarea">
        <form method="post">
            <textarea name="textarea" autofocus>{{ data }}</textarea>
            <input type="text" name="path" value="{{ path }}" hidden>
            <section class="post-buttons">
                <input class="action-button" type="submit" name="save" value="Save" formaction="/save"> | 
                <input class="action-button" type="submit" name="publish" value="Update" formaction="/update">
            </section>
        </form>
    </section>
    <footer>
    </footer>
 </body>
 </html>
--- a/templates/index.spy
+++ b/templates/index.spy
@ -0,0 +1,17 @@
 << partials/head >>
 <body class="{{ disabled }}">
    << partials/header >>
    <section class="textarea">
        <form method="post">
            <textarea name="textarea" autofocus class="{{ disabled }}" {{ disabled }}>{{ message }}</textarea>
            <section class="post-buttons">
                <input class="action-button" type="submit" name="save" value="Save" formaction="/save"> | 
                <input class="action-button" type="submit" name="publish" value="Publish" formaction="/publish">
            </section>
        </form>
    </section>
    <footer>
    </footer>
 </body>
 </html>
--- a/templates/login.spy
+++ b/templates/login.spy
@ -0,0 +1,16 @@
 << partials/head >>
 <body>
    <header class="welcome">
        <h1>Welcome to Soyuz</h1>
    </header>
    <section class="login">
        <form method="POST" action="/login">
            <label for="username">username </label><br/>
            <input type="text" name="username"><br/>
            <label for="password">password </label><br/>
            <input type="password" name="password"><br/><br/>
            <button type="submit">Log in!</button>
        </form>
    </section>
 </body>
 </html>
--- a/templates/partials/head.spy
+++ b/templates/partials/head.spy
@ -0,0 +1,9 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" type="text/css" href="/style.css">
    <title>Soyuz</title>
 </head>
--- a/templates/partials/header.spy
+++ b/templates/partials/header.spy
@ -0,0 +1,5 @@
 <header>
    <a class="action-button" href="/">New</a> | 
    <a class="action-button" href="/edit">Edit</a> | 
    <a class="action-button" href="/settings">Settings</a>
 </header>
--- a/templates/settings.spy
+++ b/templates/settings.spy
@ -0,0 +1,18 @@
 << partials/head >>
 <body>
    << partials/header >>
    <main id="settings">
        <form method="post">
            <section>
                <label for="password">Reset password:</label><br/>
                <input class="password-reset" type="password" name="password" id="password">
                <input type="submit" name="logout" value="Reset Password" formaction="/reset-password">
            </section>
            <section>
                <input type="submit" name="logout" value="Log Out" formaction="/logout">
            </section>
        </form>
    </main>
    <footer></footer>
 </body>
 </html>
--- a/templates/try-again.spy
+++ b/templates/try-again.spy
@ -0,0 +1,15 @@
 << partials/head >>
 <body>
    <p>Welcome to Soyuz</p>
    <div>Incorrect username or password, please try again</div>
    <section>
        <form method="POST" action="/login">
            <label for="username">username </label>
            <input type="text" name="username">
            <label for="password">username </label>
            <input type="password" name="password">
            <button type="submit">Log in!</button>
        </form>
    </section>
 </body>
 </html>
--- a/utilities.js
+++ b/utilities.js
@ -0,0 +1,317 @@
 const GEMINI_PATH = process.env.GEMINI_PATH
 const Database = require("better-sqlite3")
 const {mkdir, readFile, writeFile} = require('node:fs')
 const { pbkdf2, randomBytes } = require('node:crypto')
 db = new Database('soyuz.db', {})
 function getNow() {
    // we want to be able to use toISOString but that always returns
    // the date in UTC timezone. Here we adjust the UTC date to align
    // with the local timezone
    let localNow = new Date()
    let now = new Date(localNow.getTime() - localNow.getTimezoneOffset()*60000)
    return now
 }
 // DATABASE FUNCTIONS
 const addUser = function(username, directory, callback){
    let buf = randomBytes(32);
    let salt = buf.toString('hex');
    let pbuf = randomBytes(16);
    let password = pbuf.toString('hex');
    directory = directory.toString()
    // prepare db table
    let createTable = db.prepare(
        'CREATE TABLE IF NOT EXISTS users (username TEXT UNIQUE, password TEXT, salt TEXT, directory TEXT UNIQUE, latest_post TEXT, saved_post TEXT)'
        );
    createTable.run();
    // save to db
    pbkdf2(password, salt, 310000, 32, 'sha512', (err, derivedKey) => {
        if (err) throw err;
        let hash =  derivedKey.toString('hex');
        let stmt = db.prepare(
            'INSERT INTO users (username, directory, password, salt, saved_post) VALUES (?, ?, ?, ?, ?)'
            );
        stmt.run(username, directory, hash, salt, '# Title of my note');
        return callback(password)
        });
 }
 const resetPassword = function(username, pass, callback) {
    let buf = randomBytes(32)
    let salt = buf.toString('hex')
    let password
    if (pass) {
        password = pass
    } else {
        let pbuf = randomBytes(16)
        password = pbuf.toString('hex')
    }
    pbkdf2(password, salt, 310000, 32, 'sha512', (err, derivedKey) => {
        if (err) throw err;
        let hash =  derivedKey.toString('hex');
        let stmt = db.prepare(
            'UPDATE users SET password = ?, salt = ? WHERE username = ?'
            );
        stmt.run(hash, salt, username);
        return callback(password)
     });
 }
 // update latest post in db
 const updateLatestPostDate = function(username, callback) {
    let dateString = getNow().toISOString().slice(0,10)
    let stmt = db.prepare(
        'UPDATE users SET latest_post = ? WHERE username = ?'
        );
    stmt.run(dateString, username);
    callback(dateString)
 }
 // AUTHORISATION MIDDLEWARE
 const verifyUser = function (req, res, next) {
    let username = req.body.username
    let password = req.body.password
    let stmt = db.prepare(
        'SELECT * FROM users WHERE username = ?'
        )
     user = stmt.get(username)
    if (!user) {
        return next()
    }
    pbkdf2(password, user.salt, 310000, 32, 'sha512', function(err, hashedPassword) {
        if (err) { 
            return next()
        }
        if (user.password !== hashedPassword.toString('hex')) {
            return next()
        }
        req.session.user = {
            username: user.username,
            directory: user.directory,
            latest_post: user.latest_post,
        };
        next()
    });
 }
 const requireLoggedIn = function(req, res, next) {
    if (req.session.user) {
        return next()
    } else {
        return res.redirect('/login')
    }
 }
 // PUBLISHING
 const publishNewPost = function(req, cb) {
    let post = req.body.textarea
    let title = req.body.textarea.split('\n')[0].split('# ')[1].trim()
    let year = getNow().toISOString().slice(0,4)
    let dateString = getNow().toISOString().slice(0,10)
    let yearDir = `${GEMINI_PATH}/${req.session.user.directory}/${year}`
    let fileName = `${GEMINI_PATH}/${req.session.user.directory}/${year}/${dateString}.gmi`
    function updateArchivePage() {
        // update or create year's archive page
        let yearIndex = `${GEMINI_PATH}/${req.session.user.directory}/${year}/index.gmi`
        let updated = ''
        readFile(yearIndex, {encoding: 'utf8'}, (err, data) => {
            // if the file doesn't exist, create it
            if (err) {
                if (err.code == 'ENOENT') {
                    let string = `# ${year} Notes\n\n=> ${dateString}.gmi ${dateString} (${title})\n`
                    writeFile(yearIndex, string, (err) => {
                        if (err) throw err;
                    })
                }
                else {
                    throw err
                }
            } else {
                let lines = data.split('\n')
                lines[1] = `\n=> ${dateString}.gmi ${dateString} (${title})`
                updated = lines.join('\n')
            }
            writeFile(yearIndex, updated, (err) => {
                if (err) throw err
            })
        })
        // clear any saved post now that it is published
        saveFile(req.session.user.username, '# Title of my note', () => {
            // delete active page on db and in session
            updateLatestPostDate(req.session.user.username, datestring => {
                req.session.user.latest_post = datestring
                return cb()
            })
        })
    }
    function updateIndexListing() {
        // update index.gmi listing
        let indexFile = `${GEMINI_PATH}/${req.session.user.directory}/index.gmi`
        readFile(indexFile, {encoding: 'utf8'}, (err, data) => {
            if (err) {
                // if the file doesn't exist, create it
                if (err.code == 'ENOENT') {
                    let string = `## Latest notes\n\n=> /${year}/${dateString}.gmi ${dateString} (${title})\n`
                    writeFile(indexFile, string, (err) => {
                        if (err) throw err;
                    })
                }
            } else {
                let links = data.split('## Latest notes')
                let lines = links[1].split('\n')
                for (let i = 6; i < 2; i--) {
                    if (lines[i] && lines[i].startsWith('=>')) {
                        lines[i] = lines[i-1]
                    }
                }
                lines[0] = '## Latest notes'
                lines[2] = `=> /${year}/${dateString}.gmi ${dateString} (${title})`
                updated = links[0] + lines.join('\n')
                writeFile(indexFile, updated, (err) => {
                    if (err) {
                        // if the directory doesn't exist, create it and try again
                        if (err.code == 'ENOENT') {
                            mkdir(yearDir, (err) => {
                                if (err) throw err;
                                writeFile(indexFile, updated, (err) => {
                                    if (err) throw err;
                                })
                            })
                        }
                    }
                })
            }
        })
        return updateArchivePage()
    }
    writeFile(fileName, post, (err) => {
        if (err) {
            // if the directory doesn't exist, create it and try again
            if (err.code == 'ENOENT') {
                mkdir(yearDir, (err) => {
                    if (err) throw err;
                    writeFile(fileName, post, (err) => {
                        if (err) throw err;
                    })
                })
            }
        }
        return updateIndexListing()
    })
 }
 let getLatestPost = function(directory, callback) {
    // we check the index file because 
    // a new post could have come from
    // somewhere other than the app
    // e.g. from a CLI on a laptop etc
    let indexFile = `${GEMINI_PATH}/${directory}/index.gmi`
    readFile(indexFile, {encoding: 'utf8'}, (err, data) => {
        if (err) throw err;
        let links = data.split('## Latest notes')
        let parts = links[1].split('\n')[2].split(' ')
        let filePath = `${GEMINI_PATH}/${directory}/${parts[1]}`
        readFile(filePath, {encoding: 'utf8'}, (err, file) => {
            if (err) throw err;
            return callback(file, filePath)
        })
    })
 }
 let updatePost = function(req, callback) {
    let contents = req.body.textarea
    let path = req.body.path
    let title = contents.split('\n')[0].split('# ')[1].trim()
    let year = getNow().toISOString().slice(0,4)
    let dateString = getNow().toISOString().slice(0,10)
    let indexFile = `${GEMINI_PATH}/${req.session.user.directory}/index.gmi`
    let yearIndex = `${GEMINI_PATH}/${req.session.user.directory}/${year}/index.gmi`
    let updated = ''
    // we update the index and archive listings in case the title has changed
    readFile(indexFile, {encoding: 'utf8'}, (err, data) => {
        if (err) {
            throw err;
        } else {
            let links = data.split('## Latest notes')
            let lines = links[1].split('\n')
            lines[0] = '## Latest notes'
            lines[2] = `=> /${year}/${dateString}.gmi ${dateString} (${title})`
            updated = links[0] + lines.join('\n')
            // update index on homepage
            writeFile(indexFile, updated, (err) => {
                if (err) throw err
                readFile(yearIndex, {encoding: 'utf8'}, (err, data) => {
                    if (err) {
                        throw err
                    } else {
                        let lines = data.split('\n')
                        lines[2] = `=> ${dateString}.gmi ${dateString} (${title})`
                        updated = lines.join('\n')
                        // update archive page
                        writeFile(yearIndex, updated, (err) => {
                            if (err) throw err
                            //write out the updated post
                            writeFile(path, contents, (err) => {
                                if (err) {
                                    if (err) throw err;
                                }
                                return callback()
                            })
                        })
                    }
                })
            })
        }
    })
 }
 let saveFile = function(user, text, callback) {
    let stmt = db.prepare(
        'UPDATE users SET saved_post = ? WHERE username = ?'
        );
    stmt.run(text, user.username);
    callback()
 }
 let getSavedFile = function(user) {
    let stmt = db.prepare(
        'SELECT saved_post FROM users WHERE username = ?'
        )
    stmt.pluck(true)
    let post = stmt.get(user)
    return post
 }
 // TODO:
 let savePictures = function(text) {
    // we will need to save pictures to the server 
    // separately when publishing
 }
 module.exports = {
    addUser: addUser,
    getLatestPost: getLatestPost,
    getNow: getNow,
    getSavedFile: getSavedFile,
    publishNewPost: publishNewPost,
    resetPassword: resetPassword,
    requireLoggedIn: requireLoggedIn,
    saveFile: saveFile,
    updatePost: updatePost,
    verifyUser: verifyUser
 }
		`@ -0,0 +1,2 @@`
							`// use this regex to find links that are the wrong way around:`
							`// /=>\s[^:\/]*\s/`