@eeacms/volto-cca-policy 0.1.74 → 0.1.76

package/src/customizations/volto/middleware/api.js

@@ -0,0 +1,347 @@
+/**
+ * Api middleware.
+ * @module middleware/api
+ */
+
+import Cookies from 'universal-cookie';
+import jwtDecode from 'jwt-decode';
+import { compact, flatten, union } from 'lodash';
+import { matchPath } from 'react-router';
+import qs from 'query-string';
+
+import config from '@plone/volto/registry';
+
+import {
+  GET_CONTENT,
+  LOGIN,
+  RESET_APIERROR,
+  SET_APIERROR,
+} from '@plone/volto/constants/ActionTypes';
+import { changeLanguage } from '@plone/volto/actions';
+import {
+  toGettextLang,
+  toReactIntlLang,
+  getCookieOptions,
+} from '@plone/volto/helpers';
+let socket = null;
+
+/**
+ *
+ * Add configured expanders to an api call for an action
+ * Requirements:
+ *
+ * - It should add the expanders set in the config settings
+ * - It should preserve any query if present
+ * - It should preserve (and add) any expand parameter (if present) e.g. translations
+ * - It should take use the correct codification for arrays in querystring (repeated parameter for each member of the array)
+ *
+ * @function addExpandersToPath
+ * @param {string} path The url/path including the querystring
+ * @param {*} type The action type
+ * @returns {string} The url/path with the configured expanders added to the query string
+ */
+export function addExpandersToPath(path, type, isAnonymous) {
+  const { settings } = config;
+  const { apiExpanders = [] } = settings;
+
+  const {
+    url,
+    query: { expand, ...query },
+  } = qs.parseUrl(path, { decode: false });
+
+  const expandersFromConfig = apiExpanders
+    .filter((expand) => matchPath(url, expand.match) && expand[type])
+    .map((expand) => expand[type]);
+
+  const expandMerge = compact(
+    union([expand, ...flatten(expandersFromConfig)]),
+  ).filter((item) => !(item === 'types' && isAnonymous)); // Remove types expander if isAnonymous
+
+  const stringifiedExpand = qs.stringify(
+    { expand: expandMerge },
+    {
+      arrayFormat: 'comma',
+      encode: false,
+    },
+  );
+
+  const querystringFromConfig = apiExpanders
+    .filter((expand) => matchPath(url, expand.match) && expand[type])
+    .reduce((acc, expand) => ({ ...acc, ...expand?.['querystring'] }), {});
+
+  const queryMerge = { ...query, ...querystringFromConfig };
+
+  const stringifiedQuery = qs.stringify(queryMerge, {
+    encode: false,
+  });
+
+  if (stringifiedQuery && stringifiedExpand) {
+    return `${url}?${stringifiedExpand}&${stringifiedQuery}`;
+  } else if (!stringifiedQuery && stringifiedExpand) {
+    return `${url}?${stringifiedExpand}`;
+  } else if (stringifiedQuery && !stringifiedExpand) {
+    return `${url}?${stringifiedQuery}`;
+  } else {
+    return url;
+  }
+}
+
+/**
+ * Send a message on a websocket.
+ * @function sendOnSocket
+ * @param {Object} request Request object.
+ * @returns {Promise} message is send
+ */
+function sendOnSocket(request) {
+  return new Promise((resolve, reject) => {
+    switch (socket.readyState) {
+      case socket.CONNECTING:
+        socket.addEventListener('open', () => resolve(socket));
+        socket.addEventListener('error', reject);
+        break;
+      case socket.OPEN:
+        resolve(socket);
+        break;
+      default:
+        reject();
+        break;
+    }
+  }).then(() => {
+    socket.send(JSON.stringify(request));
+  });
+}
+
+/**
+ * Api middleware.
+ * @function
+ * @param {Object} api Api object.
+ * @returns {Promise} Action promise.
+ */
+const apiMiddlewareFactory = (api) => ({ dispatch, getState }) => (next) => (
+  action,
+) => {
+  const { settings } = config;
+
+  const isAnonymous = !getState().userSession.token;
+
+  if (typeof action === 'function') {
+    return action(dispatch, getState);
+  }
+
+  const { request, type, mode = 'parallel', ...rest } = action;
+  const { subrequest } = action; // We want subrequest remains in `...rest` above
+
+  let actionPromise;
+
+  if (!request) {
+    return next(action);
+  }
+
+  next({ ...rest, type: `${type}_PENDING` });
+
+  if (socket) {
+    actionPromise = Array.isArray(request)
+      ? Promise.all(
+          request.map((item) =>
+            sendOnSocket({
+              ...item,
+              path: addExpandersToPath(item.path, type, isAnonymous),
+              id: type,
+            }),
+          ),
+        )
+      : sendOnSocket({
+          ...request,
+          path: addExpandersToPath(request.path, type, isAnonymous),
+          id: type,
+        });
+  } else {
+    actionPromise = Array.isArray(request)
+      ? mode === 'serial'
+        ? request.reduce((prevPromise, item) => {
+            return prevPromise.then((acc) => {
+              return api[item.op](
+                addExpandersToPath(item.path, type, isAnonymous),
+                {
+                  data: item.data,
+                  type: item.type,
+                  headers: item.headers,
+                  params: request.params,
+                  checkUrl: settings.actions_raising_api_errors.includes(
+                    action.type,
+                  ),
+                },
+              ).then((reqres) => {
+                return [...acc, reqres];
+              });
+            });
+          }, Promise.resolve([]))
+        : Promise.all(
+            request.map((item) =>
+              api[item.op](addExpandersToPath(item.path, type, isAnonymous), {
+                data: item.data,
+                type: item.type,
+                headers: item.headers,
+                params: request.params,
+                checkUrl: settings.actions_raising_api_errors.includes(
+                  action.type,
+                ),
+              }),
+            ),
+          )
+      : api[request.op](addExpandersToPath(request.path, type, isAnonymous), {
+          data: request.data,
+          type: request.type,
+          headers: request.headers,
+          params: request.params,
+          checkUrl: settings.actions_raising_api_errors.includes(action.type),
+        });
+    actionPromise.then(
+      (result) => {
+        const { settings } = config;
+        if (getState().apierror.connectionRefused) {
+          next({
+            ...rest,
+            type: RESET_APIERROR,
+          });
+        }
+        if (type === GET_CONTENT) {
+          // customization original: result?.language?.token
+          const lang = result?.language?.token || result.language || '';
+          // end customization
+          if (
+            lang &&
+            getState().intl.locale !== toReactIntlLang(lang) &&
+            !subrequest &&
+            config.settings.supportedLanguages.includes(lang)
+          ) {
+            const langFileName = toGettextLang(lang);
+            import('~/../locales/' + langFileName + '.json').then((locale) => {
+              dispatch(changeLanguage(lang, locale.default));
+            });
+          }
+        }
+        if (type === LOGIN && settings.websockets) {
+          const cookies = new Cookies();
+          cookies.set(
+            'auth_token',
+            result.token,
+            getCookieOptions({
+              expires: new Date(jwtDecode(result.token).exp * 1000),
+            }),
+          );
+          api.get('/@wstoken').then((res) => {
+            socket = new WebSocket(
+              `${settings.apiPath.replace('http', 'ws')}/@ws?ws_token=${
+                res.token
+              }`,
+            );
+            socket.onmessage = (message) => {
+              const packet = JSON.parse(message.data);
+              if (packet.error) {
+                dispatch({
+                  type: `${packet.id}_FAIL`,
+                  error: packet.error,
+                });
+              } else {
+                dispatch({
+                  type: `${packet.id}_SUCCESS`,
+                  result: JSON.parse(packet.data),
+                });
+              }
+            };
+          });
+        }
+        try {
+          return next({ ...rest, result, type: `${type}_SUCCESS` });
+        } catch (error) {
+          // There was an exception while processing reducers or downstream middleware.
+          next({
+            ...rest,
+            error: { status: 500, error },
+            type: `${type}_FAIL`,
+          });
+          // Rethrow the original exception on the client side only,
+          // so it doesn't fall through to express on the server.
+          if (__CLIENT__) throw error;
+        }
+      },
+      (error) => {
+        // Only SSR can set ECONNREFUSED
+        if (error.code === 'ECONNREFUSED') {
+          next({
+            ...rest,
+            error,
+            statusCode: error.code,
+            connectionRefused: true,
+            type: SET_APIERROR,
+          });
+        }
+
+        // Response error is marked crossDomain if CORS error happen
+        else if (error.crossDomain) {
+          next({
+            ...rest,
+            error,
+            statusCode: 'CORSERROR',
+            connectionRefused: false,
+            type: SET_APIERROR,
+          });
+        }
+
+        // Check for actions who can raise api errors
+        if (settings.actions_raising_api_errors.includes(action.type)) {
+          // Gateway timeout
+          if (error?.response?.statusCode === 504) {
+            next({
+              ...rest,
+              error,
+              statusCode: error.code,
+              connectionRefused: true,
+              type: SET_APIERROR,
+            });
+          }
+
+          // Redirect
+          else if (error?.code === 301) {
+            next({
+              ...rest,
+              error,
+              statusCode: error.code,
+              connectionRefused: false,
+              type: SET_APIERROR,
+            });
+          }
+
+          // Redirect
+          else if (error?.code === 408) {
+            next({
+              ...rest,
+              error,
+              statusCode: error.code,
+              connectionRefused: false,
+              type: SET_APIERROR,
+            });
+          }
+
+          // Unauthorized
+          else if (error?.response?.statusCode === 401) {
+            next({
+              ...rest,
+              error,
+              statusCode: error.response,
+              message: error.response.body.message,
+              connectionRefused: false,
+              type: SET_APIERROR,
+            });
+          }
+        }
+        return next({ ...rest, error, type: `${type}_FAIL` });
+      },
+    );
+  }
+
+  return actionPromise;
+};
+
+export default apiMiddlewareFactory;

package/src/customizations/volto/server.jsx

@@ -0,0 +1,354 @@
+/*  Original: https://github.com/plone/volto/blob/16.x.x/src/server.jsx */
+/*  Line: 59 - Fix crash when a supported language it's not in volto/locales folder */
+
+/* eslint no-console: 0 */
+import '@plone/volto/config'; // This is the bootstrap for the global config - server side
+import { existsSync, lstatSync, readFileSync } from 'fs';
+import React from 'react';
+import { StaticRouter } from 'react-router-dom';
+import { Provider } from 'react-intl-redux';
+import express from 'express';
+import { renderToString } from 'react-dom/server';
+import { createMemoryHistory } from 'history';
+import { parse as parseUrl } from 'url';
+import { keys } from 'lodash';
+import locale from 'locale';
+import { detect } from 'detect-browser';
+import path from 'path';
+import { ChunkExtractor, ChunkExtractorManager } from '@loadable/server';
+import { resetServerContext } from 'react-beautiful-dnd';
+import { CookiesProvider } from 'react-cookie';
+import cookiesMiddleware from 'universal-cookie-express';
+import debug from 'debug';
+
+import routes from '@root/routes';
+import config from '@plone/volto/registry';
+
+import {
+  flattenToAppURL,
+  Html,
+  Api,
+  persistAuthToken,
+  toBackendLang,
+  toGettextLang,
+  toReactIntlLang,
+} from '@plone/volto/helpers';
+import { changeLanguage } from '@plone/volto/actions';
+
+import userSession from '@plone/volto/reducers/userSession/userSession';
+
+import ErrorPage from '@plone/volto/error';
+
+import languages from '@plone/volto/constants/Languages';
+
+import configureStore from '@plone/volto/store';
+import {
+  ReduxAsyncConnect,
+  loadOnServer,
+} from '@plone/volto/helpers/AsyncConnect';
+
+let locales = {};
+
+if (config.settings) {
+  config.settings.supportedLanguages.forEach((lang) => {
+    const langFileName = toGettextLang(lang);
+    import('@root/../locales/' + langFileName + '.json')
+      .then((locale) => {
+        locales = { ...locales, [toReactIntlLang(lang)]: locale.default };
+      })
+      // start customization
+      .catch((error) => {
+        locales = { ...locales, [toReactIntlLang(lang)]: {} };
+      });
+    // end customization
+  });
+}
+
+function reactIntlErrorHandler(error) {
+  debug('i18n')(error);
+}
+
+const supported = new locale.Locales(keys(languages), 'en');
+
+const server = express()
+  .disable('x-powered-by')
+  .head('/*', function (req, res) {
+    // Support for HEAD requests. Required by start-test utility in CI.
+    res.send('');
+  })
+  .use(cookiesMiddleware());
+
+const middleware = (config.settings.expressMiddleware || []).filter((m) => m);
+
+server.all('*', setupServer);
+if (middleware.length) server.use('/', middleware);
+
+server.use(function (err, req, res, next) {
+  if (err) {
+    const { store } = res.locals;
+    const errorPage = (
+      <Provider store={store} onError={reactIntlErrorHandler}>
+        <StaticRouter context={{}} location={req.url}>
+          <ErrorPage message={err.message} />
+        </StaticRouter>
+      </Provider>
+    );
+
+    res.set({
+      'Cache-Control': 'public, max-age=60, no-transform',
+    });
+
+    /* Displays error in console
+     * TODO:
+     * - get ignored codes from Plone error_log
+     */
+    const ignoredErrors = [301, 302, 401, 404];
+    if (!ignoredErrors.includes(err.status)) console.error(err);
+
+    res
+      .status(err.status || 500) // If error happens in Volto code itself error status is undefined
+      .send(`<!doctype html> ${renderToString(errorPage)}`);
+  }
+});
+
+function setupServer(req, res, next) {
+  const api = new Api(req);
+
+  const lang = toReactIntlLang(
+    new locale.Locales(
+      req.universalCookies.get('I18N_LANGUAGE') ||
+        config.settings.defaultLanguage ||
+        req.headers['accept-language'],
+    )
+      .best(supported)
+      .toString(),
+  );
+
+  // Minimum initial state for the fake Redux store instance
+  const initialState = {
+    intl: {
+      defaultLocale: 'en',
+      locale: lang,
+      messages: locales[lang],
+    },
+  };
+
+  const history = createMemoryHistory({
+    initialEntries: [req.url],
+  });
+
+  // Create a fake Redux store instance for the `errorHandler` to render
+  // and for being used by the rest of the middlewares, if required
+  const store = configureStore(initialState, history, api);
+
+  function errorHandler(error) {
+    const errorPage = (
+      <Provider store={store} onError={reactIntlErrorHandler}>
+        <StaticRouter context={{}} location={req.url}>
+          <ErrorPage message={error.message} />
+        </StaticRouter>
+      </Provider>
+    );
+
+    res.set({
+      'Cache-Control': 'public, max-age=60, no-transform',
+    });
+
+    /* Displays error in console
+     * TODO:
+     * - get ignored codes from Plone error_log
+     */
+    const ignoredErrors = [301, 302, 401, 404];
+    if (!ignoredErrors.includes(error.status)) console.error(error);
+
+    res
+      .status(error.status || 500) // If error happens in Volto code itself error status is undefined
+      .send(`<!doctype html> ${renderToString(errorPage)}`);
+  }
+
+  if (!process.env.RAZZLE_API_PATH && req.headers.host) {
+    res.locals.detectedHost = `${
+      req.headers['x-forwarded-proto'] || req.protocol
+    }://${req.headers.host}`;
+    config.settings.apiPath = res.locals.detectedHost;
+    config.settings.publicURL = res.locals.detectedHost;
+  }
+
+  res.locals = {
+    ...res.locals,
+    store,
+    api,
+    errorHandler,
+  };
+
+  next();
+}
+
+server.get('/*', (req, res) => {
+  const { errorHandler } = res.locals;
+
+  const api = new Api(req);
+
+  const browserdetect = detect(req.headers['user-agent']);
+
+  const lang = toReactIntlLang(
+    new locale.Locales(
+      req.universalCookies.get('I18N_LANGUAGE') ||
+        config.settings.defaultLanguage ||
+        req.headers['accept-language'],
+    )
+      .best(supported)
+      .toString(),
+  );
+
+  const authToken = req.universalCookies.get('auth_token');
+  const initialState = {
+    userSession: { ...userSession(), token: authToken },
+    form: req.body,
+    intl: {
+      defaultLocale: 'en',
+      locale: lang,
+      messages: locales[lang],
+    },
+    browserdetect,
+  };
+
+  const history = createMemoryHistory({
+    initialEntries: [req.url],
+  });
+
+  // Create a new Redux store instance
+  const store = configureStore(initialState, history, api);
+
+  persistAuthToken(store, req);
+
+  // @loadable/server extractor
+  const buildDir = process.env.BUILD_DIR || 'build';
+  const extractor = new ChunkExtractor({
+    statsFile: path.resolve(path.join(buildDir, 'loadable-stats.json')),
+    entrypoints: ['client'],
+  });
+
+  const url = req.originalUrl || req.url;
+  const location = parseUrl(url);
+
+  loadOnServer({ store, location, routes, api })
+    .then(() => {
+      const initialLang =
+        req.universalCookies.get('I18N_LANGUAGE') ||
+        config.settings.defaultLanguage ||
+        req.headers['accept-language'];
+
+      // The content info is in the store at this point thanks to the asynconnect
+      // features, then we can force the current language info into the store when
+      // coming from an SSR request
+
+      // TODO: there is a bug here with content that, for any reason, doesn't
+      // present the language token field, for some reason. In this case, we
+      // should follow the cookie rather then switching the language
+      const contentLang = store.getState().content.get?.error
+        ? initialLang
+        : store.getState().content.data?.language?.token ||
+          config.settings.defaultLanguage;
+
+      if (toBackendLang(initialLang) !== contentLang) {
+        const newLang = toReactIntlLang(
+          new locale.Locales(contentLang).best(supported).toString(),
+        );
+        store.dispatch(changeLanguage(newLang, locales[newLang], req));
+      }
+
+      const context = {};
+      resetServerContext();
+      const markup = renderToString(
+        <ChunkExtractorManager extractor={extractor}>
+          <CookiesProvider cookies={req.universalCookies}>
+            <Provider store={store} onError={reactIntlErrorHandler}>
+              <StaticRouter context={context} location={req.url}>
+                <ReduxAsyncConnect routes={routes} helpers={api} />
+              </StaticRouter>
+            </Provider>
+          </CookiesProvider>
+        </ChunkExtractorManager>,
+      );
+
+      const readCriticalCss =
+        config.settings.serverConfig.readCriticalCss || defaultReadCriticalCss;
+
+      // If we are showing an "old browser" warning,
+      // make sure it doesn't get cached in a shared cache
+      const browserdetect = store.getState().browserdetect;
+      if (config.settings.notSupportedBrowsers.includes(browserdetect?.name)) {
+        res.set({
+          'Cache-Control': 'private',
+        });
+      }
+
+      if (context.url) {
+        res.redirect(flattenToAppURL(context.url));
+      } else if (context.error_code) {
+        res.set({
+          'Cache-Control': 'no-cache',
+        });
+
+        res.status(context.error_code).send(
+          `<!doctype html>
+              ${renderToString(
+                <Html
+                  extractor={extractor}
+                  markup={markup}
+                  store={store}
+                  extractScripts={
+                    config.settings.serverConfig.extractScripts?.errorPages ||
+                    process.env.NODE_ENV !== 'production'
+                  }
+                  criticalCss={readCriticalCss(req)}
+                  apiPath={res.locals.detectedHost || config.settings.apiPath}
+                  publicURL={
+                    res.locals.detectedHost || config.settings.publicURL
+                  }
+                />,
+              )}
+            `,
+        );
+      } else {
+        res.status(200).send(
+          `<!doctype html>
+              ${renderToString(
+                <Html
+                  extractor={extractor}
+                  markup={markup}
+                  store={store}
+                  criticalCss={readCriticalCss(req)}
+                  apiPath={res.locals.detectedHost || config.settings.apiPath}
+                  publicURL={
+                    res.locals.detectedHost || config.settings.publicURL
+                  }
+                />,
+              )}
+            `,
+        );
+      }
+    }, errorHandler)
+    .catch(errorHandler);
+});
+
+export const defaultReadCriticalCss = () => {
+  const { criticalCssPath } = config.settings.serverConfig;
+
+  const e = existsSync(criticalCssPath);
+  if (!e) return;
+
+  const f = lstatSync(criticalCssPath);
+  if (!f.isFile()) return;
+
+  return readFileSync(criticalCssPath, { encoding: 'utf-8' });
+};
+
+// Exposed for the console bootstrap info messages
+server.apiPath = config.settings.apiPath;
+server.devProxyToApiPath = config.settings.devProxyToApiPath;
+server.proxyRewriteTarget = config.settings.proxyRewriteTarget;
+server.publicURL = config.settings.publicURL;
+
+export default server;