@frangoteam/fuxa-min 1.1.19

package/api/diagnose/index.js

@@ -0,0 +1,163 @@
+/**
+ * 'api/logs': Diagnose API to GET logs data
+ */
+
+const fs = require('fs');
+const path = require('path');
+var express = require("express");
+const authJwt = require('../jwt-helper');
+var runtime;
+var secureFnc;
+var checkGroupsFnc;
+
+module.exports = {
+    init: function (_runtime, _secureFnc, _checkGroupsFnc) {
+        runtime = _runtime;
+        secureFnc = _secureFnc;
+        checkGroupsFnc = _checkGroupsFnc;
+    },
+    app: function () {
+        var diagnoseApp = express();
+        diagnoseApp.use(function (req, res, next) {
+            if (!runtime.project) {
+                res.status(404).end();
+            } else {
+                next();
+            }
+        });
+
+        /**
+         * GET Server logs folder content
+         */
+        diagnoseApp.get('/api/logsdir', secureFnc, function (req, res) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api get logsdir: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api get logsdir: Unauthorized!");
+            } else {
+                try {
+                    var logPath = runtime.logger.logDir();
+                    if (!fs.existsSync(logPath)) {
+                        logPath = path.join(process.cwd(), runtime.logger.logDir());
+                    }
+                    var logFiles = fs.readdirSync(logPath);
+                    res.json(logFiles);
+                } catch (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api get logsdir: " + err.message);
+                }
+            }
+        });
+
+        /**
+         * GET Server logs data
+         */
+        diagnoseApp.get('/api/logs', secureFnc, function (req, res) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api get logs: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api get logs: Unauthorized!");
+            } else {
+                try {
+                    const fileName = req.query.file.replace(new RegExp('../', 'g'), '');
+                    var logFileName = fileName || 'fuxa.log';
+                    var logPath = runtime.logger.logDir();
+                    if (!fs.existsSync(logPath)) {
+                        logPath = path.join(process.cwd(), runtime.logger.logDir());
+                    }
+                    var logFiles = fs.readdirSync(logPath);
+                    let logFile = path.join(logPath, logFileName);
+                    res.header('Content-Type', 'text/plain; charset=utf-8');
+                    res.download(logFile, (err) => {
+                        if (err) {
+                            res.status(500).send({
+                                message: "Could not download the file. " + err,
+                            });
+                            runtime.logger.error("api get logs: " + err);
+                        }
+                    });
+                } catch (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api get logs: " + err.message);
+                }
+            }
+        });
+
+        /**
+         * GET Server report folder content
+         */
+        diagnoseApp.get('/api/reportsdir', secureFnc, function (req, res) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api get reportdir: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api get reportdir: Unauthorized!");
+            } else {
+                try {
+                    var reportPath = runtime.settings.reportsDir;
+                    if (!fs.existsSync(reportPath)) {
+                        reportPath = path.join(process.cwd(), runtime.settings.reportsDir);
+                    }
+                    var reportFiles = fs.readdirSync(reportPath);
+                    reportFiles = reportFiles.filter(file => file.startsWith(req.query.name + '_'));
+                    res.json(reportFiles);
+                } catch (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api get reportdir: " + err.message);
+                }
+            }
+        });
+
+        /**
+         * POST testmail
+         * Test SMTP send mail
+         */
+        diagnoseApp.post("/api/sendmail", secureFnc, function (req, res, next) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api post sendmail: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1 ) {
+                res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                runtime.logger.error("api post sendmail: Unauthorized");
+            } else {
+                try {
+                    if (req.body.params.smtp && !req.body.params.smtp.password && runtime.settings.smtp && runtime.settings.smtp.password) {
+                        req.body.params.smtp.password = runtime.settings.smtp.password;
+                    }                
+                    runtime.notificatorMgr.sendMail(req.body.params.msg, req.body.params.smtp).then(function() {
+                        res.end();
+                    }).catch(function(err) {
+                        if (err.code) {
+                            res.status(400).json({error:err.code, message: err.message});
+                        } else {
+                            res.status(400).json({error:"unexpected_error", message:err.toString()});
+                        }
+                        runtime.logger.error("api post sendmail: " + err.message);
+                    });
+                } catch (error) {
+                    res.status(400).json({error:"unexpected_error", message:error.toString()});
+                    runtime.logger.error("api port sendmail: " + error.message);
+                }
+            }
+        });
+
+        return diagnoseApp;
+    }
+}

package/api/index.js

@@ -0,0 +1,181 @@
+/**
+ * 'api/project': API server initialization and general GET/POST
+ */
+
+const fs = require('fs');
+var express = require('express');
+var bodyParser = require('body-parser');
+const authJwt = require('./jwt-helper');
+const rateLimit = require("express-rate-limit");
+
+var prjApi = require('./projects');
+var authApi = require('./auth');
+var usersApi = require('./users');
+var alarmsApi = require('./alarms');
+var pluginsApi = require('./plugins');
+var diagnoseApi = require('./diagnose');
+var scriptsApi = require('./scripts');
+var resourcesApi = require('./resources');
+var daqApi = require('./daq');
+var commandApi = require('./command');
+
+var apiApp;
+var server;
+var runtime;
+var editor;
+
+function init(_server, _runtime) {
+    server = _server;
+    runtime = _runtime;
+    return new Promise(function (resolve, reject) {
+        if (runtime.settings.disableServer !== false) {
+            apiApp = express();
+            
+            var maxApiRequestSize = runtime.settings.apiMaxLength || '35mb';
+            apiApp.use(bodyParser.json({limit:maxApiRequestSize}));
+            apiApp.use(bodyParser.urlencoded({limit:maxApiRequestSize,extended:true}));
+            authJwt.init(runtime.settings.secureEnabled, runtime.settings.secretCode, runtime.settings.tokenExpiresIn);
+            prjApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(prjApi.app());
+            usersApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(usersApi.app());
+            alarmsApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(alarmsApi.app());
+            authApi.init(runtime, authJwt.secretCode, authJwt.tokenExpiresIn);
+            apiApp.use(authApi.app());
+            pluginsApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(pluginsApi.app());
+            diagnoseApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(diagnoseApi.app());
+            daqApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(daqApi.app());
+            scriptsApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(scriptsApi.app());
+            resourcesApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(resourcesApi.app());
+            commandApi.init(runtime, authJwt.verifyToken, verifyGroups);
+            apiApp.use(commandApi.app());
+
+            const limiter = rateLimit({
+                windowMs: 5 * 60 * 1000, // 5 minutes
+                max: 100 // limit each IP to 100 requests per windowMs
+            });
+              
+            //  apply to all requests
+            apiApp.use(limiter);
+
+            /**
+             * GET Server setting data
+             */
+            apiApp.get('/api/settings', function (req, res) {
+                if (runtime.settings) {
+                    let tosend = JSON.parse(JSON.stringify(runtime.settings));
+                    delete tosend.secretCode;
+                    if (tosend.smtp) {
+                        delete tosend.smtp.password;
+                    }
+                    // res.header("Access-Control-Allow-Origin", "*");
+                    // res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");                    
+                    res.json(tosend);
+                } else {
+                    res.status(404).end();
+                    runtime.logger.error('api get settings: Value Not Found!');
+                }
+            });
+
+            /**
+             * POST Server user settings
+             */
+            apiApp.post("/api/settings", authJwt.verifyToken, function(req, res, next) {
+                var groups = verifyGroups(req);
+                if (res.statusCode === 403) {
+                    runtime.logger.error("api post settings: Tocken Expired");
+                } else if (authJwt.adminGroups.indexOf(groups) === -1 ) {
+                    res.status(401).json({error:"unauthorized_error", message: "Unauthorized!"});
+                    runtime.logger.error("api post settings: Unauthorized");
+                } else {
+                    try {
+                        if (req.body.smtp && !req.body.smtp.password && runtime.settings.smtp && runtime.settings.smtp.password) {
+                            req.body.smtp.password = runtime.settings.smtp.password;
+                        }
+                        fs.writeFileSync(runtime.settings.userSettingsFile, JSON.stringify(req.body, null, 4));
+                        mergeUserSettings(req.body);
+                        runtime.restart(true).then(function(result) {
+                            res.end();
+                        });
+                    } catch (err) {
+                        res.status(400).json({ error: "unexpected_error", message: err });
+                        runtime.logger.error("api post settings: " + err);
+                    }
+                }
+            });
+
+            /**
+             * GET Heartbeat to check token
+             */
+            apiApp.post('/api/heartbeat', authJwt.verifyToken, function (req, res) {
+                if (!runtime.settings.secureEnabled) {
+                    res.end();
+                } else if (res.statusCode === 403) {
+                    runtime.logger.error("api post heartbeat: Tocken Expired");
+                } else if (req.body.params) {
+                    const token = authJwt.getNewToken(req.headers)
+                    if (token) {
+                        res.status(200).json({ 
+                            message: 'tokenRefresh',
+                            token: token 
+                        });
+                    } else {
+                        res.end();
+                    }
+                } else {
+                    res.end();
+                }
+            });
+            runtime.logger.info('api: init successful!', true);
+        } else {
+        }
+        resolve();
+    });
+}
+
+function mergeUserSettings(settings) {
+    if (settings.language) {
+        runtime.settings.language = settings.language;
+    }
+    runtime.settings.broadcastAll = settings.broadcastAll;
+    runtime.settings.secureEnabled = settings.secureEnabled;
+    runtime.settings.logFull = settings.logFull;
+    if (settings.secureEnabled) {
+        runtime.settings.tokenExpiresIn = settings.tokenExpiresIn;
+    }
+    if (settings.smtp) {
+        runtime.settings.smtp = settings.smtp;
+    }
+    if (settings.daqstore) {
+        runtime.settings.daqstore = settings.daqstore;
+    }
+    if (settings.alarms) {
+        runtime.settings.alarms = settings.alarms;
+    }
+}
+
+function verifyGroups(req) {
+    return (runtime.settings && runtime.settings.secureEnabled) ? ((req.tokenExpired) ? 0 : req.userGroups) : authJwt.adminGroups[0];
+}
+
+function start() {
+}
+
+function stop() {
+}
+
+module.exports = {
+    init: init,
+    start: start,
+    stop: stop,
+
+    get apiApp() { return apiApp; },
+    get server() { return server; },
+    get authJwt() { return authJwt; }
+};

package/api/jwt-helper.js

@@ -0,0 +1,106 @@
+'use strict';
+
+const jwt = require('jsonwebtoken');
+
+var secureEnabled = false;
+var secretCode = 'frangoteam751';
+var tokenExpiresIn = 60 * 60;   // 60 minutes
+const adminGroups = [-1, 255];
+
+
+function init(_secureEnabled, _secretCode, _tokenExpires) {
+    secureEnabled = _secureEnabled;
+    if (_secretCode) {
+        secretCode = _secretCode;
+    }
+    if (_tokenExpires) {
+        tokenExpiresIn = _tokenExpires;
+    }
+}
+
+/**
+ * Verify token
+ * @param {*} token 
+ */
+function verify (token) {
+    return new Promise ((resolve, reject) => {
+        jwt.verify(token, secretCode, (err, decoded) => {
+            if (err) {
+                console.error(`verify token error: ${err}`);
+                reject(false);
+            } else {
+                resolve(true);
+            }
+        });    
+    });
+}
+
+/**
+ * Verify WebAPI token (take from header)
+ * @param {*} req 
+ * @param {*} res
+ * @param {*} next
+ */
+function verifyToken (req, res, next) {
+    let token = req.headers['x-access-token'];
+
+    if (token) {
+        jwt.verify(token, secretCode, (err, decoded) => {
+            if (err) {
+                req.userId = null;
+                req.userGroups = null;
+                if (err.name === 'TokenExpiredError' || err.name === 'JsonWebTokenError') {
+                    req.tokenExpired = true;
+                    res.status(403).json({error:"unauthorized_error", message: "Token Expired!"});
+                }
+                next();
+            } else {
+                req.userId = decoded.id;
+                req.userGroups = decoded.groups;
+                if (req.headers['x-auth-user']) {
+                    let user = JSON.parse(req.headers['x-auth-user']);
+                    if (user && user.groups != req.userGroups) {
+                        res.status(403).json({ error: "unauthorized_error", message: "User Profile Corrupted!" });
+                    }
+                }
+                next();
+            }
+        });
+    } else {
+        // notice that no token was provided...}
+        req.userId = null;
+        req.userGroups = null;
+        // if (secureEnabled) {
+        //     res.status(401).json({ error: "unauthorized_error", message: "Token missing!" });
+        // }
+        next();
+    }
+}
+
+function getNewToken(headers) {
+    const authUser = (headers['x-auth-user']) ? JSON.parse(headers['x-auth-user']) : null;
+    if (authUser) {
+        return jwt.sign({
+            id: authUser.user,
+            groups: authUser.groups
+        },
+        secretCode, { 
+            expiresIn: tokenExpiresIn 
+        });
+    }
+    return null;
+}
+
+function getTokenExpiresIn() {
+    return tokenExpiresIn;
+}
+
+module.exports = {
+    init: init,
+    verify: verify,
+    verifyToken: verifyToken,
+    getNewToken: getNewToken,
+    get secretCode() { return secretCode },
+    get tokenExpiresIn() { return tokenExpiresIn },
+    adminGroups: adminGroups
+};

package/api/plugins/index.js

@@ -0,0 +1,109 @@
+/**
+ * 'api/plugin': Plugin API to GET/POST plugin data
+ */
+
+var express = require("express");
+const authJwt = require('../jwt-helper');
+var runtime;
+var secureFnc;
+var checkGroupsFnc;
+
+module.exports = {
+    init: function (_runtime, _secureFnc, _checkGroupsFnc) {
+        runtime = _runtime;
+        secureFnc = _secureFnc;
+        checkGroupsFnc = _checkGroupsFnc;
+    },
+    app: function () {
+        var pluginsApp = express();
+        pluginsApp.use(function (req, res, next) {
+            if (!runtime.project) {
+                res.status(404).end();
+            } else {
+                next();
+            }
+        });
+
+        /**
+         * GET supported Plugin and status (installed) 
+         */
+        pluginsApp.get("/api/plugins", secureFnc, function (req, res) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api get plugins: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api get plugins: Unauthorized!");
+            } else {
+                runtime.plugins.getPlugins().then(result => {
+                    // res.header("Access-Control-Allow-Origin", "*");
+                    // res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+                    if (result) {
+                        res.json(result);
+                    } else {
+                        res.end();
+                    }
+                }).catch(function (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api get plugins: " + err.message);
+                });
+            }
+        });
+
+        /**
+         * POST Plugin
+         * Install the plugin
+         */
+        pluginsApp.post("/api/plugins", secureFnc, function (req, res, next) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api post plugins: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api post plugins: Unauthorized");
+            } else {
+                runtime.plugins.addPlugin(req.body.params, true).then(function (data) {
+                    runtime.devices.update();
+                    res.end();
+                }).catch(function (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api install plugins: " + err.message);
+                });
+            }
+        });
+
+        /**
+         * DELETE Plugin
+         * Unistall the plugin
+         */
+        pluginsApp.delete("/api/plugins", secureFnc, function (req, res, next) {
+            var groups = checkGroupsFnc(req);
+            if (res.statusCode === 403) {
+                runtime.logger.error("api delete plugins: Tocken Expired");
+            } else if (authJwt.adminGroups.indexOf(groups) === -1) {
+                res.status(401).json({ error: "unauthorized_error", message: "Unauthorized!" });
+                runtime.logger.error("api delete plugins: Unauthorized");
+            } else {
+                runtime.plugins.removePlugin(req.query.param).then(function (data) {
+                    res.end();
+                }).catch(function (err) {
+                    if (err.code) {
+                        res.status(400).json({ error: err.code, message: err.message });
+                    } else {
+                        res.status(400).json({ error: "unexpected_error", message: err.toString() });
+                    }
+                    runtime.logger.error("api delete plugins: " + err.message);
+                });
+            }
+        });
+        return pluginsApp;
+    }
+}