@ind-rcg/backend 246.1008.0

package/src/bootstrap.js

@@ -0,0 +1,156 @@
+/*
+ * FILE_HEADER
+ */
+
+"use strict";
+
+const express = require('express');
+const bodyParser = require('body-parser');
+const local = require('./local');
+
+const log = require('log4js').getLogger("bootstrap");
+const pako = require('pako');
+const _ = require('lodash');
+const fs = require("fs");
+const path = require("path");
+const GlobalConfig = require('./globalConfig');
+let fetch = null;
+let salesforceInstanceURL;
+//let salesforceAccessToken;
+
+async function loadESModule() {
+    // eslint-disable-next-line no-shadow
+    fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args)); 
+    return fetch;
+}
+
+module.exports.setup = (webServerConfig) => {
+
+    // initialize local.js with web server config
+    return local.initialize(webServerConfig)
+        .then(() => {
+
+            // setup express app
+            let app = express();
+
+            app.use(bodyParser.json({ limit: '50mb' }));
+            app.use(bodyParser.raw({ type: 'application/octet-stream', limit: '50mb' }));
+
+            app.get('/', function (req, res) {
+                res.send('Backend server, version 1.0');
+            });
+
+            // add static endpoint to include the framework
+            // this makes usage of CORS plugins obsolete
+            // since backend and framework both run under the same port and adr.
+            webServerConfig.mountpoints.forEach(function (mountpoint) {
+                app.use(mountpoint.path, express.static(mountpoint.location));
+            });
+
+            loadESModule().then(() => {
+                app.post(['/Request', '/dba/Request'], function (req, res) {
+                    local.performCall(req, res);
+                });
+
+                app.use(/\/ibe\/iws\/emu\/sfproxy.*/, function (req, res) {
+                    let url = req.originalUrl.replace("/ibe/iws/emu/sfproxy", salesforceInstanceURL);
+                    log.debug("PROXY - ", req.originalUrl, url, req.method);
+                    req.headers.authorization = req.headers["x-authorization"];
+                    delete req.headers["x-authorization"];
+                    delete req.headers.host;
+                    delete req.headers.origin;
+                    delete req.headers.referer;
+
+                    let options = { method: req.method, headers: req.headers };
+                    if (req.method !== 'GET') {
+                        let reqJson = JSON.stringify(req.body);
+                        let encoded = pako.gzip(reqJson);
+                        options['body'] = encoded;
+                    }
+                    if (req.originalUrl.includes('ContentVersion')) {
+                        // TO DO: Review request modifications to accept all possible actions, like Picture taking feature
+                        log.warn("The request is proxied for local HESA execution. Always include your localhost URL as CORS allowed origin in your org to prevent errors. " +
+                            "Without CORS allowed URL, the picture taking feature won't work and synchronization fails.");
+                    }
+                    fetch(url, options)
+                        .then((resp) => {
+                            if (['application/octetstream','image/png', 'text/html; charset=UTF-8'].includes(resp.headers.get('content-type'))) {
+                                resp.body.pipe(res);
+                                return;
+                            }
+                            resp.json().then((jsonRes) => {
+                                res.send(jsonRes);
+                            }).catch((error) => {
+                                log.error(`ERROR while reading json from ${url}`, error);
+                            });
+                        }).catch((error) => {
+                            log.error(`ERROR while accessing ${url}`, error);
+                        });
+                });
+            }, (error) => {
+                log.error("ERROR while loading node-fetch module", error);
+            });
+
+            app.post('/ibe/iws/emu/sfproxydata', (request, response) => {
+                let body = request.body;
+                salesforceInstanceURL = body.salesforceInstanceURL;
+                //salesforceAccessToken = body.salesforceAccesstoken;
+                response.writeHead(200, { 'Content-Type': 'application/json' });
+                response.end(JSON.stringify({success: true}));
+            });
+
+            const validateReferemceImageConfig = () => {
+                let validationResult = true;
+                if (_.isNil(webServerConfig.referenceImage)) {
+                    log.error("ERROR: Looks like you haven’t specified an image file in referenceImage. Specify a PNG or JPEG file and try again.");
+                    validationResult = false;
+                } else if (_.isNil(webServerConfig.referenceImagePath)) {
+                    log.error("ERROR: Looks like you haven't specified a file path in referenceImagePath. Specify a file path and try again.");
+                    validationResult = false;
+                } else {
+                    const finalPath = path.isAbsolute(webServerConfig.referenceImagePath)?
+                        path.join(webServerConfig.referenceImagePath, webServerConfig.referenceImage)
+                        : path.resolve(webServerConfig.referenceImagePath, webServerConfig.referenceImage);
+                    if (!fs.existsSync(finalPath)) {
+                        log.error("ERROR: We couldn't find the file. Verify the file name or make sure that the file exists at the specified location.");
+                        validationResult = false;
+                    }
+                }
+                return validationResult;
+            };
+
+            // Check reference image config during setup
+            validateReferemceImageConfig();
+
+            const hesaFolderPath = `${GlobalConfig.AttachmentsFolder}/${GlobalConfig.hesaFolder}`;
+            if (fs.existsSync(hesaFolderPath)) {
+                fs.rmdirSync(hesaFolderPath, { recursive: true, force: true });
+            }
+            fs.mkdirSync(hesaFolderPath, { recursive: true, force: true });
+
+            app.get("/emu/picture", (req, res) => {
+                let temporalFileName = 'ReferenceImage.jpg';
+                if (validateReferemceImageConfig()) {
+                    temporalFileName = `${new Date().getTime()}.${path.extname(webServerConfig.referenceImage)}`;
+                    const sourcePath = path.isAbsolute(webServerConfig.referenceImagePath)?
+                        path.join(webServerConfig.referenceImagePath, webServerConfig.referenceImage)
+                        : path.resolve(webServerConfig.referenceImagePath, webServerConfig.referenceImage);
+                    fs.copyFileSync(
+                        sourcePath,
+                        `${hesaFolderPath}/${temporalFileName}`
+                    );
+                }
+                res.send(`{"success":true,"message":null,"results":"{\\"width\\":225,\\"height\\":225,\\"path\\":\\"hesa/${temporalFileName}\\"}"}`);
+            });
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+            return Promise.resolve(app);
+        })
+        .catch(() => {
+            return Promise.reject(null);
+        });
+};
+
+
+module.exports.closeConnection = () => {
+    local.closeDBConnection();
+};

package/src/fsHelper.js

@@ -0,0 +1,36 @@
+/*
+ * FILE_HEADER
+ */
+
+"use strict";
+
+const fs = require('fs');
+const path = require('path');
+const log = require('log4js').getLogger("fsHelper");
+
+module.exports.readJsonFile = (filePath) => {
+
+    // Sanitizer method for JSON.parse action in readJSONFile
+    const sanitizer = (key, value) => {
+        const evilPattern = /[;`|&${}]/;
+        if (typeof value === 'string' && value.search(evilPattern) >= 0) {
+            log.error('Alert!!! - Command Injection suspected');
+            return null;
+        } else {
+            return value;
+        }
+    };
+
+    if (filePath) {
+        let resolvedPath = path.resolve(filePath);
+        if (fs.existsSync(resolvedPath)) {
+            let raw = fs.readFileSync(resolvedPath);
+            if (raw) {
+                // Use sanitizer method to prevent XSS injection in configurable attributes
+                return JSON.parse(raw, sanitizer);
+            }
+        }
+    }
+
+    return null;
+};

package/src/globalConfig.js

@@ -0,0 +1,23 @@
+/*
+ * FILE_HEADER
+ */
+
+"use strict";
+
+const GlobalConfig = new function(){
+    this.AttachmentsFolder = "Attachments";
+    this.SFFilesBlobFolder = "SFFilesBlob";
+    this.ThumbnailsFolder = "Thumbnails";
+    this.ThemeImagesFolder = "ThemeImages";
+    this.hesaFolder = "hesa";
+    this.BlobFolder = "Blob";
+
+    this.MAX_PARAM_STRING_LENGTH = 100;
+    this.MAX_FILE_PATH_LENGTH = 500;
+    this.MAX_FILE_SIZE = 50; // in MB
+
+    this.validThemeFolders = ['Application', 'Framework'];
+    this.validFileTypesForThemes = ['svg', 'png', 'gif'];
+}();
+
+module.exports = GlobalConfig;