cloudcms-server 3.3.1-beta.8 → 4.0.0-beta.1

package/util/proxy-factory.js

@@ -2,8 +2,6 @@ var http = require("http");
 var https = require("https");
 var path = require("path");
 
-var httpProxy = require("http-proxy");
-
 var auth = require("./auth");
 var util = require("./util");
 
@@ -17,7 +15,8 @@ var exports = module.exports;
 
 var _LOCK = function(lockIdentifiers, workFunction)
 {
-    process.locks.lock(lockIdentifiers.join("_"), workFunction);
+    var name = lockIdentifiers.join("_");
+    process.locks.lock(name, workFunction);
 };
 
 var NAMED_PROXY_HANDLERS_CACHE = new LRUCache({
@@ -36,9 +35,17 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
     {
         return callback(null, _cachedHandler);
     }
-
+    
     // take out a thread lock
-    _LOCK(["acquireProxyHandler", name], function(releaseLockFn) {
+    _LOCK(["acquireProxyHandler", name], function(err, releaseLockFn) {
+        
+        if (err)
+        {
+            console.log("Failed to acquire proxy handler: " + name + ", err: ", err);
+            
+            // failed to acquire lock
+            return callback(err);
+        }
 
         // second check to make sure another thread didn't create the handler in the meantime
         _cachedHandler = NAMED_PROXY_HANDLERS_CACHE[name];
@@ -49,8 +56,9 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
         }
 
         // create the proxy handler and cache it into LRU cache
+        //console.log("Acquiring proxy handler: " + name + ", for target: " + proxyTarget + " and prefix: " + pathPrefix);
         _cachedHandler = createProxyHandler(proxyTarget, pathPrefix);
-
+    
         // store back into LRU cache
         NAMED_PROXY_HANDLERS_CACHE[name] = _cachedHandler;
 
@@ -59,144 +67,75 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
     });
 };
 
-var createProxyHandler = function(proxyTarget, pathPrefix)
-{
-    ////////////////////////////////////////////////////////////////////////////
-    //
-    // HTTP/HTTPS Proxy Server to Cloud CMS
-    // Facilitates Cross-Domain communication between Browser and Cloud Server
-    // This must appear at the top of the app.js file (ahead of config) for things to work
-    //
-    ////////////////////////////////////////////////////////////////////////////
-
-    // NOTE: changeOrigin must be true because of the way that we set host to host:port
-    // in http-proxy's common.js line 102, the host is only properly set up if changeOrigin is set to true
-    // this sets the "host" header and it has to match what is set at the network/transport level in a way
-    // (inner workings of Node http request)
-    //
-    var proxyConfig = {
-        "target": proxyTarget,
-        "agent": http.globalAgent,
-        "xfwd": false,
-        "proxyTimeout": process.defaultHttpTimeoutMs,
-        "changeOrigin": true
-    };
-
-    // use https?
-    if (util.isHttps(proxyTarget))
-    {
-        // parse the target to get host
-        var proxyHost = urlTool.parse(proxyTarget).host;
-
-        proxyConfig = {
-            "target": proxyTarget,
-            "agent": https.globalAgent,
-            "headers": {
-                "host": proxyHost
-            }
-        };
-    }
 
-    // create proxy server instance
-    var proxyServer = new httpProxy.createProxyServer(proxyConfig);
 
-    // error handling
-    proxyServer.on("error", function(err, req, res) {
-        console.log("A proxy error was caught: " + err + ", json: " + JSON.stringify(err));
 
-        // do our best to send something back
-        try
+var createProxyHandler = function(proxyTarget, pathPrefix)
+{
+    const proxy = require("http2-proxy");
+    const finalhandler = require('finalhandler')
+    
+    const defaultWebHandler = function(err, req, res) {
+        if (err)
         {
-            res.writeHead(500, {
-                'Content-Type': 'text/plain'
-            });
+            console.log("A web proxy error was caught, path: " + req.path + ", err: ", err);
+            try { res.status(500); } catch (e) { }
+            try { res.end('Something went wrong while proxying the request.'); } catch (e) { }
         }
-        catch (e) { }
-
-        try
-        {
-            res.end('Something went wrong while proxying the request.');
+    
+        finalhandler(req, res)(err);
+    };
+    
+    // const defaultWsHandler = function(err, req, socket, head) {
+    //     if (err) {
+    //         console.error('proxy error (ws)', err);
+    //         socket.destroy();
+    //     }
+    // };
+    
+    //console.log("Proxy Target: " + proxyTarget);
+    
+    var hostname = urlTool.parse(proxyTarget).hostname;
+    var port = urlTool.parse(proxyTarget).port;
+    var protocol = urlTool.parse(proxyTarget).protocol;
+    
+    // web
+    var webConfig = {};
+    webConfig.hostname = hostname;
+    webConfig.port = port;
+    webConfig.protocol = protocol;
+    //webConfig.path = null;
+    webConfig.timeout = 120000;
+    webConfig.proxyTimeout = 120000;
+    webConfig.proxyName = "Cloud CMS UI Proxy";
+    webConfig.onReq = function(req, options) {
+
+        if (!options.headers) {
+            options.headers = {};
         }
-        catch (e) { }
-    });
-
-    // if we're using auth credentials that are picked up in SSO chain, then we listen for a 401
-    // and if we hear it, we automatically invalidate the SSO chain so that the next request
-    // will continue to work
-    proxyServer.on("proxyRes", function (proxyRes, req, res) {
-
-        if (req.gitana_user)
-        {
-            var chunks = [];
-            // triggers on data receive
-            proxyRes.on('data', function(chunk) {
-                // add received chunk to chunks array
-                chunks.push(chunk);
-            });
-
-            proxyRes.on("end", function () {
-
-                if (proxyRes.statusCode === 401)
-                {
-                    var text = "" + Buffer.concat(chunks);
-                    if (text && (text.indexOf("invalid_token") > -1) || (text.indexOf("invalid_grant") > -1))
-                    {
-                        var identifier = req.identity_properties.provider_id + "/" + req.identity_properties.user_identifier;
-
-                        _LOCK([identifier], function(releaseLockFn) {
-
-                            var cleanup = function (full)
-                            {
-                                delete Gitana.APPS[req.identity_properties.token];
-                                delete Gitana.PLATFORM_CACHE[req.identity_properties.token];
+        var headers = options.headers;
 
-                                if (full) {
-                                    auth.removeUserCacheEntry(identifier);
-                                }
-                            };
-
-                            // null out the access token
-                            // this will force the refresh token to be used to get a new one on the next request
-                            req.gitana_user.getDriver().http.refresh(function (err) {
-
-                                if (err) {
-                                    cleanup(true);
-                                    req.log("Invalidated auth state for gitana user: " + req.identity_properties.token);
-                                    releaseLockFn();
-                                    return;
-                                }
-
-                                req.gitana_user.getDriver().reloadAuthInfo(function () {
-                                    cleanup(true);
-                                    req.log("Refreshed token for gitana user: " + req.identity_properties.token);
-                                    releaseLockFn();
-                                });
-                            });
-                        });
-                    }
-
-                }
-            });
+        if (options.path && options.path.startsWith("/proxy")) {
+            options.path = options.path.substring(6);
         }
-    });
-
-    var proxyHandlerServer = http.createServer(function(req, res) {
-
+    
+        if (pathPrefix) {
+            options.path = path.join(pathPrefix, options.path);
+        }
+        
         // used to auto-assign the client header for /oauth/token requests
         oauth2.autoProxy(req);
-
+    
         // copy domain host into "x-cloudcms-domainhost"
-        if (req.domainHost)
-        {
-            req.headers["x-cloudcms-domainhost"] = req.domainHost; // this could be "localhost"
+        if (req.domainHost) {
+            headers["x-cloudcms-domainhost"] = req.domainHost; // this could be "localhost"
         }
-
+    
         // copy virtual host into "x-cloudcms-virtualhost"
-        if (req.virtualHost)
-        {
-            req.headers["x-cloudcms-virtualhost"] = req.virtualHost; // this could be "root.cloudcms.net" or "abc.cloudcms.net"
+        if (req.virtualHost) {
+            headers["x-cloudcms-virtualhost"] = req.virtualHost; // this could be "root.cloudcms.net" or "abc.cloudcms.net"
         }
-
+    
         // copy deployment descriptor info
         if (req.descriptor)
         {
@@ -204,29 +143,29 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
             {
                 if (req.descriptor.tenant.id)
                 {
-                    req.headers["x-cloudcms-tenant-id"] = req.descriptor.tenant.id;
+                    headers["x-cloudcms-tenant-id"] = req.descriptor.tenant.id;
                 }
-
+            
                 if (req.descriptor.tenant.title)
                 {
-                    req.headers["x-cloudcms-tenant-title"] = req.descriptor.tenant.title;
+                    headers["x-cloudcms-tenant-title"] = req.descriptor.tenant.title;
                 }
             }
-
+        
             if (req.descriptor.application)
             {
                 if (req.descriptor.application.id)
                 {
-                    req.headers["x-cloudcms-application-id"] = req.descriptor.application.id;
+                    headers["x-cloudcms-application-id"] = req.descriptor.application.id;
                 }
-
+            
                 if (req.descriptor.application.title)
                 {
-                    req.headers["x-cloudcms-application-title"] = req.descriptor.application.title;
+                    headers["x-cloudcms-application-title"] = req.descriptor.application.title;
                 }
             }
         }
-
+    
         // set optional "x-cloudcms-origin" header
         var cloudcmsOrigin = null;
         if (req.virtualHost)
@@ -235,155 +174,107 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
         }
         if (cloudcmsOrigin)
         {
-            req.headers["x-cloudcms-origin"] = cloudcmsOrigin;
+            headers["x-cloudcms-origin"] = cloudcmsOrigin;
         }
-
+    
         // set x-cloudcms-server-version header
-        req.headers["x-cloudcms-server-version"] = process.env.CLOUDCMS_APPSERVER_PACKAGE_VERSION;
-
-        // determine the domain to set the "host" header on the proxied call
-        // this is what we pass to the API server
-        var cookieDomain = req.domainHost;
-
-        // if the incoming request is coming off of a CNAME entry that is maintained elsewhere (and they're just
-        // forwarding the CNAME request to our machine), then we try to detect this...
-        //
-        // our algorithm here is pretty weak but suffices for the moment.
-        // if the req.headers["x-forwarded-host"] first entry is in the req.headers["referer"] then we consider
-        // things to have been CNAME forwarded
-        // and so we write cookies back to the req.headers["x-forwarded-host"] first entry domain
-        /*
-        var xForwardedHost = req.headers["x-forwarded-host"];
-        if (xForwardedHost)
+        headers["x-cloudcms-server-version"] = process.env.CLOUDCMS_APPSERVER_PACKAGE_VERSION;
+    
+        // keep alive
+        //req.headers["connection"] = "keep-alive";
+    
+        // if the incoming request didn't have an "Authorization" header
+        // and we have a logged in Gitana User via Auth, then set authorization header to Bearer Access Token
+        if (!req.headers["authorization"])
         {
-            xForwardedHost = xForwardedHost.split(",");
-            if (xForwardedHost.length > 0)
+            if (req.gitana_user)
             {
-                var cnameCandidate = xForwardedHost[0];
-
-                var referer = req.headers["referer"];
-                if (referer && referer.indexOf("://" + cnameCandidate) > -1)
-                {
-                    req.log("Detected CNAME: " + cnameCandidate);
-
-                    proxyHostHeader = cnameCandidate;
-                }
+                headers["authorization"] = "Bearer " + req.gitana_user.getDriver().http.accessToken();
             }
-        }
-        */
-
-        // we fall back to using http-node-proxy's xfwd support
-        // thus, spoof header here on request so that "x-forwarded-host" is set properly
-        //req.headers["host"] = proxyHostHeader;
-
-        // keep alive
-        req.headers["connection"] = "keep-alive";
-
-        // allow forced cookie domains
-        var forcedCookieDomain = req.headers["cloudcmscookiedomain"];
-        if (!forcedCookieDomain)
-        {
-            if (process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN)
+            else if (req.gitana_proxy_access_token)
             {
-                forcedCookieDomain = process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN;
+                headers["authorization"] = "Bearer " + req.gitana_proxy_access_token;
             }
         }
-        if (forcedCookieDomain)
+    };
+    webConfig.onRes = function(req, res, proxyRes) {
+    
+        if (req.gitana_user)
         {
-            cookieDomain = forcedCookieDomain;
-        }
+            var chunks = [];
+            
+            // triggers on data receive
+            proxyRes.on('data', function(chunk) {
+                // add received chunk to chunks array
+                chunks.push(chunk);
+            });
 
-        var updateSetCookieValue = function(value)
-        {
-            // replace the domain with the host
-            var i = value.toLowerCase().indexOf("domain=");
-            if (i > -1)
-            {
-                var j = value.indexOf(";", i);
-                if (j === -1)
-                {
-                    value = value.substring(0, i);
-                }
-                else
-                {
-                    value = value.substring(0, i) + value.substring(j);
-                }
-            }
+            proxyRes.on("end", function () {
 
-            // if the originating request isn't secure, strip out "secure" from cookie
-            if (!util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                if (i > -1)
+                if (proxyRes.statusCode === 401)
                 {
-                    value = value.substring(0, i);
-                }
-            }
+                    var text = "" + Buffer.concat(chunks);
+                    if (text && (text.indexOf("invalid_token") > -1) || (text.indexOf("invalid_grant") > -1))
+                    {
+                        var identifier = req.identity_properties.provider_id + "/" + req.identity_properties.user_identifier;
 
-            // if the original request is secure, ensure cookies have "secure" set
-            if (util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                var j = value.toLowerCase().indexOf(";secure");
-                if (i === -1 && j === -1)
-                {
-                    value += ";secure";
-                }
-            }
+                        _LOCK([identifier], function(err, releaseLockFn) {
 
-            return value;
-        };
+                            if (err)
+                            {
+                                // failed to acquire lock
+                                console.log("FAILED TO ACQUIRE LOCK", err);
+                                req.log("FAILED TO ACQUIRE LOCK", err);
+                                try { releaseLockFn(); } catch (e) { }
+                                return;
+                            }
 
-        // handles the setting of response headers
-        // we filter off stuff we do not care about
-        // we ensure proper domain on set-cookie (TODO: is this needed anymore?)
-        var _setHeader = res.setHeader;
-        res.setHeader = function(key, value)
-        {
-            var _key = key.toLowerCase();
+                            var cleanup = function (full)
+                            {
+                                delete Gitana.APPS[req.identity_properties.token];
+                                delete Gitana.PLATFORM_CACHE[req.identity_properties.token];
 
-            if (_key.indexOf("access-control-") === 0)
-            {
-                // skip any access control headers
-            }
-            else
-            {
-                if (_key === "set-cookie")
-                {
-                    for (var x in value)
-                    {
-                        value[x] = updateSetCookieValue(value[x]);
-                    }
-                }
+                                if (full) {
+                                    auth.removeUserCacheEntry(identifier);
+                                }
+                            };
 
-                var existing = this.getHeader(key);
-                if (!existing)
-                {
-                    _setHeader.call(this, key, value);
-                }
-            }
-        };
+                            // null out the access token
+                            // this will force the refresh token to be used to get a new one on the next request
+                            req.gitana_user.getDriver().http.refresh(function (err) {
 
-        // if the incoming request didn't have an "Authorization" header
-        // and we have a logged in Gitana User via Auth, then set authorization header to Bearer Access Token
-        if (!req.headers["authorization"])
-        {
-            if (req.gitana_user)
-            {
-                req.headers["authorization"] = "Bearer " + req.gitana_user.getDriver().http.accessToken();
-            }
-            else if (req.gitana_proxy_access_token)
-            {
-                req.headers["authorization"] = "Bearer " + req.gitana_proxy_access_token;
-            }
-        }
+                                if (err) {
+                                    cleanup(true);
+                                    req.log("Invalidated auth state for gitana user: " + req.identity_properties.token);
+                                    return releaseLockFn();
+                                }
 
-        if (pathPrefix) {
-            req.url = path.join(pathPrefix, req.url);
-        }
+                                req.gitana_user.getDriver().reloadAuthInfo(function () {
+                                    cleanup(true);
+                                    req.log("Refreshed token for gitana user: " + req.identity_properties.token);
+                                    releaseLockFn();
+                                });
+                            });
+                        });
+                    }
 
-        proxyServer.web(req, res);
-    });
+                }
+            });
+        }
+        
+        //res.setHeader('x-powered-by', 'cloudcms');
+        res.writeHead(proxyRes.statusCode, proxyRes.headers)
+        proxyRes.pipe(res)
+    };
+    
+    var proxyRequestHandler = function(req, res) {
+        proxy.web(req, res, webConfig, function(err, req, res) {
+            defaultWebHandler(err, req, res);
+        });
+    };
+    
+    // cookie domain rewrite?
+    // not needed - this is handled intrinsically by http2-proxy
 
-    return proxyHandlerServer.listeners('request')[0];
+    return proxyRequestHandler;
 };

package/util/redis.js

@@ -0,0 +1,113 @@
+var redis = require("redis");
+const logFactory = require("./logger");
+
+exports = module.exports;
+
+var redisLogger = exports.redisLogger = function(name, prefix, defaultLevel)
+{
+    if (!defaultLevel) {
+        defaultLevel = "error";
+    }
+    
+    var level = null;
+    
+    // allow for global redis default
+    // allow for prefix specific
+    if (typeof(process.env["CLOUDCMS_REDIS_DEBUG_LEVEL"]) !== "undefined") {
+        level = "" + process.env["CLOUDCMS_REDIS_DEBUG_LEVEL"].toLowerCase();
+    }
+    
+    if (!level && prefix)
+    {
+        if (typeof(process.env[prefix + "REDIS_DEBUG_LEVEL"]) !== "undefined") {
+            level = "" + process.env[prefix + "REDIS_DEBUG_LEVEL"].toLowerCase();
+        }
+    }
+    
+    if (!level) {
+        level = defaultLevel;
+    }
+    
+    var logger = logFactory(name);
+    logger.setLevel(level);
+    
+    return logger;
+}
+
+var redisOptions = exports.redisOptions = function(config, prefix)
+{
+    if (!config) {
+        config = {};
+    }
+    
+    // redis port
+    var redisPort = config.port;
+    if (prefix)
+    {
+        if (typeof(redisPort) === "undefined" || !redisPort)
+        {
+            // CLOUDCMS_LOCKS_REDIS_PORT;
+            redisPort = process.env[prefix + "_REDIS_PORT"];
+        }
+    }
+    if (typeof(redisPort) === "undefined" || !redisPort)
+    {
+        redisPort = process.env.CLOUDCMS_REDIS_PORT;
+    }
+    
+    // redis host
+    var redisEndpoint = config.endpoint;
+    if (prefix)
+    {
+        if (typeof(redisEndpoint) === "undefined" || !redisEndpoint)
+        {
+            redisEndpoint = process.env[prefix + "_REDIS_ENDPOINT"];
+        }
+    }
+    if (typeof(redisEndpoint) === "undefined" || !redisEndpoint)
+    {
+        redisEndpoint = process.env.CLOUDCMS_REDIS_ENDPOINT;
+    }
+    
+    // redis url
+    var redisUrl = config.url;
+    if (prefix)
+    {
+        if (typeof(redisUrl) === "undefined" || !redisUrl)
+        {
+            redisUrl = process.env[prefix + "_REDIS_URL"];
+        }
+    }
+    if (typeof(redisUrl) === "undefined" || !redisUrl)
+    {
+        redisUrl = process.env.CLOUDCMS_REDIS_URL;
+    }
+    
+    // build redis URL from components if not otherwise provided
+    if (!redisUrl)
+    {
+        redisUrl = "redis://" + redisEndpoint + ":" + redisPort;
+    }
+    
+    var redisOptions = {};
+    redisOptions.url = redisUrl;
+    
+    return redisOptions;
+}
+
+var createAndConnect = exports.createAndConnect = async function(redisOptions, callback)
+{
+    var client = redis.createClient(redisOptions);
+    
+    var connectErr = null;
+    client.on('error', function(err) {
+        console.log('Redis Client Error', err);
+        connectErr = err;
+    });
+    
+    // connect
+    await client.connect();
+    //console.log("Connected to redis, options: " + JSON.stringify(redisOptions, null, 2) + ", err: " + connectErr + ", client: " + client);
+    
+    return callback(connectErr, client);
+}

package/util/renditions.js

@@ -1,10 +1,10 @@
-var path = require('path');
-var fs = require('fs');
+// var path = require('path');
+// var fs = require('fs');
 var util = require("../util/util");
-var async = require("async");
+//var async = require("async");
 
-var http = require("http");
-var https = require("https");
+// var http = require("http");
+// var https = require("https");
 
 var logFactory = require("./logger");
 
@@ -62,7 +62,13 @@ exports = module.exports = function()
 
         var syncRows = function(rows, callback)
         {
-            var URL = util.asURL(process.env.GITANA_PROXY_SCHEME, process.env.GITANA_PROXY_HOST, process.env.GITANA_PROXY_PORT) + "/bulk/pagerenditions";
+            var URL = util.asURL(process.env.GITANA_PROXY_SCHEME, process.env.GITANA_PROXY_HOST, process.env.GITANA_PROXY_PORT, process.env.GITANA_PROXY_PATH) + "/bulk/pagerenditions";
+
+            var agent = http.globalAgent;
+            if (process.env.GITANA_PROXY_SCHEME === "https")
+            {
+                agent = https.globalAgent;
+            }
 
             // add "authorization" for OAuth2 bearer token
             var headers = {};