signatur 1.1.0 → 1.2.1

package/README.md

@@ -21,6 +21,8 @@ Supported file format include:
 | Name                  | Type   | Default                              | Description                                                                                                                                                                                                                     |
 | --------------------- | ------ | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `BASE_URL`            | `str`  | `http://localhost:3000`              | The base URL that is going to be used in the construction of external URLs for Signatur.                                                                                                                                        |
+| `SESSION_SECRET`      | `str`  | `signatur`                           | HMAC signing key for the `signatur.sid` cookie-session. Comma separated to support rotation: the first entry signs new cookies, the rest still validate previously issued ones. Changing the key invalidates all live sessions. |
+| `SESSION_MAX_AGE`     | `int`  | `15552000000`                        | Lifetime of the `signatur.sid` cookie in milliseconds; the default is ~6 months and the cookie is not rolling, so even active users are logged out once it elapses.                                                             |
 | `SIGNATUR_KEY`        | `str`  | `None`                               | Secret key that should be passed in protected calls so that the server side "trusts" the client side (authentication).                                                                                                          |
 | `HEADLESS_URL`        | `str`  | `https://headless.stage.hive.pt`     | The base URL to be used to access [Headless](https://github.com/hivesolutions/headless).                                                                                                                                        |
 | `PRINT_URL`           | `str`  | `https://colony-print.stage.hive.pt` | Base URL of the [Colony Print](http://colony-print.hive.pt) service used for both the engraving job and the receipt printing.                                                                                                   |
@@ -35,7 +37,7 @@ Supported file format include:
 
 Every interactive route is gated behind a session login. The list of valid users lives in `config/users.json` (gitignored, with a `config/users.json.example` checked into the repository) as an array of `{ "username": "...", "password_hash": "$2a$...", "role": "admin" | "user" }` entries; the `role` controls whether the user can reach the admin-only surfaces (`/settings`, `/settings/diagnostics`, `/profiles/*`) or just the basic engraving flow.
 
-New users are added through the `npm run user:add <username> <role>` helper which prompts for the password twice (no echo), bcrypts it at cost 10 and rewrites `config/users.json` in place; the running application picks the change up automatically through `fs.watch` so no restart is required. The bare `/login` and `/logout` routes, the `/info` endpoint, the static assets and the engine `/convert` endpoint (key authenticated through `SIGNATUR_KEY`) stay public.
+New users are added through the `npm run user:add <username> <role> [password]` helper which prompts for the password twice (no echo) when the third positional argument is omitted, bcrypts the value at cost 10 and rewrites `config/users.json` in place; passing the password as the optional third argument skips the interactive prompts so the same helper can be driven from CI scripts or container entrypoints, while the running application picks every change up automatically through `fs.watch` so no restart is required. The bare `/login` and `/logout` routes, the `/info` endpoint, the static assets and the engine `/convert` endpoint (key authenticated through `SIGNATUR_KEY`) stay public.
 
 ## Query Parameters
 
@@ -133,6 +135,8 @@ The configuration is resolved through a three step fallback chain so existing si
 
 The settings page exposes a `Printing` readout that shows the server side base value next to the effective resolved value for each entry, so an operator can verify at a glance which side is active.
 
+When the engraving job is submitted, the confirm modal walks the multifont array of the print payload, rewrites every `Cool Emojis` entry into the underlying engraving glyph name through the active `coolemojis.mapping.json` and then resolves the engraving `.f3s` payload of every referenced font through a `GET /settings/fonts/resolve?names=...` call. The resulting `{ name: base64 }` map is attached to the gravo print payload as the `extra_fonts` field that colony print plumbs through to gravo pilot on a per print job basis (see [hivesolutions/colony-print#20](https://github.com/hivesolutions/colony-print/issues/20) and [hivesolutions/gravo-pilot#22](https://github.com/hivesolutions/gravo-pilot/issues/22) for the receiving end).
+
 ### Configuration keys
 
 | `localStorage` key | Scenario | Server side fallback                            | Description                                                                         |
@@ -179,13 +183,58 @@ The same configuration can also be edited through the `Configure` modal accessib
 
 ### Adding New Emoji
 
-To add a new emoji to the system the following steps should be followed:
+To add a new emoji to the system, sign in as an admin and use the `Emojis` tab on `/settings`:
+
+1. Upload the replacement `coolemojis.ttf` (display) and, when the catalog of recognised characters changes, the companion `coolemojis.mapping.json`.
+2. Upload the matching engraving glyph as a `.f3s` file in the `Engraving glyphs` section. The filename must match a value declared on the mapping (e.g. `1101.coracao.f3s`).
+3. The next time the engraving viewport is opened the new glyphs are picked up automatically; shipping the `.f3s` payload to colony print on every print job through the `extra_fonts` field of the gravo print payload is tracked in #56.
+
+The admin UI replaces the previous manual file drop. The on disk layout it owns is documented in [Font Management](#font-management).
+
+### Adding New Fonts
+
+To add a new text font (Helvetica, Roman, Script, etc.) to the system, sign in as an admin and use the `Fonts` tab on `/settings`:
+
+1. Pick a lowercase hyphenated font name (e.g. `helvetica4l`).
+2. Upload both halves together: the display `.ttf` (browser font) and the engraving `.f3s` (engraving machine font). Both halves are required so the two surfaces stay in sync.
+3. The `Fonts` tab lists every installed font with both halves status; use the per row delete button to remove stale entries.
+
+## Font Management
+
+The on disk font catalog owned by the admin UI lives under `static/fonts/`:
+
+```text
+static/fonts/
+  coolemojis.ttf                  display, browser (Emojis tab)
+  coolemojis.mapping.json         display to engraving bridge (Emojis tab)
+  helvetica4l.ttf                 display, browser (Fonts tab)
+  ...
+  f3s/
+    emoji/                        engraving glyphs (Emojis tab)
+      1101.coracao.f3s
+      ...
+    fonts/                        engraving text fonts (Fonts tab)
+      helvetica4l.f3s
+      ...
+```
+
+Filename invariants are validated server side:
+
+* emoji `.f3s` files match `^[a-z0-9]+(?:[-.][a-z0-9]+)*\.f3s$` so the existing `1101.coracao` dotted form keeps working alongside a hyphenated form
+* text font names match `^[a-z0-9]+(?:-[a-z0-9]+)*$` so both halves land at the canonical `<name>.ttf` and `<name>.f3s` paths
+
+The following HTTP endpoints back the UI. Every entry is gated by `lib.requireAdmin` except the resolver at the bottom, which is callable by any signed in user so the print confirm modal can attach the engraving payloads to the print envelope without elevating privileges:
 
-1. Determine the right file name for the new emoji font file (e.g. `coolemojis.ttf` for laser and `coolemojisp.ttf` for pantogrpah)
-2. Place the new font file in the `static/fonts` directory
-3. Add the new emoji "characters" to the `emoji` array in the `viewport.ejs` file
-4. Test the using the local machine `yarn && yarn dev`
-5. Release a new version of the system (Docker Image)
+| Method | Path                                       | Notes                                                                                         |
+| ------ | ------------------------------------------ | --------------------------------------------------------------------------------------------- |
+| `POST` | `/settings/emojis`                         | Replace the Cool Emojis `.ttf` and, optionally, the companion mapping JSON.                   |
+| `GET`  | `/settings/emojis/f3s`                     | List installed emoji engraving glyphs as `{ fonts: [{ name, size, mtime }, ...] }`.           |
+| `POST` | `/settings/emojis/f3s`                     | Upload one emoji engraving glyph; form fields are `filename` plus the `file` payload.         |
+| `POST` | `/settings/emojis/f3s/:filename/delete`    | Delete one emoji engraving glyph by filename.                                                 |
+| `GET`  | `/settings/fonts`                          | List installed text fonts as `{ fonts: [{ name, ttf, f3s }, ...] }` rows.                     |
+| `POST` | `/settings/fonts`                          | Upload one paired text font; form fields are `name` plus the `ttf` and `f3s` file payloads.   |
+| `POST` | `/settings/fonts/:name/delete`             | Delete both halves of a text font by canonical name.                                          |
+| `GET`  | `/settings/fonts/resolve?names=a,b,c`      | Resolve font names into a `{ fonts: { name: base64 } }` engraving payload map.                |
 
 ## License
 

package/app.js

@@ -23,14 +23,19 @@ const app = express();
 
 // initializes the session middleware using a cookie based store
 // so the whole session payload travels in the signed cookie and
-// no server side storage is required; the secret is hardcoded
-// since the session only carries non sensitive UI preferences
+// no server side storage is required; the signing keys are read
+// from `lib.conf.SESSION_SECRET` (comma separated to support
+// rotation, first entry signs new cookies, the rest still
+// validate old ones) and fall back to a placeholder so the
+// local dev flow keeps working without any environment setup;
+// the lifetime is `lib.conf.SESSION_MAX_AGE` (ms), defaulting
+// to ~6 months
 app.use(
     cookieSession({
         name: "signatur.sid",
-        keys: ["signatur"],
+        keys: lib.conf.SESSION_SECRET,
         httpOnly: true,
-        maxAge: 60000000,
+        maxAge: lib.conf.SESSION_MAX_AGE,
         sameSite: "lax"
     })
 );
@@ -115,6 +120,40 @@ const bundleUpload = multer({
     limits: { fileSize: 50 * 1024 * 1024, files: 1 }
 }).single("file");
 
+// configures the multer middleware that handles the cool emojis
+// font upload, accepting a required TTF/OTF font payload and an
+// optional mapping JSON payload kept in memory so both bodies can
+// be validated upfront before the on disk fonts directory is
+// touched
+const emojisUpload = multer({
+    storage: multer.memoryStorage(),
+    limits: { fileSize: 5 * 1024 * 1024, files: 2 }
+}).fields([
+    { name: "font", maxCount: 1 },
+    { name: "mapping", maxCount: 1 }
+]);
+
+// configures the multer middleware that handles the multipart
+// upload of a single emoji `.f3s` payload, keeping it in
+// memory so the filename and the body can be validated before
+// the engraving fonts directory is touched
+const emojisF3sUpload = multer({
+    storage: multer.memoryStorage(),
+    limits: { fileSize: 5 * 1024 * 1024, files: 1 }
+}).single("file");
+
+// configures the multer middleware that handles the paired
+// upload of a text font, accepting both the browser `.ttf`
+// payload and the engraving `.f3s` payload together so the
+// two halves stay consistent on disk
+const fontsUpload = multer({
+    storage: multer.memoryStorage(),
+    limits: { fileSize: 5 * 1024 * 1024, files: 2 }
+}).fields([
+    { name: "ttf", maxCount: 1 },
+    { name: "f3s", maxCount: 1 }
+]);
+
 app.get("/", (req, res, next) => {
     // forwards the bare root URL to the user's preferred home
     // landing page, defaulting to the classic gateway when no
@@ -300,6 +339,343 @@ app.post("/settings/diagnostics", lib.requireAdmin, (req, res, next) => {
     clojure().catch(next);
 });
 
+app.post("/settings/emojis", lib.requireAdmin, emojisUpload, (req, res, next) => {
+    async function clojure() {
+        const errors = [];
+
+        // resolves the uploaded payloads from the multer fields output
+        // so the validation and the disk writes can treat the optional
+        // mapping body the same way regardless of whether the client
+        // included it on the submission
+        const fontFile = req.files && req.files.font ? req.files.font[0] : null;
+        const mappingFile = req.files && req.files.mapping ? req.files.mapping[0] : null;
+
+        if (!fontFile) {
+            errors.push("font is required");
+        } else {
+            for (const message of lib.validateEmojisFont(fontFile.buffer)) {
+                errors.push(message);
+            }
+        }
+
+        // walks the optional mapping payload through the validator so
+        // a malformed JSON body cannot land on disk and break the
+        // viewport consumer that expects character to name pairs for
+        // every glyph in the emoji catalog
+        if (mappingFile) {
+            const mappingText = mappingFile.buffer.toString("utf8");
+            for (const message of lib.validateEmojisMapping(mappingText)) {
+                errors.push(message);
+            }
+        }
+
+        if (errors.length > 0) {
+            res.status(400).json({ errors: errors });
+            return;
+        }
+
+        // writes the validated font payload over the existing display
+        // font and, when provided, the validated mapping body so the
+        // next viewport load picks up the freshly uploaded set without
+        // any further server side intervention
+        const fontsDirectory = path.join(__dirname, "static", "fonts");
+        const fontPath = path.join(fontsDirectory, "coolemojis.ttf");
+        await fs.writeFile(fontPath, fontFile.buffer);
+        if (mappingFile) {
+            const mappingPath = path.join(fontsDirectory, "coolemojis.mapping.json");
+            await fs.writeFile(mappingPath, mappingFile.buffer);
+        }
+
+        res.json({ status: "ok", mapping: Boolean(mappingFile) });
+    }
+    clojure().catch(next);
+});
+
+app.get("/settings/emojis/f3s", lib.requireAdmin, (req, res, next) => {
+    async function clojure() {
+        const directoryPath = path.join(__dirname, "static", "fonts", "f3s", "emoji");
+        let files = [];
+        try {
+            files = await fs.readdir(directoryPath);
+        } catch (err) {
+            // missing directory is treated as an empty catalog so the
+            // first ever upload can lazily create the tree without an
+            // out of band initialization step
+        }
+        const fonts = [];
+        for (const file of files) {
+            if (!lib.EMOJI_F3S_FILENAME_PATTERN.test(file)) continue;
+            const stat = await fs.stat(path.join(directoryPath, file));
+            fonts.push({ name: file, size: stat.size, mtime: stat.mtimeMs });
+        }
+        fonts.sort((a, b) => a.name.localeCompare(b.name));
+        res.json({ fonts: fonts });
+    }
+    clojure().catch(next);
+});
+
+app.post("/settings/emojis/f3s", lib.requireAdmin, emojisF3sUpload, (req, res, next) => {
+    async function clojure() {
+        const errors = [];
+
+        // requires both the filename and the file payload so the
+        // resulting entry has a deterministic on disk name that
+        // can be referenced from the bundled `coolemojis.mapping.json`
+        const filename = typeof req.body.filename === "string" ? req.body.filename.trim() : "";
+        if (!filename) {
+            errors.push("filename is required");
+        } else if (!lib.EMOJI_F3S_FILENAME_PATTERN.test(filename)) {
+            errors.push(
+                "filename must match pattern: lowercase alphanumeric with hyphens or dots and a .f3s extension"
+            );
+        }
+
+        if (!req.file) {
+            errors.push("file is required");
+        }
+
+        if (errors.length > 0) {
+            res.status(400).json({ errors: errors });
+            return;
+        }
+
+        // lazily creates the destination tree on the first ever
+        // upload so the operator does not need to seed any folder
+        // before the admin upload becomes available
+        const directoryPath = path.join(__dirname, "static", "fonts", "f3s", "emoji");
+        await fs.mkdir(directoryPath, { recursive: true });
+        const targetPath = path.join(directoryPath, filename);
+        await fs.writeFile(targetPath, req.file.buffer);
+        res.json({ status: "ok", filename: filename });
+    }
+    clojure().catch(next);
+});
+
+app.post("/settings/emojis/f3s/:filename/delete", lib.requireAdmin, (req, res, next) => {
+    async function clojure() {
+        const filename = req.params.filename;
+        if (!lib.EMOJI_F3S_FILENAME_PATTERN.test(filename)) {
+            res.status(400).json({ error: "invalid f3s filename" });
+            return;
+        }
+
+        const directoryPath = path.join(__dirname, "static", "fonts", "f3s", "emoji");
+        const targetPath = path.join(directoryPath, filename);
+        try {
+            await fs.unlink(targetPath);
+        } catch (err) {
+            res.status(404).json({ error: "f3s entry not found" });
+            return;
+        }
+
+        res.json({ status: "ok" });
+    }
+    clojure().catch(next);
+});
+
+// names owned by the Emojis tab that must stay out of the Fonts
+// catalog so deleting an entry from the Fonts tab can never unlink
+// the display halves of the bundled Cool Emojis font face declared
+// in `static/css/layout.css`
+const EMOJIS_OWNED_FONTS = new Set(["coolemojis", "coolemojisp"]);
+
+app.get("/settings/fonts", lib.requireAdmin, (req, res, next) => {
+    async function clojure() {
+        const fontsDirectory = path.join(__dirname, "static", "fonts");
+        const f3sDirectory = path.join(fontsDirectory, "f3s", "fonts");
+        let ttfFiles = [];
+        let f3sFiles = [];
+        try {
+            ttfFiles = await fs.readdir(fontsDirectory);
+        } catch (err) {
+            // missing root fonts directory is unexpected at runtime,
+            // but treating it as an empty catalog keeps the endpoint
+            // resilient during the very first deployment
+        }
+        try {
+            f3sFiles = await fs.readdir(f3sDirectory);
+        } catch (err) {
+            // missing f3s subdirectory is treated as no installed
+            // engraving payloads so the first ever upload can lazily
+            // create the tree without an out of band step
+        }
+
+        // collects the base names of every accepted `.ttf` and `.f3s`
+        // entry so the response can surface only the names that
+        // satisfy the paired upload requirement of the Fonts tab
+        // while still listing partial state for ops; the suffix
+        // checks are case sensitive so an uppercase `Font.TTF` entry
+        // is skipped instead of being later stat'd as a lowercase
+        // path that does not exist on case sensitive filesystems
+        const ttfNames = new Set();
+        const f3sNames = new Set();
+        for (const file of ttfFiles) {
+            if (!file.endsWith(".ttf")) continue;
+            const name = file.slice(0, -4);
+            if (!lib.FONT_NAME_PATTERN.test(name)) continue;
+            if (EMOJIS_OWNED_FONTS.has(name)) continue;
+            ttfNames.add(name);
+        }
+        for (const file of f3sFiles) {
+            if (!file.endsWith(".f3s")) continue;
+            const name = file.slice(0, -4);
+            if (!lib.FONT_NAME_PATTERN.test(name)) continue;
+            if (EMOJIS_OWNED_FONTS.has(name)) continue;
+            f3sNames.add(name);
+        }
+
+        const names = Array.from(new Set([...ttfNames, ...f3sNames]));
+        names.sort();
+        const fonts = [];
+        for (const name of names) {
+            const entry = { name: name, ttf: null, f3s: null };
+            if (ttfNames.has(name)) {
+                const stat = await fs.stat(path.join(fontsDirectory, `${name}.ttf`));
+                entry.ttf = { size: stat.size, mtime: stat.mtimeMs };
+            }
+            if (f3sNames.has(name)) {
+                const stat = await fs.stat(path.join(f3sDirectory, `${name}.f3s`));
+                entry.f3s = { size: stat.size, mtime: stat.mtimeMs };
+            }
+            fonts.push(entry);
+        }
+        res.json({ fonts: fonts });
+    }
+    clojure().catch(next);
+});
+
+app.post("/settings/fonts", lib.requireAdmin, fontsUpload, (req, res, next) => {
+    async function clojure() {
+        const errors = [];
+
+        // requires the font name plus both the browser and the
+        // engraving payloads so the resulting on disk pair stays
+        // consistent and can be uniquely identified through the
+        // canonical `<name>.ttf` and `<name>.f3s` filenames
+        const name = typeof req.body.name === "string" ? req.body.name.trim() : "";
+        if (!name) {
+            errors.push("name is required");
+        } else if (!lib.FONT_NAME_PATTERN.test(name)) {
+            errors.push(
+                "name must match pattern: lowercase alphanumeric with hyphens"
+            );
+        } else if (EMOJIS_OWNED_FONTS.has(name)) {
+            errors.push("name is reserved by the Emojis tab");
+        }
+
+        const ttfFile = req.files && req.files.ttf ? req.files.ttf[0] : null;
+        const f3sFile = req.files && req.files.f3s ? req.files.f3s[0] : null;
+        if (!ttfFile) errors.push("ttf is required");
+        if (!f3sFile) errors.push("f3s is required");
+
+        if (ttfFile) {
+            for (const message of lib.validateEmojisFont(ttfFile.buffer)) {
+                errors.push(message);
+            }
+        }
+
+        if (errors.length > 0) {
+            res.status(400).json({ errors: errors });
+            return;
+        }
+
+        // writes both payloads side by side, lazily creating the
+        // engraving subdirectory so a brand new deployment does
+        // not require any out of band initialization before the
+        // first font upload can land
+        const fontsDirectory = path.join(__dirname, "static", "fonts");
+        const f3sDirectory = path.join(fontsDirectory, "f3s", "fonts");
+        await fs.mkdir(f3sDirectory, { recursive: true });
+        await fs.writeFile(path.join(fontsDirectory, `${name}.ttf`), ttfFile.buffer);
+        await fs.writeFile(path.join(f3sDirectory, `${name}.f3s`), f3sFile.buffer);
+
+        res.json({ status: "ok", name: name });
+    }
+    clojure().catch(next);
+});
+
+app.post("/settings/fonts/:name/delete", lib.requireAdmin, (req, res, next) => {
+    async function clojure() {
+        const name = req.params.name;
+        if (!lib.FONT_NAME_PATTERN.test(name)) {
+            res.status(400).json({ error: "invalid font name" });
+            return;
+        }
+        if (EMOJIS_OWNED_FONTS.has(name)) {
+            res.status(400).json({ error: "name is reserved by the Emojis tab" });
+            return;
+        }
+
+        // removes both halves of the font pair, treating missing
+        // files as already deleted so a re-run cleans up any
+        // partial state left behind by a previous failure
+        const fontsDirectory = path.join(__dirname, "static", "fonts");
+        const targets = [
+            path.join(fontsDirectory, `${name}.ttf`),
+            path.join(fontsDirectory, "f3s", "fonts", `${name}.f3s`)
+        ];
+        let removed = false;
+        for (const target of targets) {
+            try {
+                await fs.unlink(target);
+                removed = true;
+            } catch (err) {
+                // ignores files that do not exist on disk
+            }
+        }
+
+        if (!removed) {
+            res.status(404).json({ error: "font not found" });
+            return;
+        }
+
+        res.json({ status: "ok" });
+    }
+    clojure().catch(next);
+});
+
+app.get("/settings/fonts/resolve", (req, res, next) => {
+    async function clojure() {
+        const names = typeof req.query.names === "string" ? req.query.names : "";
+        const requested = names
+            .split(",")
+            .map(value => value.trim())
+            .filter(Boolean)
+            .slice(0, 128);
+
+        // resolves each requested name from either the emoji or the
+        // text font subdirectory, base64 encoding the payload that
+        // is found first so the caller can attach it to the gravo
+        // print payload as part of the `extra_fonts` envelope;
+        // names that do not match the filename pattern or that have
+        // no corresponding payload are silently dropped so the
+        // caller still receives a partial response without leaking
+        // the missing entries through an error
+        const fontsDirectory = path.join(__dirname, "static", "fonts");
+        const candidates = [
+            path.join(fontsDirectory, "f3s", "emoji"),
+            path.join(fontsDirectory, "f3s", "fonts")
+        ];
+        const fonts = {};
+        for (const name of requested) {
+            const filename = `${name}.f3s`;
+            if (!lib.EMOJI_F3S_FILENAME_PATTERN.test(filename)) continue;
+            for (const directory of candidates) {
+                const candidatePath = path.join(directory, filename);
+                try {
+                    const buffer = await fs.readFile(candidatePath);
+                    fonts[name] = buffer.toString("base64");
+                    break;
+                } catch (err) {
+                    // not found at this candidate, keep walking
+                }
+            }
+        }
+        res.json({ fonts: fonts });
+    }
+    clojure().catch(next);
+});
+
 app.get("/welcome", (req, res, next) => {
     const fullscreen =
         req.query.fullscreen !== undefined
@@ -317,6 +693,7 @@ app.get("/welcome", (req, res, next) => {
         masterb64: masterb64,
         config: req.session.config || {},
         showOptions: req.session.show_options !== "0",
+        viewportMode: req.session.viewport_mode === "store" ? "store" : "technical",
         info: info || {},
         user: req.session.user || null
     });
@@ -396,12 +773,23 @@ app.get("/report", (req, res, next) => {
 app.get("/console", (req, res, next) => {
     const theme = req.query.theme || req.session.theme || "";
     const locale = req.query.locale || req.session.locale || "";
+    req.session.theme = theme;
     req.session.locale = locale;
     res.render("console" + (locale ? `-${locale}` : ""), {
         theme: theme
     });
 });
 
+app.get("/components", (req, res, next) => {
+    const theme = req.query.theme || req.session.theme || "";
+    const locale = req.query.locale || req.session.locale || "";
+    req.session.theme = theme;
+    req.session.locale = locale;
+    res.render("components", {
+        theme: theme
+    });
+});
+
 app.get("/receipt", (req, res, next) => {
     async function clojure() {
         const locale = req.query.locale || req.session.locale || "";

package/lib/util/config.js

@@ -1,7 +1,15 @@
 const util = require("hive-js-util");
 const yonius = require("yonius");
 
-const conf = {};
+// values needed at module load time (before `start()` runs the
+// async yonius load) are resolved directly from `process.env` so
+// consumers like the express middleware mount can read them at
+// require time; everything else is populated by `startConfig()`
+const SESSION_MAX_AGE_DEFAULT = 6 * 30 * 24 * 60 * 60 * 1000; // ~6 months in ms
+const conf = {
+    SESSION_SECRET: (process.env.SESSION_SECRET || "signatur").split(","),
+    SESSION_MAX_AGE: Number.parseInt(process.env.SESSION_MAX_AGE, 10) || SESSION_MAX_AGE_DEFAULT
+};
 
 const FEATURES = {
     calligraphy: { env: "FEATURE_CALLIGRAPHY", defaultValue: false },

package/lib/util/emojis.js

@@ -0,0 +1,104 @@
+// matches the first four bytes of a TrueType font, the
+// signature that every regular `coolemojis.ttf` payload
+// must carry on its initial bytes for the browser font
+// loader to recognise it
+const TTF_MAGIC = Buffer.from([0x00, 0x01, 0x00, 0x00]);
+
+// matches the first four bytes of an OpenType font carrying
+// a CFF outline, accepted alongside the TrueType signature
+// so that fonts authored in either format can replace the
+// existing emoji set
+const OTF_MAGIC = Buffer.from([0x4f, 0x54, 0x54, 0x4f]);
+
+// matches the validated filename pattern accepted by the
+// emoji `.f3s` upload endpoint, allowing lowercase
+// alphanumeric segments separated by hyphens or dots so the
+// existing `1101.coracao` style names from the bundled mapping
+// can keep working alongside a hyphenated form
+const EMOJI_F3S_FILENAME_PATTERN = /^[a-z0-9]+(?:[-.][a-z0-9]+)*\.f3s$/;
+
+// matches the validated identifier pattern accepted by the
+// text font upload endpoint, allowing only lowercase
+// alphanumeric segments separated by hyphens so the resulting
+// `.ttf` and `.f3s` filenames stay deterministic on disk
+const FONT_NAME_PATTERN = /^[a-z0-9]+(?:-[a-z0-9]+)*$/;
+
+/**
+ * Validates that the provided buffer starts with one of the
+ * accepted font magic byte sequences, returning an error
+ * message list compatible with the rest of the validators.
+ *
+ * @param {Buffer} buffer The font payload to inspect.
+ * @returns {Array} An array of error messages (empty if valid).
+ */
+const validateEmojisFont = buffer => {
+    const errors = [];
+
+    if (!Buffer.isBuffer(buffer)) {
+        return ["font payload must be a buffer"];
+    }
+
+    // refuses payloads shorter than the four byte font signature
+    // so the magic comparison below cannot run against truncated
+    // uploads that would otherwise silently fail to load
+    if (buffer.length < 4) {
+        errors.push("font payload is too short to be a TTF or OTF file");
+        return errors;
+    }
+
+    const head = buffer.slice(0, 4);
+    if (!head.equals(TTF_MAGIC) && !head.equals(OTF_MAGIC)) {
+        errors.push("font must be a TTF or OTF file");
+    }
+
+    return errors;
+};
+
+/**
+ * Validates that the provided JSON text parses into a flat
+ * object of string to string entries matching the shape of
+ * the bundled `coolemojis.mapping.json` so that the existing
+ * viewport consumer keeps working after the upload.
+ *
+ * @param {String} text The mapping payload to inspect.
+ * @returns {Array} An array of error messages (empty if valid).
+ */
+const validateEmojisMapping = text => {
+    const errors = [];
+
+    if (typeof text !== "string") {
+        return ["mapping payload must be a string"];
+    }
+
+    let parsed;
+    try {
+        parsed = JSON.parse(text);
+    } catch (err) {
+        errors.push("mapping must be valid JSON");
+        return errors;
+    }
+
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+        errors.push("mapping must be a plain object");
+        return errors;
+    }
+
+    // walks every entry and rejects non string values upfront so
+    // a malformed mapping cannot land on disk and break the
+    // downstream viewport lookup that expects character to name
+    // pairs for every glyph in the emoji catalog
+    for (const key of Object.keys(parsed)) {
+        if (typeof parsed[key] !== "string") {
+            errors.push(`mapping entry "${key}" must be a string`);
+        }
+    }
+
+    return errors;
+};
+
+module.exports = {
+    EMOJI_F3S_FILENAME_PATTERN: EMOJI_F3S_FILENAME_PATTERN,
+    FONT_NAME_PATTERN: FONT_NAME_PATTERN,
+    validateEmojisFont: validateEmojisFont,
+    validateEmojisMapping: validateEmojisMapping
+};

package/lib/util/index.js

@@ -2,6 +2,7 @@ const auth = require("./auth");
 const base = require("./base");
 const config = require("./config");
 const date = require("./date");
+const emojis = require("./emojis");
 const errors = require("./errors");
 const locale = require("./locale");
 const profile = require("./profile");
@@ -10,6 +11,7 @@ Object.assign(module.exports, auth);
 Object.assign(module.exports, base);
 Object.assign(module.exports, config);
 Object.assign(module.exports, date);
+Object.assign(module.exports, emojis);
 Object.assign(module.exports, errors);
 Object.assign(module.exports, locale);
 Object.assign(module.exports, profile);