-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathapp.js
More file actions
209 lines (185 loc) · 6.76 KB
/
app.js
File metadata and controls
209 lines (185 loc) · 6.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
const path = require("path");
const multer = require("multer");
const renderError = require("./lib/renderError");
const express = require("express");
const app = express();
const config = require("./config");
const session = require("express-session");
const CustomRethinkStore = require("./lib/sessionStore");
const passport = require("passport");
const cookieParser = require("cookie-parser");
const server = require("http").createServer(app);
const io = require("socket.io")(server);
global.io = io; // Make io globally available for dev mode notifications
require("./sockets")(io); // index file for sockets
// --- IMPORT NECESSARY MODELS FOR res.locals DATA ---
const Cart = require("./models/cart"); // <-- ADDED: Import Cart model
const Order = require("./models/order"); // <-- ADDED: Import Order model
// --- END MODEL IMPORTS ---
const flash = require("express-flash");
const Billboard = require("./models/billboard");
const util = require("./lib/util.js");
const routes = require("./routes");
/**
* Escapes HTML special characters to prevent XSS attacks
* @param {string} str - The string to escape
* @returns {string} The escaped string
*/
function escapeHtml(str) {
if (!str) return "";
return String(str)
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """)
.replace(/'/g, "'")
.replace(/\//g, "/");
}
// --- Express App Setup ---
app.set("views", path.join(__dirname, "views"));
app.set("view engine", "ejs");
// --- Middleware Chain ---
// Serve static assets first, including LESS compilation
app.use(require("less-middleware")(path.join(__dirname, "public")));
app.use(
express.static(path.join(__dirname, "public"), {
etag: false,
maxAge: 0,
setHeaders: (res, path) => {
// Disable caching for JS files to ensure latest version is always loaded
if (path.endsWith(".js")) {
res.set(
"Cache-Control",
"no-store, no-cache, must-revalidate, private",
);
}
},
}),
);
// Body Parsers and Cookie Parser
app.use(express.json({ limit: "50mb" }));
app.use(express.urlencoded({ extended: false, limit: "50mb" }));
app.use(cookieParser());
// Session Middleware
const r = require("./lib/thinky").r; // r is needed for RethinkDB queries (like in Order.filter)
// Use our custom session store that properly uses the configured database
const store = new CustomRethinkStore(session, {
db: config.dbName || "synbioshop",
table: "sessions",
sessionTimeout: 86400000, // 1 day
flushInterval: 60000, // 1 minute
});
app.use(
session({
secret: config.secret,
resave: false,
saveUninitialized: false,
store,
}),
);
// Passport.js Authentication (initialize and session)
app.use(passport.initialize());
app.use(passport.session());
// Express-flash for messages
app.use(flash());
// Multer for file uploads (must come AFTER body-parser for req.body, but BEFORE routes that use files)
// Updated for multer 1.4.5+ which requires using .any() for multi-field uploads
const upload = multer({
dest: config.tmpDir,
});
app.use(upload.any());
// Backwards compatibility middleware: convert req.files array to object
// Old multer (0.1.8) used req.files as object keyed by fieldname
// New multer (1.4.5+) uses req.files as array with fieldname property
app.use((req, res, next) => {
if (req.files && Array.isArray(req.files)) {
const filesObject = {};
req.files.forEach((file) => {
filesObject[file.fieldname] = file;
});
req.files = filesObject;
}
next();
});
// --- CRITICAL: Call Passport Setup Here ---
util.setupPassport();
// --- res.locals Middleware (NOW ASYNCHRONOUS for DB fetches) ---
app.use(async (req, res, next) => {
// <<< CHANGED: Made this middleware 'async' <<<
// Make general config values available to all views
res.locals.disablePremade = config.disablePremade;
res.locals.disableCart = config.disableCart;
res.locals.isPricingAvailable = config.isPricingAvailable;
res.locals.pricePerUnit = config.pricePerUnit;
res.locals.devMode = config.devMode; // Pass dev mode flag to views
// Make user data available to all EJS templates as `locals.signedInUser`
if (req.user) {
res.locals.signedInUser = {
username: escapeHtml(req.user.username),
name: escapeHtml(req.user.name),
mail: escapeHtml(req.user.mail),
isAdmin: util.isAdmin(req.user.username),
company: escapeHtml(req.user.company),
iconURL: req.user.iconURL ? req.user.iconURL : config.defaultUserIcon,
};
// --- NEW/MODIFIED: Asynchronously fetch Cart Item Count ---
try {
const carts = await Cart.filter({ username: req.user.username })
.getJoin({ items: true }) // Need items to count length
.run(); // Execute the query
if (carts && carts.length === 1 && carts[0].items) {
// Safe access
res.locals.signedInUser.cart = carts[0]; // Assign the actual cart object
res.locals.signedInUser.cart.items.length = carts[0].items.length; // Set the length property for the count
} else {
res.locals.signedInUser.cart = { items: [] }; // Default to empty cart
res.locals.signedInUser.cart.items.length = 0; // Explicitly set length to 0
}
} catch (err) {
console.error("Error fetching cart count for locals:", err);
res.locals.signedInUser.cart = { items: [] }; // Default empty on error
res.locals.signedInUser.cart.items.length = 0;
}
// --- NEW/MODIFIED: Asynchronously fetch Incomplete Order Count ---
try {
const incompleteCount = await Order.filter(
r.and(r.row("complete").eq(false), r.row("cancelled").eq(false)),
)
.count()
.execute();
res.locals.incompleteCount = incompleteCount;
} catch (err) {
console.error("Error fetching incomplete order count for locals:", err);
res.locals.incompleteCount = 0; // Default to 0 on error
}
next(); // Proceed to next middleware ONLY after async fetches complete
} else {
// Not logged in
res.locals.signedInUser = null;
res.locals.incompleteCount = 0; // Default 0 if not logged in
next(); // Proceed to next middleware
}
});
// Middleware to load Billboard (non-blocking) - This middleware is separate and doesn't affect main user data loading flow.
app.use((req, res, next) => {
Billboard.run()
.then((billboards) => {
if (billboards && billboards.length) {
res.locals.billboard = billboards[0];
} else {
res.locals.billboard = null;
}
next();
})
.catch((err) => {
console.error("Error loading billboard:", err);
res.locals.billboard = null;
next();
});
});
// Configure pretty JSON responses (optional)
app.set("json spaces", 2);
// --- Main Routes ---
app.use("/", routes);
// --- Server Start ---
module.exports = server;