matrix-public-archive/server/routes/install-routes.js

'use strict';

const path = require('path');
const express = require('express');
const cors = require('cors');
const asyncHandler = require('../lib/express-async-handler');

const { handleTracingMiddleware } = require('../tracing/tracing-middleware');
const getVersionTags = require('../lib/get-version-tags');
const preventClickjackingMiddleware = require('./prevent-clickjacking-middleware');
const contentSecurityPolicyMiddleware = require('./content-security-policy-middleware');
const clientSideRoomAliasHashRedirectRoute = require('./client-side-room-alias-hash-redirect-route');
const redirectToCorrectArchiveUrlIfBadSigil = require('./redirect-to-correct-archive-url-if-bad-sigil-middleware');

function installRoutes(app) {
  app.use(handleTracingMiddleware);
  app.use(preventClickjackingMiddleware);
  app.use(contentSecurityPolicyMiddleware);
  app.use(cors());

  let healthCheckResponse;
  app.get(
    '/health-check',
    asyncHandler(async function (req, res) {
      if (!healthCheckResponse) {
        const versionTags = await getVersionTags();
        const responseObject = {
          ok: true,
          ...versionTags,
        };
        healthCheckResponse = JSON.stringify(responseObject, null, 2);
      }

      res.set('Content-Type', 'application/json');
      res.send(healthCheckResponse);
    })
  );

  // We have to disable no-missing-require lint because it doesn't take into
  // account `package.json`. `exports`, see
  // https://github.com/mysticatea/eslint-plugin-node/issues/255
  app.use(
    '/hydrogen-assets',
    // eslint-disable-next-line node/no-missing-require
    express.static(path.dirname(require.resolve('hydrogen-view-sdk/assets/main.js')))
  );

  app.get(
    // This has to be at the root so that the font URL references resolve correctly
    '/hydrogen-assets/hydrogen-styles.css',
    asyncHandler(async function (req, res) {
      res.set('Content-Type', 'text/css');
      // We have to disable no-missing-require lint because it doesn't take into
      // account `package.json`. `exports`, see
      // https://github.com/mysticatea/eslint-plugin-node/issues/255
      // eslint-disable-next-line node/no-missing-require
      res.sendFile(require.resolve('hydrogen-view-sdk/assets/theme-element-light.css'));
    })
  );

  // Our own archive app styles and scripts
  app.use('/css', express.static(path.join(__dirname, '../../public/css')));
  app.use('/img', express.static(path.join(__dirname, '../../public/img')));
  app.use('/js', express.static(path.join(__dirname, '../../dist/')));

  app.use('/', require('./room-directory-routes'));

  // For room aliases (/r) or room ID's (/roomid)
  app.use('/:entityDescriptor(r|roomid)/:roomIdOrAliasDirty', require('./room-routes'));

  // Since everything after the hash (`#`) won't make it to the server, let's serve a 404
  // page that will potentially redirect them to the correct place if they tried
  // `/r/#room-alias:server/date/2022/10/27` -> `/r/room-alias:server/date/2022/10/27`
  app.use('/:entityDescriptor(r|roomid)', clientSideRoomAliasHashRedirectRoute);

  // Correct any honest mistakes: If someone accidentally put the sigil in the URL, then
  // redirect them to the correct URL without the sigil to the correct path above.
  app.use('/:roomIdOrAliasDirty', redirectToCorrectArchiveUrlIfBadSigil);
}

module.exports = installRoutes;
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00			`'use strict';`

			`const path = require('path');`
Calendar styles and server hydrogen assets 2022-02-17 15:56:54 -07:00			`const express = require('express');`
Enable CORS support (#147) This change enables CORS support in the archive — to allow web developers to create web applications with frontend JavaScript code that can fetch pages from the archive (for example, for scraping content from chat logs). Otherwise, without this change, web developers can’t create web apps with frontend JavaScript that can fetch chat logs from the archive and then consume the content of the logs. It’s imaginable that web developers may find use cases for consuming the chat logs in the archive from frontend JavaScript code — at the simplest level, web apps that fetch and scrape logs to get data out of them or to pull out particular snippets from the logs. Developers can anyway already scrape the contents of the archive — by using server-side programming languages or by using `curl` or whatever from the command line. They just can’t do the same from frontend JavaScript code, unless CORS support is enabled. 2022-11-28 20:47:57 -07:00			`const cors = require('cors');`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00			`const asyncHandler = require('../lib/express-async-handler');`

Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`const { handleTracingMiddleware } = require('../tracing/tracing-middleware');`
			`const getVersionTags = require('../lib/get-version-tags');`
Add clickjacking prevention middleware (#68) Fix https://github.com/matrix-org/matrix-public-archive/issues/67 2022-09-08 18:30:20 -06:00			`const preventClickjackingMiddleware = require('./prevent-clickjacking-middleware');`
Add `Content-Security-Policy` (CSP) (#81) Add `Content-Security-Policy` (CSP) that restricts the page to just what it is expected to do. This helps limit the damage that can be done by any XSS attack. Fix https://github.com/matrix-org/internal-config/issues/1341 2022-10-19 11:07:39 -06:00			`const contentSecurityPolicyMiddleware = require('./content-security-policy-middleware');`
Add support for client-side room alias hash `#` redirects to the correct URL (#111) This helps when someone just pastes a room alias on the end of the domain, - `/#room-alias:server` -> `/r/room-alias:server` - `/r/#room-alias:server/date/2022/10/27` -> `/r/room-alias:server/date/2022/10/27` Since these redirects happen on the client, we can't write any e2e tests. Those e2e tests do everything but run client-side JavaScript. Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/107 Part of https://github.com/matrix-org/matrix-public-archive/issues/25 2022-10-27 23:32:24 -06:00			`const clientSideRoomAliasHashRedirectRoute = require('./client-side-room-alias-hash-redirect-route');`
Add support for room aliases (#107) Also does friendly redirects if you don't exactly use the right URL pattern. For example, if you paste the full room ID with the `!` like `/roomid/!foo:bar`, it will properly redirect you to `/roomid/foo:bar`. It also does this sort of thing for URL encoded room ID's and aliases. Fix https://github.com/matrix-org/matrix-public-archive/issues/25 2022-10-27 00:09:13 -06:00			`const redirectToCorrectArchiveUrlIfBadSigil = require('./redirect-to-correct-archive-url-if-bad-sigil-middleware');`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00
			`function installRoutes(app) {`
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00			`app.use(handleTracingMiddleware);`
Add clickjacking prevention middleware (#68) Fix https://github.com/matrix-org/matrix-public-archive/issues/67 2022-09-08 18:30:20 -06:00			`app.use(preventClickjackingMiddleware);`
Add `Content-Security-Policy` (CSP) (#81) Add `Content-Security-Policy` (CSP) that restricts the page to just what it is expected to do. This helps limit the damage that can be done by any XSS attack. Fix https://github.com/matrix-org/internal-config/issues/1341 2022-10-19 11:07:39 -06:00			`app.use(contentSecurityPolicyMiddleware);`
Enable CORS support (#147) This change enables CORS support in the archive — to allow web developers to create web applications with frontend JavaScript code that can fetch pages from the archive (for example, for scraping content from chat logs). Otherwise, without this change, web developers can’t create web apps with frontend JavaScript that can fetch chat logs from the archive and then consume the content of the logs. It’s imaginable that web developers may find use cases for consuming the chat logs in the archive from frontend JavaScript code — at the simplest level, web apps that fetch and scrape logs to get data out of them or to pull out particular snippets from the logs. Developers can anyway already scrape the contents of the archive — by using server-side programming languages or by using `curl` or whatever from the command line. They just can’t do the same from frontend JavaScript code, unless CORS support is enabled. 2022-11-28 20:47:57 -07:00			`app.use(cors());`
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`let healthCheckResponse;`
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00			`app.get(`
			`'/health-check',`
			`asyncHandler(async function (req, res) {`
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`if (!healthCheckResponse) {`
			`const versionTags = await getVersionTags();`
			`const responseObject = {`
			`ok: true,`
			`...versionTags,`
			`};`
			`healthCheckResponse = JSON.stringify(responseObject, null, 2);`
			`}`

			`res.set('Content-Type', 'application/json');`
			`res.send(healthCheckResponse);`
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00			`})`
			`);`
Make sure container is able to start up (#23) Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/22 2022-06-15 16:12:44 -06:00
Calendar styles and server hydrogen assets 2022-02-17 15:56:54 -07:00			`// We have to disable no-missing-require lint because it doesn't take into`
			// account `package.json`. `exports`, see
			`// https://github.com/mysticatea/eslint-plugin-node/issues/255`
Serve Hydrogen assets from `/hydrogen-assets/` sub-directory for easier targeting of cache rules (#172) Fix https://github.com/matrix-org/matrix-public-archive/issues/160 2023-04-19 13:44:12 -06:00			`app.use(`
			`'/hydrogen-assets',`
			`// eslint-disable-next-line node/no-missing-require`
			`express.static(path.dirname(require.resolve('hydrogen-view-sdk/assets/main.js')))`
			`);`
Calendar styles and server hydrogen assets 2022-02-17 15:56:54 -07:00
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00			`app.get(`
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`// This has to be at the root so that the font URL references resolve correctly`
Serve Hydrogen assets from `/hydrogen-assets/` sub-directory for easier targeting of cache rules (#172) Fix https://github.com/matrix-org/matrix-public-archive/issues/160 2023-04-19 13:44:12 -06:00			`'/hydrogen-assets/hydrogen-styles.css',`
OpenTelemetry tracing so we can see spans where the app is taking time (#27) OpenTelemetry tracing so we can see spans where the app is taking time. For the user, we specifically show the spans for the external API HTTP requests that are slow (so we know when the Matrix API is being slow). Enable tracing: - `npm run start -- --tracing` - `npm run start-dev -- --tracing` What does this PR change: - Adds OpenTelemetry tracing with some of the automatic instrumentation (includes HTTP and express) - We ignore traces for serving static assets (just noise) - Adds `X-Trace-Id` to the response headers - Adds `window.tracingSpansForRequest` which includes the external HTTP API requests made during the request - Adds a fancy 504 timeout page that includes trace details and lists the slow HTTP requests - Adds `jaegerTracesEndpoint` configuration to export tracing spans to Jaeger - Related to, https://github.com/matrix-org/matrix-public-archive/issues/26 2022-07-14 10:08:50 -06:00			`asyncHandler(async function (req, res) {`
			`res.set('Content-Type', 'text/css');`
			`// We have to disable no-missing-require lint because it doesn't take into`
			// account `package.json`. `exports`, see
			`// https://github.com/mysticatea/eslint-plugin-node/issues/255`
			`// eslint-disable-next-line node/no-missing-require`
			`res.sendFile(require.resolve('hydrogen-view-sdk/assets/theme-element-light.css'));`
			`})`
			`);`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`// Our own archive app styles and scripts`
			`app.use('/css', express.static(path.join(__dirname, '../../public/css')));`
Use rainbow Matrix.org gradient (#75) Another iteration of the design, https://www.figma.com/file/lpW5CqaEbPsYX2pmfIhzRo/Matrix-Public-Archive Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-10-18 00:30:26 -06:00			`app.use('/img', express.static(path.join(__dirname, '../../public/img')));`
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`app.use('/js', express.static(path.join(__dirname, '../../dist/')));`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00
Room directory landing page v1 (#61) Part of https://github.com/matrix-org/matrix-public-archive/issues/6 2022-09-08 00:30:04 -06:00			`app.use('/', require('./room-directory-routes'));`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00
Add support for room aliases (#107) Also does friendly redirects if you don't exactly use the right URL pattern. For example, if you paste the full room ID with the `!` like `/roomid/!foo:bar`, it will properly redirect you to `/roomid/foo:bar`. It also does this sort of thing for URL encoded room ID's and aliases. Fix https://github.com/matrix-org/matrix-public-archive/issues/25 2022-10-27 00:09:13 -06:00			`// For room aliases (/r) or room ID's (/roomid)`
			`app.use('/:entityDescriptor(r\|roomid)/:roomIdOrAliasDirty', require('./room-routes'));`

Add support for client-side room alias hash `#` redirects to the correct URL (#111) This helps when someone just pastes a room alias on the end of the domain, - `/#room-alias:server` -> `/r/room-alias:server` - `/r/#room-alias:server/date/2022/10/27` -> `/r/room-alias:server/date/2022/10/27` Since these redirects happen on the client, we can't write any e2e tests. Those e2e tests do everything but run client-side JavaScript. Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/107 Part of https://github.com/matrix-org/matrix-public-archive/issues/25 2022-10-27 23:32:24 -06:00			// Since everything after the hash (`#`) won't make it to the server, let's serve a 404
			`// page that will potentially redirect them to the correct place if they tried`
			// `/r/#room-alias:server/date/2022/10/27` -> `/r/room-alias:server/date/2022/10/27`
			`app.use('/:entityDescriptor(r\|roomid)', clientSideRoomAliasHashRedirectRoute);`

Add support for room aliases (#107) Also does friendly redirects if you don't exactly use the right URL pattern. For example, if you paste the full room ID with the `!` like `/roomid/!foo:bar`, it will properly redirect you to `/roomid/foo:bar`. It also does this sort of thing for URL encoded room ID's and aliases. Fix https://github.com/matrix-org/matrix-public-archive/issues/25 2022-10-27 00:09:13 -06:00			`// Correct any honest mistakes: If someone accidentally put the sigil in the URL, then`
			`// redirect them to the correct URL without the sigil to the correct path above.`
			`app.use('/:roomIdOrAliasDirty', redirectToCorrectArchiveUrlIfBadSigil);`
Add npm run start-dev to build vite and run server at once 2022-02-15 16:17:14 -07:00			`}`

			`module.exports = installRoutes;`