2023-08-05 18:58:33 -06:00
|
|
|
import express, { Router } from "express";
|
2023-08-09 17:11:26 -06:00
|
|
|
import { authorize } from "./auth";
|
2023-09-02 13:36:44 -06:00
|
|
|
import { HttpError } from "../shared/errors";
|
|
|
|
import { injectLocals } from "../shared/inject-locals";
|
|
|
|
import { withSession } from "../shared/with-session";
|
|
|
|
import { injectCsrfToken, checkCsrfToken } from "../shared/inject-csrf";
|
2023-12-16 19:30:20 -07:00
|
|
|
import { renderPage } from "../info-page";
|
|
|
|
import { buildInfo } from "../service-info";
|
2023-08-28 13:33:14 -06:00
|
|
|
import { loginRouter } from "./login";
|
2023-08-09 17:11:26 -06:00
|
|
|
import { usersApiRouter as apiRouter } from "./api/users";
|
2023-09-02 13:36:44 -06:00
|
|
|
import { usersWebRouter as webRouter } from "./web/manage";
|
2023-05-12 18:58:15 -06:00
|
|
|
|
|
|
|
const adminRouter = Router();
|
|
|
|
|
2023-07-21 18:11:32 -06:00
|
|
|
adminRouter.use(
|
|
|
|
express.json({ limit: "20mb" }),
|
|
|
|
express.urlencoded({ extended: true, limit: "20mb" })
|
|
|
|
);
|
2023-09-02 13:36:44 -06:00
|
|
|
adminRouter.use(withSession);
|
2023-08-09 17:11:26 -06:00
|
|
|
adminRouter.use(injectCsrfToken);
|
2023-08-05 18:58:33 -06:00
|
|
|
|
2023-08-09 17:11:26 -06:00
|
|
|
adminRouter.use("/users", authorize({ via: "header" }), apiRouter);
|
2023-08-10 14:54:01 -06:00
|
|
|
|
2023-09-02 13:36:44 -06:00
|
|
|
adminRouter.use(checkCsrfToken);
|
2023-08-28 13:33:14 -06:00
|
|
|
adminRouter.use(injectLocals);
|
2023-08-10 14:54:01 -06:00
|
|
|
adminRouter.use("/", loginRouter);
|
2023-09-02 13:36:44 -06:00
|
|
|
adminRouter.use("/manage", authorize({ via: "cookie" }), webRouter);
|
2023-11-15 16:12:07 -07:00
|
|
|
adminRouter.use("/service-info", authorize({ via: "cookie" }), (req, res) => {
|
|
|
|
return res.send(
|
2023-12-16 19:30:20 -07:00
|
|
|
renderPage(buildInfo(req.protocol + "://" + req.get("host"), true))
|
2023-11-15 16:12:07 -07:00
|
|
|
);
|
|
|
|
});
|
2023-08-05 18:58:33 -06:00
|
|
|
|
2023-08-29 02:49:08 -06:00
|
|
|
adminRouter.use(
|
|
|
|
(
|
|
|
|
err: Error,
|
2023-09-02 13:36:44 -06:00
|
|
|
req: express.Request,
|
2023-08-29 02:49:08 -06:00
|
|
|
res: express.Response,
|
|
|
|
_next: express.NextFunction
|
|
|
|
) => {
|
|
|
|
const data: any = { message: err.message, stack: err.stack };
|
|
|
|
if (err instanceof HttpError) {
|
|
|
|
data.status = err.status;
|
2023-09-02 13:36:44 -06:00
|
|
|
res.status(err.status);
|
|
|
|
if (req.accepts(["html", "json"]) === "json") {
|
|
|
|
return res.json({ error: data });
|
|
|
|
}
|
|
|
|
return res.render("admin_error", data);
|
2023-08-29 02:49:08 -06:00
|
|
|
} else if (err.name === "ForbiddenError") {
|
|
|
|
data.status = 403;
|
|
|
|
if (err.message === "invalid csrf token") {
|
2023-08-29 13:20:28 -06:00
|
|
|
data.message =
|
|
|
|
"Invalid CSRF token; try refreshing the previous page before submitting again.";
|
2023-08-29 02:49:08 -06:00
|
|
|
}
|
2023-09-02 13:36:44 -06:00
|
|
|
return res.status(403).render("admin_error", { ...data, flash: null });
|
2023-08-29 02:49:08 -06:00
|
|
|
}
|
|
|
|
res.status(500).json({ error: data });
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
2023-05-12 18:58:15 -06:00
|
|
|
export { adminRouter };
|