src/api/Server.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import cors from "cors";
import express, { Request as ExpressRequest, Response as ExpressResponse, NextFunction } from "express";
import rateLimit from "express-rate-limit";
import fs from "fs/promises";
import { Server as HttpServer } from "http";
import { join, resolve } from "path";
import Client from "../core/Client";
import { RouteMetadata } from "../types/RouteMetadata";
import { log, logError, logInfo, logWarn } from "../utils/logger";
import Controller from "./Controller";
import Response from "./Response";

export default class Server {
    protected expressApp = express();
    public readonly port = process.env.PORT ?? 4000;
    protected controllersDirectory = resolve(__dirname, "controllers");
    expressServer?: HttpServer;

    constructor(protected client: Client) {}

    async onReady() {
        if (this.client.configManager.systemConfig.api.enabled) {
            await this.boot();
        }
    }

    async boot() {
        const router = express.Router();
        await this.loadControllers(undefined, router);

        this.expressApp.use((err: unknown, req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
            if (err instanceof SyntaxError && "status" in err && err.status === 400 && "body" in err) {
                res.status(400).json({
                    error: "Invalid JSON payload"
                });

                return;
            }
        });

        this.expressApp.use(cors());

        const limiter = rateLimit({
            windowMs: 30 * 1000,
            max: 28,
            standardHeaders: true,
            legacyHeaders: false
        });

        const configLimiter = rateLimit({
            windowMs: 10 * 1000,
            max: 7,
            standardHeaders: true,
            legacyHeaders: false
        });

        if (this.client.configManager.systemConfig.trust_proxies !== undefined) {
            logInfo("Set express trust proxy option value to ", this.client.configManager.systemConfig.trust_proxies);
            this.expressApp.set("trust proxy", this.client.configManager.systemConfig.trust_proxies);
        }

        this.expressApp.use(limiter);
        this.expressApp.use("/config", configLimiter);
        this.expressApp.use(express.json());
        this.expressApp.use("/", router);
    }

    async loadControllers(directory = this.controllersDirectory, router: express.Router) {
        const files = await fs.readdir(directory);

        for (const file of files) {
            const filePath = join(directory, file);
            const isDirectory = (await fs.lstat(filePath)).isDirectory();

            if (isDirectory) {
                await this.loadControllers(filePath, router);
                continue;
            }

            if ((!file.endsWith(".ts") && !file.endsWith(".js")) || file.endsWith(".d.ts")) {
                continue;
            }

            const { default: ControllerClass } = await import(filePath);
            const controller: Controller = new ControllerClass(this.client);

            const metadata: Record<string, RouteMetadata> | undefined = Reflect.getMetadata(
                "action_methods",
                ControllerClass.prototype
            );

            const authMiddleware = Reflect.getMetadata("auth_middleware", ControllerClass.prototype) ?? {};
            const gacMiddleware = Reflect.getMetadata("gac_middleware", ControllerClass.prototype) ?? {};
            const aacMiddleware = Reflect.getMetadata("aac_middleware", ControllerClass.prototype) ?? {};
            const validatonMiddleware = Reflect.getMetadata("validation_middleware", ControllerClass.prototype) ?? {};

            if (metadata) {
                for (const methodName in metadata) {
                    if (!metadata[methodName]) {
                        continue;
                    }

                    for (const method in metadata[methodName]!) {
                        const data = metadata[methodName][method as keyof RouteMetadata]!;

                        if (!data) {
                            continue;
                        }

                        const { middleware, handler, path } = data;

                        if (!handler) {
                            continue;
                        }

                        if (!path) {
                            logError(`[Server] No path specified at function ${handler.name} in controller ${file}. Skipping.`);
                            continue;
                        }

                        if (method && !["GET", "POST", "HEAD", "PUT", "PATCH", "DELETE"].includes(method)) {
                            logError(
                                `[Server] Invalid method '${method}' specified at function ${handler.name} in controller ${file}. Skipping.`
                            );
                            continue;
                        }

                        log(`Added handler for ${method?.toUpperCase() ?? "GET"} ${path}`);

                        const finalMiddlewareArray = [
                            ...(authMiddleware[methodName] ? [authMiddleware[methodName]] : []),
                            ...(gacMiddleware[methodName] ? [gacMiddleware[methodName]] : []),
                            ...(aacMiddleware[methodName] ? [aacMiddleware[methodName]] : []),
                            ...(validatonMiddleware[methodName] ? [validatonMiddleware[methodName]] : []),
                            ...(middleware ?? [])
                        ];

                        (router[(method?.toLowerCase() ?? "get") as keyof typeof router] as Function)(
                            path,
                            ...(finalMiddlewareArray?.map(
                                fn => (req: ExpressRequest, res: ExpressResponse, next: NextFunction) =>
                                    fn(this.client, req, res, next)
                            ) ?? []),
                            async (req: ExpressRequest, res: ExpressResponse) => {
                                const userResponse = await handler.bind(controller)(req, res);

                                if (!res.headersSent) {
                                    if (userResponse instanceof Response) {
                                        userResponse.send(res);
                                    } else if (userResponse && typeof userResponse === "object") {
                                        res.json(userResponse);
                                    } else if (typeof userResponse === "string") {
                                        res.send(userResponse);
                                    } else if (typeof userResponse === "number") {
                                        res.send(userResponse.toString());
                                    } else {
                                        logWarn("Invalid value was returned from the controller. Not sending a response.");
                                    }
                                }
                            }
                        );
                    }
                }
            }
        }
    }

    async start() {
        this.expressServer = this.expressApp.listen(this.port, () => logInfo(`API server is listening at port ${this.port}`));
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import cors from "cors";
21			import express, { Request as ExpressRequest, Response as ExpressResponse, NextFunction } from "express";
22			import rateLimit from "express-rate-limit";
23			import fs from "fs/promises";
24			import { Server as HttpServer } from "http";
25			import { join, resolve } from "path";
26			import Client from "../core/Client";
27			import { RouteMetadata } from "../types/RouteMetadata";
28			import { log, logError, logInfo, logWarn } from "../utils/logger";
29			import Controller from "./Controller";
30			import Response from "./Response";
31
32			export default class Server {
33			protected expressApp = express();
34			public readonly port = process.env.PORT ?? 4000;
35			protected controllersDirectory = resolve(__dirname, "controllers");
36			expressServer?: HttpServer;
37
38			constructor(protected client: Client) {}
39
40			async onReady() {
41			if (this.client.configManager.systemConfig.api.enabled) {
42			await this.boot();
43			}
44			}
45
46			async boot() {
47			const router = express.Router();
48			await this.loadControllers(undefined, router);
49
50			this.expressApp.use((err: unknown, req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
51			if (err instanceof SyntaxError && "status" in err && err.status === 400 && "body" in err) {
52			res.status(400).json({
53			error: "Invalid JSON payload"
54			});
55
56			return;
57			}
58			});
59
60			this.expressApp.use(cors());
61
62			const limiter = rateLimit({
63			windowMs: 30 * 1000,
64			max: 28,
65			standardHeaders: true,
66			legacyHeaders: false
67			});
68
69			const configLimiter = rateLimit({
70			windowMs: 10 * 1000,
71			max: 7,
72			standardHeaders: true,
73			legacyHeaders: false
74			});
75
76			if (this.client.configManager.systemConfig.trust_proxies !== undefined) {
77			logInfo("Set express trust proxy option value to ", this.client.configManager.systemConfig.trust_proxies);
78			this.expressApp.set("trust proxy", this.client.configManager.systemConfig.trust_proxies);
79			}
80
81			this.expressApp.use(limiter);
82			this.expressApp.use("/config", configLimiter);
83			this.expressApp.use(express.json());
84			this.expressApp.use("/", router);
85			}
86
87			async loadControllers(directory = this.controllersDirectory, router: express.Router) {
88			const files = await fs.readdir(directory);
89
90			for (const file of files) {
91			const filePath = join(directory, file);
92			const isDirectory = (await fs.lstat(filePath)).isDirectory();
93
94			if (isDirectory) {
95			await this.loadControllers(filePath, router);
96			continue;
97			}
98
99			if ((!file.endsWith(".ts") && !file.endsWith(".js")) \|\| file.endsWith(".d.ts")) {
100			continue;
101			}
102
103			const { default: ControllerClass } = await import(filePath);
104			const controller: Controller = new ControllerClass(this.client);
105
106			const metadata: Record<string, RouteMetadata> \| undefined = Reflect.getMetadata(
107			"action_methods",
108			ControllerClass.prototype
109			);
110
111			const authMiddleware = Reflect.getMetadata("auth_middleware", ControllerClass.prototype) ?? {};
112			const gacMiddleware = Reflect.getMetadata("gac_middleware", ControllerClass.prototype) ?? {};
113			const aacMiddleware = Reflect.getMetadata("aac_middleware", ControllerClass.prototype) ?? {};
114			const validatonMiddleware = Reflect.getMetadata("validation_middleware", ControllerClass.prototype) ?? {};
115
116			if (metadata) {
117			for (const methodName in metadata) {
118			if (!metadata[methodName]) {
119			continue;
120			}
121
122			for (const method in metadata[methodName]!) {
123			const data = metadata[methodName][method as keyof RouteMetadata]!;
124
125			if (!data) {
126			continue;
127			}
128
129			const { middleware, handler, path } = data;
130
131			if (!handler) {
132			continue;
133			}
134
135			if (!path) {
136			logError(`[Server] No path specified at function ${handler.name} in controller ${file}. Skipping.`);
137			continue;
138			}
139
140			if (method && !["GET", "POST", "HEAD", "PUT", "PATCH", "DELETE"].includes(method)) {
141			logError(
142			`[Server] Invalid method '${method}' specified at function ${handler.name} in controller ${file}. Skipping.`
143			);
144			continue;
145			}
146
147			log(`Added handler for ${method?.toUpperCase() ?? "GET"} ${path}`);
148
149			const finalMiddlewareArray = [
150			...(authMiddleware[methodName] ? [authMiddleware[methodName]] : []),
151			...(gacMiddleware[methodName] ? [gacMiddleware[methodName]] : []),
152			...(aacMiddleware[methodName] ? [aacMiddleware[methodName]] : []),
153			...(validatonMiddleware[methodName] ? [validatonMiddleware[methodName]] : []),
154			...(middleware ?? [])
155			];
156
157			(router[(method?.toLowerCase() ?? "get") as keyof typeof router] as Function)(
158			path,
159			...(finalMiddlewareArray?.map(
160			fn => (req: ExpressRequest, res: ExpressResponse, next: NextFunction) =>
161			fn(this.client, req, res, next)
162			) ?? []),
163			async (req: ExpressRequest, res: ExpressResponse) => {
164			const userResponse = await handler.bind(controller)(req, res);
165
166			if (!res.headersSent) {
167			if (userResponse instanceof Response) {
168			userResponse.send(res);
169			} else if (userResponse && typeof userResponse === "object") {
170			res.json(userResponse);
171			} else if (typeof userResponse === "string") {
172			res.send(userResponse);
173			} else if (typeof userResponse === "number") {
174			res.send(userResponse.toString());
175			} else {
176			logWarn("Invalid value was returned from the controller. Not sending a response.");
177			}
178			}
179			}
180			);
181			}
182			}
183			}
184			}
185			}
186
187			async start() {
188			this.expressServer = this.expressApp.listen(this.port, () => logInfo(`API server is listening at port ${this.port}`));
189			}
190			}