src/api/Server.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import cors from "cors";
import express, {
    Application,
    Request as ExpressRequest,
    Response as ExpressResponse,
    NextFunction
} from "express";
import ratelimiter from "express-rate-limit";
import { Router } from "express-serve-static-core";
import { Server as HttpServer } from "http";
import Client from "../core/Client";
import { RouteMetadata, RouteMetadataEntry } from "../types/RouteMetadata";
import Controller from "./Controller";
import Response from "./Response";

export default class Server {
    protected readonly expressApp = express();
    protected readonly rateLimiter = ratelimiter({
        windowMs: 30 * 1000,
        max: 28,
        standardHeaders: true,
        legacyHeaders: false
    });
    protected readonly configRateLimiter = ratelimiter({
        windowMs: 10 * 1000,
        max: 7,
        standardHeaders: true,
        legacyHeaders: false
    });
    public readonly port = process.env.PORT ?? 4000;
    public expressServer?: HttpServer;

    constructor(protected readonly client: Client) {}

    async onReady() {
        if (this.client.configManager.systemConfig.api.enabled) {
            await this.boot();
            await this.start();
        }
    }

    async boot() {
        this.expressApp.use(this.onError);
        this.expressApp.use(cors());

        if (this.client.configManager.systemConfig.trust_proxies !== undefined) {
            this.client.logger.info(
                "Set express trust proxy option value to ",
                this.client.configManager.systemConfig.trust_proxies
            );

            this.expressApp.set(
                "trust proxy",
                this.client.configManager.systemConfig.trust_proxies
            );
        }

        this.expressApp.use(this.rateLimiter);
        this.expressApp.use("/config", this.configRateLimiter);
        this.expressApp.use(express.json());

        const router = await this.createRouter();
        this.expressApp.use("/", router);
    }

    async createRouter() {
        const router = express.Router();
        await this.client.dynamicLoader.loadControllers(router);
        return router;
    }

    loadController(controller: Controller, controllerClass: typeof Controller, router: Router) {
        const actions = (
            Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
                ? controllerClass[Symbol.metadata]?.actionMethods
                : Reflect.getMetadata("action_methods", controllerClass.prototype)
        ) as Record<string, RouteMetadata> | null;
        const aacMiddlewareList = (
            Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
                ? controllerClass[Symbol.metadata]?.adminAccessControlMiddleware
                : Reflect.getMetadata("aac_middleware", controllerClass.prototype)
        ) as Record<string, (...args: unknown[]) => unknown> | null;
        const gacMiddlewareList = (
            Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
                ? controllerClass[Symbol.metadata]?.guildAccessControlMiddleware
                : Reflect.getMetadata("gac_middleware", controllerClass.prototype)
        ) as Record<string, (...args: unknown[]) => unknown> | null;
        const requireAuthMiddlewareList = (
            Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
                ? controllerClass[Symbol.metadata]?.authMiddleware
                : Reflect.getMetadata("auth_middleware", controllerClass.prototype)
        ) as Record<string, (...args: unknown[]) => unknown> | null;
        const validationMiddlewareList = (
            Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
                ? controllerClass[Symbol.metadata]?.validationMiddleware
                : Reflect.getMetadata("validation_middleware", controllerClass.prototype)
        ) as Record<string, (...args: unknown[]) => unknown> | null;

        if (!actions) {
            return;
        }

        for (const callbackName in actions) {
            for (const method in actions[callbackName]) {
                const data = actions[callbackName][
                    method as keyof (typeof actions)[keyof typeof actions]
                ] as RouteMetadataEntry | null;

                if (!data) {
                    continue;
                }

                const middleware = [];

                if (requireAuthMiddlewareList?.[callbackName]) {
                    middleware.push(requireAuthMiddlewareList?.[callbackName]);
                }

                if (aacMiddlewareList?.[callbackName]) {
                    middleware.push(aacMiddlewareList?.[callbackName]);
                }

                if (gacMiddlewareList?.[callbackName]) {
                    middleware.push(gacMiddlewareList?.[callbackName]);
                }

                if (validationMiddlewareList?.[callbackName]) {
                    middleware.push(validationMiddlewareList?.[callbackName]);
                }

                middleware.push(...(data.middleware ?? []));

                const wrappedMiddleware = middleware.map(
                    m => (request: ExpressRequest, response: ExpressResponse, next: NextFunction) =>
                        m(this.client, request, response, next)
                );

                router[data.method.toLowerCase() as "head"].call(
                    router,
                    data.path,
                    ...(wrappedMiddleware as []),
                    <Application>this.wrapControllerAction(controller, callbackName)
                );

                this.client.logger.debug(
                    `Discovered API Route: ${data.method} ${data.path} -- in ${controllerClass.name}`
                );
            }
        }
    }

    wrapControllerAction(controller: Controller, callbackName: string) {
        return async (request: ExpressRequest, response: ExpressResponse) => {
            const callback = controller[callbackName as keyof typeof controller] as (
                request: ExpressRequest,
                response: ExpressResponse
            ) => unknown;
            const controllerResponse = await callback.call(controller, request, response);

            if (!response.headersSent) {
                if (controllerResponse instanceof Response) {
                    controllerResponse.send(response);
                } else if (controllerResponse && typeof controllerResponse === "object") {
                    response.json(controllerResponse);
                } else if (typeof controllerResponse === "string") {
                    response.send(controllerResponse);
                } else if (typeof controllerResponse === "number") {
                    response.send(controllerResponse.toString());
                } else {
                    this.client.logger.warn(
                        "Invalid value was returned from the controller. Not sending a response."
                    );
                }
            }
        };
    }

    onError(err: unknown, _: ExpressRequest, res: ExpressResponse, next: NextFunction) {
        if (err instanceof SyntaxError && "status" in err && err.status === 400 && "body" in err) {
            res.status(400).json({
                error: "Invalid JSON payload"
            });

            return;
        }

        next();
    }

    async start() {
        this.expressServer = this.expressApp.listen(this.port, () =>
            this.client.logger.info(`API server is listening at port ${this.port}`)
        );
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import cors from "cors";
21			import express, {
22			Application,
23			Request as ExpressRequest,
24			Response as ExpressResponse,
25			NextFunction
26			} from "express";
27			import ratelimiter from "express-rate-limit";
28			import { Router } from "express-serve-static-core";
29			import { Server as HttpServer } from "http";
30			import Client from "../core/Client";
31			import { RouteMetadata, RouteMetadataEntry } from "../types/RouteMetadata";
32			import Controller from "./Controller";
33			import Response from "./Response";
34
35			export default class Server {
36			protected readonly expressApp = express();
37			protected readonly rateLimiter = ratelimiter({
38			windowMs: 30 * 1000,
39			max: 28,
40			standardHeaders: true,
41			legacyHeaders: false
42			});
43			protected readonly configRateLimiter = ratelimiter({
44			windowMs: 10 * 1000,
45			max: 7,
46			standardHeaders: true,
47			legacyHeaders: false
48			});
49			public readonly port = process.env.PORT ?? 4000;
50			public expressServer?: HttpServer;
51
52			constructor(protected readonly client: Client) {}
53
54			async onReady() {
55			if (this.client.configManager.systemConfig.api.enabled) {
56			await this.boot();
57			await this.start();
58			}
59			}
60
61			async boot() {
62			this.expressApp.use(this.onError);
63			this.expressApp.use(cors());
64
65			if (this.client.configManager.systemConfig.trust_proxies !== undefined) {
66			this.client.logger.info(
67			"Set express trust proxy option value to ",
68			this.client.configManager.systemConfig.trust_proxies
69			);
70
71			this.expressApp.set(
72			"trust proxy",
73			this.client.configManager.systemConfig.trust_proxies
74			);
75			}
76
77			this.expressApp.use(this.rateLimiter);
78			this.expressApp.use("/config", this.configRateLimiter);
79			this.expressApp.use(express.json());
80
81			const router = await this.createRouter();
82			this.expressApp.use("/", router);
83			}
84
85			async createRouter() {
86			const router = express.Router();
87			await this.client.dynamicLoader.loadControllers(router);
88			return router;
89			}
90
91			loadController(controller: Controller, controllerClass: typeof Controller, router: Router) {
92			const actions = (
93			Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
94			? controllerClass[Symbol.metadata]?.actionMethods
95			: Reflect.getMetadata("action_methods", controllerClass.prototype)
96			) as Record<string, RouteMetadata> \| null;
97			const aacMiddlewareList = (
98			Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
99			? controllerClass[Symbol.metadata]?.adminAccessControlMiddleware
100			: Reflect.getMetadata("aac_middleware", controllerClass.prototype)
101			) as Record<string, (...args: unknown[]) => unknown> \| null;
102			const gacMiddlewareList = (
103			Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
104			? controllerClass[Symbol.metadata]?.guildAccessControlMiddleware
105			: Reflect.getMetadata("gac_middleware", controllerClass.prototype)
106			) as Record<string, (...args: unknown[]) => unknown> \| null;
107			const requireAuthMiddlewareList = (
108			Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
109			? controllerClass[Symbol.metadata]?.authMiddleware
110			: Reflect.getMetadata("auth_middleware", controllerClass.prototype)
111			) as Record<string, (...args: unknown[]) => unknown> \| null;
112			const validationMiddlewareList = (
113			Symbol.metadata in controllerClass && controllerClass[Symbol.metadata]
114			? controllerClass[Symbol.metadata]?.validationMiddleware
115			: Reflect.getMetadata("validation_middleware", controllerClass.prototype)
116			) as Record<string, (...args: unknown[]) => unknown> \| null;
117
118			if (!actions) {
119			return;
120			}
121
122			for (const callbackName in actions) {
123			for (const method in actions[callbackName]) {
124			const data = actions[callbackName][
125			method as keyof (typeof actions)[keyof typeof actions]
126			] as RouteMetadataEntry \| null;
127
128			if (!data) {
129			continue;
130			}
131
132			const middleware = [];
133
134			if (requireAuthMiddlewareList?.[callbackName]) {
135			middleware.push(requireAuthMiddlewareList?.[callbackName]);
136			}
137
138			if (aacMiddlewareList?.[callbackName]) {
139			middleware.push(aacMiddlewareList?.[callbackName]);
140			}
141
142			if (gacMiddlewareList?.[callbackName]) {
143			middleware.push(gacMiddlewareList?.[callbackName]);
144			}
145
146			if (validationMiddlewareList?.[callbackName]) {
147			middleware.push(validationMiddlewareList?.[callbackName]);
148			}
149
150			middleware.push(...(data.middleware ?? []));
151
152			const wrappedMiddleware = middleware.map(
153			m => (request: ExpressRequest, response: ExpressResponse, next: NextFunction) =>
154			m(this.client, request, response, next)
155			);
156
157			router[data.method.toLowerCase() as "head"].call(
158			router,
159			data.path,
160			...(wrappedMiddleware as []),
161			<Application>this.wrapControllerAction(controller, callbackName)
162			);
163
164			this.client.logger.debug(
165			`Discovered API Route: ${data.method} ${data.path} -- in ${controllerClass.name}`
166			);
167			}
168			}
169			}
170
171			wrapControllerAction(controller: Controller, callbackName: string) {
172			return async (request: ExpressRequest, response: ExpressResponse) => {
173			const callback = controller[callbackName as keyof typeof controller] as (
174			request: ExpressRequest,
175			response: ExpressResponse
176			) => unknown;
177			const controllerResponse = await callback.call(controller, request, response);
178
179			if (!response.headersSent) {
180			if (controllerResponse instanceof Response) {
181			controllerResponse.send(response);
182			} else if (controllerResponse && typeof controllerResponse === "object") {
183			response.json(controllerResponse);
184			} else if (typeof controllerResponse === "string") {
185			response.send(controllerResponse);
186			} else if (typeof controllerResponse === "number") {
187			response.send(controllerResponse.toString());
188			} else {
189			this.client.logger.warn(
190			"Invalid value was returned from the controller. Not sending a response."
191			);
192			}
193			}
194			};
195			}
196
197			onError(err: unknown, _: ExpressRequest, res: ExpressResponse, next: NextFunction) {
198			if (err instanceof SyntaxError && "status" in err && err.status === 400 && "body" in err) {
199			res.status(400).json({
200			error: "Invalid JSON payload"
201			});
202
203			return;
204			}
205
206			next();
207			}
208
209			async start() {
210			this.expressServer = this.expressApp.listen(this.port, () =>
211			this.client.logger.info(`API server is listening at port ${this.port}`)
212			);
213			}
214			}