Ghost/core/server/web/site/middleware/serve-public-file.js

const crypto = require('crypto');
const fs = require('fs-extra');
const path = require('path');
const errors = require('@tryghost/errors');
const config = require('../../../../shared/config');
const urlUtils = require('../../../../shared/url-utils');
const tpl = require('@tryghost/tpl');

const messages = {
    imageNotFound: 'Image not found'
};

function createPublicFileMiddleware(file, type, maxAge) {
    let content;
    const publicFilePath = config.get('paths').publicFilePath;
    const filePath = file.match(/^public/) ? path.join(publicFilePath, file.replace(/^public/, '')) : path.join(publicFilePath, file);
    const blogRegex = /(\{\{blog-url\}\})/g;

    return function servePublicFileMiddleware(req, res, next) {
        if (content) {
            res.writeHead(200, content.headers);
            return res.end(content.body);
        }

        // send image files directly and let express handle content-length, etag, etc
        if (type.match(/^image/)) {
            return res.sendFile(filePath, (err) => {
                if (err && err.status === 404) {
                    // ensure we're triggering basic asset 404 and not a templated 404
                    return next(new errors.NotFoundError({
                        message: tpl(messages.imageNotFound),
                        code: 'STATIC_FILE_NOT_FOUND',
                        property: err.path
                    }));
                }

                if (err) {
                    return next(err);
                }
            });
        }

        // modify text files before caching+serving to ensure URL placeholders are transformed
        fs.readFile(filePath, (err, buf) => {
            if (err) {
                return next(err);
            }

            let str = buf.toString();

            if (type === 'text/xsl' || type === 'text/plain' || type === 'application/javascript') {
                str = str.replace(blogRegex, urlUtils.urlFor('home', true).replace(/\/$/, ''));
            }

            content = {
                headers: {
                    'Content-Type': type,
                    'Content-Length': Buffer.from(str).length,
                    ETag: `"${crypto.createHash('md5').update(str, 'utf8').digest('hex')}"`,
                    'Cache-Control': `public, max-age=${maxAge}`
                },
                body: str
            };
            res.writeHead(200, content.headers);
            res.end(content.body);
        });
    };
}

// ### servePublicFile Middleware
// Handles requests to robots.txt and favicon.ico (and caches them)
function servePublicFile(file, type, maxAge) {
    const publicFileMiddleware = createPublicFileMiddleware(file, type, maxAge);

    return function servePublicFileMiddleware(req, res, next) {
        if (req.path === '/' + file) {
            return publicFileMiddleware(req, res, next);
        } else {
            return next();
        }
    };
}

module.exports = servePublicFile;
module.exports.servePublicFile = servePublicFile;
module.exports.createPublicFileMiddleware = createPublicFileMiddleware;
ES6 migration: server/web/ (#9886) refs #9589 2018-09-20 16:03:33 +03:00			`const crypto = require('crypto');`
			`const fs = require('fs-extra');`
			`const path = require('path');`
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file 2020-04-09 21:40:00 +03:00			`const errors = require('@tryghost/errors');`
Moved config from server to shared (#11850) * moved `server/config` to `shared/config` * updated config import paths in server to use shared * updated config import paths in frontend to use shared * updated config import paths in test to use shared * updated config import paths in root to use shared * trigger regression tests * of course the rebase broke tests 2020-05-27 20:47:53 +03:00			`const config = require('../../../../shared/config');`
Moved core/server/lib/url-utils to core/shared/url-utils (#11856) * moved url-utils from server to shared * updated imports of url-utils 2020-05-28 13:57:02 +03:00			`const urlUtils = require('../../../../shared/url-utils');`
Replaced i18n.t w/ tpl helper in serve-public-file.js (#13429) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. 2021-10-05 12:00:28 +03:00			`const tpl = require('@tryghost/tpl');`

			`const messages = {`
			`imageNotFound: 'Image not found'`
			`};`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`function createPublicFileMiddleware(file, type, maxAge) {`
ES6 migration: server/web/middleware (#9737) refs #9589 2018-09-10 15:07:57 +03:00			`let content;`
ES6 migration: server/web/ (#9886) refs #9589 2018-09-20 16:03:33 +03:00			`const publicFilePath = config.get('paths').publicFilePath;`
			`const filePath = file.match(/^public/) ? path.join(publicFilePath, file.replace(/^public/, '')) : path.join(publicFilePath, file);`
			`const blogRegex = /(\{\{blog-url\}\})/g;`
Prep shared API URL util for use on external sites refs #5942, #6150 There were a few key problems I was looking to solve with this: - Introduce a single point of truth for what the URL for accessing the API should be - Provide a simple way to configure the utility (much like a true SDK) As of this commit, this utility is still automatically available in a Ghost theme. To use it on an external site, the code would look like: ``` <script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script> <script type="text/javascript"> ghost.init({ clientId: "<your-client-id>", clientSecret: "<your-client-secret>" }); </script> ``` To achieve this, there have been a number of changes: - A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work. - The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`. - ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware - ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served - `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required - `{{ghost_head}}` has also had the meta tags for client id and secret removed - tests have been updated 2015-12-15 13:41:53 +03:00
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit 2020-10-20 02:02:56 +03:00			`return function servePublicFileMiddleware(req, res, next) {`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`if (content) {`
			`res.writeHead(200, content.headers);`
			`return res.end(content.body);`
			`}`
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms 2020-02-10 12:51:19 +03:00
			`// send image files directly and let express handle content-length, etag, etc`
			`if (type.match(/^image/)) {`
			`return res.sendFile(filePath, (err) => {`
			`if (err && err.status === 404) {`
			`// ensure we're triggering basic asset 404 and not a templated 404`
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file 2020-04-09 21:40:00 +03:00			`return next(new errors.NotFoundError({`
Replaced i18n.t w/ tpl helper in serve-public-file.js (#13429) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. 2021-10-05 12:00:28 +03:00			`message: tpl(messages.imageNotFound),`
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms 2020-02-10 12:51:19 +03:00			`code: 'STATIC_FILE_NOT_FOUND',`
			`property: err.path`
			`}));`
			`}`

Fixed error when serving public images from `servePublicFile` middleware no issue - when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect - only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware 2020-02-17 02:24:01 +03:00			`if (err) {`
			`return next(err);`
			`}`
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms 2020-02-10 12:51:19 +03:00			`});`
			`}`

			`// modify text files before caching+serving to ensure URL placeholders are transformed`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`fs.readFile(filePath, (err, buf) => {`
			`if (err) {`
			`return next(err);`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`}`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00
			`let str = buf.toString();`

			`if (type === 'text/xsl' \|\| type === 'text/plain' \|\| type === 'application/javascript') {`
Migrated to use url-utils from Ghost-SDK (#10787) closes #10773 - The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK - Added url-utils stubbing utility for test suites - Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups) 2019-06-18 16:13:55 +03:00			`str = str.replace(blogRegex, urlUtils.urlFor('home', true).replace(/\/$/, ''));`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`}`

			`content = {`
			`headers: {`
			`'Content-Type': type,`
			`'Content-Length': Buffer.from(str).length,`
			ETag: `"${crypto.createHash('md5').update(str, 'utf8').digest('hex')}"`,
			'Cache-Control': `public, max-age=${maxAge}`
			`},`
			`body: str`
			`};`
			`res.writeHead(200, content.headers);`
			`res.end(content.body);`
			`});`
			`};`
			`}`

			`// ### servePublicFile Middleware`
			`// Handles requests to robots.txt and favicon.ico (and caches them)`
			`function servePublicFile(file, type, maxAge) {`
			`const publicFileMiddleware = createPublicFileMiddleware(file, type, maxAge);`

Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit 2020-10-20 02:02:56 +03:00			`return function servePublicFileMiddleware(req, res, next) {`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`if (req.path === '/' + file) {`
			`return publicFileMiddleware(req, res, next);`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`} else {`
Switch to Eslint (#9197) refs #9178 * Add eslint deps, remove old lint deps * Add eslint config, remove old lint configs * Config for server and tests are different * Tweaked rules to suit us * Fix linting in codebase - lots of indent changes. * Fix a real broken test 2017-11-01 16:44:54 +03:00			`return next();`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`}`
			`};`
			`}`

💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`module.exports = servePublicFile;`
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members. 2019-04-23 17:24:33 +03:00			`module.exports.servePublicFile = servePublicFile;`
			`module.exports.createPublicFileMiddleware = createPublicFileMiddleware;`