server/app.ts

import { sentry } from "@/sentry";
import { cors } from "@hono/hono/cors";
import { prettyJSON } from "@hono/hono/pretty-json";
import { secureHeaders } from "@hono/hono/secure-headers";
import { OpenAPIHono } from "@hono/zod-openapi";
/* import { prometheus } from "@hono/prometheus";
 */ import { getLogger } from "@logtape/logtape";
import { config } from "~/packages/config-manager/index";
import { agentBans } from "./middlewares/agent-bans";
import { bait } from "./middlewares/bait";
import { boundaryCheck } from "./middlewares/boundary-check";
import { ipBans } from "./middlewares/ip-bans";
import { logger } from "./middlewares/logger";
import { handleGlitchRequest } from "./packages/glitch-server/main";
import { routes } from "./routes";
import type { ApiRouteExports } from "./types/api";

export const appFactory = async () => {
    const serverLogger = getLogger("server");

    const app = new OpenAPIHono({
        strict: false,
    });

    /* const { printMetrics, registerMetrics } = prometheus({
        collectDefaultMetrics: true,
        metricOptions: {
            requestsTotal: {
                customLabels: {
                    content_type: (c) =>
                        c.res.headers.get("content-type") ?? "unknown",
                },
            },
        },
    }); */

    app.use(ipBans);
    app.use(agentBans);
    app.use(bait);
    app.use(logger);
    app.use(boundaryCheck);
    app.use(
        "/api/*",
        secureHeaders({
            contentSecurityPolicy: {
                // We will not be returning HTML, so everything should be blocked
                defaultSrc: ["'none'"],
                scriptSrc: ["'none'"],
                styleSrc: ["'none'"],
                imgSrc: ["'none'"],
                connectSrc: ["'none'"],
                fontSrc: ["'none'"],
                objectSrc: ["'none'"],
                mediaSrc: ["'none'"],
                frameSrc: ["'none'"],
                frameAncestors: ["'none'"],
                baseUri: ["'none'"],
                formAction: ["'none'"],
                childSrc: ["'none'"],
                workerSrc: ["'none'"],
                manifestSrc: ["'none'"],
            },
            referrerPolicy: "no-referrer",
            xFrameOptions: "DENY",
            xContentTypeOptions: "nosniff",
            crossOriginEmbedderPolicy: "require-corp",
            crossOriginOpenerPolicy: "same-origin",
            crossOriginResourcePolicy: "same-origin",
        }),
    );
    app.use(
        prettyJSON({
            space: 4,
        }),
    );
    app.use(
        cors({
            origin: "*",
            allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE"],
            credentials: true,
        }),
    );
    /* app.use("*", registerMetrics);
    app.get("/metrics", printMetrics); */
    // Disabled as federation now checks for this
    // app.use(urlCheck);

    // Inject own filesystem router
    for (const [, path] of Object.entries(routes)) {
        // use app.get(path, handler) to add routes
        const route: ApiRouteExports = await import(path);

        if (!(route.meta && route.default)) {
            throw new Error(`Route ${path} does not have the correct exports.`);
        }

        route.default(app);
    }

    app.options("*", (context) => {
        return context.text("", 204);
    });

    app.all("*", async (context) => {
        if (config.frontend.glitch.enabled) {
            const glitch = await handleGlitchRequest(context.req.raw);

            if (glitch) {
                return glitch;
            }
        }

        const replacedUrl = new URL(
            new URL(context.req.url).pathname,
            config.frontend.url,
        ).toString();

        serverLogger.debug`Proxying ${replacedUrl}`;

        const proxy = await fetch(replacedUrl, {
            headers: {
                // Include for SSR
                "X-Forwarded-Host": `${config.http.bind}:${config.http.bind_port}`,
                "Accept-Encoding": "identity",
            },
            redirect: "manual",
        }).catch((e) => {
            serverLogger.error`${e}`;
            sentry?.captureException(e);
            serverLogger.error`The Frontend is not running or the route is not found: ${replacedUrl}`;
            return null;
        });

        proxy?.headers.set("Cache-Control", "max-age=31536000");

        if (!proxy || proxy.status === 404) {
            return context.json(
                {
                    error: "Route not found on proxy or API route. Are you using the correct HTTP method?",
                },
                404,
            );
        }

        // Disable CSP upgrade-insecure-requests if an .onion domain is used
        if (new URL(context.req.url).hostname.endsWith(".onion")) {
            proxy.headers.set(
                "Content-Security-Policy",
                proxy.headers
                    .get("Content-Security-Policy")
                    ?.replace("upgrade-insecure-requests;", "") ?? "",
            );
        }

        return proxy;
    });

    app.onError((error, c) => {
        const serverLogger = getLogger("server");
        serverLogger.error`${error}`;
        sentry?.captureException(error);
        return c.json(
            {
                error: "A server error occured",
                name: error.name,
                message: error.message,
            },
            500,
        );
    });

    return app;
};

export type App = Awaited<ReturnType<typeof appFactory>>;
feat: :sparkles: Add Sentry support 2024-07-24 18:10:29 +02:00			`import { sentry } from "@/sentry";`
feat: :sparkles: Add more utility middleware 2024-08-19 21:17:25 +02:00			`import { cors } from "@hono/hono/cors";`
			`import { prettyJSON } from "@hono/hono/pretty-json";`
			`import { secureHeaders } from "@hono/hono/secure-headers";`
refactor(api): :recycle: Use OpenAPIHono instead of Hono in preparation for future changes 2024-08-27 16:40:11 +02:00			`import { OpenAPIHono } from "@hono/zod-openapi";`
fix: :fire: Remove Prometheus integration as it is causing issues 2024-08-19 21:53:39 +02:00			`/* import { prometheus } from "@hono/prometheus";`
			`*/ import { getLogger } from "@logtape/logtape";`
refactor: :fire: Remove old config-manager symlink 2024-08-19 14:43:54 +02:00			`import { config } from "~/packages/config-manager/index";`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`import { agentBans } from "./middlewares/agent-bans";`
			`import { bait } from "./middlewares/bait";`
			`import { boundaryCheck } from "./middlewares/boundary-check";`
			`import { ipBans } from "./middlewares/ip-bans";`
			`import { logger } from "./middlewares/logger";`
			`import { handleGlitchRequest } from "./packages/glitch-server/main";`
			`import { routes } from "./routes";`
			`import type { ApiRouteExports } from "./types/api";`

			`export const appFactory = async () => {`
			`const serverLogger = getLogger("server");`

refactor(api): :recycle: Use OpenAPIHono instead of Hono in preparation for future changes 2024-08-27 16:40:11 +02:00			`const app = new OpenAPIHono({`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`strict: false,`
			`});`

fix: :fire: Remove Prometheus integration as it is causing issues 2024-08-19 21:53:39 +02:00			`/* const { printMetrics, registerMetrics } = prometheus({`
feat: :sparkles: Implement Prometheus support 2024-08-19 21:23:47 +02:00			`collectDefaultMetrics: true,`
			`metricOptions: {`
			`requestsTotal: {`
			`customLabels: {`
			`content_type: (c) =>`
			`c.res.headers.get("content-type") ?? "unknown",`
			`},`
			`},`
			`},`
fix: :fire: Remove Prometheus integration as it is causing issues 2024-08-19 21:53:39 +02:00			`}); */`
feat: :sparkles: Implement Prometheus support 2024-08-19 21:23:47 +02:00
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`app.use(ipBans);`
			`app.use(agentBans);`
			`app.use(bait);`
			`app.use(logger);`
			`app.use(boundaryCheck);`
feat: :sparkles: Add more utility middleware 2024-08-19 21:17:25 +02:00			`app.use(`
fix: :bug: Only apply security headers to /api/* 2024-08-19 21:26:13 +02:00			`"/api/*",`
feat: :sparkles: Add more utility middleware 2024-08-19 21:17:25 +02:00			`secureHeaders({`
			`contentSecurityPolicy: {`
			`// We will not be returning HTML, so everything should be blocked`
			`defaultSrc: ["'none'"],`
			`scriptSrc: ["'none'"],`
			`styleSrc: ["'none'"],`
			`imgSrc: ["'none'"],`
			`connectSrc: ["'none'"],`
			`fontSrc: ["'none'"],`
			`objectSrc: ["'none'"],`
			`mediaSrc: ["'none'"],`
			`frameSrc: ["'none'"],`
			`frameAncestors: ["'none'"],`
			`baseUri: ["'none'"],`
			`formAction: ["'none'"],`
			`childSrc: ["'none'"],`
			`workerSrc: ["'none'"],`
			`manifestSrc: ["'none'"],`
			`},`
			`referrerPolicy: "no-referrer",`
			`xFrameOptions: "DENY",`
			`xContentTypeOptions: "nosniff",`
			`crossOriginEmbedderPolicy: "require-corp",`
			`crossOriginOpenerPolicy: "same-origin",`
			`crossOriginResourcePolicy: "same-origin",`
			`}),`
			`);`
			`app.use(`
			`prettyJSON({`
			`space: 4,`
			`}),`
			`);`
			`app.use(`
			`cors({`
			`origin: "*",`
			`allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE"],`
			`credentials: true,`
			`}),`
			`);`
fix: :fire: Remove Prometheus integration as it is causing issues 2024-08-19 21:53:39 +02:00			`/* app.use("*", registerMetrics);`
			`app.get("/metrics", printMetrics); */`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`// Disabled as federation now checks for this`
			`// app.use(urlCheck);`

			`// Inject own filesystem router`
			`for (const [, path] of Object.entries(routes)) {`
			`// use app.get(path, handler) to add routes`
			`const route: ApiRouteExports = await import(path);`

			`if (!(route.meta && route.default)) {`
			throw new Error(`Route ${path} does not have the correct exports.`);
			`}`

			`route.default(app);`
			`}`

fix: :fire: Remove Prometheus integration as it is causing issues 2024-08-19 21:53:39 +02:00			`app.options("*", (context) => {`
			`return context.text("", 204);`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`});`

			`app.all("*", async (context) => {`
			`if (config.frontend.glitch.enabled) {`
			`const glitch = await handleGlitchRequest(context.req.raw);`

			`if (glitch) {`
			`return glitch;`
			`}`
			`}`

			`const replacedUrl = new URL(`
			`new URL(context.req.url).pathname,`
			`config.frontend.url,`
			`).toString();`

			serverLogger.debug`Proxying ${replacedUrl}`;

			`const proxy = await fetch(replacedUrl, {`
			`headers: {`
			`// Include for SSR`
			"X-Forwarded-Host": `${config.http.bind}:${config.http.bind_port}`,
			`"Accept-Encoding": "identity",`
			`},`
			`redirect: "manual",`
			`}).catch((e) => {`
			serverLogger.error`${e}`;
feat(api): :sparkles: Add more Sentry logging 2024-07-24 19:04:00 +02:00			`sentry?.captureException(e);`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			serverLogger.error`The Frontend is not running or the route is not found: ${replacedUrl}`;
			`return null;`
			`});`

			`proxy?.headers.set("Cache-Control", "max-age=31536000");`

			`if (!proxy \|\| proxy.status === 404) {`
refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`return context.json(`
			`{`
			`error: "Route not found on proxy or API route. Are you using the correct HTTP method?",`
			`},`
refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`404,`
			`);`
			`}`

			`// Disable CSP upgrade-insecure-requests if an .onion domain is used`
			`if (new URL(context.req.url).hostname.endsWith(".onion")) {`
			`proxy.headers.set(`
			`"Content-Security-Policy",`
			`proxy.headers`
			`.get("Content-Security-Policy")`
			`?.replace("upgrade-insecure-requests;", "") ?? "",`
			`);`
			`}`

			`return proxy;`
			`});`

refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`app.onError((error, c) => {`
feat(api): :sparkles: Log all server errors in logs 2024-07-24 17:19:23 +02:00			`const serverLogger = getLogger("server");`
			serverLogger.error`${error}`;
feat: :sparkles: Add Sentry support 2024-07-24 18:10:29 +02:00			`sentry?.captureException(error);`
refactor: :recycle: Use native Hono return functions instead of custom ones 2024-08-19 21:03:59 +02:00			`return c.json(`
feat(api): :sparkles: Add global server error handler 2024-07-20 00:30:13 +02:00			`{`
			`error: "A server error occured",`
			`name: error.name,`
			`message: error.message,`
			`},`
			`500,`
			`);`
			`});`

refactor(api): :recycle: Use Web Workers instead of spawning the same process once for each thread 2024-06-27 02:44:08 +02:00			`return app;`
			`};`
refactor: :arrow_up: Upgrade dependencies, use JSR for Hono 2024-07-11 12:56:28 +02:00
			`export type App = Awaited<ReturnType<typeof appFactory>>;`