2016-07-07 01:11:56 -07:00
|
|
|
var pug = require("pug");
|
2014-01-25 13:55:00 -06:00
|
|
|
var fs = require("fs");
|
|
|
|
|
var path = require("path");
|
|
|
|
|
var Config = require("../config");
|
|
|
|
|
var templates = path.join(__dirname, "..", "..", "templates");
|
2018-03-05 21:46:58 -08:00
|
|
|
|
|
|
|
|
const cache = new Map();
|
|
|
|
|
const LOGGER = require('@calzoneman/jsli')('web/pug');
|
2013-12-12 14:48:23 -06:00
|
|
|
|
|
|
|
|
/**
|
2016-07-07 01:11:56 -07:00
|
|
|
* Merges locals with globals for pug rendering
|
2013-12-12 14:48:23 -06:00
|
|
|
*/
|
2015-02-15 21:56:00 -06:00
|
|
|
function merge(locals, res) {
|
2013-12-12 14:48:23 -06:00
|
|
|
var _locals = {
|
2014-01-25 13:55:00 -06:00
|
|
|
siteTitle: Config.get("html-template.title"),
|
|
|
|
|
siteDescription: Config.get("html-template.description"),
|
2014-02-26 10:50:59 -06:00
|
|
|
siteAuthor: "Calvin 'calzoneman' 'cyzon' Montgomery",
|
2015-11-02 21:13:02 -08:00
|
|
|
csrfToken: typeof res.req.csrfToken === 'function' ? res.req.csrfToken() : '',
|
2017-06-16 00:16:59 -07:00
|
|
|
baseUrl: getBaseUrl(res),
|
|
|
|
|
channelPath: Config.get("channel-path"),
|
2013-12-12 14:48:23 -06:00
|
|
|
};
|
2014-01-25 13:55:00 -06:00
|
|
|
if (typeof locals !== "object") {
|
2013-12-12 14:48:23 -06:00
|
|
|
return _locals;
|
|
|
|
|
}
|
|
|
|
|
for (var key in locals) {
|
|
|
|
|
_locals[key] = locals[key];
|
|
|
|
|
}
|
|
|
|
|
return _locals;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-12 20:00:52 -07:00
|
|
|
function getBaseUrl(res) {
|
|
|
|
|
var req = res.req;
|
2015-12-12 16:25:59 -08:00
|
|
|
return req.realProtocol + "://" + req.header("host");
|
2015-08-12 20:00:52 -07:00
|
|
|
}
|
|
|
|
|
|
2013-12-12 14:48:23 -06:00
|
|
|
/**
|
2016-07-07 01:11:56 -07:00
|
|
|
* Renders and serves a pug template
|
2013-12-12 14:48:23 -06:00
|
|
|
*/
|
2016-07-07 01:11:56 -07:00
|
|
|
function sendPug(res, view, locals) {
|
2016-08-23 21:50:18 -07:00
|
|
|
if (!locals) {
|
|
|
|
|
locals = {};
|
|
|
|
|
}
|
Skip full user auth for most page renders
Previously, the user's session cookie was being checked against the
database for all non-static requests. However, this is not really
needed and wastes resources (and is slow).
For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:
* The cookies are already HMAC signed, so tampering with them ought to
be for all reasonable purposes, impossible.
* Assuming the worst case, all a nefarious user could manage to do is
change the text of the "Welcome, {user}" and cause a (non-functional)
ACP link to appear clientside, both of which are already possible by
using the Inspect Element tool.
For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
2017-08-01 21:40:26 -07:00
|
|
|
locals.loggedIn = nvl(locals.loggedIn, res.locals.loggedIn);
|
|
|
|
|
locals.loginName = nvl(locals.loginName, res.locals.loginName);
|
|
|
|
|
locals.superadmin = nvl(locals.superadmin, res.locals.superadmin);
|
|
|
|
|
|
2018-03-05 21:46:58 -08:00
|
|
|
let renderFn = cache.get(view);
|
|
|
|
|
|
|
|
|
|
if (!renderFn || Config.get("debug")) {
|
|
|
|
|
LOGGER.debug("Loading template %s", view);
|
|
|
|
|
|
2016-07-07 01:11:56 -07:00
|
|
|
var file = path.join(templates, view + ".pug");
|
2018-03-05 21:46:58 -08:00
|
|
|
renderFn = pug.compile(fs.readFileSync(file), {
|
2013-12-25 16:18:21 -05:00
|
|
|
filename: file,
|
2014-02-23 23:27:07 -06:00
|
|
|
pretty: !Config.get("http.minify")
|
2013-12-12 14:48:23 -06:00
|
|
|
});
|
2018-03-05 21:46:58 -08:00
|
|
|
|
|
|
|
|
cache.set(view, renderFn);
|
2013-12-12 14:48:23 -06:00
|
|
|
}
|
2018-03-05 21:46:58 -08:00
|
|
|
|
|
|
|
|
res.send(renderFn(merge(locals, res)));
|
2013-12-12 14:48:23 -06:00
|
|
|
}
|
|
|
|
|
|
Skip full user auth for most page renders
Previously, the user's session cookie was being checked against the
database for all non-static requests. However, this is not really
needed and wastes resources (and is slow).
For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:
* The cookies are already HMAC signed, so tampering with them ought to
be for all reasonable purposes, impossible.
* Assuming the worst case, all a nefarious user could manage to do is
change the text of the "Welcome, {user}" and cause a (non-functional)
ACP link to appear clientside, both of which are already possible by
using the Inspect Element tool.
For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
2017-08-01 21:40:26 -07:00
|
|
|
function nvl(a, b) {
|
|
|
|
|
if (typeof a === 'undefined') return b;
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-05 21:46:58 -08:00
|
|
|
function clearCache() {
|
|
|
|
|
let removed = 0;
|
|
|
|
|
|
|
|
|
|
for (const key of cache.keys()) {
|
|
|
|
|
cache.delete(key);
|
|
|
|
|
removed++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LOGGER.info('Removed %d compiled templates from the cache', removed);
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-12 14:48:23 -06:00
|
|
|
module.exports = {
|
2018-03-05 21:46:58 -08:00
|
|
|
sendPug: sendPug,
|
|
|
|
|
clearCache: clearCache
|
2013-12-12 14:48:23 -06:00
|
|
|
};
|
