|
1 | 1 | // Thin read API over the indexed social graph. |
2 | 2 | import express from 'express'; |
3 | 3 | import path from 'node:path'; |
| 4 | +import { readFileSync } from 'node:fs'; |
4 | 5 | import { fileURLToPath } from 'node:url'; |
5 | 6 | import { getProfile, getFollows, getRelays, recentProfiles, connect, stats, searchProfiles, enrichCounts, followerCount } from './db.js'; |
6 | 7 | import { buildDidDocument } from './diddoc.js'; |
7 | 8 | import 'dotenv/config'; |
8 | 9 |
|
9 | 10 | const PUBLIC = path.join(path.dirname(fileURLToPath(import.meta.url)), '..', 'public'); |
| 11 | +const SITE = process.env.SITE_URL || 'https://nostr.social'; |
| 12 | + |
| 13 | +// ---- server-rendered OGP (social crawlers don't run JS) -------------------- |
| 14 | +const escAttr = (s) => String(s ?? '').replace(/[&<>"]/g, (c) => ({ '&': '&', '<': '<', '>': '>', '"': '"' }[c])); |
| 15 | +let SHELL; |
| 16 | +const shell = () => (SHELL ??= readFileSync(path.join(PUBLIC, 'index.html'), 'utf8')); |
| 17 | + |
| 18 | +// Inject <title> + Open Graph / Twitter meta into the SPA shell at <!--OGP-->. |
| 19 | +function renderShell(meta = {}) { |
| 20 | + const m = { |
| 21 | + title: 'Beacon · a directory of did:nostr identities', |
| 22 | + description: 'Profiles, the follow graph, and a verifiable DID document for every did:nostr key — indexed live from Nostr.', |
| 23 | + url: `${SITE}/`, type: 'website', image: '', ...meta, |
| 24 | + }; |
| 25 | + const tags = [ |
| 26 | + `<title>${escAttr(m.title)}</title>`, |
| 27 | + `<meta name="description" content="${escAttr(m.description)}">`, |
| 28 | + `<meta property="og:site_name" content="Beacon">`, |
| 29 | + `<meta property="og:type" content="${escAttr(m.type)}">`, |
| 30 | + `<meta property="og:title" content="${escAttr(m.title)}">`, |
| 31 | + `<meta property="og:description" content="${escAttr(m.description)}">`, |
| 32 | + `<meta property="og:url" content="${escAttr(m.url)}">`, |
| 33 | + m.image && `<meta property="og:image" content="${escAttr(m.image)}">`, |
| 34 | + `<meta name="twitter:card" content="${m.image ? 'summary_large_image' : 'summary'}">`, |
| 35 | + `<meta name="twitter:title" content="${escAttr(m.title)}">`, |
| 36 | + `<meta name="twitter:description" content="${escAttr(m.description)}">`, |
| 37 | + m.image && `<meta name="twitter:image" content="${escAttr(m.image)}">`, |
| 38 | + ].filter(Boolean).join('\n '); |
| 39 | + return shell().replace('<!--OGP-->', tags); |
| 40 | +} |
10 | 41 |
|
11 | 42 | export async function startServer(port = process.env.PORT || 3000) { |
12 | 43 | await connect(); |
13 | 44 | const app = express(); |
14 | 45 | // Public read-only resolver: allow cross-origin fetches so browser-based |
15 | 46 | // did:nostr resolvers can read the documents. |
16 | 47 | app.use((_req, res, next) => { res.setHeader('Access-Control-Allow-Origin', '*'); next(); }); |
17 | | - app.use(express.static(PUBLIC)); |
| 48 | + app.use(express.static(PUBLIC, { index: false })); |
| 49 | + |
| 50 | + // home shell (default OGP) |
| 51 | + app.get('/', (_req, res) => res.type('html').send(renderShell())); |
| 52 | + |
| 53 | + // per-profile shell with that identity's OGP (crawlable canonical URL) |
| 54 | + app.get('/p/:id', async (req, res, next) => { |
| 55 | + try { |
| 56 | + const id = String(req.params.id).toLowerCase(); |
| 57 | + if (!/^[0-9a-f]{64}$/.test(id)) return res.type('html').send(renderShell()); |
| 58 | + const p = await getProfile(id); |
| 59 | + let c = {}; try { c = JSON.parse(p?.content || '{}'); } catch { /* malformed */ } |
| 60 | + const name = c.name || c.display_name || `did:nostr:${id.slice(0, 8)}…`; |
| 61 | + const about = String(c.about || `A did:nostr identity · ${id.slice(0, 16)}…`).replace(/\s+/g, ' ').slice(0, 180); |
| 62 | + res.type('html').send(renderShell({ |
| 63 | + title: `${name} · Beacon`, description: about, url: `${SITE}/p/${id}`, |
| 64 | + type: 'profile', image: c.picture || '', |
| 65 | + })); |
| 66 | + } catch (e) { next(e); } |
| 67 | + }); |
18 | 68 |
|
19 | 69 | // Liveness/readiness: confirms Mongo is reachable (for haproxy httpchk + monitoring). |
20 | 70 | app.get('/healthz', async (_req, res) => { |
|
0 commit comments