linkylinky/src/server.js

const fastify = require('fastify')({ logger: true })
var uniqid = require('uniqid');
require('dotenv').config();
const argon2 = require('argon2');
const isBot = require('isbot')
const { makeBadge, ValidationError } = require('badge-maker')

let config = {
    domain: process.env.DOMAIN || "localhost:3000",
    https: (process.env.SSL === 'true') || false,
    env: process.env.NODE_ENV || 'development',
    recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
    registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
    jwt_secret: process.env.JWT_SECRET || "pleaseneverusethisdefaultsecret",
    getBaseUrl() {
        if (config.https) {
            return `https://${config.domain}`;
        }
        return `http://${config.domain}`;
    }
}
const knexConfiguration = require('../knexfile')[config.env];
const knex = require('knex')(knexConfiguration);

const authenticate = { realm: 'Short' }
fastify.register(require('fastify-auth'))
fastify.register(require('fastify-basic-auth'), { validate, authenticate });
fastify.register(require('fastify-jwt'), {
    secret: config.jwt_secret
});
fastify.register(require('fastify-cors'), {
    origin: true,
    preflight: true,
    preflightContinue: true
})

fastify.decorate('verifyJWT', function async(request, reply, done) {
    let token = request.headers.authorization;
    if (!token || token == "" || token == "Bearer") {
        done(new Error("No jwt provided"));
    }

    if (token.startsWith("Bearer")) {
        token = token.replace("Bearer ", "");
        fastify.log.info("Detected bearer and replaced it")
    }

    fastify.jwt.verify(token, async (err, decoded) => {
        if (err) {
            fastify.log.error("JWT validation failed:")
            done(new Error("JWT Validation failed"));
        }
        else {
            if (!decoded.payload) {
                done(new Error("JWT is empty"));
            }
            fastify.log.info(`Token verified. User is ${decoded.payload.user}`);

            const jwtcount = (await knex.select('jwtcount')
                .from('users')
                .where('username', '=', decoded.payload.user)
                .limit(1))[0].jwtcount;

            if (decoded.payload.jwtcount < jwtcount) {
                fastify.log.error("Auth ended at jwtcount")
                done(new Error("JWT in no longer valid"))
            }
            else {
                fastify.log.info(`JWT count verified`);
                request.user = decoded.payload.user;
                done()
            }
        }
    })
})

//Automagic Amazn redirects on /a/
fastify.get('/a/:id', async (req, res) => {
    res.redirect(302, `https://amazon.de/dp/${req.params.id}`)
    await knex('visits').insert({ shortcode: req.params.id, provider: 'a' });
})

//Automagic Youtube redirects on /yt/
fastify.get('/yt/:id', async (req, res) => {
    res.redirect(302, `https://youtu.be/${req.params.id}`)
    await knex('visits').insert({ shortcode: req.params.id, provider: 'yt' });
})
//Automagic Youtube Playlist redirects on /ytpl/
fastify.get('/ytpl/:id', async (req, res) => {
    res.redirect(302, `https://youtube.com/playlist?list=${req.params.id}`)
    await knex('visits').insert({ shortcode: req.params.id, provider: 'ytpl' });
})

//Automagic ebay item redirects on /e/
fastify.get('/e/:id', async (req, res) => {
    res.redirect(302, `https://ebay.de/itm/${req.params.id}`)
    await knex('visits').insert({ shortcode: req.params.id, provider: 'e' });
})

//Automagic reddit redirects on /r/
fastify.get('/r/:id', async (req, res) => {
    res.redirect(302, `https://redd.it/${req.params.id}`)
    await knex('visits').insert({ shortcode: req.params.id, provider: 'r' });
})

//Normal shorturls
fastify.get('/:shortcode', async (req, res) => {
    const shortcode = req.params.shortcode;

    //This should never happen but better safe than 500
    if (!shortcode) {
        return 404;
    }
    const target = await knex.select('target', 'no_preview', 'clientside')
        .from('urls')
        .where('shortcode', '=', shortcode)
        .limit(1);
    if (!target[0]) {
        return 404
    }

    if (isBot(req.headers['user-agent']) && target[0].no_preview) {
        res.type("text/html");
        return bot_html;
    }

    if (target[0].clientside) {
        res.type("text/html");
        return clientside_html.replace("{{targeturl}}", target[0].target)
    }

    res.redirect(302, target[0].target);
    await knex('visits').insert({ shortcode, provider: 'native' });
})

//Create new url schema
const newUrlSchema = {
    body: {
        type: 'object',
        properties: {
            target: { type: 'string' },
            shortcode: { type: 'string' },
            no_preview: { type: 'boolean' },
            clientside: { type: 'boolean' }
        }
    }
};

//Create new url api route
fastify.post('/api', { newUrlSchema }, async (req, res) => {
    const target = req.body?.target;
    let shortcode = req.body?.shortcode;
    let no_preview = req.body?.no_preview || false;
    let clientside = req.body?.clientside || false;

    //Check if the user provided a target
    if (!target) {
        res.statusCode = 400;
        return "Missing target";
    }

    /**
     * If no custom shortcode is provided: Check if a code for the target already exists.
     * If it exists: No new get's generated => The existing code get's used.
     * If it doesn't exist: Generate a new code and proceed to creating a new db entry.
     */
    if (!shortcode) {
        if (config.recognizeProviders) {
            const response = checkKnownProviders(target);
            if (response) {
                return response;
            }
        }
        const exists = await knex.select('shortcode', 'no_preview', 'clientside')
            .from('urls')
            .where('target', '=', target)
            .limit(1);
        if (exists.length != 0) {
            shortcode = exists[0].shortcode;
            return {
                url: `${config.getBaseUrl()}/${shortcode}`,
                shortcode,
                target,
                no_preview: exists[0].no_preview,
                clientside: exists[0].clientside
            }
        }
        shortcode = uniqid();
    }
    /**
     * If a custom shortcode is provided: Check for collisions.
     * Collision detected: Warn user
     * No collision: Proceed to db entry creation
     */
    else {
        const exists = await knex.select('shortcode')
            .from('urls')
            .where('shortcode', '=', shortcode)
            .limit(1);
        if (exists.length != 0) {
            res.statusCode = 400;
            return "Shortcode already exists, please choose another code";
        }
    }

    //Create a new db entry
    await knex('urls').insert({ target, shortcode, no_preview, clientside });

    return {
        url: `${config.getBaseUrl()}/${shortcode}`,
        shortcode,
        target,
        no_preview,
        clientside
    }
});

//Get stats api route
fastify.get('/api/stats', async (req, res) => {
    const urls = await knex.select('shortcode')
        .from('urls');

    const visits = await knex.select('timestamp')
        .from('visits');

    return {
        urls: urls.length,
        visits: visits.length,
    }
});

//Get url api route
fastify.get('/api/:shortcode', async (req, res) => {
    const shortcode = req.params.shortcode;

    //This should never happen but better safe than 500
    if (!shortcode) {
        return 404;
    }

    const exists = await knex.select('shortcode', 'target', 'no_preview', 'clientside')
        .from('urls')
        .where('shortcode', '=', shortcode)
        .limit(1);
    if (exists.length == 0) {
        return 404;
    }

    const visits = await knex.select('timestamp')
        .from('visits')
        .where('shortcode', '=', shortcode);

    return {
        url: `${config.getBaseUrl()}/${exists[0].shortcode}`,
        shortcode: exists[0].shortcode,
        target: exists[0].target,
        no_preview: exists[0].no_preview,
        clientside: exists[0].clientside,
        visits: visits.length
    }
});

//Get url api route
fastify.get('/api/badge/:shortcode', async (req, res) => {
    const shortcode = req.params.shortcode;
    const label = req.query.label || 'vists';
    const color = req.query.color || 'green';
    const style = req.query.style || 'for-the-badge';

    //This should never happen but better safe than 500
    if (!shortcode) {
        return 404;
    }

    const exists = await knex.select('shortcode', 'target', 'no_preview', 'clientside')
        .from('urls')
        .where('shortcode', '=', shortcode)
        .limit(1);
    if (exists.length == 0) {
        return 404;
    }

    const visits = await knex.select('timestamp')
        .from('visits')
        .where('shortcode', '=', shortcode);

    const format = {
        label,
        message: visits.length.toString(),
        color,
        style
    }
    
    res.type('image/svg+xml')
    return makeBadge(format);
});

//User registration
fastify.post('/api/auth/register', async (req, res) => {
    if (!config.registrationEnabled) {
        res.statusCode = 400;
        return "Registration was disabled by your admin";
    }

    const username = req.body?.username;
    let password = req.body?.password;

    //Check
    if (!username || !password) {
        res.statusCode = 400;
        return "Missing username or password";
    }

    const exists = await knex.select('username')
        .from('users')
        .where('username', '=', username)
        .limit(1);
    if (exists.length != 0) {
        res.statusCode = 400;
        return "User already exists";
    }

    password = await argon2.hash(password);

    //Create a new db entry
    await knex('users').insert({ username, password });

    return "Done!"
});

//Anything in here has some kind of auth
fastify.after(() => {
    //Get url visits api route
    fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
        const shortcode = req.params.shortcode;

        //This should never happen but better safe than 500
        if (!shortcode) {
            return 404;
        }

        const visits = await knex.select('timestamp', 'provider')
            .from('visits')
            .where('shortcode', '=', shortcode);

        return visits;
    });

    //Get all visits api route
    fastify.get('/api/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
        if (req.query.provider) {
            return await knex.select('shortcode', 'provider', 'timestamp')
                .from('visits')
                .where("provider", "=", req.query.provider);
        }
        return await knex.select('shortcode', 'provider', 'timestamp')
            .from('visits');
    });

    //Get url api route
    fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
        const shortcode = req.params.shortcode;

        //This should never happen but better safe than 500
        if (!shortcode) {
            return 404;
        }

        await knex('urls')
            .where('shortcode', '=', shortcode)
            .delete();

        res.statusCode = 204;
        return true;
    });

    //Get all urls api route
    fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
        urls = await knex.select('target', 'shortcode', 'no_preview', 'clientside')
            .from('urls');

        for (let url of urls) {
            url.url = `${config.getBaseUrl()}/${url.shortcode}`
            if (req.query.showVisits) {
                url.visits = (await knex.select('timestamp')
                    .from('visits')
                    .where('shortcode', '=', url.shortcode)).length;
            }
        }

        return urls;
    });

    fastify.post('/api/auth/login', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, reply) => {
        const jwtcount = (await knex.select('jwtcount')
            .from('users')
            .where('username', '=', req.user)
            .limit(1))[0].jwtcount;
        const payload = {
            user: req.user,
            jwtcount
        };
        const token = fastify.jwt.sign({ payload })
        reply.send({ token });
    });

    fastify.post('/api/auth/check', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, (req, reply) => {
        return "logged in";
    });

    fastify.post('/api/auth/logout', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
        let jwtcount = (await knex.select('jwtcount')
            .from('users')
            .where('username', '=', req.user)
            .limit(1))[0].jwtcount;
        jwtcount += 1;
        await knex('users')
            .where('username', '=', req.user)
            .update({
                jwtcount
            });

        return "Done!";
    });

    fastify.post('/api/auth/deleteme', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
        await knex('users')
            .where('username', '=', req.user)
            .delete();

        return "Done!";
    });

});



/**
 * Checks for some default providers with custom url schemes (amazon and youtube r/n)
 * @param {string} target The target URL
 * @returns Standard shortening response if provider recognized or null
 */
function checkKnownProviders(target) {
    target = decodeURIComponent(target);
    const youtubeVideoID = target.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^\/\n\s]+\/\S+\/|(?:v|e(?:mbed)?)\/|\S*?[?&]v=)|youtu\.be\/)([a-zA-Z0-9_-]{11})/)
    if (youtubeVideoID) {
        const shortcode = `yt/${youtubeVideoID[1]}`
        return {
            url: `${config.getBaseUrl()}/${shortcode}`,
            shortcode,
            target
        }
    }
    const youtubePlaylistID = target.match(/(?:youtube(?:-nocookie)?\.com\/)playlist\?(?:.*)list=([a-zA-Z0-9_-]*)(?:&.*|)/)
    if (youtubePlaylistID) {
        const shortcode = `ytpl/${youtubePlaylistID[1]}`
        return {
            url: `${config.getBaseUrl()}/${shortcode}`,
            shortcode,
            target
        }
    }
    const amazonID = target.match(/(?:https?:\/\/|)(www|smile|)\.?(amazon|smile)\.(de)(?:(?:\/.*\/|\/)(?:dp|gp))(\/product\/|\/)([A-Z0-9]+)/);
    if (amazonID) {
        const shortcode = `a/${amazonID[5]}`
        return {
            url: `${config.getBaseUrl()}/${shortcode}`,
            shortcode,
            target
        }
    }
    const ebayID = target.match(/(?:[ebay]*(?:[\/]|[itm=])|^)([0-9]{9,12})/);
    if (ebayID) {
        const shortcode = `e/${ebayID[1]}`
        return {
            url: `${config.getBaseUrl()}/${shortcode}`,
            shortcode,
            target
        }
    }

    const redditID = target.match(/(((((?:https?:)?\/\/)((?!about\.)[\w-]+?\.)?([rc]edd(?:it\.com|\.it)))(?!\/(?:blog|about|code|advertising|jobs|rules|wiki|contact|buttons|gold|page|help|prefs|user|message|widget)\b)((?:\/r\/[\w-]+\b(?<!\/pcmasterrace))|(?:\/tb))?(\/comments)??(\/\w{2,7}\b(?<!\/46ijrl)(?<!\/wiki))((?:(?!\))\S)*)))/);
    if (redditID) {
        const shortcode = `r${redditID[9]}`
        return {
            url: `${config.getBaseUrl()}/${shortcode}`,
            shortcode,
            target
        }
    }
    return null;
}

async function validate(username, password, req, reply) {
    if (!username || !password) {
        return new Error('Sorry only authorized users can do that.')
    }

    const user = await knex.select('username', 'password')
        .from('users')
        .where('username', '=', username)
        .limit(1);

    if (user.length == 0) {
        return new Error('Sorry m8, looks like you are not on the inivtation list');
    }
    if (!(await argon2.verify(user[0].password, password))) {
        return new Error('Wrong credentials');
    }
    req.user = username;
}

const bot_html = `<!DOCTYPE html>
        <html lang="en">
        <head>
            <meta charset="UTF-8">
            <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <meta name="viewport" content="width=device-width, initial-scale=1.0">
            <meta property="og:title" content="LinkyLinky">
            <meta property="og:site_name" content="LinkyLinky by Kauft.es">
            <meta property="og:url" content="https://kauft.es/">
            <meta property="og:description" content="LinkyLinky by Kauft.es is a custom url shortener. You're reading this, b/c someone doesn't want their shorturl to be indexed by bots/crawlers/spiders.">
            <meta property="og:type" content="article">
            <meta property="og:image" content="https://kauft.es/dashboard/icon_128.png">

            <title>LinkyLinky</title>
        </head>
        <body>
        <p align="center">
        <img height="150" src="https://kauft.es/dashboard/icon_128.png">
        <h1 align="center">LinkyLinky 🔗</h1>
        <h3 align="center">A small url shortener, originaly developed for kauft.es</h3>
        <p>LinkyLinky by Kauft.es is a custom url shortener.<br>
        You're reading this, b/c someone doesn't want their shorturl to be indexed by bots/crawlers/spiders.</p>
        </p>        
        </body>
        </html>
        `;

const clientside_html = `<!DOCTYPE html>
    <html lang="en">

    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta http-equiv="X-UA-Compatible" content="ie=edge">
        <meta name="robot" content="no-index">
    </head>

    <body>
    <style>
    body {
        background: black;
        overflow: hidden;
    }

    .containCube {
        position: relative;
        height: 100vh;
        width: 100%;
        perspective: 800px;
    }

    .containCube .cube {
        position: absolute;
        height: 300px;
        width: 300px;
        top: 0;
        right: 0;
        bottom: 0;
        left: 0;
        margin: auto;
        box-sizing: border-box;
        transform-style: preserve-3d;
        transform-origin: 50% 50%;
        -webkit-animation: rotate 20s ease-in-out infinite alternate;
        animation: rotate 20s ease-in-out infinite alternate;
    }

    .containCube .cubeGroup {
        position: absolute;
        display: grid;
        box-sizing: border-box;
        height: 100%;
        width: 100%;
        color: white;
        text-shadow: 0 0 1px black;
        border: 3px dashed white;
    }

    .containCube .cubeGroup h1 {
        margin: auto;
    }

    .containCube .cube-front {
        transform: translatez(150px);
    }

    .containCube .cube-rear {
        transform: translatez(-150px) rotatey(180deg);
    }

    .containCube .cube-right {
        transform-origin: 100%;
        transform: rotatey(90deg) translatex(150px);
    }

    .containCube .cube-left {
        transform-origin: 0%;
        transform: rotatey(-90deg) translatex(-150px);
    }

    .containCube .cube-bottom {
        transform-origin: 50% 100%;
        transform: rotatex(-90deg) translatey(150px);
    }

    .containCube .cube-top {
        transform-origin: 50% 0%;
        transform: rotatex(90deg) translatey(-150px);
    }

    .containCube .cube-1 {
        background: red;
    }

    .containCube .cube-2 {
        background: red;
    }

    .containCube .cube-3 {
        background: red;
    }

    .containCube .cube-4 {
        background: red;
    }

    .containCube .cube-5 {
        background: red;
    }

    .containCube .cube-6 {
        background: red;
    }

    @-webkit-keyframes rotate {
        10% {
            transform: rotate3d(1, 1, 0, 320deg);
        }

        20% {
            transform: rotate3d(1, 0, 0, -90deg);
        }

        30% {
            transform: rotate3d(1, 1, 0, 440deg);
        }

        40% {
            transform: rotate3d(1, 0, 0, -180deg);
        }

        50% {
            transform: rotate3d(1, 1, 0, 460deg);
        }

        60% {
            transform: rotate3d(0, 1, 0, -195deg);
        }

        70% {
            transform: rotate3d(1, 1, 0, 172deg);
        }

        80% {
            transform: rotate3d(0, 1, 0, -360deg);
        }

        90% {
            transform: rotate3d(1, 1, 0, 280deg);
        }
    }

    @keyframes rotate {
        10% {
            transform: rotate3d(1, 1, 0, 320deg);
        }

        20% {
            transform: rotate3d(1, 0, 0, -90deg);
        }

        30% {
            transform: rotate3d(1, 1, 0, 440deg);
        }

        40% {
            transform: rotate3d(1, 0, 0, -180deg);
        }

        50% {
            transform: rotate3d(1, 1, 0, 460deg);
        }

        60% {
            transform: rotate3d(0, 1, 0, -195deg);
        }

        70% {
            transform: rotate3d(1, 1, 0, 172deg);
        }

        80% {
            transform: rotate3d(0, 1, 0, -360deg);
        }

        90% {
            transform: rotate3d(1, 1, 0, 280deg);
        }
    }

    @-webkit-keyframes rotateZed {
        20% {
            transform: translatez(100px);
        }

        40% {
            transform: translatez(-100px);
        }

        60% {
            transform: translatez(100px);
        }

        80% {
            transform: translatez(-100px);
        }
    }

    @keyframes rotateZed {
        20% {
            transform: translatez(100px);
        }

        40% {
            transform: translatez(-100px);
        }

        60% {
            transform: translatez(100px);
        }

        80% {
            transform: translatez(-100px);
        }
    }
</style>

        <div class="containCube">
            <div class="cube">
                <div class="cubeGroup cube-front cube-1">
                    <h1>kauft.es</h1>
                </div>
                <div class="cubeGroup cube-top cube-2">
                    <h1>kauft.es</h1>
                </div>
                <div class="cubeGroup cube-left cube-3">
                    <h1>kauft.es</h1>
                </div>
                <div class="cubeGroup cube-right cube-4">
                    <h1>kauft.es</h1>
                </div>
                <div class="cubeGroup cube-rear cube-5">
                    <h1>kauft.es</h1>
                </div>
                <div class="cubeGroup cube-bottom cube-6">
                    <h1>kauft.es</h1>
                </div>
            </div>
        </div>

        <script>
            setTimeout(function () {
                location.replace("{{targeturl}}");
            }, 3000);//Delay 3 seconds
        </script>
    </body>

    </html>
`;

// Run the server!
const start = async () => {
    try {
        await fastify.listen(3000, '0.0.0.0')
    } catch (err) {
        fastify.log.error(err)
        process.exit(1)
    }
}
start()