const fastify = require('fastify')({ logger: true }) var uniqid = require('uniqid'); require('dotenv').config(); const argon2 = require('argon2'); let config = { domain: process.env.DOMAIN || "localhost:3000", https: (process.env.SSL === 'true') || false, env: process.env.NODE_ENV || 'development', recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'), registrationEnabled: (process.env.ENABLE_REGISTER === 'true'), jwt_secret: process.env.JWT_SECRET || "pleaseneverusethisdefaultsecret", getBaseUrl() { if (config.https) { return `https://${config.domain}`; } return `http://${config.domain}`; } } const knexConfiguration = require('../knexfile')[config.env]; const knex = require('knex')(knexConfiguration); const authenticate = { realm: 'Short' } fastify.register(require('fastify-auth')) fastify.register(require('fastify-basic-auth'), { validate, authenticate }); fastify.register(require('fastify-jwt'), { secret: config.jwt_secret }); fastify.register(require('fastify-cors'), { origin: true, preflight: true, preflightContinue: true }) fastify.decorate('verifyJWT', function async (request, reply, done) { let token = request.headers.authorization; if (!token || token == "" || token == "Bearer") { throw new Error("No jwt provided"); } if (token.startsWith("Bearer")) { token = token.replace("Bearer ", ""); fastify.log.info("Detected bearer and replaced it") } fastify.jwt.verify(token, async (err, decoded) => { if (err) { fastify.log.error(err) throw new Error("JWT Validation failed") } fastify.log.info(`Token verified. User is ${decoded.user}`); jwtcount = (await knex.select('jwtcount') .from('users') .where('username', '=', req.user) .limit(1))[0].jwtcount; if(decoded.jwtcount > jwtcount){ fastify.log.error("Auth ended at jwtcount") throw new Error("JWT in no longer valid") } fastify.log.info(`JWT count verified`); done() }) }) //Automagic Amazn redirects on /a/ fastify.get('/a/:id', async (req, res) => { res.redirect(302, `https://amazon.de/dp/${req.params.id}`) }) //Automagic Youtube redirects on /yt/ fastify.get('/yt/:id', async (req, res) => { res.redirect(302, `https://youtu.be/${req.params.id}`) }) //Automagic Youtube Playlist redirects on /ytpl/ fastify.get('/ytpl/:id', async (req, res) => { res.redirect(302, `https://youtube.com/playlist?list=${req.params.id}`) }) //Automagic ebay item redirects on /e/ fastify.get('/e/:id', async (req, res) => { res.redirect(302, `https://ebay.de/itm/${req.params.id}`) }) //Normal shorturls fastify.get('/:shortcode', async (req, res) => { const shortcode = req.params.shortcode; //This should never happen but better safe than 500 if (!shortcode) { return 404; } const target = await knex.select('target') .from('urls') .where('shortcode', '=', shortcode) .limit(1); if (!target[0]) { return 404 } res.redirect(302, target[0].target); await knex('visits').insert({ shortcode }); }) //Create new url schema const newUrlSchema = { body: { type: 'object', properties: { target: { type: 'string' }, shortcode: { type: 'string' }, } } }; //Create new url api route fastify.post('/api', { newUrlSchema }, async (req, res) => { const target = req.body?.target; let shortcode = req.body?.shortcode; //Check if the user provided a target if (!target) { res.statusCode = 400; return "Missing target"; } /** * If no custom shortcode is provided: Check if a code for the target already exists. * If it exists: No new get's generated => The existing code get's used. * If it doesn't exist: Generate a new code and proceed to creating a new db entry. */ if (!shortcode) { if (config.recognizeProviders) { const response = checkKnownProviders(target); if (response) { return response; } } const exists = await knex.select('shortcode') .from('urls') .where('target', '=', target) .limit(1); if (exists.length != 0) { shortcode = exists[0].shortcode; return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } } shortcode = uniqid(); } /** * If a custom shortcode is provided: Check for collisions. * Collision detected: Warn user * No collision: Proceed to db entry creation */ else { const exists = await knex.select('shortcode') .from('urls') .where('shortcode', '=', shortcode) .limit(1); if (exists.length != 0) { res.statusCode = 400; return "Shortcode already exists, please choose another code"; } } //Create a new db entry await knex('urls').insert({ target, shortcode }); return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } }); //Get stats api route fastify.get('/api/stats', async (req, res) => { const urls = await knex.select('shortcode') .from('urls'); const visits = await knex.select('timestamp') .from('visits'); return { urls: urls.length, visits: visits.length, } }); //Get url api route fastify.get('/api/:shortcode', async (req, res) => { const shortcode = req.params.shortcode; //This should never happen but better safe than 500 if (!shortcode) { return 404; } const exists = await knex.select('shortcode', 'target') .from('urls') .where('shortcode', '=', shortcode) .limit(1); if (exists.length == 0) { return 404; } const visits = await knex.select('timestamp') .from('visits') .where('shortcode', '=', shortcode); return { url: `${config.getBaseUrl()}/${exists[0].shortcode}`, shortcode: exists[0].shortcode, target: exists[0].target, visits: visits.length } }); //User registration fastify.post('/api/register', async (req, res) => { if (!config.registrationEnabled) { res.statusCode = 400; return "Registration was disabled by your admin"; } const username = req.body?.username; let password = req.body?.password; //Check if (!username || !password) { res.statusCode = 400; return "Missing username or password"; } const exists = await knex.select('username') .from('users') .where('username', '=', username) .limit(1); if (exists.length != 0) { res.statusCode = 400; return "User already exists"; } password = await argon2.hash(password); //Create a new db entry await knex('users').insert({ username, password }); return "Done!" }); //Anything in here has some kind of auth fastify.after(() => { //Get url api route fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => { const shortcode = req.params.shortcode; //This should never happen but better safe than 500 if (!shortcode) { return 404; } const exists = await knex.select('shortcode', 'target') .from('urls') .where('shortcode', '=', shortcode) .limit(1); if (exists.length == 0) { return 404; } const visits = await knex.select('timestamp') .from('visits') .where('shortcode', '=', shortcode); return visits; }); //Get url api route fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => { const shortcode = req.params.shortcode; //This should never happen but better safe than 500 if (!shortcode) { return 404; } await knex('urls') .where('shortcode', '=', shortcode) .delete(); res.statusCode = 204; return true; }); //Get all urls api route fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => { urls = await knex.select('target', 'shortcode') .from('urls'); for (let url of urls) { url.url = `${config.getBaseUrl()}/${url.shortcode}` if (req.query.showVisits) { url.visits = (await knex.select('timestamp') .from('visits') .where('shortcode', '=', url.shortcode)).length; } } return urls; }); fastify.post('/api/auth/login', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, reply) => { const jwtcount = (await knex.select('jwtcount') .from('users') .where('username', '=', req.user) .limit(1))[0].jwtcount; const payload = { user: req.user, jwtcount }; const token = fastify.jwt.sign({ payload }) reply.send({ token }); }); fastify.post('/api/auth/check', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, (req, reply) => { return "logged in"; }) }); /** * Checks for some default providers with custom url schemes (amazon and youtube r/n) * @param {string} target The target URL * @returns Standard shortening response if provider recognized or null */ function checkKnownProviders(target) { target = decodeURIComponent(target); const youtubeVideoID = target.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^\/\n\s]+\/\S+\/|(?:v|e(?:mbed)?)\/|\S*?[?&]v=)|youtu\.be\/)([a-zA-Z0-9_-]{11})/) if (youtubeVideoID) { const shortcode = `yt/${youtubeVideoID[1]}` return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } } const youtubePlaylistID = target.match(/(?:youtube(?:-nocookie)?\.com\/)playlist\?(?:.*)list=([a-zA-Z0-9_-]*)(?:&.*|)/) if (youtubePlaylistID) { const shortcode = `ytpl/${youtubePlaylistID[1]}` return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } } const amazonID = target.match(/(?:https?:\/\/|)(www|smile|)\.?(amazon|smile)\.(de)(?:(?:\/.*\/|\/)(?:dp|gp))(\/product\/|\/)([A-Z0-9]+)/); if (amazonID) { const shortcode = `a/${amazonID[5]}` return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } } const ebayID = target.match(/(?:[ebay]*(?:[\/]|[itm=])|^)([0-9]{9,12})/); if (ebayID) { const shortcode = `e/${ebayID[1]}` return { url: `${config.getBaseUrl()}/${shortcode}`, shortcode, target } } return null; } async function validate(username, password, req, reply) { if (!username || !password) { return new Error('Sorry only authorized users can do that.') } const user = await knex.select('username', 'password') .from('users') .where('username', '=', username) .limit(1); if (user.length == 0) { return new Error('Sorry m8, looks like you are not on the inivtation list'); } if (!(await argon2.verify(user[0].password, password))) { return new Error('Wrong credentials'); } req.user = username; } // Run the server! const start = async () => { try { await fastify.listen(3000, '0.0.0.0') } catch (err) { fastify.log.error(err) process.exit(1) } } start()