kauft.es
/
linkylinky
4
0
Fork 0
Code Issues 1 Pull Requests 10 Projects Releases Wiki Activity
linkylinky/src/server.js

802 lines
23 KiB
JavaScript
Raw Permalink Blame History

const fastify = require('fastify')({ logger: true })
var uniqid = require('uniqid');
require('dotenv').config();
const argon2 = require('argon2');
const isBot = require('isbot')
const { makeBadge, ValidationError } = require('badge-maker')
let config = {
domain: process.env.DOMAIN || "localhost:3000",
https: (process.env.SSL === 'true') || false,
env: process.env.NODE_ENV || 'development',
recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
jwt_secret: process.env.JWT_SECRET || "pleaseneverusethisdefaultsecret",
getBaseUrl() {
if (config.https) {
return `https://${config.domain}`;
}
return `http://${config.domain}`;
}
}
const knexConfiguration = require('../knexfile')[config.env];
const knex = require('knex')(knexConfiguration);
const authenticate = { realm: 'Short' }
fastify.register(require('fastify-auth'))
fastify.register(require('fastify-basic-auth'), { validate, authenticate });
fastify.register(require('fastify-jwt'), {
secret: config.jwt_secret
});
fastify.register(require('fastify-cors'), {
origin: true,
preflight: true,
preflightContinue: true
})
fastify.decorate('verifyJWT', function async(request, reply, done) {
let token = request.headers.authorization;
if (!token || token == "" || token == "Bearer") {
done(new Error("No jwt provided"));
}
if (token.startsWith("Bearer")) {
token = token.replace("Bearer ", "");
fastify.log.info("Detected bearer and replaced it")
}
fastify.jwt.verify(token, async (err, decoded) => {
if (err) {
fastify.log.error("JWT validation failed:")
done(new Error("JWT Validation failed"));
}
else {
if (!decoded.payload) {
done(new Error("JWT is empty"));
}
fastify.log.info(`Token verified. User is ${decoded.payload.user}`);
const jwtcount = (await knex.select('jwtcount')
.from('users')
.where('username', '=', decoded.payload.user)
.limit(1))[0].jwtcount;
if (decoded.payload.jwtcount < jwtcount) {
fastify.log.error("Auth ended at jwtcount")
done(new Error("JWT in no longer valid"))
}
else {
fastify.log.info(`JWT count verified`);
request.user = decoded.payload.user;
done()
}
}
})
})
//Automagic Amazn redirects on /a/
fastify.get('/a/:id', async (req, res) => {
res.redirect(302, `https://amazon.de/dp/${req.params.id}`)
await knex('visits').insert({ shortcode: req.params.id, provider: 'a' });
})
//Automagic Youtube redirects on /yt/
fastify.get('/yt/:id', async (req, res) => {
res.redirect(302, `https://youtu.be/${req.params.id}`)
await knex('visits').insert({ shortcode: req.params.id, provider: 'yt' });
})
//Automagic Youtube Playlist redirects on /ytpl/
fastify.get('/ytpl/:id', async (req, res) => {
res.redirect(302, `https://youtube.com/playlist?list=${req.params.id}`)
await knex('visits').insert({ shortcode: req.params.id, provider: 'ytpl' });
})
//Automagic ebay item redirects on /e/
fastify.get('/e/:id', async (req, res) => {
res.redirect(302, `https://ebay.de/itm/${req.params.id}`)
await knex('visits').insert({ shortcode: req.params.id, provider: 'e' });
})
//Automagic reddit redirects on /r/
fastify.get('/r/:id', async (req, res) => {
res.redirect(302, `https://redd.it/${req.params.id}`)
await knex('visits').insert({ shortcode: req.params.id, provider: 'r' });
})
//Normal shorturls
fastify.get('/:shortcode', async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const target = await knex.select('target', 'no_preview', 'clientside')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (!target[0]) {
return 404
}
if (isBot(req.headers['user-agent']) && target[0].no_preview) {
res.type("text/html");
return bot_html;
}
if (target[0].clientside) {
res.type("text/html");
return clientside_html.replace("{{targeturl}}", target[0].target)
}
res.redirect(302, target[0].target);
await knex('visits').insert({ shortcode, provider: 'native' });
})
//Create new url schema
const newUrlSchema = {
body: {
type: 'object',
properties: {
target: { type: 'string' },
shortcode: { type: 'string' },
no_preview: { type: 'boolean' },
clientside: { type: 'boolean' }
}
}
};
//Create new url api route
fastify.post('/api', { newUrlSchema }, async (req, res) => {
const target = req.body?.target;
let shortcode = req.body?.shortcode;
let no_preview = req.body?.no_preview || false;
let clientside = req.body?.clientside || false;
//Check if the user provided a target
if (!target) {
res.statusCode = 400;
return "Missing target";
}
/**
* If no custom shortcode is provided: Check if a code for the target already exists.
* If it exists: No new get's generated => The existing code get's used.
* If it doesn't exist: Generate a new code and proceed to creating a new db entry.
*/
if (!shortcode) {
if (config.recognizeProviders) {
const response = checkKnownProviders(target);
if (response) {
return response;
}
}
const exists = await knex.select('shortcode', 'no_preview', 'clientside')
.from('urls')
.where('target', '=', target)
.limit(1);
if (exists.length != 0) {
shortcode = exists[0].shortcode;
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target,
no_preview: exists[0].no_preview,
clientside: exists[0].clientside
}
}
shortcode = uniqid();
}
/**
* If a custom shortcode is provided: Check for collisions.
* Collision detected: Warn user
* No collision: Proceed to db entry creation
*/
else {
const exists = await knex.select('shortcode')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length != 0) {
res.statusCode = 400;
return "Shortcode already exists, please choose another code";
}
}
//Create a new db entry
await knex('urls').insert({ target, shortcode, no_preview, clientside });
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target,
no_preview,
clientside
}
});
//Get stats api route
fastify.get('/api/stats', async (req, res) => {
const urls = await knex.select('shortcode')
.from('urls');
const visits = await knex.select('timestamp')
.from('visits');
return {
urls: urls.length,
visits: visits.length,
}
});
//Get url api route
fastify.get('/api/:shortcode', async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const exists = await knex.select('shortcode', 'target', 'no_preview', 'clientside')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length == 0) {
return 404;
}
const visits = await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', shortcode);
return {
url: `${config.getBaseUrl()}/${exists[0].shortcode}`,
shortcode: exists[0].shortcode,
target: exists[0].target,
no_preview: exists[0].no_preview,
clientside: exists[0].clientside,
visits: visits.length
}
});
//Get url api route
fastify.get('/api/badge/:shortcode', async (req, res) => {
const shortcode = req.params.shortcode;
const label = req.query.label || 'vists';
const color = req.query.color || 'green';
const style = req.query.style || 'for-the-badge';
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const exists = await knex.select('shortcode', 'target', 'no_preview', 'clientside')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length == 0) {
return 404;
}
const visits = await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', shortcode);
const format = {
label,
message: visits.length.toString(),
color,
style
}
res.type('image/svg+xml')
return makeBadge(format);
});
//User registration
fastify.post('/api/auth/register', async (req, res) => {
if (!config.registrationEnabled) {
res.statusCode = 400;
return "Registration was disabled by your admin";
}
const username = req.body?.username;
let password = req.body?.password;
//Check
if (!username || !password) {
res.statusCode = 400;
return "Missing username or password";
}
const exists = await knex.select('username')
.from('users')
.where('username', '=', username)
.limit(1);
if (exists.length != 0) {
res.statusCode = 400;
return "User already exists";
}
password = await argon2.hash(password);
//Create a new db entry
await knex('users').insert({ username, password });
return "Done!"
});
//Anything in here has some kind of auth
fastify.after(() => {
//Get url visits api route
fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const visits = await knex.select('timestamp', 'provider')
.from('visits')
.where('shortcode', '=', shortcode);
return visits;
});
//Get all visits api route
fastify.get('/api/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
if (req.query.provider) {
return await knex.select('shortcode', 'provider', 'timestamp')
.from('visits')
.where("provider", "=", req.query.provider);
}
return await knex.select('shortcode', 'provider', 'timestamp')
.from('visits');
});
//Get url api route
fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
await knex('urls')
.where('shortcode', '=', shortcode)
.delete();
res.statusCode = 204;
return true;
});
//Get all urls api route
fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
urls = await knex.select('target', 'shortcode', 'no_preview', 'clientside')
.from('urls');
for (let url of urls) {
url.url = `${config.getBaseUrl()}/${url.shortcode}`
if (req.query.showVisits) {
url.visits = (await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', url.shortcode)).length;
}
}
return urls;
});
fastify.post('/api/auth/login', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, reply) => {
const jwtcount = (await knex.select('jwtcount')
.from('users')
.where('username', '=', req.user)
.limit(1))[0].jwtcount;
const payload = {
user: req.user,
jwtcount
};
const token = fastify.jwt.sign({ payload })
reply.send({ token });
});
fastify.post('/api/auth/check', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, (req, reply) => {
return "logged in";
});
fastify.post('/api/auth/logout', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
let jwtcount = (await knex.select('jwtcount')
.from('users')
.where('username', '=', req.user)
.limit(1))[0].jwtcount;
jwtcount += 1;
await knex('users')
.where('username', '=', req.user)
.update({
jwtcount
});
return "Done!";
});
fastify.post('/api/auth/deleteme', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
await knex('users')
.where('username', '=', req.user)
.delete();
return "Done!";
});
});
/**
* Checks for some default providers with custom url schemes (amazon and youtube r/n)
* @param {string} target The target URL
* @returns Standard shortening response if provider recognized or null
*/
function checkKnownProviders(target) {
target = decodeURIComponent(target);
const youtubeVideoID = target.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^\/\n\s]+\/\S+\/|(?:v|e(?:mbed)?)\/|\S*?[?&]v=)|youtu\.be\/)([a-zA-Z0-9_-]{11})/)
if (youtubeVideoID) {
const shortcode = `yt/${youtubeVideoID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const youtubePlaylistID = target.match(/(?:youtube(?:-nocookie)?\.com\/)playlist\?(?:.*)list=([a-zA-Z0-9_-]*)(?:&.*|)/)
if (youtubePlaylistID) {
const shortcode = `ytpl/${youtubePlaylistID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const amazonID = target.match(/(?:https?:\/\/|)(www|smile|)\.?(amazon|smile)\.(de)(?:(?:\/.*\/|\/)(?:dp|gp))(\/product\/|\/)([A-Z0-9]+)/);
if (amazonID) {
const shortcode = `a/${amazonID[5]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const ebayID = target.match(/(?:[ebay]*(?:[\/]|[itm=])|^)([0-9]{9,12})/);
if (ebayID) {
const shortcode = `e/${ebayID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const redditID = target.match(/(((((?:https?:)?\/\/)((?!about\.)[\w-]+?\.)?([rc]edd(?:it\.com|\.it)))(?!\/(?:blog|about|code|advertising|jobs|rules|wiki|contact|buttons|gold|page|help|prefs|user|message|widget)\b)((?:\/r\/[\w-]+\b(?<!\/pcmasterrace))|(?:\/tb))?(\/comments)??(\/\w{2,7}\b(?<!\/46ijrl)(?<!\/wiki))((?:(?!\))\S)*)))/);
if (redditID) {
const shortcode = `r${redditID[9]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
return null;
}
async function validate(username, password, req, reply) {
if (!username || !password) {
return new Error('Sorry only authorized users can do that.')
}
const user = await knex.select('username', 'password')
.from('users')
.where('username', '=', username)
.limit(1);
if (user.length == 0) {
return new Error('Sorry m8, looks like you are not on the inivtation list');
}
if (!(await argon2.verify(user[0].password, password))) {
return new Error('Wrong credentials');
}
req.user = username;
}
const bot_html = `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta property="og:title" content="LinkyLinky">
<meta property="og:site_name" content="LinkyLinky by Kauft.es">
<meta property="og:url" content="https://kauft.es/">
<meta property="og:description" content="LinkyLinky by Kauft.es is a custom url shortener. You're reading this, b/c someone doesn't want their shorturl to be indexed by bots/crawlers/spiders.">
<meta property="og:type" content="article">
<meta property="og:image" content="https://kauft.es/dashboard/icon_128.png">
<title>LinkyLinky</title>
</head>
<body>
<p align="center">
<img height="150" src="https://kauft.es/dashboard/icon_128.png">
<h1 align="center">LinkyLinky 🔗</h1>
<h3 align="center">A small url shortener, originaly developed for kauft.es</h3>
<p>LinkyLinky by Kauft.es is a custom url shortener.<br>
You're reading this, b/c someone doesn't want their shorturl to be indexed by bots/crawlers/spiders.</p>
</p>
</body>
</html>
`;
const clientside_html = `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<meta name="robot" content="no-index">
</head>
<body>
<style>
body {
background: black;
overflow: hidden;
}
.containCube {
position: relative;
height: 100vh;
width: 100%;
perspective: 800px;
}
.containCube .cube {
position: absolute;
height: 300px;
width: 300px;
top: 0;
right: 0;
bottom: 0;
left: 0;
margin: auto;
box-sizing: border-box;
transform-style: preserve-3d;
transform-origin: 50% 50%;
-webkit-animation: rotate 20s ease-in-out infinite alternate;
animation: rotate 20s ease-in-out infinite alternate;
}
.containCube .cubeGroup {
position: absolute;
display: grid;
box-sizing: border-box;
height: 100%;
width: 100%;
color: white;
text-shadow: 0 0 1px black;
border: 3px dashed white;
}
.containCube .cubeGroup h1 {
margin: auto;
}
.containCube .cube-front {
transform: translatez(150px);
}
.containCube .cube-rear {
transform: translatez(-150px) rotatey(180deg);
}
.containCube .cube-right {
transform-origin: 100%;
transform: rotatey(90deg) translatex(150px);
}
.containCube .cube-left {
transform-origin: 0%;
transform: rotatey(-90deg) translatex(-150px);
}
.containCube .cube-bottom {
transform-origin: 50% 100%;
transform: rotatex(-90deg) translatey(150px);
}
.containCube .cube-top {
transform-origin: 50% 0%;
transform: rotatex(90deg) translatey(-150px);
}
.containCube .cube-1 {
background: red;
}
.containCube .cube-2 {
background: red;
}
.containCube .cube-3 {
background: red;
}
.containCube .cube-4 {
background: red;
}
.containCube .cube-5 {
background: red;
}
.containCube .cube-6 {
background: red;
}
@-webkit-keyframes rotate {
10% {
transform: rotate3d(1, 1, 0, 320deg);
}
20% {
transform: rotate3d(1, 0, 0, -90deg);
}
30% {
transform: rotate3d(1, 1, 0, 440deg);
}
40% {
transform: rotate3d(1, 0, 0, -180deg);
}
50% {
transform: rotate3d(1, 1, 0, 460deg);
}
60% {
transform: rotate3d(0, 1, 0, -195deg);
}
70% {
transform: rotate3d(1, 1, 0, 172deg);
}
80% {
transform: rotate3d(0, 1, 0, -360deg);
}
90% {
transform: rotate3d(1, 1, 0, 280deg);
}
}
@keyframes rotate {
10% {
transform: rotate3d(1, 1, 0, 320deg);
}
20% {
transform: rotate3d(1, 0, 0, -90deg);
}
30% {
transform: rotate3d(1, 1, 0, 440deg);
}
40% {
transform: rotate3d(1, 0, 0, -180deg);
}
50% {
transform: rotate3d(1, 1, 0, 460deg);
}
60% {
transform: rotate3d(0, 1, 0, -195deg);
}
70% {
transform: rotate3d(1, 1, 0, 172deg);
}
80% {
transform: rotate3d(0, 1, 0, -360deg);
}
90% {
transform: rotate3d(1, 1, 0, 280deg);
}
}
@-webkit-keyframes rotateZed {
20% {
transform: translatez(100px);
}
40% {
transform: translatez(-100px);
}
60% {
transform: translatez(100px);
}
80% {
transform: translatez(-100px);
}
}
@keyframes rotateZed {
20% {
transform: translatez(100px);
}
40% {
transform: translatez(-100px);
}
60% {
transform: translatez(100px);
}
80% {
transform: translatez(-100px);
}
}
</style>
<div class="containCube">
<div class="cube">
<div class="cubeGroup cube-front cube-1">
<h1>kauft.es</h1>
</div>
<div class="cubeGroup cube-top cube-2">
<h1>kauft.es</h1>
</div>
<div class="cubeGroup cube-left cube-3">
<h1>kauft.es</h1>
</div>
<div class="cubeGroup cube-right cube-4">
<h1>kauft.es</h1>
</div>
<div class="cubeGroup cube-rear cube-5">
<h1>kauft.es</h1>
</div>
<div class="cubeGroup cube-bottom cube-6">
<h1>kauft.es</h1>
</div>
</div>
</div>
<script>
setTimeout(function () {
location.replace("{{targeturl}}");
}, 3000);//Delay 3 seconds
</script>
</body>
</html>
`;
// Run the server!
const start = async () => {
try {
await fastify.listen(3000, '0.0.0.0')
} catch (err) {
fastify.log.error(err)
process.exit(1)
}
}
start()
Reference in New Issue View Git Blame Copy Permalink