kauft.es
/
linkylinky
4
0
Fork 0
Code Issues 1 Pull Requests 10 Projects Releases Wiki Activity
linkylinky/src/server.js

412 lines
12 KiB
JavaScript
Raw Blame History

const fastify = require('fastify')({ logger: true })
var uniqid = require('uniqid');
require('dotenv').config();
const argon2 = require('argon2');
let config = {
domain: process.env.DOMAIN || "localhost:3000",
https: (process.env.SSL === 'true') || false,
env: process.env.NODE_ENV || 'development',
recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
jwt_secret: process.env.JWT_SECRET || "pleaseneverusethisdefaultsecret",
getBaseUrl() {
if (config.https) {
return `https://${config.domain}`;
}
return `http://${config.domain}`;
}
}
const knexConfiguration = require('../knexfile')[config.env];
const knex = require('knex')(knexConfiguration);
const authenticate = { realm: 'Short' }
fastify.register(require('fastify-auth'))
fastify.register(require('fastify-basic-auth'), { validate, authenticate });
fastify.register(require('fastify-jwt'), {
secret: config.jwt_secret
});
fastify.register(require('fastify-cors'), {
origin: true,
preflight: true,
preflightContinue: true
})
fastify.decorate('verifyJWT', function async (request, reply, done) {
let token = request.headers.authorization;
if (!token || token == "" || token == "Bearer") {
throw new Error("No jwt provided");
}
if (token.startsWith("Bearer")) {
token = token.replace("Bearer ", "");
fastify.log.info("Detected bearer and replaced it")
}
fastify.jwt.verify(token, async (err, decoded) => {
if (err) {
fastify.log.error(err)
throw new Error("JWT Validation failed")
}
fastify.log.info(`Token verified. User is ${decoded.user}`);
jwtcount = (await knex.select('jwtcount')
.from('users')
.where('username', '=', req.user)
.limit(1))[0].jwtcount;
if(decoded.jwtcount > jwtcount){
fastify.log.error("Auth ended at jwtcount")
throw new Error("JWT in no longer valid")
}
fastify.log.info(`JWT count verified`);
done()
})
})
//Automagic Amazn redirects on /a/
fastify.get('/a/:id', async (req, res) => {
res.redirect(302, `https://amazon.de/dp/${req.params.id}`)
})
//Automagic Youtube redirects on /yt/
fastify.get('/yt/:id', async (req, res) => {
res.redirect(302, `https://youtu.be/${req.params.id}`)
})
//Automagic Youtube Playlist redirects on /ytpl/
fastify.get('/ytpl/:id', async (req, res) => {
res.redirect(302, `https://youtube.com/playlist?list=${req.params.id}`)
})
//Automagic ebay item redirects on /e/
fastify.get('/e/:id', async (req, res) => {
res.redirect(302, `https://ebay.de/itm/${req.params.id}`)
})
//Normal shorturls
fastify.get('/:shortcode', async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const target = await knex.select('target')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (!target[0]) {
return 404
}
res.redirect(302, target[0].target);
await knex('visits').insert({ shortcode });
})
//Create new url schema
const newUrlSchema = {
body: {
type: 'object',
properties: {
target: { type: 'string' },
shortcode: { type: 'string' },
}
}
};
//Create new url api route
fastify.post('/api', { newUrlSchema }, async (req, res) => {
const target = req.body?.target;
let shortcode = req.body?.shortcode;
//Check if the user provided a target
if (!target) {
res.statusCode = 400;
return "Missing target";
}
/**
* If no custom shortcode is provided: Check if a code for the target already exists.
* If it exists: No new get's generated => The existing code get's used.
* If it doesn't exist: Generate a new code and proceed to creating a new db entry.
*/
if (!shortcode) {
if (config.recognizeProviders) {
const response = checkKnownProviders(target);
if (response) {
return response;
}
}
const exists = await knex.select('shortcode')
.from('urls')
.where('target', '=', target)
.limit(1);
if (exists.length != 0) {
shortcode = exists[0].shortcode;
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
shortcode = uniqid();
}
/**
* If a custom shortcode is provided: Check for collisions.
* Collision detected: Warn user
* No collision: Proceed to db entry creation
*/
else {
const exists = await knex.select('shortcode')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length != 0) {
res.statusCode = 400;
return "Shortcode already exists, please choose another code";
}
}
//Create a new db entry
await knex('urls').insert({ target, shortcode });
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
});
//Get stats api route
fastify.get('/api/stats', async (req, res) => {
const urls = await knex.select('shortcode')
.from('urls');
const visits = await knex.select('timestamp')
.from('visits');
return {
urls: urls.length,
visits: visits.length,
}
});
//Get url api route
fastify.get('/api/:shortcode', async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const exists = await knex.select('shortcode', 'target')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length == 0) {
return 404;
}
const visits = await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', shortcode);
return {
url: `${config.getBaseUrl()}/${exists[0].shortcode}`,
shortcode: exists[0].shortcode,
target: exists[0].target,
visits: visits.length
}
});
//User registration
fastify.post('/api/register', async (req, res) => {
if (!config.registrationEnabled) {
res.statusCode = 400;
return "Registration was disabled by your admin";
}
const username = req.body?.username;
let password = req.body?.password;
//Check
if (!username || !password) {
res.statusCode = 400;
return "Missing username or password";
}
const exists = await knex.select('username')
.from('users')
.where('username', '=', username)
.limit(1);
if (exists.length != 0) {
res.statusCode = 400;
return "User already exists";
}
password = await argon2.hash(password);
//Create a new db entry
await knex('users').insert({ username, password });
return "Done!"
});
//Anything in here has some kind of auth
fastify.after(() => {
//Get url api route
fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
const exists = await knex.select('shortcode', 'target')
.from('urls')
.where('shortcode', '=', shortcode)
.limit(1);
if (exists.length == 0) {
return 404;
}
const visits = await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', shortcode);
return visits;
});
//Get url api route
fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
const shortcode = req.params.shortcode;
//This should never happen but better safe than 500
if (!shortcode) {
return 404;
}
await knex('urls')
.where('shortcode', '=', shortcode)
.delete();
res.statusCode = 204;
return true;
});
//Get all urls api route
fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
urls = await knex.select('target', 'shortcode')
.from('urls');
for (let url of urls) {
url.url = `${config.getBaseUrl()}/${url.shortcode}`
if (req.query.showVisits) {
url.visits = (await knex.select('timestamp')
.from('visits')
.where('shortcode', '=', url.shortcode)).length;
}
}
return urls;
});
fastify.post('/api/auth/login', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, reply) => {
const jwtcount = (await knex.select('jwtcount')
.from('users')
.where('username', '=', req.user)
.limit(1))[0].jwtcount;
const payload = {
user: req.user,
jwtcount
};
const token = fastify.jwt.sign({ payload })
reply.send({ token });
});
fastify.post('/api/auth/check', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, (req, reply) => {
return "logged in";
})
});
/**
* Checks for some default providers with custom url schemes (amazon and youtube r/n)
* @param {string} target The target URL
* @returns Standard shortening response if provider recognized or null
*/
function checkKnownProviders(target) {
target = decodeURIComponent(target);
const youtubeVideoID = target.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^\/\n\s]+\/\S+\/|(?:v|e(?:mbed)?)\/|\S*?[?&]v=)|youtu\.be\/)([a-zA-Z0-9_-]{11})/)
if (youtubeVideoID) {
const shortcode = `yt/${youtubeVideoID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const youtubePlaylistID = target.match(/(?:youtube(?:-nocookie)?\.com\/)playlist\?(?:.*)list=([a-zA-Z0-9_-]*)(?:&.*|)/)
if (youtubePlaylistID) {
const shortcode = `ytpl/${youtubePlaylistID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const amazonID = target.match(/(?:https?:\/\/|)(www|smile|)\.?(amazon|smile)\.(de)(?:(?:\/.*\/|\/)(?:dp|gp))(\/product\/|\/)([A-Z0-9]+)/);
if (amazonID) {
const shortcode = `a/${amazonID[5]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
const ebayID = target.match(/(?:[ebay]*(?:[\/]|[itm=])|^)([0-9]{9,12})/);
if (ebayID) {
const shortcode = `e/${ebayID[1]}`
return {
url: `${config.getBaseUrl()}/${shortcode}`,
shortcode,
target
}
}
return null;
}
async function validate(username, password, req, reply) {
if (!username || !password) {
return new Error('Sorry only authorized users can do that.')
}
const user = await knex.select('username', 'password')
.from('users')
.where('username', '=', username)
.limit(1);
if (user.length == 0) {
return new Error('Sorry m8, looks like you are not on the inivtation list');
}
if (!(await argon2.verify(user[0].password, password))) {
return new Error('Wrong credentials');
}
req.user = username;
}
// Run the server!
const start = async () => {
try {
await fastify.listen(3000, '0.0.0.0')
} catch (err) {
fastify.log.error(err)
process.exit(1)
}
}
start()
Reference in New Issue View Git Blame Copy Permalink