449 lines
14 KiB
JavaScript
449 lines
14 KiB
JavaScript
const fastify = require('fastify')({ logger: true })
|
|
var uniqid = require('uniqid');
|
|
require('dotenv').config();
|
|
const argon2 = require('argon2');
|
|
|
|
let config = {
|
|
domain: process.env.DOMAIN || "localhost:3000",
|
|
https: (process.env.SSL === 'true') || false,
|
|
env: process.env.NODE_ENV || 'development',
|
|
recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
|
|
registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
|
|
jwt_secret: process.env.JWT_SECRET || "pleaseneverusethisdefaultsecret",
|
|
getBaseUrl() {
|
|
if (config.https) {
|
|
return `https://${config.domain}`;
|
|
}
|
|
return `http://${config.domain}`;
|
|
}
|
|
}
|
|
const knexConfiguration = require('../knexfile')[config.env];
|
|
const knex = require('knex')(knexConfiguration);
|
|
|
|
const authenticate = { realm: 'Short' }
|
|
fastify.register(require('fastify-auth'))
|
|
fastify.register(require('fastify-basic-auth'), { validate, authenticate });
|
|
fastify.register(require('fastify-jwt'), {
|
|
secret: config.jwt_secret
|
|
});
|
|
fastify.register(require('fastify-cors'), {
|
|
origin: true,
|
|
preflight: true,
|
|
preflightContinue: true
|
|
})
|
|
|
|
fastify.decorate('verifyJWT', function async(request, reply, done) {
|
|
let token = request.headers.authorization;
|
|
if (!token || token == "" || token == "Bearer") {
|
|
done(new Error("No jwt provided"));
|
|
}
|
|
|
|
if (token.startsWith("Bearer")) {
|
|
token = token.replace("Bearer ", "");
|
|
fastify.log.info("Detected bearer and replaced it")
|
|
}
|
|
|
|
fastify.jwt.verify(token, async (err, decoded) => {
|
|
if (err) {
|
|
fastify.log.error("JWT validation failed:")
|
|
done(new Error("JWT Validation failed"));
|
|
}
|
|
else {
|
|
if (!decoded.payload) {
|
|
done(new Error("JWT is empty"));
|
|
}
|
|
fastify.log.info(`Token verified. User is ${decoded.payload.user}`);
|
|
|
|
const jwtcount = (await knex.select('jwtcount')
|
|
.from('users')
|
|
.where('username', '=', decoded.payload.user)
|
|
.limit(1))[0].jwtcount;
|
|
|
|
if (decoded.payload.jwtcount < jwtcount) {
|
|
fastify.log.error("Auth ended at jwtcount")
|
|
done(new Error("JWT in no longer valid"))
|
|
}
|
|
else {
|
|
fastify.log.info(`JWT count verified`);
|
|
request.user = decoded.payload.user;
|
|
done()
|
|
}
|
|
}
|
|
})
|
|
})
|
|
|
|
//Automagic Amazn redirects on /a/
|
|
fastify.get('/a/:id', async (req, res) => {
|
|
res.redirect(302, `https://amazon.de/dp/${req.params.id}`)
|
|
await knex('visits').insert({ shortcode: req.params.id, provider: 'a' });
|
|
})
|
|
|
|
//Automagic Youtube redirects on /yt/
|
|
fastify.get('/yt/:id', async (req, res) => {
|
|
res.redirect(302, `https://youtu.be/${req.params.id}`)
|
|
await knex('visits').insert({ shortcode: req.params.id, provider: 'yt' });
|
|
})
|
|
//Automagic Youtube Playlist redirects on /ytpl/
|
|
fastify.get('/ytpl/:id', async (req, res) => {
|
|
res.redirect(302, `https://youtube.com/playlist?list=${req.params.id}`)
|
|
await knex('visits').insert({ shortcode: req.params.id, provider: 'ytpl' });
|
|
})
|
|
|
|
//Automagic ebay item redirects on /e/
|
|
fastify.get('/e/:id', async (req, res) => {
|
|
res.redirect(302, `https://ebay.de/itm/${req.params.id}`)
|
|
await knex('visits').insert({ shortcode: req.params.id, provider: 'e' });
|
|
})
|
|
|
|
//Normal shorturls
|
|
fastify.get('/:shortcode', async (req, res) => {
|
|
const shortcode = req.params.shortcode;
|
|
|
|
//This should never happen but better safe than 500
|
|
if (!shortcode) {
|
|
return 404;
|
|
}
|
|
const target = await knex.select('target')
|
|
.from('urls')
|
|
.where('shortcode', '=', shortcode)
|
|
.limit(1);
|
|
if (!target[0]) {
|
|
return 404
|
|
}
|
|
res.redirect(302, target[0].target);
|
|
await knex('visits').insert({ shortcode, provider: 'native' });
|
|
})
|
|
|
|
//Create new url schema
|
|
const newUrlSchema = {
|
|
body: {
|
|
type: 'object',
|
|
properties: {
|
|
target: { type: 'string' },
|
|
shortcode: { type: 'string' },
|
|
}
|
|
}
|
|
};
|
|
|
|
//Create new url api route
|
|
fastify.post('/api', { newUrlSchema }, async (req, res) => {
|
|
const target = req.body?.target;
|
|
let shortcode = req.body?.shortcode;
|
|
|
|
//Check if the user provided a target
|
|
if (!target) {
|
|
res.statusCode = 400;
|
|
return "Missing target";
|
|
}
|
|
|
|
/**
|
|
* If no custom shortcode is provided: Check if a code for the target already exists.
|
|
* If it exists: No new get's generated => The existing code get's used.
|
|
* If it doesn't exist: Generate a new code and proceed to creating a new db entry.
|
|
*/
|
|
if (!shortcode) {
|
|
if (config.recognizeProviders) {
|
|
const response = checkKnownProviders(target);
|
|
if (response) {
|
|
return response;
|
|
}
|
|
}
|
|
const exists = await knex.select('shortcode')
|
|
.from('urls')
|
|
.where('target', '=', target)
|
|
.limit(1);
|
|
if (exists.length != 0) {
|
|
shortcode = exists[0].shortcode;
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
}
|
|
shortcode = uniqid();
|
|
}
|
|
/**
|
|
* If a custom shortcode is provided: Check for collisions.
|
|
* Collision detected: Warn user
|
|
* No collision: Proceed to db entry creation
|
|
*/
|
|
else {
|
|
const exists = await knex.select('shortcode')
|
|
.from('urls')
|
|
.where('shortcode', '=', shortcode)
|
|
.limit(1);
|
|
if (exists.length != 0) {
|
|
res.statusCode = 400;
|
|
return "Shortcode already exists, please choose another code";
|
|
}
|
|
}
|
|
|
|
//Create a new db entry
|
|
await knex('urls').insert({ target, shortcode });
|
|
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
});
|
|
|
|
//Get stats api route
|
|
fastify.get('/api/stats', async (req, res) => {
|
|
const urls = await knex.select('shortcode')
|
|
.from('urls');
|
|
|
|
const visits = await knex.select('timestamp')
|
|
.from('visits');
|
|
|
|
return {
|
|
urls: urls.length,
|
|
visits: visits.length,
|
|
}
|
|
});
|
|
|
|
//Get url api route
|
|
fastify.get('/api/:shortcode', async (req, res) => {
|
|
const shortcode = req.params.shortcode;
|
|
|
|
//This should never happen but better safe than 500
|
|
if (!shortcode) {
|
|
return 404;
|
|
}
|
|
|
|
const exists = await knex.select('shortcode', 'target')
|
|
.from('urls')
|
|
.where('shortcode', '=', shortcode)
|
|
.limit(1);
|
|
if (exists.length == 0) {
|
|
return 404;
|
|
}
|
|
|
|
const visits = await knex.select('timestamp')
|
|
.from('visits')
|
|
.where('shortcode', '=', shortcode);
|
|
|
|
return {
|
|
url: `${config.getBaseUrl()}/${exists[0].shortcode}`,
|
|
shortcode: exists[0].shortcode,
|
|
target: exists[0].target,
|
|
visits: visits.length
|
|
}
|
|
});
|
|
|
|
|
|
//User registration
|
|
fastify.post('/api/auth/register', async (req, res) => {
|
|
if (!config.registrationEnabled) {
|
|
res.statusCode = 400;
|
|
return "Registration was disabled by your admin";
|
|
}
|
|
|
|
const username = req.body?.username;
|
|
let password = req.body?.password;
|
|
|
|
//Check
|
|
if (!username || !password) {
|
|
res.statusCode = 400;
|
|
return "Missing username or password";
|
|
}
|
|
|
|
const exists = await knex.select('username')
|
|
.from('users')
|
|
.where('username', '=', username)
|
|
.limit(1);
|
|
if (exists.length != 0) {
|
|
res.statusCode = 400;
|
|
return "User already exists";
|
|
}
|
|
|
|
password = await argon2.hash(password);
|
|
|
|
//Create a new db entry
|
|
await knex('users').insert({ username, password });
|
|
|
|
return "Done!"
|
|
});
|
|
|
|
//Anything in here has some kind of auth
|
|
fastify.after(() => {
|
|
//Get url visits api route
|
|
fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
|
|
const shortcode = req.params.shortcode;
|
|
|
|
//This should never happen but better safe than 500
|
|
if (!shortcode) {
|
|
return 404;
|
|
}
|
|
|
|
const visits = await knex.select('timestamp', 'provider')
|
|
.from('visits')
|
|
.where('shortcode', '=', shortcode);
|
|
|
|
return visits;
|
|
});
|
|
|
|
//Get all visits api route
|
|
fastify.get('/api/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
|
|
if(req.query.provider){
|
|
return await knex.select('shortcode', 'provider', 'timestamp')
|
|
.from('visits')
|
|
.where("provider", "=", req.query.provider);
|
|
}
|
|
return await knex.select('shortcode', 'provider', 'timestamp')
|
|
.from('visits');
|
|
});
|
|
|
|
//Get url api route
|
|
fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
|
|
const shortcode = req.params.shortcode;
|
|
|
|
//This should never happen but better safe than 500
|
|
if (!shortcode) {
|
|
return 404;
|
|
}
|
|
|
|
await knex('urls')
|
|
.where('shortcode', '=', shortcode)
|
|
.delete();
|
|
|
|
res.statusCode = 204;
|
|
return true;
|
|
});
|
|
|
|
//Get all urls api route
|
|
fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
|
|
urls = await knex.select('target', 'shortcode')
|
|
.from('urls');
|
|
|
|
for (let url of urls) {
|
|
url.url = `${config.getBaseUrl()}/${url.shortcode}`
|
|
if (req.query.showVisits) {
|
|
url.visits = (await knex.select('timestamp')
|
|
.from('visits')
|
|
.where('shortcode', '=', url.shortcode)).length;
|
|
}
|
|
}
|
|
|
|
return urls;
|
|
});
|
|
|
|
fastify.post('/api/auth/login', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, reply) => {
|
|
const jwtcount = (await knex.select('jwtcount')
|
|
.from('users')
|
|
.where('username', '=', req.user)
|
|
.limit(1))[0].jwtcount;
|
|
const payload = {
|
|
user: req.user,
|
|
jwtcount
|
|
};
|
|
const token = fastify.jwt.sign({ payload })
|
|
reply.send({ token });
|
|
});
|
|
|
|
fastify.post('/api/auth/check', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, (req, reply) => {
|
|
return "logged in";
|
|
});
|
|
|
|
fastify.post('/api/auth/logout', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
|
|
let jwtcount = (await knex.select('jwtcount')
|
|
.from('users')
|
|
.where('username', '=', req.user)
|
|
.limit(1))[0].jwtcount;
|
|
jwtcount += 1;
|
|
await knex('users')
|
|
.where('username', '=', req.user)
|
|
.update({
|
|
jwtcount
|
|
});
|
|
|
|
return "Done!";
|
|
});
|
|
|
|
fastify.post('/api/auth/deleteme', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, reply) => {
|
|
await knex('users')
|
|
.where('username', '=', req.user)
|
|
.delete();
|
|
|
|
return "Done!";
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
/**
|
|
* Checks for some default providers with custom url schemes (amazon and youtube r/n)
|
|
* @param {string} target The target URL
|
|
* @returns Standard shortening response if provider recognized or null
|
|
*/
|
|
function checkKnownProviders(target) {
|
|
target = decodeURIComponent(target);
|
|
const youtubeVideoID = target.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^\/\n\s]+\/\S+\/|(?:v|e(?:mbed)?)\/|\S*?[?&]v=)|youtu\.be\/)([a-zA-Z0-9_-]{11})/)
|
|
if (youtubeVideoID) {
|
|
const shortcode = `yt/${youtubeVideoID[1]}`
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
}
|
|
const youtubePlaylistID = target.match(/(?:youtube(?:-nocookie)?\.com\/)playlist\?(?:.*)list=([a-zA-Z0-9_-]*)(?:&.*|)/)
|
|
if (youtubePlaylistID) {
|
|
const shortcode = `ytpl/${youtubePlaylistID[1]}`
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
}
|
|
const amazonID = target.match(/(?:https?:\/\/|)(www|smile|)\.?(amazon|smile)\.(de)(?:(?:\/.*\/|\/)(?:dp|gp))(\/product\/|\/)([A-Z0-9]+)/);
|
|
if (amazonID) {
|
|
const shortcode = `a/${amazonID[5]}`
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
}
|
|
const ebayID = target.match(/(?:[ebay]*(?:[\/]|[itm=])|^)([0-9]{9,12})/);
|
|
if (ebayID) {
|
|
const shortcode = `e/${ebayID[1]}`
|
|
return {
|
|
url: `${config.getBaseUrl()}/${shortcode}`,
|
|
shortcode,
|
|
target
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
async function validate(username, password, req, reply) {
|
|
if (!username || !password) {
|
|
return new Error('Sorry only authorized users can do that.')
|
|
}
|
|
|
|
const user = await knex.select('username', 'password')
|
|
.from('users')
|
|
.where('username', '=', username)
|
|
.limit(1);
|
|
|
|
if (user.length == 0) {
|
|
return new Error('Sorry m8, looks like you are not on the inivtation list');
|
|
}
|
|
if (!(await argon2.verify(user[0].password, password))) {
|
|
return new Error('Wrong credentials');
|
|
}
|
|
req.user = username;
|
|
}
|
|
|
|
// Run the server!
|
|
const start = async () => {
|
|
try {
|
|
await fastify.listen(3000, '0.0.0.0')
|
|
} catch (err) {
|
|
fastify.log.error(err)
|
|
process.exit(1)
|
|
}
|
|
}
|
|
start() |