You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

309 lines
9.1 KiB

const express = require('express');
const { Sequelize, DataTypes, STRING } = require('sequelize');
const session = require('express-session');
const bcrypt = require('bcrypt');
const QRCode = require('qrcode');
3 years ago
const cors = require('cors');
const { createSecureServer } = require('http2');
const { default: axios } = require('axios');
3 years ago
require("dotenv-flow").config();
const crypto = require('crypto');
3 years ago
var SequelizeStore = require("connect-session-sequelize")(session.Store);
const COOKIE_EXPIRY_DURATION = 60 * 60 * 3 * 1000; // 3 hours in milliseconds
3 years ago
const isProduction = process.env.NODE_ENV == "production";
const isDev = process.env.NODE_ENV == "development";
console.log(`Node Environment: ${process.env.NODE_ENV}`);
const sequelize = (() => {
if (isProduction) {
return new Sequelize(process.env.DB_DATA_NAME, process.env.DB_USER, process.env.DB_PASS, {
host: process.env.DB_PATH,
dialect: process.env.DB_DATA_DIALECT,
});
} else {
return new Sequelize('sqlite::memory:');
}
})();
const storeDB = (() => {
if (isProduction) {
3 years ago
return new Sequelize(process.env.DB_STORE_NAME, process.env.DB_USER, process.env.DB_PASS, {
3 years ago
host: process.env.DB_PATH,
dialect: process.env.DB_DATA_DIALECT,
});
} else {
return new Sequelize('sqlite::memory:');
}
})();
const store = new SequelizeStore({
db: storeDB,
expiration: COOKIE_EXPIRY_DURATION,
});
store.sync();
const Contact = sequelize.define('Contact', {
user: {
type: DataTypes.INTEGER,
allowNull: false,
},
with: {
type: DataTypes.INTEGER,
allowNull: false,
},
});
Contact.sync();
const User = sequelize.define('User', {
telegram: {
type: DataTypes.STRING,
allowNull: false,
unique: true,
},
hash: {
type: STRING,
},
verification: {
type: DataTypes.STRING,
},
});
User.sync().then(() => {
3 years ago
if (process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) {
User.create({
telegram: process.env.ADMIN_USERNAME,
hash: bcrypt.hashSync(process.env.ADMIN_PASSWORD, 10),
3 years ago
}).catch(e => {
console.log("Couldn't create admin account. Probably exists.");
3 years ago
});
}
});
function authUser(telegramResponse, done) {
let dataCheckArray = [];
for (const [key, value] of Object.entries(telegramResponse)) {
if (key == "hash") continue;
dataCheckArray.push(`${key}=${value}`);
}
dataCheckArray.sort();
const dataCheckString = dataCheckArray.join("\n");
secretKey = crypto.createHash("sha256").update(process.env.TELEGRAM_TOKEN).digest();
confirmationHash = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex");
const authorized = confirmationHash == telegramResponse.hash;
if (!authorized) {
done({ authorized: false });
}
User.findOne({
where: {
telegram: telegramResponse.id,
}
}).then(user => {
if (!user) {
createUser(telegramResponse.id, (success) => {
done({ authorized: success });
})
} else {
done({ authorized: true });
}
});
}
function refreshVerification(user, done) {
let newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5).replace(/[^a-zA-Z0-9]+/g, "");
newVerification = newVerification.substr(0, newVerification.length / 2);
user.verification = newVerification;
user.save().then(result => {
done(result)
});
}
function createQRCode(telegram, done) {
User.findOne({
where: {
telegram: telegram
}
})
3 years ago
.then(user => {
refreshVerification(user, result => {
const verifyURL = `${process.env.WEBSITE_URL}/#/verify/${encodeURIComponent(result.verification)}`;
QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => {
done(err, url);
})
});
})
.catch(err => {
done(err);
});
}
function checkVerification(id, done) {
User.findOne({
where: {
verification: decodeURIComponent(id),
}
}).then(user => {
if (user) {
done(true, "User verified", user.id);
} else {
done(false, "No such verification");
}
});
}
function createUser(telegram, done) {
User.create({
telegram: telegram
}).then(user => {
if (!user) {
done(false, "Could not create user");
} else {
done(true, "Success");
}
}).catch(reason => {
if (reason.name == "SequelizeUniqueConstraintError") {
done(false, "User already exists");
} else {
done(false, "Unknown error");
}
});
}
function addContact(telegram, withUserID, done) {
User.findOne({ where: { telegram: telegram } }).then(user => {
User.findOne({ where: { id: withUserID } }).then(withUser => {
Contact.create({ user: user.id, with: withUserID })
.then(res => {
console.log(`Registering contact between ${user.id} and ${withUserID}`);
sendTelegramMessage(withUser.telegram, "Someone scanned your QR code. You will be notified if they are tested positive with Covid. If you are tested positive, please tell this bot /COVIDPOSITIVE");
done(true, "Successfully added contact");
})
.catch(e => {
done(false, e);
});
})
})
}
function getCookieExpiry() {
return new Date(Date.now() + COOKIE_EXPIRY_DURATION);
}
function setTelegramWebHook(done) {
const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/setWebhook`;
axios.post(url, {
url: `${process.env.SERVER_API_URL}/${process.env.TELEGRAM_SECRET}`,
allowed_updates: [],
drop_pending_updates: true,
})
.then(res => { done(res) })
.catch(err => { done(err) });
}
function sendTelegramMessage(telegramID, message, done) {
const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/sendMessage`;
axios.post(url, {
chat_id: telegramID,
text: message,
})
.then((res) => {
done(res)
})
.catch(err => {
console.error("Problem sending Telegram message.");
done(err)
});
}
const app = express();
3 years ago
app.set('trust proxy', 1)
app.use(session({
secret: process.env.SERVER_SESSION_SECRET,
resave: false,
saveUninitialized: false,
3 years ago
cookie: {
secure: true,
sameSite: "none",
},
store: store,
}))
3 years ago
app.use(cors({ credentials: true, origin: true, secure: true }));
app.use(express.json())
setTelegramWebHook(() => { });
app.post(`/${process.env.TELEGRAM_SECRET}`, (req, res) => {
if (req.body.message) {
sendTelegramMessage(req.body.message.chat.id, `${req.body.message.text.toUpperCase()}`, (res) => { console.log(res) });
}
res.send();
});
app.post('/login', (req, res) => {
telegramResponse = req.body.telegramResponse;
const auth = authUser(telegramResponse, (success, msg) => {
3 years ago
if (success) {
const verified = req.session.verified;
const verifiedBy = req.session.verifiedBy;
3 years ago
req.session.regenerate(() => {
cookieExpiry = getCookieExpiry();
req.session.user = telegramResponse.id;
if (verified) {
addContact(telegramResponse.id, verifiedBy, (contactSuccess) => {
res.send({ authorized: success, message: msg, contactSuccess: contactSuccess });
});
} else {
res.send({ authorized: success, message: msg });
}
3 years ago
});
} else {
res.status(401).send({ authorized: success, message: msg });
}
});
});
app.get('/code', (req, res) => {
if (!req.session.user) {
res.status(401).send("Not logged in");
return;
}
createQRCode(req.session.user, (err, url) => {
3 years ago
res.status(url ? 200 : 401).send({ error: err, data: url });
});
})
app.post("/verify", (req, res) => {
checkVerification(req.body.id, (success, msg, withUserID) => {
cookieExpiry = getCookieExpiry();
req.session.verified = success;
req.session.verifiedBy = withUserID;
if (success) {
if (req.session.user) { // If Logged In
addContact(req.session.user, withUserID, (success, msg) => {
res.status(success ? 200 : 400).send({ success: success, message: msg, loggedIn: true });
});
} else { // If Not Logged In
res.send({ success: success, message: msg, loggedIn: false })
}
} else {
res.status(400).send({ success: success, message: msg });
}
});
});
const port = process.env.PORT || 8080;
app.listen(port, () => {
console.log(`Listening on port ${port}`);
})