our-sejahtera-backend/app.js

const express = require('express');
const { Sequelize, DataTypes, STRING } = require('sequelize');
const session = require('express-session');
const bcrypt = require('bcrypt');
const QRCode = require('qrcode');
const cors = require('cors');
const { createSecureServer } = require('http2');
const { default: axios } = require('axios');
require("dotenv-flow").config();
const crypto = require('crypto');

var SequelizeStore = require("connect-session-sequelize")(session.Store);

const COOKIE_EXPIRY_DURATION = 60 * 60 * 3 * 1000; // 3 hours in milliseconds

const isProduction = process.env.NODE_ENV == "production";
const isDev = process.env.NODE_ENV == "development";

console.log(`Node Environment: ${process.env.NODE_ENV}`);

const sequelize = (() => {
    if (isProduction) {
        return new Sequelize(process.env.DB_DATA_NAME, process.env.DB_USER, process.env.DB_PASS, {
            host: process.env.DB_PATH,
            dialect: process.env.DB_DATA_DIALECT,
        });
    } else {
        return new Sequelize('sqlite::memory:');
    }
})();

const storeDB = (() => {
    if (isProduction) {
        return new Sequelize(process.env.DB_STORE_NAME, process.env.DB_USER, process.env.DB_PASS, {
            host: process.env.DB_PATH,
            dialect: process.env.DB_DATA_DIALECT,
        });
    } else {
        return new Sequelize('sqlite::memory:');
    }
})();

const store = new SequelizeStore({
    db: storeDB,
    expiration: COOKIE_EXPIRY_DURATION,
});
store.sync();

const Contact = sequelize.define('Contact', {
    user: {
        type: DataTypes.INTEGER,
        allowNull: false,
    },
    with: {
        type: DataTypes.INTEGER,
        allowNull: false,
    },
});
Contact.sync();

const User = sequelize.define('User', {
    telegram: {
        type: DataTypes.INTEGER,
        allowNull: false,
        unique: true,
    },
    verification: {
        type: DataTypes.STRING,
    },
});

User.sync().then(() => {
    if (process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) {
        User.create({
            telegram: process.env.ADMIN_USERNAME,
            hash: bcrypt.hashSync(process.env.ADMIN_PASSWORD, 10),
        }).catch(e => {
            console.log("Couldn't create admin account. Probably exists.");
        });
    }
});


function authUser(telegramResponse, done) {
    let dataCheckArray = [];

    for (const [key, value] of Object.entries(telegramResponse)) {
        if (key == "hash") continue;
        dataCheckArray.push(`${key}=${value}`);
    }
    dataCheckArray.sort();
    const dataCheckString = dataCheckArray.join("\n");

    secretKey = crypto.createHash("sha256").update(process.env.TELEGRAM_TOKEN).digest();
    confirmationHash = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex");

    const authorized = confirmationHash == telegramResponse.hash;

    if (!authorized) {
        done({ authorized: false });
    }

    User.findOne({
        where: {
            telegram: telegramResponse.id,
        }
    }).then(user => {
        if (!user) {
            createUser(telegramResponse.id, (success) => {
                done({ authorized: success });
            })
        } else {
            done({ authorized: true });
        }
    });
}

function refreshVerification(user, done) {
    let newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5).replace(/[^a-zA-Z0-9]+/g, "");
    newVerification = newVerification.substr(0, newVerification.length / 2);
    user.verification = newVerification;
    user.save().then(result => {
        done(result)
    });
}

function createQRCode(telegram, done) {

    User.findOne({
            where: {
                telegram: telegram
            }
        })
        .then(user => {
            refreshVerification(user, result => {
                const verifyURL = `${process.env.WEBSITE_URL}/#/verify/${encodeURIComponent(result.verification)}`;
                QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => {
                    done(err, url);
                })
            });
        })
        .catch(err => {
            done(err);
        });
}

function checkVerification(id, done) {
    User.findOne({
        where: {
            verification: decodeURIComponent(id),
        }
    }).then(user => {
        if (user) {
            done(true, "User verified", user.id);
        } else {
            done(false, "No such verification");
        }
    });
}

function createUser(telegram, done) {
    User.create({
        telegram: telegram
    }).then(user => {
        if (!user) {
            done(false, "Could not create user");
        } else {
            done(true, "Success");
        }
    }).catch(reason => {
        if (reason.name == "SequelizeUniqueConstraintError") {
            done(false, "User already exists");
        } else {
            done(false, "Unknown error");
        }
    });
}

function addContact(telegram, withUserID, done) {
    User.findOne({ where: { telegram: telegram } }).then(user => {
        User.findOne({ where: { id: withUserID } }).then(withUser => {
            Contact.create({ user: user.id, with: withUserID })
                .then(res => {
                    console.log(`Registering contact between ${user.id} and ${withUserID}`);
                    sendTelegramMessage(withUser.telegram,
                        "Someone scanned your QR code. You will be notified if they are tested positive with Covid. If you are tested positive, please tell this bot /COVIDPOSITIVE",
                        () => {}
                    );
                    done(true, "Successfully added contact");
                })
                .catch(e => {
                    done(false, e);
                });

        })
    })
}

function getCookieExpiry() {
    return new Date(Date.now() + COOKIE_EXPIRY_DURATION);
}

function setTelegramWebHook(done) {
    const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/setWebhook`;
    axios.post(url, {
            url: `${process.env.SERVER_API_URL}/${process.env.TELEGRAM_SECRET}`,
            allowed_updates: [],
            drop_pending_updates: true,
        })
        .then(res => { done(res) })
        .catch(err => { done(err) });
}

function sendTelegramMessage(telegramID, message, done) {
    const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/sendMessage`;
    axios.post(url, {
            chat_id: telegramID,
            text: message,
        })
        .then((res) => {
            done(res)
        })
        .catch(err => {
            console.error("Problem sending Telegram message.");
            done(err)
        });
}

const app = express();
app.set('trust proxy', 1)
app.use(session({
    secret: process.env.SERVER_SESSION_SECRET,
    resave: false,
    saveUninitialized: false,
    cookie: {
        secure: true,
        sameSite: "none",
    },
    store: store,
}))
app.use(cors({ credentials: true, origin: true, secure: true }));
app.use(express.json())

setTelegramWebHook(() => {});
app.post(`/${process.env.TELEGRAM_SECRET}`, (req, res) => {
    res.send();
});

app.post('/login', (req, res) => {
    telegramResponse = req.body.telegramResponse;
    const auth = authUser(telegramResponse, (success, msg) => {
        if (success) {
            const verified = req.session.verified;
            const verifiedBy = req.session.verifiedBy;
            req.session.regenerate(() => {
                cookieExpiry = getCookieExpiry();
                req.session.user = telegramResponse.id;
                if (verified) {
                    addContact(telegramResponse.id, verifiedBy, (contactSuccess) => {
                        res.send({ authorized: success, message: msg, contactSuccess: contactSuccess });
                    });
                } else {
                    res.send({ authorized: success, message: msg });
                }
            });
        } else {
            res.status(401).send({ authorized: success, message: msg });
        }
    });
});

app.get('/code', (req, res) => {
    if (!req.session.user) {
        res.status(401).send("Not logged in");
        return;
    }
    createQRCode(req.session.user, (err, url) => {
        res.status(url ? 200 : 401).send({ error: err, data: url });
    });
})

app.post("/verify", (req, res) => {
    checkVerification(req.body.id, (success, msg, withUserID) => {
        cookieExpiry = getCookieExpiry();
        req.session.verified = success;
        req.session.verifiedBy = withUserID;

        if (success) {
            if (req.session.user) { // If Logged In
                addContact(req.session.user, withUserID, (success, msg) => {
                    res.status(success ? 200 : 400).send({ success: success, message: msg, loggedIn: true });
                });
            } else { // If Not Logged In
                res.send({ success: success, message: msg, loggedIn: false })
            }
        } else {
            res.status(400).send({ success: success, message: msg });
        }
    });
});

const port = process.env.PORT || 8080;

app.listen(port, () => {
    console.log(`Listening on port ${port}`);
})
added user creation, login, qr-code verification 3 years ago			`const express = require('express');`
			`const { Sequelize, DataTypes, STRING } = require('sequelize');`
			`const session = require('express-session');`
			`const bcrypt = require('bcrypt');`
			`const QRCode = require('qrcode');`
fixed cors 3 years ago			`const cors = require('cors');`
added user creation, login, qr-code verification 3 years ago			`const { createSecureServer } = require('http2');`
implemented telegram login 3 years ago			`const { default: axios } = require('axios');`
remove cookies 3 years ago			`require("dotenv-flow").config();`
implemented telegram login 3 years ago			`const crypto = require('crypto');`
added user creation, login, qr-code verification 3 years ago
remove cookies 3 years ago			`var SequelizeStore = require("connect-session-sequelize")(session.Store);`
added user creation, login, qr-code verification 3 years ago
add contact tracing 3 years ago			`const COOKIE_EXPIRY_DURATION = 60 * 60 * 3 * 1000; // 3 hours in milliseconds`

remove cookies 3 years ago			`const isProduction = process.env.NODE_ENV == "production";`
			`const isDev = process.env.NODE_ENV == "development";`

			console.log(`Node Environment: ${process.env.NODE_ENV}`);

			`const sequelize = (() => {`
			`if (isProduction) {`
			`return new Sequelize(process.env.DB_DATA_NAME, process.env.DB_USER, process.env.DB_PASS, {`
			`host: process.env.DB_PATH,`
			`dialect: process.env.DB_DATA_DIALECT,`
			`});`
			`} else {`
			`return new Sequelize('sqlite::memory:');`
			`}`
			`})();`

			`const storeDB = (() => {`
			`if (isProduction) {`
bugfix 3 years ago			`return new Sequelize(process.env.DB_STORE_NAME, process.env.DB_USER, process.env.DB_PASS, {`
remove cookies 3 years ago			`host: process.env.DB_PATH,`
			`dialect: process.env.DB_DATA_DIALECT,`
			`});`
			`} else {`
			`return new Sequelize('sqlite::memory:');`
			`}`
			`})();`

			`const store = new SequelizeStore({`
			`db: storeDB,`
			`expiration: COOKIE_EXPIRY_DURATION,`
			`});`
			`store.sync();`

add contact tracing 3 years ago			`const Contact = sequelize.define('Contact', {`
			`user: {`
			`type: DataTypes.INTEGER,`
			`allowNull: false,`
			`},`
			`with: {`
			`type: DataTypes.INTEGER,`
			`allowNull: false,`
			`},`
			`});`
			`Contact.sync();`

added user creation, login, qr-code verification 3 years ago			`const User = sequelize.define('User', {`
revert to telegram id as unique key 3 years ago			`telegram: {`
postgres is strict about variable type 3 years ago			`type: DataTypes.INTEGER,`
added user creation, login, qr-code verification 3 years ago			`allowNull: false,`
			`unique: true,`
			`},`
			`verification: {`
			`type: DataTypes.STRING,`
			`},`
			`});`

add contact tracing 3 years ago			`User.sync().then(() => {`
error catching 3 years ago			`if (process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) {`
			`User.create({`
configurable admin account 3 years ago			`telegram: process.env.ADMIN_USERNAME,`
			`hash: bcrypt.hashSync(process.env.ADMIN_PASSWORD, 10),`
error catching 3 years ago			`}).catch(e => {`
configurable admin account 3 years ago			`console.log("Couldn't create admin account. Probably exists.");`
error catching 3 years ago			`});`
revert to telegram id as unique key 3 years ago			`}`
add contact tracing 3 years ago			`});`

added user creation, login, qr-code verification 3 years ago
implemented telegram login 3 years ago			`function authUser(telegramResponse, done) {`
			`let dataCheckArray = [];`

			`for (const [key, value] of Object.entries(telegramResponse)) {`
			`if (key == "hash") continue;`
			dataCheckArray.push(`${key}=${value}`);
			`}`
			`dataCheckArray.sort();`
			`const dataCheckString = dataCheckArray.join("\n");`

			`secretKey = crypto.createHash("sha256").update(process.env.TELEGRAM_TOKEN).digest();`
			`confirmationHash = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex");`

			`const authorized = confirmationHash == telegramResponse.hash;`

			`if (!authorized) {`
			`done({ authorized: false });`
			`}`

added user creation, login, qr-code verification 3 years ago			`User.findOne({`
			`where: {`
implemented telegram login 3 years ago			`telegram: telegramResponse.id,`
added user creation, login, qr-code verification 3 years ago			`}`
			`}).then(user => {`
			`if (!user) {`
implemented telegram login 3 years ago			`createUser(telegramResponse.id, (success) => {`
			`done({ authorized: success });`
			`})`
added user creation, login, qr-code verification 3 years ago			`} else {`
implemented telegram login 3 years ago			`done({ authorized: true });`
added user creation, login, qr-code verification 3 years ago			`}`
			`});`
			`}`

			`function refreshVerification(user, done) {`
add contact tracing 3 years ago			let newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5).replace(/[^a-zA-Z0-9]+/g, "");
			`newVerification = newVerification.substr(0, newVerification.length / 2);`
added user creation, login, qr-code verification 3 years ago			`user.verification = newVerification;`
			`user.save().then(result => {`
			`done(result)`
			`});`
			`}`

revert to telegram id as unique key 3 years ago			`function createQRCode(telegram, done) {`
added user creation, login, qr-code verification 3 years ago
			`User.findOne({`
postgres is strict about variable type 3 years ago			`where: {`
			`telegram: telegram`
			`}`
			`})`
error catching 3 years ago			`.then(user => {`
			`refreshVerification(user, result => {`
			const verifyURL = `${process.env.WEBSITE_URL}/#/verify/${encodeURIComponent(result.verification)}`;
			`QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => {`
			`done(err, url);`
			`})`
			`});`
			`})`
			`.catch(err => {`
			`done(err);`
added user creation, login, qr-code verification 3 years ago			`});`
			`}`

add contact tracing 3 years ago			`function checkVerification(id, done) {`
			`User.findOne({`
			`where: {`
			`verification: decodeURIComponent(id),`
			`}`
			`}).then(user => {`
			`if (user) {`
			`done(true, "User verified", user.id);`
			`} else {`
			`done(false, "No such verification");`
			`}`
			`});`
added user creation, login, qr-code verification 3 years ago			`}`

implemented telegram login 3 years ago			`function createUser(telegram, done) {`
added user creation, login, qr-code verification 3 years ago			`User.create({`
implemented telegram login 3 years ago			`telegram: telegram`
added user creation, login, qr-code verification 3 years ago			`}).then(user => {`
			`if (!user) {`
			`done(false, "Could not create user");`
			`} else {`
			`done(true, "Success");`
			`}`
			`}).catch(reason => {`
			`if (reason.name == "SequelizeUniqueConstraintError") {`
			`done(false, "User already exists");`
			`} else {`
			`done(false, "Unknown error");`
			`}`
			`});`
			`}`

revert to telegram id as unique key 3 years ago			`function addContact(telegram, withUserID, done) {`
			`User.findOne({ where: { telegram: telegram } }).then(user => {`
implemented telegram login 3 years ago			`User.findOne({ where: { id: withUserID } }).then(withUser => {`
			`Contact.create({ user: user.id, with: withUserID })`
			`.then(res => {`
			console.log(`Registering contact between ${user.id} and ${withUserID}`);
postgres is strict about variable type 3 years ago			`sendTelegramMessage(withUser.telegram,`
			`"Someone scanned your QR code. You will be notified if they are tested positive with Covid. If you are tested positive, please tell this bot /COVIDPOSITIVE",`
			`() => {}`
			`);`
implemented telegram login 3 years ago			`done(true, "Successfully added contact");`
			`})`
			`.catch(e => {`
			`done(false, e);`
			`});`

			`})`
add contact tracing 3 years ago			`})`
			`}`

			`function getCookieExpiry() {`
			`return new Date(Date.now() + COOKIE_EXPIRY_DURATION);`
			`}`

implemented telegram login 3 years ago			`function setTelegramWebHook(done) {`
			const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/setWebhook`;
			`axios.post(url, {`
postgres is strict about variable type 3 years ago			url: `${process.env.SERVER_API_URL}/${process.env.TELEGRAM_SECRET}`,
			`allowed_updates: [],`
			`drop_pending_updates: true,`
			`})`
implemented telegram login 3 years ago			`.then(res => { done(res) })`
			`.catch(err => { done(err) });`
			`}`

			`function sendTelegramMessage(telegramID, message, done) {`
			const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/sendMessage`;
			`axios.post(url, {`
postgres is strict about variable type 3 years ago			`chat_id: telegramID,`
			`text: message,`
			`})`
implemented telegram login 3 years ago			`.then((res) => {`
			`done(res)`
			`})`
			`.catch(err => {`
			`console.error("Problem sending Telegram message.");`
			`done(err)`
			`});`
			`}`

added user creation, login, qr-code verification 3 years ago			`const app = express();`
bugfix 3 years ago			`app.set('trust proxy', 1)`
added user creation, login, qr-code verification 3 years ago			`app.use(session({`
			`secret: process.env.SERVER_SESSION_SECRET,`
			`resave: false,`
			`saveUninitialized: false,`
bugfix 3 years ago			`cookie: {`
			`secure: true,`
			`sameSite: "none",`
put verification page on webapp 3 years ago			`},`
			`store: store,`
added user creation, login, qr-code verification 3 years ago			`}))`
fixed cors 3 years ago			`app.use(cors({ credentials: true, origin: true, secure: true }));`
added user creation, login, qr-code verification 3 years ago			`app.use(express.json())`

postgres is strict about variable type 3 years ago			`setTelegramWebHook(() => {});`
implemented telegram login 3 years ago			app.post(`/${process.env.TELEGRAM_SECRET}`, (req, res) => {
			`res.send();`
			`});`

added user creation, login, qr-code verification 3 years ago			`app.post('/login', (req, res) => {`
implemented telegram login 3 years ago			`telegramResponse = req.body.telegramResponse;`
			`const auth = authUser(telegramResponse, (success, msg) => {`
remove cookies 3 years ago			`if (success) {`
verified users sent success on login 3 years ago			`const verified = req.session.verified;`
			`const verifiedBy = req.session.verifiedBy;`
remove cookies 3 years ago			`req.session.regenerate(() => {`
			`cookieExpiry = getCookieExpiry();`
implemented telegram login 3 years ago			`req.session.user = telegramResponse.id;`
verified users sent success on login 3 years ago			`if (verified) {`
implemented telegram login 3 years ago			`addContact(telegramResponse.id, verifiedBy, (contactSuccess) => {`
verified users sent success on login 3 years ago			`res.send({ authorized: success, message: msg, contactSuccess: contactSuccess });`
			`});`
			`} else {`
			`res.send({ authorized: success, message: msg });`
			`}`
remove cookies 3 years ago			`});`
			`} else {`
			`res.status(401).send({ authorized: success, message: msg });`
			`}`
added user creation, login, qr-code verification 3 years ago			`});`
			`});`

			`app.get('/code', (req, res) => {`
			`if (!req.session.user) {`
			`res.status(401).send("Not logged in");`
			`return;`
			`}`
			`createQRCode(req.session.user, (err, url) => {`
error catching 3 years ago			`res.status(url ? 200 : 401).send({ error: err, data: url });`
added user creation, login, qr-code verification 3 years ago			`});`
			`})`

put verification page on webapp 3 years ago			`app.post("/verify", (req, res) => {`
			`checkVerification(req.body.id, (success, msg, withUserID) => {`
add contact tracing 3 years ago			`cookieExpiry = getCookieExpiry();`
added user creation, login, qr-code verification 3 years ago			`req.session.verified = success;`
register contact on account create 3 years ago			`req.session.verifiedBy = withUserID;`
add contact tracing 3 years ago
added user creation, login, qr-code verification 3 years ago			`if (success) {`
add contact tracing 3 years ago			`if (req.session.user) { // If Logged In`
register contact on account create 3 years ago			`addContact(req.session.user, withUserID, (success, msg) => {`
put verification page on webapp 3 years ago			`res.status(success ? 200 : 400).send({ success: success, message: msg, loggedIn: true });`
add contact tracing 3 years ago			`});`
			`} else { // If Not Logged In`
put verification page on webapp 3 years ago			`res.send({ success: success, message: msg, loggedIn: false })`
add contact tracing 3 years ago			`}`
			`} else {`
put verification page on webapp 3 years ago			`res.status(400).send({ success: success, message: msg });`
added user creation, login, qr-code verification 3 years ago			`}`
			`});`
			`});`

port set by appengine 3 years ago			`const port = process.env.PORT \|\| 8080;`
added user creation, login, qr-code verification 3 years ago
			`app.listen(port, () => {`
			console.log(`Listening on port ${port}`);
			`})`