const express = require('express'); const { Sequelize, DataTypes, STRING } = require('sequelize'); const session = require('express-session'); const bcrypt = require('bcrypt'); const QRCode = require('qrcode'); const cors = require('cors'); const { createSecureServer } = require('http2'); const { default: axios } = require('axios'); require("dotenv-flow").config(); const crypto = require('crypto'); var SequelizeStore = require("connect-session-sequelize")(session.Store); const COOKIE_EXPIRY_DURATION = 60 * 60 * 3 * 1000; // 3 hours in milliseconds const isProduction = process.env.NODE_ENV == "production"; const isDev = process.env.NODE_ENV == "development"; console.log(`Node Environment: ${process.env.NODE_ENV}`); const sequelize = (() => { if (isProduction) { return new Sequelize(process.env.DB_DATA_NAME, process.env.DB_USER, process.env.DB_PASS, { host: process.env.DB_PATH, dialect: process.env.DB_DATA_DIALECT, }); } else { return new Sequelize('sqlite::memory:'); } })(); const storeDB = (() => { if (isProduction) { return new Sequelize(process.env.DB_STORE_NAME, process.env.DB_USER, process.env.DB_PASS, { host: process.env.DB_PATH, dialect: process.env.DB_DATA_DIALECT, }); } else { return new Sequelize('sqlite::memory:'); } })(); const store = new SequelizeStore({ db: storeDB, expiration: COOKIE_EXPIRY_DURATION, }); store.sync(); const Contact = sequelize.define('Contact', { user: { type: DataTypes.INTEGER, allowNull: false, }, with: { type: DataTypes.INTEGER, allowNull: false, }, }); Contact.sync(); const User = sequelize.define('User', { telegram: { type: DataTypes.STRING, allowNull: false, unique: true, }, hash: { type: STRING, }, verification: { type: DataTypes.STRING, }, }); User.sync().then(() => { if (process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) { User.create({ telegram: process.env.ADMIN_USERNAME, hash: bcrypt.hashSync(process.env.ADMIN_PASSWORD, 10), }).catch(e => { console.log("Couldn't create admin account. Probably exists."); }); } }); function authUser(telegramResponse, done) { let dataCheckArray = []; for (const [key, value] of Object.entries(telegramResponse)) { if (key == "hash") continue; dataCheckArray.push(`${key}=${value}`); } dataCheckArray.sort(); const dataCheckString = dataCheckArray.join("\n"); secretKey = crypto.createHash("sha256").update(process.env.TELEGRAM_TOKEN).digest(); confirmationHash = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex"); const authorized = confirmationHash == telegramResponse.hash; if (!authorized) { done({ authorized: false }); } User.findOne({ where: { telegram: telegramResponse.id, } }).then(user => { if (!user) { createUser(telegramResponse.id, (success) => { done({ authorized: success }); }) } else { done({ authorized: true }); } }); } function refreshVerification(user, done) { let newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5).replace(/[^a-zA-Z0-9]+/g, ""); newVerification = newVerification.substr(0, newVerification.length / 2); user.verification = newVerification; user.save().then(result => { done(result) }); } function createQRCode(telegram, done) { User.findOne({ where: { telegram: telegram } }) .then(user => { refreshVerification(user, result => { const verifyURL = `${process.env.WEBSITE_URL}/#/verify/${encodeURIComponent(result.verification)}`; QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => { done(err, url); }) }); }) .catch(err => { done(err); }); } function checkVerification(id, done) { User.findOne({ where: { verification: decodeURIComponent(id), } }).then(user => { if (user) { done(true, "User verified", user.id); } else { done(false, "No such verification"); } }); } function createUser(telegram, done) { User.create({ telegram: telegram }).then(user => { if (!user) { done(false, "Could not create user"); } else { done(true, "Success"); } }).catch(reason => { if (reason.name == "SequelizeUniqueConstraintError") { done(false, "User already exists"); } else { done(false, "Unknown error"); } }); } function addContact(telegram, withUserID, done) { User.findOne({ where: { telegram: telegram } }).then(user => { User.findOne({ where: { id: withUserID } }).then(withUser => { Contact.create({ user: user.id, with: withUserID }) .then(res => { console.log(`Registering contact between ${user.id} and ${withUserID}`); sendTelegramMessage(withUser.telegram, "Someone scanned your QR code. You will be notified if they are tested positive with Covid. If you are tested positive, please tell this bot /COVIDPOSITIVE"); done(true, "Successfully added contact"); }) .catch(e => { done(false, e); }); }) }) } function getCookieExpiry() { return new Date(Date.now() + COOKIE_EXPIRY_DURATION); } function setTelegramWebHook(done) { const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/setWebhook`; axios.post(url, { url: `${process.env.SERVER_API_URL}/${process.env.TELEGRAM_SECRET}`, allowed_updates: [], drop_pending_updates: true, }) .then(res => { done(res) }) .catch(err => { done(err) }); } function sendTelegramMessage(telegramID, message, done) { const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/sendMessage`; axios.post(url, { chat_id: telegramID, text: message, }) .then((res) => { done(res) }) .catch(err => { console.error("Problem sending Telegram message."); done(err) }); } const app = express(); app.set('trust proxy', 1) app.use(session({ secret: process.env.SERVER_SESSION_SECRET, resave: false, saveUninitialized: false, cookie: { secure: true, sameSite: "none", }, store: store, })) app.use(cors({ credentials: true, origin: true, secure: true })); app.use(express.json()) setTelegramWebHook(() => { }); app.post(`/${process.env.TELEGRAM_SECRET}`, (req, res) => { if (req.body.message) { sendTelegramMessage(req.body.message.chat.id, `${req.body.message.text.toUpperCase()}`, (res) => { console.log(res) }); } res.send(); }); app.post('/login', (req, res) => { telegramResponse = req.body.telegramResponse; const auth = authUser(telegramResponse, (success, msg) => { if (success) { const verified = req.session.verified; const verifiedBy = req.session.verifiedBy; req.session.regenerate(() => { cookieExpiry = getCookieExpiry(); req.session.user = telegramResponse.id; if (verified) { addContact(telegramResponse.id, verifiedBy, (contactSuccess) => { res.send({ authorized: success, message: msg, contactSuccess: contactSuccess }); }); } else { res.send({ authorized: success, message: msg }); } }); } else { res.status(401).send({ authorized: success, message: msg }); } }); }); app.get('/code', (req, res) => { if (!req.session.user) { res.status(401).send("Not logged in"); return; } createQRCode(req.session.user, (err, url) => { res.status(url ? 200 : 401).send({ error: err, data: url }); }); }) app.post("/verify", (req, res) => { checkVerification(req.body.id, (success, msg, withUserID) => { cookieExpiry = getCookieExpiry(); req.session.verified = success; req.session.verifiedBy = withUserID; if (success) { if (req.session.user) { // If Logged In addContact(req.session.user, withUserID, (success, msg) => { res.status(success ? 200 : 400).send({ success: success, message: msg, loggedIn: true }); }); } else { // If Not Logged In res.send({ success: success, message: msg, loggedIn: false }) } } else { res.status(400).send({ success: success, message: msg }); } }); }); const port = process.env.PORT || 8080; app.listen(port, () => { console.log(`Listening on port ${port}`); })