You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
309 lines
9.1 KiB
309 lines
9.1 KiB
const express = require('express');
|
|
const { Sequelize, DataTypes, STRING } = require('sequelize');
|
|
const session = require('express-session');
|
|
const bcrypt = require('bcrypt');
|
|
const QRCode = require('qrcode');
|
|
const cors = require('cors');
|
|
const { createSecureServer } = require('http2');
|
|
const { default: axios } = require('axios');
|
|
require("dotenv-flow").config();
|
|
const crypto = require('crypto');
|
|
|
|
var SequelizeStore = require("connect-session-sequelize")(session.Store);
|
|
|
|
const COOKIE_EXPIRY_DURATION = 60 * 60 * 3 * 1000; // 3 hours in milliseconds
|
|
|
|
const isProduction = process.env.NODE_ENV == "production";
|
|
const isDev = process.env.NODE_ENV == "development";
|
|
|
|
console.log(`Node Environment: ${process.env.NODE_ENV}`);
|
|
|
|
const sequelize = (() => {
|
|
if (isProduction) {
|
|
return new Sequelize(process.env.DB_DATA_NAME, process.env.DB_USER, process.env.DB_PASS, {
|
|
host: process.env.DB_PATH,
|
|
dialect: process.env.DB_DATA_DIALECT,
|
|
});
|
|
} else {
|
|
return new Sequelize('sqlite::memory:');
|
|
}
|
|
})();
|
|
|
|
const storeDB = (() => {
|
|
if (isProduction) {
|
|
return new Sequelize(process.env.DB_STORE_NAME, process.env.DB_USER, process.env.DB_PASS, {
|
|
host: process.env.DB_PATH,
|
|
dialect: process.env.DB_DATA_DIALECT,
|
|
});
|
|
} else {
|
|
return new Sequelize('sqlite::memory:');
|
|
}
|
|
})();
|
|
|
|
const store = new SequelizeStore({
|
|
db: storeDB,
|
|
expiration: COOKIE_EXPIRY_DURATION,
|
|
});
|
|
store.sync();
|
|
|
|
const Contact = sequelize.define('Contact', {
|
|
user: {
|
|
type: DataTypes.INTEGER,
|
|
allowNull: false,
|
|
},
|
|
with: {
|
|
type: DataTypes.INTEGER,
|
|
allowNull: false,
|
|
},
|
|
});
|
|
Contact.sync();
|
|
|
|
const User = sequelize.define('User', {
|
|
telegram: {
|
|
type: DataTypes.STRING,
|
|
allowNull: false,
|
|
unique: true,
|
|
},
|
|
hash: {
|
|
type: STRING,
|
|
},
|
|
verification: {
|
|
type: DataTypes.STRING,
|
|
},
|
|
});
|
|
|
|
User.sync().then(() => {
|
|
if (process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) {
|
|
User.create({
|
|
telegram: process.env.ADMIN_USERNAME,
|
|
hash: bcrypt.hashSync(process.env.ADMIN_PASSWORD, 10),
|
|
}).catch(e => {
|
|
console.log("Couldn't create admin account. Probably exists.");
|
|
});
|
|
}
|
|
});
|
|
|
|
|
|
function authUser(telegramResponse, done) {
|
|
let dataCheckArray = [];
|
|
|
|
for (const [key, value] of Object.entries(telegramResponse)) {
|
|
if (key == "hash") continue;
|
|
dataCheckArray.push(`${key}=${value}`);
|
|
}
|
|
dataCheckArray.sort();
|
|
const dataCheckString = dataCheckArray.join("\n");
|
|
|
|
secretKey = crypto.createHash("sha256").update(process.env.TELEGRAM_TOKEN).digest();
|
|
confirmationHash = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex");
|
|
|
|
const authorized = confirmationHash == telegramResponse.hash;
|
|
|
|
if (!authorized) {
|
|
done({ authorized: false });
|
|
}
|
|
|
|
User.findOne({
|
|
where: {
|
|
telegram: telegramResponse.id,
|
|
}
|
|
}).then(user => {
|
|
if (!user) {
|
|
createUser(telegramResponse.id, (success) => {
|
|
done({ authorized: success });
|
|
})
|
|
} else {
|
|
done({ authorized: true });
|
|
}
|
|
});
|
|
}
|
|
|
|
function refreshVerification(user, done) {
|
|
let newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5).replace(/[^a-zA-Z0-9]+/g, "");
|
|
newVerification = newVerification.substr(0, newVerification.length / 2);
|
|
user.verification = newVerification;
|
|
user.save().then(result => {
|
|
done(result)
|
|
});
|
|
}
|
|
|
|
function createQRCode(telegram, done) {
|
|
|
|
User.findOne({
|
|
where: {
|
|
telegram: telegram
|
|
}
|
|
})
|
|
.then(user => {
|
|
refreshVerification(user, result => {
|
|
const verifyURL = `${process.env.WEBSITE_URL}/#/verify/${encodeURIComponent(result.verification)}`;
|
|
QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => {
|
|
done(err, url);
|
|
})
|
|
});
|
|
})
|
|
.catch(err => {
|
|
done(err);
|
|
});
|
|
}
|
|
|
|
function checkVerification(id, done) {
|
|
User.findOne({
|
|
where: {
|
|
verification: decodeURIComponent(id),
|
|
}
|
|
}).then(user => {
|
|
if (user) {
|
|
done(true, "User verified", user.id);
|
|
} else {
|
|
done(false, "No such verification");
|
|
}
|
|
});
|
|
}
|
|
|
|
function createUser(telegram, done) {
|
|
User.create({
|
|
telegram: telegram
|
|
}).then(user => {
|
|
if (!user) {
|
|
done(false, "Could not create user");
|
|
} else {
|
|
done(true, "Success");
|
|
}
|
|
}).catch(reason => {
|
|
if (reason.name == "SequelizeUniqueConstraintError") {
|
|
done(false, "User already exists");
|
|
} else {
|
|
done(false, "Unknown error");
|
|
}
|
|
});
|
|
}
|
|
|
|
function addContact(telegram, withUserID, done) {
|
|
User.findOne({ where: { telegram: telegram } }).then(user => {
|
|
User.findOne({ where: { id: withUserID } }).then(withUser => {
|
|
Contact.create({ user: user.id, with: withUserID })
|
|
.then(res => {
|
|
console.log(`Registering contact between ${user.id} and ${withUserID}`);
|
|
sendTelegramMessage(withUser.telegram, "Someone scanned your QR code. You will be notified if they are tested positive with Covid. If you are tested positive, please tell this bot /COVIDPOSITIVE");
|
|
done(true, "Successfully added contact");
|
|
})
|
|
.catch(e => {
|
|
done(false, e);
|
|
});
|
|
|
|
})
|
|
})
|
|
}
|
|
|
|
function getCookieExpiry() {
|
|
return new Date(Date.now() + COOKIE_EXPIRY_DURATION);
|
|
}
|
|
|
|
function setTelegramWebHook(done) {
|
|
const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/setWebhook`;
|
|
axios.post(url, {
|
|
url: `${process.env.SERVER_API_URL}/${process.env.TELEGRAM_SECRET}`,
|
|
allowed_updates: [],
|
|
drop_pending_updates: true,
|
|
})
|
|
.then(res => { done(res) })
|
|
.catch(err => { done(err) });
|
|
}
|
|
|
|
function sendTelegramMessage(telegramID, message, done) {
|
|
const url = `https://api.telegram.org/bot${process.env.TELEGRAM_TOKEN}/sendMessage`;
|
|
axios.post(url, {
|
|
chat_id: telegramID,
|
|
text: message,
|
|
})
|
|
.then((res) => {
|
|
done(res)
|
|
})
|
|
.catch(err => {
|
|
console.error("Problem sending Telegram message.");
|
|
done(err)
|
|
});
|
|
}
|
|
|
|
const app = express();
|
|
app.set('trust proxy', 1)
|
|
app.use(session({
|
|
secret: process.env.SERVER_SESSION_SECRET,
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: {
|
|
secure: true,
|
|
sameSite: "none",
|
|
},
|
|
store: store,
|
|
}))
|
|
app.use(cors({ credentials: true, origin: true, secure: true }));
|
|
app.use(express.json())
|
|
|
|
setTelegramWebHook(() => { });
|
|
app.post(`/${process.env.TELEGRAM_SECRET}`, (req, res) => {
|
|
if (req.body.message) {
|
|
sendTelegramMessage(req.body.message.chat.id, `${req.body.message.text.toUpperCase()}`, (res) => { console.log(res) });
|
|
}
|
|
res.send();
|
|
});
|
|
|
|
app.post('/login', (req, res) => {
|
|
telegramResponse = req.body.telegramResponse;
|
|
const auth = authUser(telegramResponse, (success, msg) => {
|
|
if (success) {
|
|
const verified = req.session.verified;
|
|
const verifiedBy = req.session.verifiedBy;
|
|
req.session.regenerate(() => {
|
|
cookieExpiry = getCookieExpiry();
|
|
req.session.user = telegramResponse.id;
|
|
if (verified) {
|
|
addContact(telegramResponse.id, verifiedBy, (contactSuccess) => {
|
|
res.send({ authorized: success, message: msg, contactSuccess: contactSuccess });
|
|
});
|
|
} else {
|
|
res.send({ authorized: success, message: msg });
|
|
}
|
|
});
|
|
} else {
|
|
res.status(401).send({ authorized: success, message: msg });
|
|
}
|
|
});
|
|
});
|
|
|
|
app.get('/code', (req, res) => {
|
|
if (!req.session.user) {
|
|
res.status(401).send("Not logged in");
|
|
return;
|
|
}
|
|
createQRCode(req.session.user, (err, url) => {
|
|
res.status(url ? 200 : 401).send({ error: err, data: url });
|
|
});
|
|
})
|
|
|
|
app.post("/verify", (req, res) => {
|
|
checkVerification(req.body.id, (success, msg, withUserID) => {
|
|
cookieExpiry = getCookieExpiry();
|
|
req.session.verified = success;
|
|
req.session.verifiedBy = withUserID;
|
|
|
|
if (success) {
|
|
if (req.session.user) { // If Logged In
|
|
addContact(req.session.user, withUserID, (success, msg) => {
|
|
res.status(success ? 200 : 400).send({ success: success, message: msg, loggedIn: true });
|
|
});
|
|
} else { // If Not Logged In
|
|
res.send({ success: success, message: msg, loggedIn: false })
|
|
}
|
|
} else {
|
|
res.status(400).send({ success: success, message: msg });
|
|
}
|
|
});
|
|
});
|
|
|
|
const port = process.env.PORT || 8080;
|
|
|
|
app.listen(port, () => {
|
|
console.log(`Listening on port ${port}`);
|
|
})
|