Add Authorization and User-Agent filters

index.js

@@ -20,6 +20,37 @@ const connection = mysql.createConnection({
 
 connection.connect();
 
+// Get the authorization token from the request header
+function checkToken(req, res, next, sql){
+    var auth = req.get('Authorization')
+    if (!auth){
+        res.status(403).json({error: {code: 403, message: "No Authorization header found, please add a Authorization header. If you don't have one, then do nothing lol"}})
+    } else {
+        if (auth.includes('Basic ')){
+            var token = auth.replace('Basic ', '')
+            sql.query("SELECT * FROM Auth WHERE token = ?", token, async (err, result)=>{
+                if (err){
+                    console.error(err)
+                    res.status(503).json({error: {code: 503, message: "Error while getting token list for authentificating."}})
+                } else {
+                    if (result.length < 1){
+                        res.status(401).json({error: {code: 401, message: "Authorization Token not found."}})
+                    } else {
+                        if (result[0].validate == 0){
+                            res.status(403).json({error: {code: 403, message: "Your Token is not validated."}})
+                        } else {
+                            console.log('Connexion from '+ result[0].description);
+                            next()
+                        }
+                    }
+                }
+            });
+        } else {
+            res.status(403).json({error: {code: 403, message: "Token not found in Authorization header, please set a Token in Authorization header like this: 'Authorization: Basic [token]'."}})
+        }
+    }
+}
+
 const port = process.env.PORT || 8080;
 
 const app = express()
@@ -29,6 +60,51 @@ const app = express()
     .use(cookieParser())
     .use(logger('(:date) :method :url - ":user-agent" (:remote-addr) - :status :response-time ms'));
 
+// User-agent blacklist system (list on user-agent-blacklist.json)
+app.use(function(req, res, next){
+    var ua = req.get('User-Agent')
+    if (!ua){
+        res.status(403).json({error: {code: 403, message: "No User-Agent found, please add a user-agent to something I can understand!"}})
+    } else {
+        var blacklistUA = JSON.parse(fs.readFileSync(path.join(__dirname, 'user-agent-blacklist.json')))
+        var blacklisted = false
+
+        blacklistUA.forEach(bUA=>{
+            if (ua.toLowerCase().includes(bUA.toLowerCase())){
+                blacklisted = true
+            }
+        })
+
+        if (blacklisted) {
+            console.log('BLACKLISTED UA: ' + ua)
+            res.status(403).json({error: {code: 403, message: "Your User-Agent '"+ ua +"' is blacklisted, please change it to something I can understand!"}})
+        } else {
+            next()
+        }
+    }
+})
+
+app.get('/', (req, res) => {
+    res.json({'online': true})
+})
+
+// Set pages for requests that does not require a token
+fs.readdirSync(path.join(__dirname, 'route', 'noToken')).filter(file => file.endsWith('.js')).forEach(function(file) {
+    require(path.join(__dirname, 'route', 'noToken', file))(app, connection, renderError)
+});
+
+// Set pages that require token
+app.use((req,res,next)=>checkToken(req,res,next,connection));
+
+fs.readdirSync(path.join(__dirname, 'route', 'token')).filter(file => file.endsWith('.js')).forEach(function(file) {
+    require(path.join(__dirname, 'route', 'token', file))(app, connection, checkToken, renderError)
+});
+
+// catch 404 and forward to error handler
+app.use(function(req, res) {
+    renderError(res, 404, "Not Found")
+});
+
 app.listen(port, () => {
     console.log(`Express server listening on port ${port}`);
 });

user-agent-blacklist.json

+[
+    "curl",
+    "wget"
+]
\ No newline at end of file