Commit 6403d098 authored by Matthieu - Greep's avatar Matthieu - Greep

Add Authorization and User-Agent filters

parent 3272034b
...@@ -20,6 +20,37 @@ const connection = mysql.createConnection({ ...@@ -20,6 +20,37 @@ const connection = mysql.createConnection({
connection.connect(); connection.connect();
// Get the authorization token from the request header
function checkToken(req, res, next, sql){
var auth = req.get('Authorization')
if (!auth){
res.status(403).json({error: {code: 403, message: "No Authorization header found, please add a Authorization header. If you don't have one, then do nothing lol"}})
} else {
if (auth.includes('Basic ')){
var token = auth.replace('Basic ', '')
sql.query("SELECT * FROM Auth WHERE token = ?", token, async (err, result)=>{
if (err){
console.error(err)
res.status(503).json({error: {code: 503, message: "Error while getting token list for authentificating."}})
} else {
if (result.length < 1){
res.status(401).json({error: {code: 401, message: "Authorization Token not found."}})
} else {
if (result[0].validate == 0){
res.status(403).json({error: {code: 403, message: "Your Token is not validated."}})
} else {
console.log('Connexion from '+ result[0].description);
next()
}
}
}
});
} else {
res.status(403).json({error: {code: 403, message: "Token not found in Authorization header, please set a Token in Authorization header like this: 'Authorization: Basic [token]'."}})
}
}
}
const port = process.env.PORT || 8080; const port = process.env.PORT || 8080;
const app = express() const app = express()
...@@ -29,6 +60,51 @@ const app = express() ...@@ -29,6 +60,51 @@ const app = express()
.use(cookieParser()) .use(cookieParser())
.use(logger('(:date) :method :url - ":user-agent" (:remote-addr) - :status :response-time ms')); .use(logger('(:date) :method :url - ":user-agent" (:remote-addr) - :status :response-time ms'));
// User-agent blacklist system (list on user-agent-blacklist.json)
app.use(function(req, res, next){
var ua = req.get('User-Agent')
if (!ua){
res.status(403).json({error: {code: 403, message: "No User-Agent found, please add a user-agent to something I can understand!"}})
} else {
var blacklistUA = JSON.parse(fs.readFileSync(path.join(__dirname, 'user-agent-blacklist.json')))
var blacklisted = false
blacklistUA.forEach(bUA=>{
if (ua.toLowerCase().includes(bUA.toLowerCase())){
blacklisted = true
}
})
if (blacklisted) {
console.log('BLACKLISTED UA: ' + ua)
res.status(403).json({error: {code: 403, message: "Your User-Agent '"+ ua +"' is blacklisted, please change it to something I can understand!"}})
} else {
next()
}
}
})
app.get('/', (req, res) => {
res.json({'online': true})
})
// Set pages for requests that does not require a token
fs.readdirSync(path.join(__dirname, 'route', 'noToken')).filter(file => file.endsWith('.js')).forEach(function(file) {
require(path.join(__dirname, 'route', 'noToken', file))(app, connection, renderError)
});
// Set pages that require token
app.use((req,res,next)=>checkToken(req,res,next,connection));
fs.readdirSync(path.join(__dirname, 'route', 'token')).filter(file => file.endsWith('.js')).forEach(function(file) {
require(path.join(__dirname, 'route', 'token', file))(app, connection, checkToken, renderError)
});
// catch 404 and forward to error handler
app.use(function(req, res) {
renderError(res, 404, "Not Found")
});
app.listen(port, () => { app.listen(port, () => {
console.log(`Express server listening on port ${port}`); console.log(`Express server listening on port ${port}`);
}); });
[
"curl",
"wget"
]
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment