v2
This commit is contained in:
96
backend/app.js
Normal file
96
backend/app.js
Normal file
@@ -0,0 +1,96 @@
|
||||
const express = require('express')
|
||||
const bodyParser = require('body-parser')
|
||||
const cookieParser = require('cookie-parser')
|
||||
const crypto = require('crypto')
|
||||
const fs = require('fs')
|
||||
const util = require('util')
|
||||
const bot = require('./apps/bot')
|
||||
|
||||
const app = express()
|
||||
|
||||
app.use(bodyParser.json())
|
||||
app.use(cookieParser())
|
||||
|
||||
BigInt.prototype.toJSON = function () {
|
||||
return Number(this)
|
||||
}
|
||||
|
||||
app.use((req, res, next) => {
|
||||
if(!(req.body instanceof Object))
|
||||
return next()
|
||||
|
||||
const escapeHtml = str => str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, ''')
|
||||
Object
|
||||
.keys(req.body || {})
|
||||
.filter(key => typeof(req.body[key]) == 'string' && key != 'password')
|
||||
.map(key => req.body[key] = escapeHtml(req.body[key]))
|
||||
|
||||
next()
|
||||
})
|
||||
|
||||
// cors
|
||||
app.use((req, res, next) => {
|
||||
res.set({
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE',
|
||||
'Access-Control-Allow-Headers': 'Accept,Accept-Language,Content-Language,Content-Type,Authorization,Cookie,X-Requested-With,Origin,Host',
|
||||
'Access-Control-Allow-Credentials': true
|
||||
})
|
||||
|
||||
return req.method == 'OPTIONS' ? res.status(200).json({success: true}) : next()
|
||||
})
|
||||
|
||||
app.post('(/api/admin/customer/login|/api/miniapp/user/login)', (req, res, next) => {
|
||||
const data = Object.assign({}, req.query)
|
||||
delete data.hash
|
||||
const hash = req.query?.hash
|
||||
|
||||
const BOT_TOKEN = '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k'
|
||||
const dataCheckString = Object.keys(data).sort().map((key) => `${key}=${data[key]}`).join("\n")
|
||||
const secretKey = crypto.createHmac("sha256", "WebAppData").update(BOT_TOKEN).digest()
|
||||
const hmac = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex")
|
||||
|
||||
const timeDiff = Date.now() / 1000 - data.auth_date
|
||||
|
||||
if (hmac !== req.query.hash) // || timeDiff > 10)
|
||||
throw Error('ACCESS_DENIED::401')
|
||||
|
||||
const user = JSON.parse(req.query.user)
|
||||
res.locals.telegram_id = user.id
|
||||
res.locals.start_param = req.query.start_param
|
||||
|
||||
if (!res.locals.telegram_id)
|
||||
throw Error('ACCESS_DENIED::500')
|
||||
|
||||
next()
|
||||
})
|
||||
|
||||
|
||||
app.use('/api/admin', require('./apps/admin'))
|
||||
app.use('/api/miniapp', require('./apps/miniapp'))
|
||||
|
||||
app.use((err, req, res, next) => {
|
||||
console.error(`Error for ${req.path}: ${err}`)
|
||||
|
||||
let message, code
|
||||
//if (err.code == 'SQLITE_ERROR' || err.code == 'SQLITE_CONSTRAINT_CHECK') {
|
||||
// message = 'DATABASE_ERROR'
|
||||
//code = err.code == 'SQLITE_CONSTRAINT_CHECK' ? 400 : 500
|
||||
//} else {
|
||||
[message, code = 500] = err.message.split('::')
|
||||
//}
|
||||
|
||||
res.status(res.statusCode == 200 ? 500 : res.statusCode).json({success: false, error: { message, code}})
|
||||
})
|
||||
|
||||
app.use(express.static('public'))
|
||||
|
||||
const PORT = process.env.PORT || 3000
|
||||
app.listen(PORT, async () => {
|
||||
console.log(`Listening at port ${PORT}`)
|
||||
bot.start(
|
||||
process.env.API_ID || 26746106,
|
||||
process.env.API_HASH || '29e5f83c04e635fa583721473a6003b5',
|
||||
process.env.BOT_TOKEN || '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k'
|
||||
)
|
||||
})
|
||||
Reference in New Issue
Block a user