const express = require('express') const bodyParser = require('body-parser') const cookieParser = require('cookie-parser') const crypto = require('crypto') const fs = require('fs') const util = require('util') const bot = require('./apps/bot') const app = express() app.use(bodyParser.json()) app.use(cookieParser()) BigInt.prototype.toJSON = function () { return Number(this) } app.use((req, res, next) => { if(!(req.body instanceof Object)) return next() const escapeHtml = str => str.replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''') Object .keys(req.body || {}) .filter(key => typeof(req.body[key]) == 'string' && key != 'password') .map(key => req.body[key] = escapeHtml(req.body[key])) next() }) // cors app.use((req, res, next) => { res.set({ 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE', 'Access-Control-Allow-Headers': 'Accept,Accept-Language,Content-Language,Content-Type,Authorization,Cookie,X-Requested-With,Origin,Host', 'Access-Control-Allow-Credentials': true }) return req.method == 'OPTIONS' ? res.status(200).json({success: true}) : next() }) app.post('(/api/admin/customer/login|/api/miniapp/user/login)', (req, res, next) => { const data = Object.assign({}, req.query) delete data.hash const hash = req.query?.hash const BOT_TOKEN = '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k' const dataCheckString = Object.keys(data).sort().map((key) => `${key}=${data[key]}`).join("\n") const secretKey = crypto.createHmac("sha256", "WebAppData").update(BOT_TOKEN).digest() const hmac = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex") const timeDiff = Date.now() / 1000 - data.auth_date if (hmac !== req.query.hash) // || timeDiff > 10) throw Error('ACCESS_DENIED::401') const user = JSON.parse(req.query.user) res.locals.telegram_id = user.id res.locals.start_param = req.query.start_param if (!res.locals.telegram_id) throw Error('ACCESS_DENIED::500') next() }) app.use('/api/admin', require('./apps/admin')) app.use('/api/miniapp', require('./apps/miniapp')) app.use((err, req, res, next) => { console.error(`Error for ${req.path}: ${err}`) let message, code //if (err.code == 'SQLITE_ERROR' || err.code == 'SQLITE_CONSTRAINT_CHECK') { // message = 'DATABASE_ERROR' //code = err.code == 'SQLITE_CONSTRAINT_CHECK' ? 400 : 500 //} else { [message, code = 500] = err.message.split('::') //} res.status(res.statusCode == 200 ? 500 : res.statusCode).json({success: false, error: { message, code}}) }) app.use(express.static('public')) const PORT = process.env.PORT || 3000 app.listen(PORT, async () => { console.log(`Listening at port ${PORT}`) bot.start( process.env.API_ID || 26746106, process.env.API_HASH || '29e5f83c04e635fa583721473a6003b5', process.env.BOT_TOKEN || '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k' ) })