96 lines
2.9 KiB
JavaScript
96 lines
2.9 KiB
JavaScript
const express = require('express')
|
|
const bodyParser = require('body-parser')
|
|
const cookieParser = require('cookie-parser')
|
|
const crypto = require('crypto')
|
|
const fs = require('fs')
|
|
const util = require('util')
|
|
const bot = require('./apps/bot')
|
|
|
|
const app = express()
|
|
|
|
app.use(bodyParser.json())
|
|
app.use(cookieParser())
|
|
|
|
BigInt.prototype.toJSON = function () {
|
|
return Number(this)
|
|
}
|
|
|
|
app.use((req, res, next) => {
|
|
if(!(req.body instanceof Object))
|
|
return next()
|
|
|
|
const escapeHtml = str => str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, ''')
|
|
Object
|
|
.keys(req.body || {})
|
|
.filter(key => typeof(req.body[key]) == 'string' && key != 'password')
|
|
.map(key => req.body[key] = escapeHtml(req.body[key]))
|
|
|
|
next()
|
|
})
|
|
|
|
// cors
|
|
app.use((req, res, next) => {
|
|
res.set({
|
|
'Access-Control-Allow-Origin': '*',
|
|
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE',
|
|
'Access-Control-Allow-Headers': 'Accept,Accept-Language,Content-Language,Content-Type,Authorization,Cookie,X-Requested-With,Origin,Host',
|
|
'Access-Control-Allow-Credentials': true
|
|
})
|
|
|
|
return req.method == 'OPTIONS' ? res.status(200).json({success: true}) : next()
|
|
})
|
|
|
|
app.post('(/api/admin/customer/login|/api/miniapp/user/login)', (req, res, next) => {
|
|
const data = Object.assign({}, req.query)
|
|
delete data.hash
|
|
const hash = req.query?.hash
|
|
|
|
const BOT_TOKEN = '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k'
|
|
const dataCheckString = Object.keys(data).sort().map((key) => `${key}=${data[key]}`).join("\n")
|
|
const secretKey = crypto.createHmac("sha256", "WebAppData").update(BOT_TOKEN).digest()
|
|
const hmac = crypto.createHmac("sha256", secretKey).update(dataCheckString).digest("hex")
|
|
|
|
const timeDiff = Date.now() / 1000 - data.auth_date
|
|
|
|
if (hmac !== req.query.hash) // || timeDiff > 10)
|
|
throw Error('ACCESS_DENIED::401')
|
|
|
|
const user = JSON.parse(req.query.user)
|
|
res.locals.telegram_id = user.id
|
|
res.locals.start_param = req.query.start_param
|
|
|
|
if (!res.locals.telegram_id)
|
|
throw Error('ACCESS_DENIED::500')
|
|
|
|
next()
|
|
})
|
|
|
|
|
|
app.use('/api/admin', require('./apps/admin'))
|
|
app.use('/api/miniapp', require('./apps/miniapp'))
|
|
|
|
app.use((err, req, res, next) => {
|
|
console.error(`Error for ${req.path}: ${err}`)
|
|
|
|
let message, code
|
|
//if (err.code == 'SQLITE_ERROR' || err.code == 'SQLITE_CONSTRAINT_CHECK') {
|
|
// message = 'DATABASE_ERROR'
|
|
//code = err.code == 'SQLITE_CONSTRAINT_CHECK' ? 400 : 500
|
|
//} else {
|
|
[message, code = 500] = err.message.split('::')
|
|
//}
|
|
|
|
res.status(res.statusCode == 200 ? 500 : res.statusCode).json({success: false, error: { message, code}})
|
|
})
|
|
|
|
app.use(express.static('public'))
|
|
|
|
const PORT = process.env.PORT || 3000
|
|
app.listen(PORT, async () => {
|
|
console.log(`Listening at port ${PORT}`)
|
|
bot.start(
|
|
process.env.API_ID || 26746106,
|
|
process.env.API_HASH || '29e5f83c04e635fa583721473a6003b5',
|
|
process.env.BOT_TOKEN || '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k'
|
|
)
|
|
}) |