Inicio Explorar Axuda
Iniciar sesión
Vieraw
/
Kutt
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 5d2409c556
Ramas Etiquetas
Kutt
/
server
/
controllers
/
urlController.js

urlController.js 8.6 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1. const urlRegex = require('url-regex');
    2. 

  2. const URL = require('url');
    3. 

  3. const dns = require('dns');
    4. 

  4. const { promisify } = require('util');
    5. 

  5. const generate = require('nanoid/generate');
    6. 

  6. const useragent = require('useragent');
    7. 

  7. const geoip = require('geoip-lite');
    8. 

  8. const bcrypt = require('bcryptjs');
    9. 

  9. const subDay = require('date-fns/sub_days');
    10. 

  10. const {
    11. 

  11.   createShortUrl,
    12. 

  12.   createVisit,
    13. 

  13.   deleteCustomDomain,
    14. 

  14.   deleteUrl,
    15. 

  15.   findUrl,
    16. 

  16.   getCountUrls,
    17. 

  17.   getCustomDomain,
    18. 

  18.   getStats,
    19. 

  19.   getUrls,
    20. 

  20.   setCustomDomain,
    21. 

  21.   urlCountFromDate,
    22. 

  22.   banUrl,
    23. 

  23.   getBannedDomain,
    24. 

  24.   getBannedHost,
    25. 

  25. } = require('../db/url');
    26. 

  26. 

  27. const dnsLookup = promisify(dns.lookup);
    28. 

  28. 

  29. const { addProtocol, generateShortUrl } = require('../utils');
    30. 

  30. const config = require('../config');
    31. 

  31. 

  32. const generateId = async () => {
    33. 

  33.   const id = generate('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890', 6);
    34. 

  34.   const urls = await findUrl({ id });
    35. 

  35.   if (!urls.length) return id;
    36. 

  36.   return generateId();
    37. 

  37. };
    38. 

  38. 

  39. exports.urlShortener = async ({ body, user }, res) => {
    40. 

  40.   // Check if user has passed daily limit
    41. 

  41.   if (user) {
    42. 

  42.     const { count } = await urlCountFromDate({
    43. 

  43.       email: user.email,
    44. 

  44.       date: subDay(new Date(), 1).toJSON(),
    45. 

  45.     });
    46. 

  46.     if (count > config.USER_LIMIT_PER_DAY) {
    47. 

  47.       return res.status(429).json({
    48. 

  48.         error: `You have reached your daily limit (${config.USER_LIMIT_PER_DAY}). Please wait 24h.`,
    49. 

  49.       });
    50. 

  50.     }
    51. 

  51.   }
    52. 

  52. 

  53.   // if "reuse" is true, try to return
    54. 

  54.   // the existent URL without creating one
    55. 

  55.   if (user && body.reuse) {
    56. 

  56.     const urls = await findUrl({ target: addProtocol(body.target) });
    57. 

  57.     if (urls.length) {
    58. 

  58.       urls.sort((a, b) => a.createdAt > b.createdAt);
    59. 

  59.       const { domain: d, user: u, ...url } = urls[urls.length - 1];
    60. 

  60.       const data = {
    61. 

  61.         ...url,
    62. 

  62.         password: !!url.password,
    63. 

  63.         reuse: true,
    64. 

  64.         shortUrl: generateShortUrl(url.id, user.domain),
    65. 

  65.       };
    66. 

  66.       return res.json(data);
    67. 

  67.     }
    68. 

  68.   }
    69. 

  69. 

  70.   // Check if custom URL already exists
    71. 

  71.   if (user && body.customurl) {
    72. 

  72.     const urls = await findUrl({ id: body.customurl || '' });
    73. 

  73.     if (urls.length) {
    74. 

  74.       const urlWithNoDomain = !user.domain && urls.some(url => !url.domain);
    75. 

  75.       const urlWithDmoain = user.domain && urls.some(url => url.domain === user.domain);
    76. 

  76.       if (urlWithNoDomain || urlWithDmoain) {
    77. 

  77.         return res.status(400).json({ error: 'Custom URL is already in use.' });
    78. 

  78.       }
    79. 

  79.     }
    80. 

  80.   }
    81. 

  81. 

  82.   // If domain or host is banned
    83. 

  83.   const domain = URL.parse(body.target).hostname;
    84. 

  84.   const isDomainBanned = await getBannedDomain(domain);
    85. 

  85. 

  86.   let isHostBanned;
    87. 

  87.   try {
    88. 

  88.     const dnsRes = await dnsLookup(domain);
    89. 

  89.     isHostBanned = await getBannedHost(dnsRes && dnsRes.address);
    90. 

  90.   } catch (error) {
    91. 

  91.     isHostBanned = null;
    92. 

  92.   }
    93. 

  93. 

  94.   if (isDomainBanned || isHostBanned) {
    95. 

  95.     return res.status(400).json({ error: 'URL is containing malware/scam.' });
    96. 

  96.   }
    97. 

  97. 

  98.   // Create new URL
    99. 

  99.   const id = (user && body.customurl) || (await generateId());
    100. 

  100.   const target = addProtocol(body.target);
    101. 

  101.   const url = await createShortUrl({ ...body, id, target, user });
    102. 

  102. 

  103.   return res.json(url);
    104. 

  104. };
    105. 

  105. 

  106. const browsersList = ['IE', 'Firefox', 'Chrome', 'Opera', 'Safari', 'Edge'];
    107. 

  107. const osList = ['Windows', 'Mac Os X', 'Linux', 'Chrome OS', 'Android', 'iOS'];
    108. 

  108. const botList = ['bot', 'dataminr', 'pinterest', 'yahoo', 'facebook', 'crawl'];
    109. 

  109. const filterInBrowser = agent => item =>
    110. 

  110.   agent.family.toLowerCase().includes(item.toLocaleLowerCase());
    111. 

  111. const filterInOs = agent => item =>
    112. 

  112.   agent.os.family.toLowerCase().includes(item.toLocaleLowerCase());
    113. 

  113. 

  114. exports.goToUrl = async (req, res, next) => {
    115. 

  115.   const { host } = req.headers;
    116. 

  116.   const reqestedId = req.params.id || req.body.id;
    117. 

  117.   const id = reqestedId.replace('+', '');
    118. 

  118.   const domain = host !== config.DEFAULT_DOMAIN && host;
    119. 

  119.   const agent = useragent.parse(req.headers['user-agent']);
    120. 

  120.   const [browser = 'Other'] = browsersList.filter(filterInBrowser(agent));
    121. 

  121.   const [os = 'Other'] = osList.filter(filterInOs(agent));
    122. 

  122.   const referrer = req.header('Referer') && URL.parse(req.header('Referer')).hostname;
    123. 

  123.   const location = geoip.lookup(req.realIp);
    124. 

  124.   const country = location && location.country;
    125. 

  125.   const urls = await findUrl({ id, domain });
    126. 

  126.   const isBot =
    127. 

  127.     botList.some(bot => agent.source.toLowerCase().includes(bot)) || agent.family === 'Other';
    128. 

  128.   if (!urls && !urls.length) return next();
    129. 

  129.   const url = urls.find(item => (domain ? item.domain === domain : !item.domain));
    130. 

  130. 

  131.   if (!url) return next();
    132. 

  132. 

  133.   if (url.banned) {
    134. 

  134.     return res.redirect('/banned');
    135. 

  135.   }
    136. 

  136. 

  137.   const doesRequestInfo = /.*\+$/gi.test(reqestedId);
    138. 

  138.   if (doesRequestInfo && !url.password) {
    139. 

  139.     req.urlTarget = url.target;
    140. 

  140.     req.pageType = 'info';
    141. 

  141.     return next();
    142. 

  142.   }
    143. 

  143. 

  144.   if (url.password && !req.body.password) {
    145. 

  145.     req.protectedUrl = id;
    146. 

  146.     req.pageType = 'password';
    147. 

  147.     return next();
    148. 

  148.   }
    149. 

  149.   if (url.password) {
    150. 

  150.     const isMatch = await bcrypt.compare(req.body.password, url.password);
    151. 

  151.     if (!isMatch) {
    152. 

  152.       return res.status(401).json({ error: 'Password is not correct' });
    153. 

  153.     }
    154. 

  154.     if (url.user && !isBot) {
    155. 

  155.       await createVisit({
    156. 

  156.         browser,
    157. 

  157.         country: country || 'Unknown',
    158. 

  158.         domain,
    159. 

  159.         id: url.id,
    160. 

  160.         os,
    161. 

  161.         referrer: referrer || 'Direct',
    162. 

  162.       });
    163. 

  163.     }
    164. 

  164.     return res.status(200).json({ target: url.target });
    165. 

  165.   }
    166. 

  166.   if (url.user && !isBot) {
    167. 

  167.     await createVisit({
    168. 

  168.       browser,
    169. 

  169.       country: country || 'Unknown',
    170. 

  170.       domain,
    171. 

  171.       id: url.id,
    172. 

  172.       os,
    173. 

  173.       referrer: referrer || 'Direct',
    174. 

  174.     });
    175. 

  175.   }
    176. 

  176.   return res.redirect(url.target);
    177. 

  177. };
    178. 

  178. 

  179. exports.getUrls = async ({ query, user }, res) => {
    180. 

  180.   const { countAll } = await getCountUrls({ user });
    181. 

  181.   const urlsList = await getUrls({ options: query, user });
    182. 

  182.   return res.json({ ...urlsList, countAll });
    183. 

  183. };
    184. 

  184. 

  185. exports.setCustomDomain = async ({ body: { customDomain }, user }, res) => {
    186. 

  186.   if (customDomain.length > 40) {
    187. 

  187.     return res.status(400).json({ error: 'Maximum custom domain length is 40.' });
    188. 

  188.   }
    189. 

  189.   if (customDomain === config.DEFAULT_DOMAIN) {
    190. 

  190.     return res.status(400).json({ error: "You can't use default domain." });
    191. 

  191.   }
    192. 

  192.   const isValidDomain = urlRegex({ exact: true, strict: false }).test(customDomain);
    193. 

  193.   if (!isValidDomain) return res.status(400).json({ error: 'Domain is not valid.' });
    194. 

  194.   const isOwned = await getCustomDomain({ customDomain });
    195. 

  195.   if (isOwned && isOwned.email !== user.email) {
    196. 

  196.     return res
    197. 

  197.       .status(400)
    198. 

  198.       .json({ error: 'Domain is already taken. Contact us for multiple users.' });
    199. 

  199.   }
    200. 

  200.   const userCustomDomain = await setCustomDomain({ user, customDomain });
    201. 

  201.   if (userCustomDomain) return res.status(201).json({ customDomain: userCustomDomain.name });
    202. 

  202.   return res.status(400).json({ error: "Couldn't set custom domain." });
    203. 

  203. };
    204. 

  204. 

  205. exports.deleteCustomDomain = async ({ user }, res) => {
    206. 

  206.   const response = await deleteCustomDomain({ user });
    207. 

  207.   if (response) return res.status(200).json({ message: 'Domain deleted successfully' });
    208. 

  208.   return res.status(400).json({ error: "Couldn't delete custom domain." });
    209. 

  209. };
    210. 

  210. 

  211. exports.deleteUrl = async ({ body: { id, domain }, user }, res) => {
    212. 

  212.   if (!id) return res.status(400).json({ error: 'No id has been provided.' });
    213. 

  213.   const customDomain = domain !== config.DEFAULT_DOMAIN && domain;
    214. 

  214.   const urls = await findUrl({ id, domain: customDomain });
    215. 

  215.   if (!urls && !urls.length) return res.status(400).json({ error: "Couldn't find the short URL." });
    216. 

  216.   const response = await deleteUrl({ id, domain: customDomain, user });
    217. 

  217.   if (response) return res.status(200).json({ message: 'Sort URL deleted successfully' });
    218. 

  218.   return res.status(400).json({ error: "Couldn't delete short URL." });
    219. 

  219. };
    220. 

  220. 

  221. exports.getStats = async ({ query: { id, domain }, user }, res) => {
    222. 

  222.   if (!id) return res.status(400).json({ error: 'No id has been provided.' });
    223. 

  223.   const customDomain = domain !== config.DEFAULT_DOMAIN && domain;
    224. 

  224.   const stats = await getStats({ id, domain: customDomain, user });
    225. 

  225.   if (!stats) return res.status(400).json({ error: 'Could not get the short URL stats.' });
    226. 

  226.   return res.status(200).json(stats);
    227. 

  227. };
    228. 

  228. 

  229. exports.ban = async ({ body }, res) => {
    230. 

  230.   if (!body.id) return res.status(400).json({ error: 'No id has been provided.' });
    231. 

  231. 

  232.   const urls = await findUrl({ id: body.id });
    233. 

  233.   const [url] = urls.filter(item => !item.domain);
    234. 

  234. 

  235.   if (!url) return res.status(400).json({ error: "Couldn't find the URL." });
    236. 

  236. 

  237.   if (url.banned) return res.status(200).json({ message: 'URL was banned already' });
    238. 

  238. 

  239.   const domain = URL.parse(url.target).hostname;
    240. 

  240. 

  241.   let host;
    242. 

  242.   if (body.host) {
    243. 

  243.     try {
    244. 

  244.       const dnsRes = await dnsLookup(domain);
    245. 

  245.       host = dnsRes && dnsRes.address;
    246. 

  246.     } catch (error) {
    247. 

  247.       host = null;
    248. 

  248.     }
    249. 

  249.   }
    250. 

  250. 

  251.   await banUrl({
    252. 

  252.     domain: body.domain && domain,
    253. 

  253.     host,
    254. 

  254.     id: body.id,
    255. 

  255.     user: body.user,
    256. 

  256.   });
    257. 

  257. 

  258.   return res.status(200).json({ message: 'URL has been banned successfully' });
    259. 

  259. };
    260.