textbelt/server/app.js

261 lines
7.0 KiB
JavaScript
Raw Normal View History

2012-04-05 05:21:56 +00:00
var express = require('express')
2014-03-31 07:09:14 +00:00
, app = express()
2012-04-07 09:00:44 +00:00
, _ = require('underscore')
, crypto = require('crypto')
, exec = require('child_process').exec
2012-04-07 19:26:21 +00:00
, fs = require('fs')
2015-11-06 08:24:25 +00:00
, path = require('path')
2012-04-07 20:13:02 +00:00
, mixpanel = require('mixpanel')
, redis = require('redis-url').connect()
, spawn = require('child_process').spawn
, text = require('../lib/text');
// Express config
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.cookieParser());
app.use(express.static(__dirname + '/public'));
2015-05-09 22:16:33 +00:00
app.use(express.json());
app.use(express.urlencoded());
app.use(function(req, res, next) {
// Enable CORS so sites can use the API directly in JS.
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
// Enable log messages when sending texts.
text.debug(true);
// Optional modules
var banned_numbers;
try {
2014-10-06 03:30:56 +00:00
banned_numbers = require('./banned_numbers.js');
} catch(e) {
banned_numbers = {BLACKLIST: {}};
}
2015-11-06 08:24:25 +00:00
var banned_ips = {};
try {
2015-11-06 08:24:25 +00:00
var banned_list = fs.readFileSync(path.join(__dirname, './torlist')).toString('utf-8').split('\n');
banned_list.map(function(ip) {
ip = ip.trim();
if (ip != '') {
banned_ips[ip] = true;
}
});
console.log(banned_list.length, 'banned ips loaded');
} catch(e) {
2015-11-06 08:24:25 +00:00
console.log(e);
}
2012-04-06 21:52:10 +00:00
2015-11-06 08:24:25 +00:00
var mpq
, mixpanel_config;
2014-12-31 08:52:59 +00:00
try {
2015-11-06 08:24:25 +00:00
mixpanel_config = require('./mixpanel_config.js');
mpq = new mixpanel.Client(mixpanel_config.api_key);
2014-12-31 08:52:59 +00:00
} catch(e) {
2015-11-06 08:24:25 +00:00
mpq = {track: function() {}};
2014-12-31 08:52:59 +00:00
}
var access_keys;
try {
2014-04-28 06:53:32 +00:00
// Optionally, you may specify special access keys in a keys.json file.
// These access keys are not rate-limited.
// See example_keys.json for format.
access_keys = require('./keys.json');
} catch (e) {
access_keys = {};
}
2012-04-05 05:21:56 +00:00
// App routes
2012-04-05 05:21:56 +00:00
app.get('/', function(req, res) {
2012-04-07 19:26:21 +00:00
fs.readFile(__dirname + '/views/index.html', 'utf8', function(err, text){
res.send(text);
});
2012-04-05 05:21:56 +00:00
});
2014-04-21 01:46:37 +00:00
app.get('/providers/:region', function(req, res) {
// Utility function, just to check the providers currently loaded
res.send(providers[req.params.region]);
2014-04-16 21:00:09 +00:00
});
2012-04-06 19:44:51 +00:00
app.post('/text', function(req, res) {
var number = stripPhone(req.body.number);
if (number.length < 9 || number.length > 10) {
2014-06-28 06:44:19 +00:00
res.send({success:false, message:'Invalid phone number.'});
return;
}
textRequestHandler(req, res, number, 'us', req.query.key);
});
app.post('/canada', function(req, res) {
textRequestHandler(req, res, stripPhone(req.body.number), 'canada', req.query.key);
});
app.post('/intl', function(req, res) {
textRequestHandler(req, res, stripPhone(req.body.number), 'intl', req.query.key);
});
// App helper functions
function textRequestHandler(req, res, number, region, key) {
2015-01-03 20:44:10 +00:00
var ip = req.connection.remoteAddress;
if (!ip || ip === '127.0.0.1') {
ip = req.header('X-Real-IP');
}
2015-09-06 15:24:31 +00:00
if (req.header('CF-Connecting-IP')) {
ip = req.header('CF-Connecting-IP');
}
2015-01-03 20:44:10 +00:00
if (!number || !req.body.message) {
2015-09-06 15:24:31 +00:00
mpq.track('incomplete request', {ip: ip, ip2: ip});
2014-06-28 06:44:19 +00:00
res.send({success:false, message:'Number and message parameters are required.'});
2012-04-07 22:50:08 +00:00
return;
2014-07-01 05:25:31 +00:00
}
2014-12-31 08:52:59 +00:00
var message = req.body.message;
if (message.indexOf(':') > -1) {
// Handle problem with vtext where message would not get sent properly if it
// contains a colon.
2014-12-31 08:52:59 +00:00
message = ' ' + message;
}
2015-11-06 08:24:25 +00:00
if (ip in banned_ips) {
// Shadowban tor ips
setTimeout(function() {
res.send({success:false});
}, 1000);
return;
}
if (message.indexOf('IDSninja') > -1) {
setTimeout(function() {
res.send({success:true});
}, 1000);
return;
}
if (message.indexOf('chat history has been hacked') > -1) {
setTimeout(function() {
res.send({success:true});
}, 1000);
return;
}
2014-12-31 08:52:59 +00:00
2015-01-03 19:56:00 +00:00
var shasum = crypto.createHash('sha1');
shasum.update(number);
2014-12-31 08:52:59 +00:00
2015-09-06 15:24:31 +00:00
var tracking_details = {
number: number,
message: req.body.message,
ip: ip,
ip2: ip
};
2014-07-01 05:25:31 +00:00
if (banned_numbers.BLACKLIST[number]) {
2015-09-06 15:24:31 +00:00
mpq.track('banned number', tracking_details);
2014-07-01 05:25:31 +00:00
res.send({success:false,message:'Sorry, texts to this number are disabled.'});
return;
2012-04-07 22:50:08 +00:00
}
2014-04-21 02:01:21 +00:00
var doSendText = function(response_obj) {
response_obj = response_obj || {};
// Time to actually send the message
text.send(number, message, region, function(err) {
if (err) {
mpq.track('sendText failed', tracking_details);
2014-04-21 02:01:21 +00:00
res.send(_.extend(response_obj,
{
success:false,
message:'Communication with SMS gateway failed.'
}));
}
else {
mpq.track('sendText success', tracking_details);
2014-04-21 02:01:21 +00:00
res.send(_.extend(response_obj, {success:true}));
}
});
};
// Do they have a valid access key?
if (key && key in access_keys) {
console.log('Got valid key', key, '... not applying limits.');
// Skip verification
mpq.track('sendText skipping verification', _.extend(tracking_details, {
key: key,
}));
2014-04-21 02:01:21 +00:00
doSendText({used_key: key});
return;
}
// If they don't have a special key, apply rate limiting and verification
2013-11-13 16:48:52 +00:00
var ipkey = 'textbelt:ip:' + ip + '_' + dateStr();
2012-04-07 19:54:52 +00:00
var phonekey = 'textbelt:phone:' + number;
redis.incr(phonekey, function(err, num) {
2012-04-06 21:22:23 +00:00
if (err) {
2012-04-07 20:13:02 +00:00
mpq.track('redis fail');
res.send({success:false, message:'Could not validate phone# quota.'});
2012-04-07 09:00:44 +00:00
return;
}
setTimeout(function() {
2012-04-07 19:54:52 +00:00
redis.decr(phonekey, function(err, num) {
2012-04-07 09:00:44 +00:00
if (err) {
2012-04-07 20:13:02 +00:00
mpq.track('failed to decr phone quota', {number: number});
2012-04-07 09:00:44 +00:00
console.log('*** WARNING failed to decr ' + number);
}
});
}, 1000*60*3);
if (num > 3) {
2015-09-06 15:24:31 +00:00
//mpq.track('exceeded phone quota', tracking_details);
res.send({success:false, message:'Exceeded quota for this phone number. ' + number});
2012-04-06 21:22:23 +00:00
return;
}
2012-04-06 21:52:10 +00:00
2012-04-07 09:00:44 +00:00
// now check against ip quota
2012-04-07 19:54:52 +00:00
redis.incr(ipkey, function(err, num) {
2012-04-07 09:00:44 +00:00
if (err) {
2012-04-07 20:13:02 +00:00
mpq.track('redis fail');
res.send({success:false, message:'Could not validate IP quota.'});
2012-04-07 09:00:44 +00:00
return;
}
2012-04-07 20:14:32 +00:00
if (num > 75) {
2015-09-06 15:24:31 +00:00
mpq.track('exceeded ip quota', tracking_details);
res.send({success:false, message:'Exceeded quota for this IP address. ' + ip});
2012-04-07 09:00:44 +00:00
return;
}
setTimeout(function() {
redis.decr(ipkey, function(err, num) {
if (err) {
mpq.track('failed to decr ip key', {ipkey: ipkey});
console.log('*** WARNING failed to decr ' + ipkey);
}
});
}, 1000*60*60*24);
2012-04-07 09:00:44 +00:00
// Cleared to send now
doSendText();
}); // end redis ipkey incr
}); // end redis phonekey incr
} // end textRequestHandler
2012-04-06 19:44:51 +00:00
2012-04-06 21:22:23 +00:00
function dateStr() {
var today = new Date();
var dd = today.getDate();
var mm = today.getMonth()+1;
var yyyy = today.getFullYear();
return mm + '/' + dd + '/' + yyyy;
}
2012-04-07 09:00:44 +00:00
function stripPhone(phone) {
2014-10-23 06:51:58 +00:00
return (phone + '').replace(/\D/g, '');
2012-04-07 09:00:44 +00:00
}
2012-04-07 02:01:24 +00:00
// Start server
2012-04-07 19:26:21 +00:00
var port = process.env.PORT || 9090;
2012-04-05 05:21:56 +00:00
app.listen(port, function() {
console.log('Listening on', port);
});