textbelt/server/app.js

var express = require('express')
  , app = express()
  , _ = require('underscore')
  , authbox = require('authbox')
  , crypto = require('crypto')
  , exec = require('child_process').exec
  , fs = require('fs')
  , mixpanel = require('mixpanel')
  , redis = require('redis-url').connect()
  , spawn = require('child_process').spawn
  , text = require('../lib/text');

// Express config
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');

app.use(express.cookieParser());
app.use(express.static(__dirname + '/public'));
app.use(express.bodyParser());

// Enable log messages when sending texts.
text.debug(true);

// Optional modules
var banned_numbers;
try {
  banned_numbers = require('./banned_numbers.js');
} catch(e) {
  banned_numbers = {BLACKLIST: {}};
}

var mpq
  , mixpanel_config
  , authbox_config;
try {
  mixpanel_config = require('./mixpanel_config.js');
  mpq = new mixpanel.Client(mixpanel_config.api_key);
} catch(e) {
  mpq = {track: function() {}};
}

try {
  authbox_config = require('./authbox_config.js');
  authbox.configure(authbox_config);
  app.use(authbox.middleware);
} catch(e) {
  authbox = {log: function() {}};
}

var access_keys;
try {
  // Optionally, you may specify special access keys in a keys.json file.
  // These access keys are not rate-limited.
  // See example_keys.json for format.
  access_keys = require('./keys.json');
} catch (e) {
  access_keys = {};
}

// App routes
app.get('/', function(req, res) {
  fs.readFile(__dirname + '/views/index.html', 'utf8', function(err, text){
    res.send(text);
  });
});

app.get('/providers/:region', function(req, res) {
  // Utility function, just to check the providers currently loaded
  res.send(providers[req.params.region]);
});

app.post('/text', function(req, res) {
  var number = stripPhone(req.body.number);
  if (number.length < 9 || number.length > 10) {
    res.send({success:false, message:'Invalid phone number.'});
    return;
  }
  textRequestHandler(req, res, number, 'us', req.query.key);
});

app.post('/canada', function(req, res) {
  textRequestHandler(req, res, stripPhone(req.body.number), 'canada', req.query.key);
});

app.post('/intl', function(req, res) {
  textRequestHandler(req, res, stripPhone(req.body.number), 'intl', req.query.key);
});

// App helper functions

function textRequestHandler(req, res, number, region, key) {
  var authbox_details = {
    $actionName: 'text'
  };

  if (!number || !req.body.message) {
    mpq.track('incomplete request');
    authbox.log(req, _.extend(authbox_details, {$failureReason: 'incomplete_request'}));
    res.send({success:false, message:'Number and message parameters are required.'});
    return;
  }

  var message = req.body.message;
  if (message.indexOf(':') > -1) {
    // Handle problem with vtext where message would not get sent properly if it
    // contains a colon.
    message = ' ' + message;
  }

  shasum.update(number);
  var authbox_digest = shasum.digest('hex');
  _.extend(authbox_details, {
    recipient: number,
    message__text: message
  });

  if (banned_numbers.BLACKLIST[number]) {
    mpq.track('banned number');
    authbox.log(req, _.extend(authbox_details, {$failureReason: 'banned_number'}));
    res.send({success:false,message:'Sorry, texts to this number are disabled.'});
    return;
  }

  var ip = req.connection.remoteAddress;
  if (!ip || ip === '127.0.0.1') {
    ip = req.header('X-Real-IP');
  }

  var tracking_details = {
    number: number,
    message: req.body.message,
    ip: ip
  };

  var doSendText = function(response_obj) {
    response_obj = response_obj || {};

    // Time to actually send the message
    text.send(number, message, region, function(err) {
      if (err) {
        mpq.track('sendText failed', tracking_details);
        authbox.log(req, _.extend(authbox_details, {$failureReason: 'gateway_failed'}));
        res.send(_.extend(response_obj,
                          {
                            success:false,
                            message:'Communication with SMS gateway failed.'
                          }));
      }
      else {
        mpq.track('sendText success', tracking_details);
        authbox.log(req, _.extend(authbox_details, {$success: true}));
        res.send(_.extend(response_obj, {success:true}));
      }
    });
  };

  // Do they have a valid access key?
  if (key && key in access_keys) {
    console.log('Got valid key', key, '... not applying limits.');
    // Skip verification
    mpq.track('sendText skipping verification', _.extend(tracking_details, {
      key: key,
    }));
    doSendText({used_key: key});
    return;
  }

  // If they don't have a special key, apply rate limiting and verification
  var ipkey = 'textbelt:ip:' + ip + '_' + dateStr();
  var phonekey = 'textbelt:phone:' + number;

  redis.incr(phonekey, function(err, num) {
    if (err) {
      mpq.track('redis fail');
      res.send({success:false, message:'Could not validate phone# quota.'});
      return;
    }

    setTimeout(function() {
      redis.decr(phonekey, function(err, num) {
        if (err) {
          mpq.track('failed to decr phone quota', {number: number});
          console.log('*** WARNING failed to decr ' + number);
        }
      });
    }, 1000*60*3);
    if (num > 3) {
      mpq.track('exceeded phone quota');
      authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_phone_quota'}));
      res.send({success:false, message:'Exceeded quota for this phone number. ' + number});
      return;
    }

    // now check against ip quota
    redis.incr(ipkey, function(err, num) {
      if (err) {
        mpq.track('redis fail');
        res.send({success:false, message:'Could not validate IP quota.'});
        return;
      }
      if (num > 75) {
        mpq.track('exceeded ip quota');
        authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_ip_quota'}));
        res.send({success:false, message:'Exceeded quota for this IP address. ' + ip});
        return;
      }
      setTimeout(function() {
        redis.decr(ipkey, function(err, num) {
          if (err) {
            mpq.track('failed to decr ip key', {ipkey: ipkey});
            console.log('*** WARNING failed to decr ' + ipkey);
          }
        });
      }, 1000*60*60*24);

      // Cleared to send now
      doSendText();
    });     // end redis ipkey incr
  });       // end redis phonekey incr
}           // end textRequestHandler

function dateStr() {
  var today = new Date();
  var dd = today.getDate();
  var mm = today.getMonth()+1;
  var yyyy = today.getFullYear();
  return mm + '/' + dd + '/' + yyyy;
}

function stripPhone(phone) {
  return (phone + '').replace(/\D/g, '');
}

// Start server
var port = process.env.PORT || 9090;
app.listen(port, function() {
  console.log('Listening on', port);
});
initial commit 2012-04-05 05:21:56 +00:00			`var express = require('express')`
Upgrade express version 2014-03-31 07:09:14 +00:00			`, app = express()`
it's all working 2012-04-07 09:00:44 +00:00			`, _ = require('underscore')`
Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`, authbox = require('authbox')`
			`, crypto = require('crypto')`
			`, exec = require('child_process').exec`
add index page 2012-04-07 19:26:21 +00:00			`, fs = require('fs')`
add mixpanel 2012-04-07 20:13:02 +00:00			`, mixpanel = require('mixpanel')`
don't require banned numbers or mixpanel modules 2014-07-01 05:28:58 +00:00			`, redis = require('redis-url').connect()`
Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`, spawn = require('child_process').spawn`
Separate text sending into it's own module. 2014-10-06 05:37:34 +00:00			`, text = require('../lib/text');`

Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`// Express config`
			`app.set('views', __dirname + '/views');`
			`app.set('view engine', 'jade');`

			`app.use(express.cookieParser());`
			`app.use(express.static(__dirname + '/public'));`
			`app.use(express.bodyParser());`

Separate text sending into it's own module. 2014-10-06 05:37:34 +00:00			`// Enable log messages when sending texts.`
			`text.debug(true);`
don't require banned numbers or mixpanel modules 2014-07-01 05:28:58 +00:00
			`// Optional modules`
			`var banned_numbers;`
			`try {`
Fix a missing variable declaration. 2014-10-06 03:30:56 +00:00			`banned_numbers = require('./banned_numbers.js');`
don't require banned numbers or mixpanel modules 2014-07-01 05:28:58 +00:00			`} catch(e) {`
			`banned_numbers = {BLACKLIST: {}};`
			`}`

Fix a missing variable declaration. 2014-10-06 03:30:56 +00:00			`var mpq`
Add Authbox support 2014-12-31 08:52:59 +00:00			`, mixpanel_config`
			`, authbox_config;`
don't require banned numbers or mixpanel modules 2014-07-01 05:28:58 +00:00			`try {`
Fix a missing variable declaration. 2014-10-06 03:30:56 +00:00			`mixpanel_config = require('./mixpanel_config.js');`
don't require banned numbers or mixpanel modules 2014-07-01 05:28:58 +00:00			`mpq = new mixpanel.Client(mixpanel_config.api_key);`
			`} catch(e) {`
			`mpq = {track: function() {}};`
			`}`
switch to redis-url 2012-04-06 21:52:10 +00:00
Add Authbox support 2014-12-31 08:52:59 +00:00			`try {`
			`authbox_config = require('./authbox_config.js');`
			`authbox.configure(authbox_config);`
Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`app.use(authbox.middleware);`
Add Authbox support 2014-12-31 08:52:59 +00:00			`} catch(e) {`
			`authbox = {log: function() {}};`
			`}`

Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`var access_keys;`
			`try {`
special key comments 2014-04-28 06:53:32 +00:00			`// Optionally, you may specify special access keys in a keys.json file.`
			`// These access keys are not rate-limited.`
			`// See example_keys.json for format.`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`access_keys = require('./keys.json');`
			`} catch (e) {`
			`access_keys = {};`
			`}`
initial commit 2012-04-05 05:21:56 +00:00
Left pad messages containing colon with space. Fixes #10 2014-06-19 04:57:12 +00:00			`// App routes`
initial commit 2012-04-05 05:21:56 +00:00			`app.get('/', function(req, res) {`
add index page 2012-04-07 19:26:21 +00:00			`fs.readFile(__dirname + '/views/index.html', 'utf8', function(err, text){`
			`res.send(text);`
			`});`
initial commit 2012-04-05 05:21:56 +00:00			`});`

providers utility endpoint 2014-04-21 01:46:37 +00:00			`app.get('/providers/:region', function(req, res) {`
			`// Utility function, just to check the providers currently loaded`
			`res.send(providers[req.params.region]);`
add endpoint to check US providers 2014-04-16 21:00:09 +00:00			`});`

work on it 2012-04-06 19:44:51 +00:00			`app.post('/text', function(req, res) {`
Add endpoints for canadian and international providers. (fixes #2) 2014-03-20 17:37:18 +00:00			`var number = stripPhone(req.body.number);`
			`if (number.length < 9 \|\| number.length > 10) {`
add remoteAddress fallback 2014-06-28 06:44:19 +00:00			`res.send({success:false, message:'Invalid phone number.'});`
Add endpoints for canadian and international providers. (fixes #2) 2014-03-20 17:37:18 +00:00			`return;`
			`}`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`textRequestHandler(req, res, number, 'us', req.query.key);`
Add endpoints for canadian and international providers. (fixes #2) 2014-03-20 17:37:18 +00:00			`});`

			`app.post('/canada', function(req, res) {`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`textRequestHandler(req, res, stripPhone(req.body.number), 'canada', req.query.key);`
Add endpoints for canadian and international providers. (fixes #2) 2014-03-20 17:37:18 +00:00			`});`

			`app.post('/intl', function(req, res) {`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`textRequestHandler(req, res, stripPhone(req.body.number), 'intl', req.query.key);`
Add endpoints for canadian and international providers. (fixes #2) 2014-03-20 17:37:18 +00:00			`});`

Left pad messages containing colon with space. Fixes #10 2014-06-19 04:57:12 +00:00			`// App helper functions`

Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`function textRequestHandler(req, res, number, region, key) {`
Add Authbox support 2014-12-31 08:52:59 +00:00			`var authbox_details = {`
			`$actionName: 'text'`
			`};`

Use processed number instead of request number 2014-07-01 05:20:48 +00:00			`if (!number \|\| !req.body.message) {`
bugfixes! 2012-04-07 22:50:08 +00:00			`mpq.track('incomplete request');`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$failureReason: 'incomplete_request'}));`
add remoteAddress fallback 2014-06-28 06:44:19 +00:00			`res.send({success:false, message:'Number and message parameters are required.'});`
bugfixes! 2012-04-07 22:50:08 +00:00			`return;`
add numbers blacklist 2014-07-01 05:25:31 +00:00			`}`
Add Authbox support 2014-12-31 08:52:59 +00:00
			`var message = req.body.message;`
			`if (message.indexOf(':') > -1) {`
			`// Handle problem with vtext where message would not get sent properly if it`
Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`// contains a colon.`
Add Authbox support 2014-12-31 08:52:59 +00:00			`message = ' ' + message;`
			`}`

Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`shasum.update(number);`
			`var authbox_digest = shasum.digest('hex');`
Add Authbox support 2014-12-31 08:52:59 +00:00			`_.extend(authbox_details, {`
Hash phone number sent to authbox and don't crash w no authbox config 2015-01-03 19:48:45 +00:00			`recipient: number,`
Add Authbox support 2014-12-31 08:52:59 +00:00			`message__text: message`
			`});`

add numbers blacklist 2014-07-01 05:25:31 +00:00			`if (banned_numbers.BLACKLIST[number]) {`
			`mpq.track('banned number');`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$failureReason: 'banned_number'}));`
add numbers blacklist 2014-07-01 05:25:31 +00:00			`res.send({success:false,message:'Sorry, texts to this number are disabled.'});`
			`return;`
bugfixes! 2012-04-07 22:50:08 +00:00			`}`
Don't allow IP source to be set via X-Real-IP unless we're behind a load balancer. #30 2014-11-16 21:45:20 +00:00
			`var ip = req.connection.remoteAddress;`
			`if (!ip \|\| ip === '127.0.0.1') {`
			`ip = req.header('X-Real-IP');`
			`}`
add redis ip limiting 2012-04-06 21:22:23 +00:00
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`var tracking_details = {`
Use processed number instead of request number 2014-07-01 05:20:48 +00:00			`number: number,`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`message: req.body.message,`
			`ip: ip`
			`};`

Include key in http response 2014-04-21 02:01:21 +00:00			`var doSendText = function(response_obj) {`
			`response_obj = response_obj \|\| {};`

Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`// Time to actually send the message`
Separate text sending into it's own module. 2014-10-06 05:37:34 +00:00			`text.send(number, message, region, function(err) {`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`if (err) {`
			`mpq.track('sendText failed', tracking_details);`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$failureReason: 'gateway_failed'}));`
Include key in http response 2014-04-21 02:01:21 +00:00			`res.send(_.extend(response_obj,`
			`{`
			`success:false,`
			`message:'Communication with SMS gateway failed.'`
			`}));`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`}`
			`else {`
			`mpq.track('sendText success', tracking_details);`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$success: true}));`
Include key in http response 2014-04-21 02:01:21 +00:00			`res.send(_.extend(response_obj, {success:true}));`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`}`
			`});`
			`};`

			`// Do they have a valid access key?`
			`if (key && key in access_keys) {`
			`console.log('Got valid key', key, '... not applying limits.');`
			`// Skip verification`
			`mpq.track('sendText skipping verification', _.extend(tracking_details, {`
			`key: key,`
			`}));`
Include key in http response 2014-04-21 02:01:21 +00:00			`doSendText({used_key: key});`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`return;`
			`}`

			`// If they don't have a special key, apply rate limiting and verification`
Rate limit by real ip 2013-11-13 16:48:52 +00:00			`var ipkey = 'textbelt:ip:' + ip + '_' + dateStr();`
update redis, provider list 2012-04-07 19:54:52 +00:00			`var phonekey = 'textbelt:phone:' + number;`

			`redis.incr(phonekey, function(err, num) {`
add redis ip limiting 2012-04-06 21:22:23 +00:00			`if (err) {`
add mixpanel 2012-04-07 20:13:02 +00:00			`mpq.track('redis fail');`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`res.send({success:false, message:'Could not validate phone# quota.'});`
it's all working 2012-04-07 09:00:44 +00:00			`return;`
			`}`

			`setTimeout(function() {`
update redis, provider list 2012-04-07 19:54:52 +00:00			`redis.decr(phonekey, function(err, num) {`
it's all working 2012-04-07 09:00:44 +00:00			`if (err) {`
add mixpanel 2012-04-07 20:13:02 +00:00			`mpq.track('failed to decr phone quota', {number: number});`
it's all working 2012-04-07 09:00:44 +00:00			`console.log('*** WARNING failed to decr ' + number);`
			`}`
			`});`
			`}, 1000603);`
			`if (num > 3) {`
add mixpanel 2012-04-07 20:13:02 +00:00			`mpq.track('exceeded phone quota');`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_phone_quota'}));`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`res.send({success:false, message:'Exceeded quota for this phone number. ' + number});`
add redis ip limiting 2012-04-06 21:22:23 +00:00			`return;`
			`}`
switch to redis-url 2012-04-06 21:52:10 +00:00
it's all working 2012-04-07 09:00:44 +00:00			`// now check against ip quota`
update redis, provider list 2012-04-07 19:54:52 +00:00			`redis.incr(ipkey, function(err, num) {`
it's all working 2012-04-07 09:00:44 +00:00			`if (err) {`
add mixpanel 2012-04-07 20:13:02 +00:00			`mpq.track('redis fail');`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`res.send({success:false, message:'Could not validate IP quota.'});`
it's all working 2012-04-07 09:00:44 +00:00			`return;`
			`}`
update quota 2012-04-07 20:14:32 +00:00			`if (num > 75) {`
add mixpanel 2012-04-07 20:13:02 +00:00			`mpq.track('exceeded ip quota');`
Add Authbox support 2014-12-31 08:52:59 +00:00			`authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_ip_quota'}));`
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`res.send({success:false, message:'Exceeded quota for this IP address. ' + ip});`
it's all working 2012-04-07 09:00:44 +00:00			`return;`
			`}`
Fix IP rate limiting. Use the correct IP address. Use fewer mixpanel events. 2013-11-13 18:32:04 +00:00			`setTimeout(function() {`
			`redis.decr(ipkey, function(err, num) {`
			`if (err) {`
			`mpq.track('failed to decr ip key', {ipkey: ipkey});`
			`console.log('*** WARNING failed to decr ' + ipkey);`
			`}`
			`});`
			`}, 10006060*24);`
it's all working 2012-04-07 09:00:44 +00:00
Add a 'key' query parameter that will skip verification limits. 2014-04-21 01:59:27 +00:00			`// Cleared to send now`
			`doSendText();`
			`}); // end redis ipkey incr`
			`}); // end redis phonekey incr`
			`} // end textRequestHandler`
work on it 2012-04-06 19:44:51 +00:00
add redis ip limiting 2012-04-06 21:22:23 +00:00			`function dateStr() {`
			`var today = new Date();`
			`var dd = today.getDate();`
			`var mm = today.getMonth()+1;`
			`var yyyy = today.getFullYear();`
			`return mm + '/' + dd + '/' + yyyy;`
			`}`

it's all working 2012-04-07 09:00:44 +00:00			`function stripPhone(phone) {`
minor cleanup 2014-10-23 06:51:58 +00:00			`return (phone + '').replace(/\D/g, '');`
it's all working 2012-04-07 09:00:44 +00:00			`}`
fuck all these email things 2012-04-07 02:01:24 +00:00
Left pad messages containing colon with space. Fixes #10 2014-06-19 04:57:12 +00:00			`// Start server`
add index page 2012-04-07 19:26:21 +00:00			`var port = process.env.PORT \|\| 9090;`
initial commit 2012-04-05 05:21:56 +00:00			`app.listen(port, function() {`
			`console.log('Listening on', port);`
			`});`