261 lines
7.0 KiB
JavaScript
261 lines
7.0 KiB
JavaScript
var express = require('express')
|
|
, app = express()
|
|
, _ = require('underscore')
|
|
, crypto = require('crypto')
|
|
, exec = require('child_process').exec
|
|
, fs = require('fs')
|
|
, path = require('path')
|
|
, mixpanel = require('mixpanel')
|
|
, redis = require('redis-url').connect()
|
|
, spawn = require('child_process').spawn
|
|
, text = require('../lib/text');
|
|
|
|
// Express config
|
|
app.set('views', __dirname + '/views');
|
|
app.set('view engine', 'jade');
|
|
|
|
app.use(express.cookieParser());
|
|
app.use(express.static(__dirname + '/public'));
|
|
app.use(express.json());
|
|
app.use(express.urlencoded());
|
|
app.use(function(req, res, next) {
|
|
// Enable CORS so sites can use the API directly in JS.
|
|
res.header('Access-Control-Allow-Origin', '*');
|
|
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
|
|
next();
|
|
});
|
|
|
|
// Enable log messages when sending texts.
|
|
text.debug(true);
|
|
|
|
// Optional modules
|
|
var banned_numbers;
|
|
try {
|
|
banned_numbers = require('./banned_numbers.js');
|
|
} catch(e) {
|
|
banned_numbers = {BLACKLIST: {}};
|
|
}
|
|
|
|
var banned_ips = {};
|
|
try {
|
|
var banned_list = fs.readFileSync(path.join(__dirname, './torlist')).toString('utf-8').split('\n');
|
|
banned_list.map(function(ip) {
|
|
ip = ip.trim();
|
|
if (ip != '') {
|
|
banned_ips[ip] = true;
|
|
}
|
|
});
|
|
console.log(banned_list.length, 'banned ips loaded');
|
|
} catch(e) {
|
|
console.log(e);
|
|
}
|
|
|
|
|
|
var mpq
|
|
, mixpanel_config;
|
|
try {
|
|
mixpanel_config = require('./mixpanel_config.js');
|
|
mpq = new mixpanel.Client(mixpanel_config.api_key);
|
|
} catch(e) {
|
|
mpq = {track: function() {}};
|
|
}
|
|
|
|
var access_keys;
|
|
try {
|
|
// Optionally, you may specify special access keys in a keys.json file.
|
|
// These access keys are not rate-limited.
|
|
// See example_keys.json for format.
|
|
access_keys = require('./keys.json');
|
|
} catch (e) {
|
|
access_keys = {};
|
|
}
|
|
|
|
// App routes
|
|
app.get('/', function(req, res) {
|
|
fs.readFile(__dirname + '/views/index.html', 'utf8', function(err, text){
|
|
res.send(text);
|
|
});
|
|
});
|
|
|
|
app.get('/providers/:region', function(req, res) {
|
|
// Utility function, just to check the providers currently loaded
|
|
res.send(providers[req.params.region]);
|
|
});
|
|
|
|
app.post('/text', function(req, res) {
|
|
var number = stripPhone(req.body.number);
|
|
if (number.length < 9 || number.length > 10) {
|
|
res.send({success:false, message:'Invalid phone number.'});
|
|
return;
|
|
}
|
|
textRequestHandler(req, res, number, 'us', req.query.key);
|
|
});
|
|
|
|
app.post('/canada', function(req, res) {
|
|
textRequestHandler(req, res, stripPhone(req.body.number), 'canada', req.query.key);
|
|
});
|
|
|
|
app.post('/intl', function(req, res) {
|
|
textRequestHandler(req, res, stripPhone(req.body.number), 'intl', req.query.key);
|
|
});
|
|
|
|
// App helper functions
|
|
|
|
function textRequestHandler(req, res, number, region, key) {
|
|
var ip = req.connection.remoteAddress;
|
|
if (!ip || ip === '127.0.0.1') {
|
|
ip = req.header('X-Real-IP');
|
|
}
|
|
if (req.header('CF-Connecting-IP')) {
|
|
ip = req.header('CF-Connecting-IP');
|
|
}
|
|
|
|
if (!number || !req.body.message) {
|
|
mpq.track('incomplete request', {ip: ip, ip2: ip});
|
|
res.send({success:false, message:'Number and message parameters are required.'});
|
|
return;
|
|
}
|
|
|
|
var message = req.body.message;
|
|
if (message.indexOf(':') > -1) {
|
|
// Handle problem with vtext where message would not get sent properly if it
|
|
// contains a colon.
|
|
message = ' ' + message;
|
|
}
|
|
if (ip in banned_ips) {
|
|
// Shadowban tor ips
|
|
setTimeout(function() {
|
|
res.send({success:false});
|
|
}, 1000);
|
|
return;
|
|
}
|
|
if (message.indexOf('IDSninja') > -1) {
|
|
setTimeout(function() {
|
|
res.send({success:true});
|
|
}, 1000);
|
|
return;
|
|
}
|
|
if (message.indexOf('chat history has been hacked') > -1) {
|
|
setTimeout(function() {
|
|
res.send({success:true});
|
|
}, 1000);
|
|
return;
|
|
}
|
|
|
|
var shasum = crypto.createHash('sha1');
|
|
shasum.update(number);
|
|
|
|
var tracking_details = {
|
|
number: number,
|
|
message: req.body.message,
|
|
ip: ip,
|
|
ip2: ip
|
|
};
|
|
|
|
if (banned_numbers.BLACKLIST[number]) {
|
|
mpq.track('banned number', tracking_details);
|
|
res.send({success:false,message:'Sorry, texts to this number are disabled.'});
|
|
return;
|
|
}
|
|
|
|
var doSendText = function(response_obj) {
|
|
response_obj = response_obj || {};
|
|
|
|
// Time to actually send the message
|
|
text.send(number, message, region, function(err) {
|
|
if (err) {
|
|
mpq.track('sendText failed', tracking_details);
|
|
res.send(_.extend(response_obj,
|
|
{
|
|
success:false,
|
|
message:'Communication with SMS gateway failed.'
|
|
}));
|
|
}
|
|
else {
|
|
mpq.track('sendText success', tracking_details);
|
|
res.send(_.extend(response_obj, {success:true}));
|
|
}
|
|
});
|
|
};
|
|
|
|
// Do they have a valid access key?
|
|
if (key && key in access_keys) {
|
|
console.log('Got valid key', key, '... not applying limits.');
|
|
// Skip verification
|
|
mpq.track('sendText skipping verification', _.extend(tracking_details, {
|
|
key: key,
|
|
}));
|
|
doSendText({used_key: key});
|
|
return;
|
|
}
|
|
|
|
// If they don't have a special key, apply rate limiting and verification
|
|
var ipkey = 'textbelt:ip:' + ip + '_' + dateStr();
|
|
var phonekey = 'textbelt:phone:' + number;
|
|
|
|
redis.incr(phonekey, function(err, num) {
|
|
if (err) {
|
|
mpq.track('redis fail');
|
|
res.send({success:false, message:'Could not validate phone# quota.'});
|
|
return;
|
|
}
|
|
|
|
setTimeout(function() {
|
|
redis.decr(phonekey, function(err, num) {
|
|
if (err) {
|
|
mpq.track('failed to decr phone quota', {number: number});
|
|
console.log('*** WARNING failed to decr ' + number);
|
|
}
|
|
});
|
|
}, 1000*60*3);
|
|
if (num > 3) {
|
|
//mpq.track('exceeded phone quota', tracking_details);
|
|
res.send({success:false, message:'Exceeded quota for this phone number. ' + number});
|
|
return;
|
|
}
|
|
|
|
// now check against ip quota
|
|
redis.incr(ipkey, function(err, num) {
|
|
if (err) {
|
|
mpq.track('redis fail');
|
|
res.send({success:false, message:'Could not validate IP quota.'});
|
|
return;
|
|
}
|
|
if (num > 75) {
|
|
mpq.track('exceeded ip quota', tracking_details);
|
|
res.send({success:false, message:'Exceeded quota for this IP address. ' + ip});
|
|
return;
|
|
}
|
|
setTimeout(function() {
|
|
redis.decr(ipkey, function(err, num) {
|
|
if (err) {
|
|
mpq.track('failed to decr ip key', {ipkey: ipkey});
|
|
console.log('*** WARNING failed to decr ' + ipkey);
|
|
}
|
|
});
|
|
}, 1000*60*60*24);
|
|
|
|
// Cleared to send now
|
|
doSendText();
|
|
}); // end redis ipkey incr
|
|
}); // end redis phonekey incr
|
|
} // end textRequestHandler
|
|
|
|
function dateStr() {
|
|
var today = new Date();
|
|
var dd = today.getDate();
|
|
var mm = today.getMonth()+1;
|
|
var yyyy = today.getFullYear();
|
|
return mm + '/' + dd + '/' + yyyy;
|
|
}
|
|
|
|
function stripPhone(phone) {
|
|
return (phone + '').replace(/\D/g, '');
|
|
}
|
|
|
|
// Start server
|
|
var port = process.env.PORT || 9090;
|
|
app.listen(port, function() {
|
|
console.log('Listening on', port);
|
|
});
|