path: root/server.js



const express = require("express");
const mysql = require("mysql");
const bodyParser = require("body-parser");
const https = require("https");
const fs = require("fs");
const api = express();

const rate_limiting = new Set();

const tmwa = {
    status: "OfflineTemporarily",
    num_online: 0,
    timeout: null,
    poll: () => {
        fs.readFile("./online.txt", "utf8", (err, data) => {
            const lines = data.split("\n");

            if (err || lines.length < 2) {
                console.error("encountered an error while retrieving online.txt", err);
                tmwa.timeout = setTimeout(tmwa.poll, 30000); // <= it failed, so check again later
                return;
            }

            const last_online = Date.parse(lines[0].match(/\((.+)\)/)[1] + ` ${process.env.npm_package_config_timezone}`);

            if (Date.now() - last_online < 30000) {
                const num = lines[lines.length - 2].match(/([0-9]+) users are online./);
                tmwa.status = "Online";
                tmwa.num_online = num ? num[1] : 0;
            } else {
                tmwa.status = "OfflineTemporarily";
                tmwa.num_online = 0;
            }

            tmwa.timeout = setTimeout(tmwa.poll, 2000);
        });
    }
};

const checkRateLimiting = (req, res, next) => {
    if (rate_limiting.has(req.ip)) {
        res.status(429).json({
            status: "error",
            error: "too many requests"
        });
    } else {
        next();
    }
    return;
};

const checkCaptcha = (req, res, next) => {
    const token = String(req.get("X-CAPTCHA-TOKEN"));

    if (!token.match(/^[a-zA-Z0-9-_]{8,}$/)) {
        res.status(403).json({
            status: "error",
            error: "no token sent"
        });
        console.info("a request with an empty token was received", req.ip);
        rate_limiting.add(req.ip);
        setTimeout(() => rate_limiting.delete(req.ip), 300000);
        return;
    }

    https.get(`https://www.google.com/recaptcha/api/siteverify?secret=${process.env.npm_package_config_recaptcha_secret}&response=${token}`, re => {
        re.setEncoding("utf8");
        re.on("data", response => {
            const data = JSON.parse(response);
            if (!data.success) {
                console.error(`recaptcha returned an error: ${response}`);
                res.status(403).json({
                    status: "error",
                    error: "captcha validation failed"
                });
                console.info("a request failed to validate", req.ip);
                rate_limiting.add(req.ip);
                setTimeout(() => rate_limiting.delete(req.ip), 300000);
                return;
            }

            next(); // challenge passed, so process the request
        });
    }).on("error", error => {
        console.error(error);
        res.status(403).json({
            status: "error",
            error: "recaptcha couldn't be reached"
        });
        console.warn("reCaptcha couldn't be reached");
        return;
    })
};

api.get("/api/tmwa", (req, res) => {
    res.append("Access-Control-Allow-Origin", "*"); // CORS ready
    res.status(200).json({
        "@context": "http://schema.org",
        "@type": "GameServer",
        name: process.env.npm_package_config_tmwa_name,
        url: process.env.npm_package_config_tmwa_url,
        playersOnline: tmwa.num_online,
        serverStatus: tmwa.status,
    });
});

api.use(checkRateLimiting);
api.use(checkCaptcha);
api.use(bodyParser.json());
api.post("/api/account", (req, res) => {
    if (!req.body || !Reflect.has(req.body, "username") ||
        !Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") ||
        !req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) ||
        !req.body.password.match(/^[a-zA-Z0-9]{4,23}$/) ||
        !req.body.email.match(/^$|^(?:[a-zA-Z0-9.$&+=_~-]{1,34}@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,35}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,34}[a-zA-Z0-9])?){0,9})$/) ||
        req.body.email.length >= 40)
    {
        res.status(400).json({
            status: "error",
            error: "malformed request"
        });
        console.info("a malformed request was received", req.ip, req.body);
        rate_limiting.add(req.ip);
        setTimeout(() => rate_limiting.delete(req.ip), 300000);
        return;
    }

    const account = {
        username: req.body.username,
        password: req.body.password,
        email: req.body.email || "a@a.com"
    };

    const db = mysql.createConnection({
        host     : process.env.npm_package_config_sql_host,
        user     : process.env.npm_package_config_sql_user,
        password : process.env.npm_package_config_sql_password,
        database : process.env.npm_package_config_sql_database
    });

    db.connect(err => {
        if (err) {
            res.status(500).json({
                status: "error",
                error: "couldn't reach the database"
            });
            console.warn("a connection with the database couldn't be established");
            return;
        }

        db.query({sql: `INSERT INTO ${process.env.npm_package_config_sql_table} (USERNAME, PASSWORD, EMAIL, GENDER) VALUES ("${account.username}", "${account.password}", "${account.email}", "N")`}, (err, rows, fields) => {
            if (err) {
                if (err.code === "ER_DUP_ENTRY") {
                    res.status(409).json({
                        status: "error",
                        error: "already exists"
                    });
                    console.info("a request to create an already-existent account was received", req.ip, account.username);
                    rate_limiting.add(req.ip);
                    setTimeout(() => rate_limiting.delete(req.ip), 2000);
                } else {
                    res.status(500).json({
                        status: "error",
                        error: "couldn't add the user"
                    });
                    console.error("an unexpected sql error occured", err);
                }
            } else {
                res.status(201).json({
                    status: "success"
                });
                console.info(`an account was created: ${account.username}`);
                rate_limiting.add(req.ip);
                setTimeout(() => rate_limiting.delete(req.ip), 300000);
            }

            db.end();
        });
    });
});


api.use((req, res, next) => {
    res.status(404).json({
        status: "error",
        error: "unknown endpoint"
    });
    console.info("a request for an unknown endpoint was received", req.ip, req.originalUrl);
});

if (process.env.npm_package_config_port === undefined) {
    console.error("Please run this package with `npm start`");
    process.exit(1);
}

api.set("trust proxy", "loopback"); // only allow localhost to communicate with the API
api.disable("x-powered-by"); // we don't need this header
api.listen(process.env.npm_package_config_port, () => console.info(`Listening on port ${process.env.npm_package_config_port}`));
tmwa.poll();
const express = require("express");
const mysql = require("mysql");
const bodyParser = require("body-parser");
const https = require("https");
const fs = require("fs");
const api = express();

const rate_limiting = new Set();

const tmwa = {
    status: "OfflineTemporarily",
    num_online: 0,
    timeout: null,
    poll: () => {
        fs.readFile("./online.txt", "utf8", (err, data) => {
            const lines = data.split("\n");

            if (err || lines.length < 2) {
                console.error("encountered an error while retrieving online.txt", err);
                tmwa.timeout = setTimeout(tmwa.poll, 30000); // <= it failed, so check again later
                return;
            }

            const last_online = Date.parse(lines[0].match(/\((.+)\)/)[1] + ` ${process.env.npm_package_config_timezone}`);

            if (Date.now() - last_online < 30000) {
                const num = lines[lines.length - 2].match(/([0-9]+) users are online./);
                tmwa.status = "Online";
                tmwa.num_online = num ? num[1] : 0;
            } else {
                tmwa.status = "OfflineTemporarily";
                tmwa.num_online = 0;
            }

            tmwa.timeout = setTimeout(tmwa.poll, 2000);
        });
    }
};

const checkRateLimiting = (req, res, next) => {
    if (rate_limiting.has(req.ip)) {
        res.status(429).json({
            status: "error",
            error: "too many requests"
        });
    } else {
        next();
    }
    return;
};

const checkCaptcha = (req, res, next) => {
    const token = String(req.get("X-CAPTCHA-TOKEN"));

    if (!token.match(/^[a-zA-Z0-9-_]{8,}$/)) {
        res.status(403).json({
            status: "error",
            error: "no token sent"
        });
        console.info("a request with an empty token was received", req.ip);
        rate_limiting.add(req.ip);
        setTimeout(() => rate_limiting.delete(req.ip), 300000);
        return;
    }

    https.get(`https://www.google.com/recaptcha/api/siteverify?secret=${process.env.npm_package_config_recaptcha_secret}&response=${token}`, re => {
        re.setEncoding("utf8");
        re.on("data", response => {
            const data = JSON.parse(response);
            if (!data.success) {
                console.error(`recaptcha returned an error: ${response}`);
                res.status(403).json({
                    status: "error",
                    error: "captcha validation failed"
                });
                console.info("a request failed to validate", req.ip);
                rate_limiting.add(req.ip);
                setTimeout(() => rate_limiting.delete(req.ip), 300000);
                return;
            }

            next(); // challenge passed, so process the request
        });
    }).on("error", error => {
        console.error(error);
        res.status(403).json({
            status: "error",
            error: "recaptcha couldn't be reached"
        });
        console.warn("reCaptcha couldn't be reached");
        return;
    })
};

api.get("/api/tmwa", (req, res) => {
    res.append("Access-Control-Allow-Origin", "*"); // CORS ready
    res.status(200).json({
        "@context": "http://schema.org",
        "@type": "GameServer",
        name: process.env.npm_package_config_tmwa_name,
        url: process.env.npm_package_config_tmwa_url,
        playersOnline: tmwa.num_online,
        serverStatus: tmwa.status,
    });
});

api.use(checkRateLimiting);
api.use(checkCaptcha);
api.use(bodyParser.json());
api.post("/api/account", (req, res) => {
    if (!req.body || !Reflect.has(req.body, "username") ||
        !Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") ||
        !req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) ||
        !req.body.password.match(/^[a-zA-Z0-9]{4,23}$/) ||
        !req.body.email.match(/^$|^(?:[a-zA-Z0-9.$&+=_~-]{1,34}@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,35}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,34}[a-zA-Z0-9])?){0,9})$/) ||
        req.body.email.length >= 40)
    {
        res.status(400).json({
            status: "error",
            error: "malformed request"
        });
        console.info("a malformed request was received", req.ip, req.body);
        rate_limiting.add(req.ip);
        setTimeout(() => rate_limiting.delete(req.ip), 300000);
        return;
    }

    const account = {
        username: req.body.username,
        password: req.body.password,
        email: req.body.email || "a@a.com"
    };

    const db = mysql.createConnection({
        host     : process.env.npm_package_config_sql_host,
        user     : process.env.npm_package_config_sql_user,
        password : process.env.npm_package_config_sql_password,
        database : process.env.npm_package_config_sql_database
    });

    db.connect(err => {
        if (err) {
            res.status(500).json({
                status: "error",
                error: "couldn't reach the database"
            });
            console.warn("a connection with the database couldn't be established");
            return;
        }

        db.query({sql: `INSERT INTO ${process.env.npm_package_config_sql_table} (USERNAME, PASSWORD, EMAIL, GENDER) VALUES ("${account.username}", "${account.password}", "${account.email}", "N")`}, (err, rows, fields) => {
            if (err) {
                if (err.code === "ER_DUP_ENTRY") {
                    res.status(409).json({
                        status: "error",
                        error: "already exists"
                    });
                    console.info("a request to create an already-existent account was received", req.ip, account.username);
                    rate_limiting.add(req.ip);
                    setTimeout(() => rate_limiting.delete(req.ip), 2000);
                } else {
                    res.status(500).json({
                        status: "error",
                        error: "couldn't add the user"
                    });
                    console.error("an unexpected sql error occured", err);
                }
            } else {
                res.status(201).json({
                    status: "success"
                });
                console.info(`an account was created: ${account.username}`);
                rate_limiting.add(req.ip);
                setTimeout(() => rate_limiting.delete(req.ip), 300000);
            }

            db.end();
        });
    });
});


api.use((req, res, next) => {
    res.status(404).json({
        status: "error",
        error: "unknown endpoint"
    });
    console.info("a request for an unknown endpoint was received", req.ip, req.originalUrl);
});

if (process.env.npm_package_config_port === undefined) {
    console.error("Please run this package with `npm start`");
    process.exit(1);
}

api.set("trust proxy", "loopback"); // only allow localhost to communicate with the API
api.disable("x-powered-by"); // we don't need this header
api.listen(process.env.npm_package_config_port, () => console.info(`Listening on port ${process.env.npm_package_config_port}`));
tmwa.poll();