diff --git a/.gitignore b/.gitignore index 1ffdf0f4..1bd7019a 100755 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ server/config/cert_config.js server/config/recaptcha.js server/config/analytics.js server/config/google.js +server/config/allowed_api.js server/public/assets/dist/maps/ server/public/assets/dist/callback.min.js server/public/assets/dist/token.min.js diff --git a/server/apps/client.js b/server/apps/client.js index b394c9c1..8861f99f 100755 --- a/server/apps/client.js +++ b/server/apps/client.js @@ -87,9 +87,10 @@ app.socketIO = io; /* Globally needed "libraries" and files */ -var Functions = require(pathThumbnails + '/handlers/functions.js'); var router = require(pathThumbnails + '/routing/client/router.js'); -var api = require(pathThumbnails + '/routing/client/api.js'); +var api_file = require(pathThumbnails + '/routing/client/api.js'); +var api = api_file.router; +api_file.sIO = app.socketIO; var ico_router = require(pathThumbnails + '/routing/client/icons_routing.js'); app.get('/robots.txt', function (req, res) { diff --git a/server/config/allowed_api.example.js b/server/config/allowed_api.example.js new file mode 100644 index 00000000..981ec029 --- /dev/null +++ b/server/config/allowed_api.example.js @@ -0,0 +1,3 @@ +var key = [""]; + +module.exports = key; diff --git a/server/routing/client/api.js b/server/routing/client/api.js index 92a8eebe..8b07e91f 100644 --- a/server/routing/client/api.js +++ b/server/routing/client/api.js @@ -6,7 +6,7 @@ var ObjectId = mongojs.ObjectId; var token_db = mongojs("tokens"); var cookieParser = require("cookie-parser"); var db = require(pathThumbnails + '/handlers/db.js'); -var secrets = require(pathThumbnails + '/config/api_key.js'); +var allowed_key = require(pathThumbnails + '/config/allowed_api.js'); var crypto = require('crypto'); var List = require(pathThumbnails + '/handlers/list.js'); var Functions = require(pathThumbnails + '/handlers/functions.js'); @@ -15,9 +15,13 @@ var Search = require(pathThumbnails + '/handlers/search.js'); var uniqid = require('uniqid'); var Filter = require('bad-words'); var filter = new Filter({ placeHolder: 'x'}); -var sIO = require(path.join(__dirname, '../../apps/client.js')).socketIO; + +var _exports = { + router: router, + sIO: {} +} var projects = require(pathThumbnails + "/handlers/aggregates.js"); -console.log(path.join(__dirname, '../../apps/client.js')); + var error = { not_found: { youtube: { @@ -69,6 +73,24 @@ var error = { success: false, results: [], }, + settings: { + status: 409, + error: "The channel doesn't have strict skipping enabled.", + success: false, + results: [], + }, + already_skip: { + status: 206, + error: false, + success: true, + results: [], + }, + more_skip_needed: { + status: 202, + error: false, + success: true, + results: [], + }, no_error: { status: 200, error: false, @@ -278,69 +300,64 @@ router.route('/api/skip/:channel_name').post(function(req, res) { res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); res.header({"Content-Type": "application/json"}); - var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var api_key = req.body.api_key; - //var id = req.body.id; var guid = req.body.chat_name; var channel_name = cleanChannelName(req.params.channel_name); var userpass = ""; if(req.body.userpass) userpass = crypto.createHash('sha256').update(Functions.decrypt_string(req.body.userpass)).digest("base64"); - console.log(api_key, guid, channel_name, userpass); - if(api_key == "AhmC4Yg2BhaWPZBXeoWK96DAiAVfbou8TUG2IXtD3ZQ=") { + if(allowed_key.indexOf(api_key) > -1) { db.collection(channel_name + "_settings").find({"id": "config"}, function(err, settings) { if(settings.length == 0) { - // LIST DOESNT EXIST - res.status(404).send(error.wrong_token); + res.status(404).send(error.not_found.list); return; } settings = settings[0]; if(!settings.strictSkip) { - // DONT HAVE STRICT SKIP - res.status(404).send(error.wrong_token); + res.status(409).send(error.settings); return; } - if(settings.userpass == "" || (settings.userpass == userpass)) { - if(settings.skips.length+1 >= settings.strictSkipNumber) { + if(settings.skips.length+1 >= settings.strictSkipNumber && !Functions.contains(settings.skips, guid)) { Functions.checkTimeout("skip", 1, channel_name, channel_name, false, true, undefined, function() { db.collection(channel_name).find({now_playing: true}, function(err, np) { if(np.length != 1) { - // NO SONG - res.status(404).send(error.wrong_token); + res.status(404).send(error.not_found.list); return; } List.change_song(channel_name, false, np[0].id, [settings], function() { - // VOTED TO SKIP - res.status(200).send(error.wrong_token); + res.status(200).send(error.no_error); return; }); - console.log("hello",sIO); - //sIO.to(channel_name).emit('chat', {from: guid, icon: false, msg: " skipped via API."}); + _exports.sIO.to(channel_name).emit('chat', {from: guid, icon: false, msg: " skipped via API."}); }); - }, "The channel is skipping too often, please wait "); - } else if(!Functions.contains(settings.skips, guid)){ - db.collection(coll + "_settings").update({ id: "config" }, {$push:{skips:guid}}, function(err, d){ - var to_skip = (strictSkipNumber) - settings.skips.length-1; - console.log("ok", sIO); - //sIO.to(channel_name).emit('chat', {from: guid, msg: " voted to skip via API."}); + }, "", function() { + res.status(429).send(error.tooMany); + return; + }); + } else if(!Functions.contains(settings.skips, guid)) { + db.collection(channel_name + "_settings").update({ id: "config" }, {$push:{skips:guid}}, function(err, d){ + var to_skip = (settings.strictSkipNumber) - settings.skips.length-1; + _exports.sIO.to(channel_name).emit('chat', {from: guid, msg: " voted to skip via API."}); // VOTED TO SKIP - res.status(200).send(error.wrong_token); + var to_send = error.more_skip_needed; + to_send.results = [to_skip] + res.status(202).send(to_send); return; }); } else { //ALREADY SKIP - res.status(404).send(error.wrong_token); + res.status(206).send(error.already_skip); return; } } else { // NOT AUTHENTICATED - res.status(404).send(error.wrong_token); + res.status(403).send(error.not_authenticated); return; } }); } else { // WRONG API KEY - res.status(403).send(error.wrong_token); + res.status(406).send(error.not_authenticated); return; } }); @@ -1566,4 +1583,4 @@ function postEnd(channel_name, configs, new_song, guid, res, authenticated, auth }); } -module.exports = router; +module.exports = _exports;