api: raw stream status responses, clean up core

This commit is contained in:
wukko 2024-05-15 22:28:09 +06:00
parent 13524a4aa1
commit 98e05368ed
No known key found for this signature in database
GPG key ID: 3E30B3F26C7B4AA2
3 changed files with 98 additions and 107 deletions

View file

@ -16,10 +16,10 @@ import { verifyStream, getInternalStream } from "../modules/stream/manage.js";
import { extract } from "../modules/processing/url.js"; import { extract } from "../modules/processing/url.js";
export function runAPI(express, app, gitCommit, gitBranch, __dirname) { export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
const corsConfig = !env.corsWildcard ? { const corsConfig = env.corsWildcard ? {} : {
origin: env.corsURL, origin: env.corsURL,
optionsSuccessStatus: 200 optionsSuccessStatus: 200
} : {}; };
const apiLimiter = rateLimit({ const apiLimiter = rateLimit({
windowMs: 60000, windowMs: 60000,
@ -33,7 +33,8 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
"text": loc(languageCode(req), 'ErrorRateLimit') "text": loc(languageCode(req), 'ErrorRateLimit')
}); });
} }
}); })
const apiLimiterStream = rateLimit({ const apiLimiterStream = rateLimit({
windowMs: 60000, windowMs: 60000,
max: 25, max: 25,
@ -41,12 +42,9 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
legacyHeaders: false, legacyHeaders: false,
keyGenerator: req => generateHmac(getIP(req), ipSalt), keyGenerator: req => generateHmac(getIP(req), ipSalt),
handler: (req, res) => { handler: (req, res) => {
return res.status(429).json({ return res.sendStatus(429)
"status": "rate-limit",
"text": loc(languageCode(req), 'ErrorRateLimit')
});
} }
}); })
const startTime = new Date(); const startTime = new Date();
const startTimestamp = startTime.getTime(); const startTimestamp = startTime.getTime();
@ -56,7 +54,7 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
app.use('/api/:type', cors({ app.use('/api/:type', cors({
methods: ['GET', 'POST'], methods: ['GET', 'POST'],
...corsConfig ...corsConfig
})); }))
app.use('/api/json', apiLimiter); app.use('/api/json', apiLimiter);
app.use('/api/stream', apiLimiterStream); app.use('/api/stream', apiLimiterStream);
@ -65,27 +63,27 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
app.use((req, res, next) => { app.use((req, res, next) => {
try { decodeURIComponent(req.path) } catch (e) { return res.redirect('/') } try { decodeURIComponent(req.path) } catch (e) { return res.redirect('/') }
next(); next();
}); })
app.use('/api/json', express.json({ app.use('/api/json', express.json({
verify: (req, res, buf) => { verify: (req, res, buf) => {
let acceptCon = String(req.header('Accept')) === "application/json"; const acceptHeader = String(req.header('Accept')) === "application/json";
if (acceptCon) { if (acceptHeader) {
if (buf.length > 720) throw new Error(); if (buf.length > 720) throw new Error();
JSON.parse(buf); JSON.parse(buf);
} else { } else {
throw new Error(); throw new Error();
} }
} }
})); }))
// handle express.json errors properly (https://github.com/expressjs/express/issues/4065) // handle express.json errors properly (https://github.com/expressjs/express/issues/4065)
app.use('/api/json', (err, req, res, next) => { app.use('/api/json', (err, req, res, next) => {
let errorText = "invalid json body"; const errorText = "invalid json body";
let acceptCon = String(req.header('Accept')) !== "application/json"; const acceptHeader = String(req.header('Accept')) !== "application/json";
if (err || acceptCon) { if (err || acceptHeader) {
if (acceptCon) errorText = "invalid accept header"; if (acceptHeader) errorText = "invalid accept header";
return res.status(400).json({ return res.status(400).json({
status: "error", status: "error",
text: errorText text: errorText
@ -93,12 +91,14 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
} else { } else {
next(); next();
} }
}); })
const acceptRegex = /^application\/json(; charset=utf-8)?$/; const acceptRegex = /^application\/json(; charset=utf-8)?$/;
app.post('/api/json', async (req, res) => { app.post('/api/json', async (req, res) => {
const request = req.body; const request = req.body;
const lang = languageCode(req); const lang = languageCode(req);
const fail = (t) => { const fail = (t) => {
const { status, body } = createResponse("error", { t: loc(lang, t) }); const { status, body } = createResponse("error", { t: loc(lang, t) });
res.status(status).json(body); res.status(status).json(body);
@ -132,80 +132,83 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
} catch { } catch {
fail('ErrorSomethingWentWrong'); fail('ErrorSomethingWentWrong');
} }
}); })
app.get('/api/:type', (req, res) => { app.get('/api/stream', (req, res) => {
try { const id = String(req.query.id);
let j; const exp = String(req.query.exp);
switch (req.params.type) { const sig = String(req.query.sig);
case 'stream': const sec = String(req.query.sec);
const q = req.query; const iv = String(req.query.iv);
const checkQueries = q.t && q.e && q.h && q.s && q.i;
const checkBaseLength = q.t.length === 21 && q.e.length === 13;
const checkSafeLength = q.h.length === 43 && q.s.length === 43 && q.i.length === 22;
if (checkQueries && checkBaseLength && checkSafeLength) {
if (q.p) {
return res.status(200).json({
status: "continue"
})
}
let streamInfo = verifyStream(q.t, q.h, q.e, q.s, q.i);
if (streamInfo.error) {
return res.status(streamInfo.status).json(apiJSON(0, { t: streamInfo.error }).body);
}
return stream(res, streamInfo);
}
j = apiJSON(0, { const checkQueries = id && exp && sig && sec && iv;
t: "bad request. stream link may be incomplete or corrupted." const checkBaseLength = id.length === 21 && exp.length === 13;
}) const checkSafeLength = sig.length === 43 && sec.length === 43 && iv.length === 22;
return res.status(j.status).json(j.body);
case 'istream': if (checkQueries && checkBaseLength && checkSafeLength) {
if (!req.ip.endsWith('127.0.0.1')) // rate limit probe, will not return json after 8.0
return res.sendStatus(403); if (req.query.p) {
if (('' + req.query.t).length !== 21) return res.status(200).json({
return res.sendStatus(400); status: "continue"
})
let streamInfo = getInternalStream(req.query.t); }
if (!streamInfo) return res.sendStatus(404); try {
streamInfo.headers = req.headers; const streamInfo = verifyStream(id, sig, exp, sec, iv);
if (!streamInfo?.service) {
return stream(res, { type: 'internal', ...streamInfo }); return res.sendStatus(streamInfo.status);
case 'serverInfo': }
return res.status(200).json({ return stream(res, streamInfo);
version: version, } catch {
commit: gitCommit, return res.destroy();
branch: gitBranch,
name: env.apiName,
url: env.apiURL,
cors: Number(env.corsWildcard),
startTime: `${startTimestamp}`
});
default:
j = apiJSON(0, {
t: "unknown response type"
})
return res.status(j.status).json(j.body);
} }
} catch (e) {
return res.status(500).json({
status: "error",
text: loc(languageCode(req), 'ErrorCantProcess')
});
} }
}); return res.sendStatus(400);
})
app.get('/api/istream', (req, res) => {
try {
if (!req.ip.endsWith('127.0.0.1'))
return res.sendStatus(403);
if (String(req.query.id).length !== 21)
return res.sendStatus(400);
const streamInfo = getInternalStream(req.query.id);
if (!streamInfo) return res.sendStatus(404);
streamInfo.headers = req.headers;
return stream(res, { type: 'internal', ...streamInfo });
} catch {
return res.destroy();
}
})
app.get('/api/serverInfo', (req, res) => {
try {
return res.status(200).json({
version: version,
commit: gitCommit,
branch: gitBranch,
name: env.apiName,
url: env.apiURL,
cors: Number(env.corsWildcard),
startTime: `${startTimestamp}`
});
} catch {
return res.destroy();
}
})
app.get('/api/status', (req, res) => { app.get('/api/status', (req, res) => {
res.status(200).end() res.status(200).end()
}); })
app.get('/favicon.ico', (req, res) => { app.get('/favicon.ico', (req, res) => {
res.sendFile(`${__dirname}/src/front/icons/favicon.ico`) res.sendFile(`${__dirname}/src/front/icons/favicon.ico`)
}); })
app.get('/*', (req, res) => { app.get('/*', (req, res) => {
res.redirect('/api/json') res.redirect('/api/serverInfo')
}); })
app.listen(env.apiPort, env.listenAddress, () => { app.listen(env.apiPort, env.listenAddress, () => {
console.log(`\n` + console.log(`\n` +
@ -214,5 +217,5 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
`URL: ${Cyan(`${env.apiURL}`)}\n` + `URL: ${Cyan(`${env.apiURL}`)}\n` +
`Port: ${env.apiPort}\n` `Port: ${env.apiPort}\n`
) )
}); })
} }

View file

@ -1,6 +1,6 @@
import NodeCache from "node-cache"; import NodeCache from "node-cache";
import { randomBytes } from "crypto"; import { randomBytes } from "crypto";
import { nanoid } from 'nanoid'; import { nanoid } from "nanoid";
import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js"; import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js";
import { streamLifespan, env } from "../config.js"; import { streamLifespan, env } from "../config.js";
@ -11,15 +11,6 @@ const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
const M3U_SERVICES = ['dailymotion', 'vimeo', 'rutube']; const M3U_SERVICES = ['dailymotion', 'vimeo', 'rutube'];
const streamNoAccess = {
error: "i couldn't verify if you have access to this stream. go back and try again!",
status: 401
}
const streamNoExist = {
error: "this download link has expired or doesn't exist. go back and try again!",
status: 400
}
const streamCache = new NodeCache({ const streamCache = new NodeCache({
stdTTL: streamLifespan/1000, stdTTL: streamLifespan/1000,
checkperiod: 10, checkperiod: 10,
@ -61,11 +52,11 @@ export function createStream(obj) {
let streamLink = new URL('/api/stream', env.apiURL); let streamLink = new URL('/api/stream', env.apiURL);
const params = { const params = {
't': streamID, 'id': streamID,
'e': exp, 'exp': exp,
'h': hmac, 'sig': hmac,
's': secret, 'sec': secret,
'i': iv 'iv': iv
} }
for (const [key, value] of Object.entries(params)) { for (const [key, value] of Object.entries(params)) {
@ -96,7 +87,7 @@ export function createInternalStream(url, obj = {}) {
}; };
let streamLink = new URL('/api/istream', `http://127.0.0.1:${env.apiPort}`); let streamLink = new URL('/api/istream', `http://127.0.0.1:${env.apiPort}`);
streamLink.searchParams.set('t', streamID); streamLink.searchParams.set('id', streamID);
return streamLink.toString(); return streamLink.toString();
} }
@ -106,7 +97,7 @@ export function destroyInternalStream(url) {
return; return;
} }
const id = url.searchParams.get('t'); const id = url.searchParams.get('id');
if (internalStreamCache[id]) { if (internalStreamCache[id]) {
internalStreamCache[id].controller.abort(); internalStreamCache[id].controller.abort();
@ -141,22 +132,19 @@ export function verifyStream(id, hmac, exp, secret, iv) {
const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt); const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
const cache = streamCache.get(id.toString()); const cache = streamCache.get(id.toString());
if (ghmac !== String(hmac)) return streamNoAccess; if (ghmac !== String(hmac)) return { status: 401 };
if (!cache) return streamNoExist; if (!cache) return { status: 404 };
const streamInfo = JSON.parse(decryptStream(cache, iv, secret)); const streamInfo = JSON.parse(decryptStream(cache, iv, secret));
if (!streamInfo) return streamNoExist; if (!streamInfo) return { status: 404 };
if (Number(exp) <= new Date().getTime()) if (Number(exp) <= new Date().getTime())
return streamNoExist; return { status: 404 };
return wrapStream(streamInfo); return wrapStream(streamInfo);
} }
catch { catch {
return { return { status: 500 };
error: "something went wrong and i couldn't verify this stream. go back and try again!",
status: 500
}
} }
} }

View file

@ -25,6 +25,6 @@ export default async function(res, streamInfo) {
break; break;
} }
} catch { } catch {
res.status(500).json({ status: "error", text: "Internal Server Error" }); res.sendStatus(500);
} }
} }