mcsm-reg/index.js at master · box-archives/mcsm-reg · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
const express = require("express");
const rateLimit = require("express-rate-limit");
const axios = require("axios");
const svgCaptcha = require("svg-captcha");
const session = require("express-session");
const cookoeParser = require("cookie-parser");
const fsExtra = require("fs-extra");
const data = require("./data.json");

const APIKEY = data.APIKEY;
const APIKEY2 = data.APIKEY2;
const APIURL = data.APIURL;
const APIURL2 = data.APIURL2;
const PORT = data.PORT;
const PASSWORD = data.PASSWORD;
const DBFile = data.DBFile;
const HEADERS = {
  "Content-Type": "application/json; charset=utf-8",
};

const app = express();
const bodyParser = require("body-parser");
app.use(bodyParser.json());
app.use(express.static("./static"));
app.use(cookoeParser());
app.use(
  session({
    secret: "mcsmreg",
    name: "SESS_MCSMREG",
    cookie: { maxAge: 120000 },
    resave: false,
    saveUninitialized: true,
  })
);

//数据库
if (!fsExtra.existsSync(DBFile)) {
  fsExtra.createFileSync(DBFile);
  fsExtra.writeJSONSync(DBFile, {});
}

const database = {
  add(username, password, timestamp) {
    let DB = fsExtra.readJSONSync(DBFile);
    DB[username] = {
      password: password,
      timestamp: timestamp,
    };
    fsExtra.writeJSONSync(DBFile, DB);
  },
  remove(username) {
    let DB = fsExtra.readJSONSync(DBFile);
    delete DB[username];
    fsExtra.writeJSONSync(DBFile, DB);
  },
  query() {
    let DB = fsExtra.readJSONSync(DBFile);
    return DB;
  },
};

//CORS设置
app.all("*", function (req, res, next) {
  res.set("Access-Control-Allow-Origin", "*");
  next();
});

//验证码模块
app.get("/api/captcha", (req, res) => {
  const colorMap = [
    "#eeeeee",
    "#edfedf",
    "#eeddff",
    "skyblue",
    "orange",
    "#c8c8c8",
  ];
  const randomColor = colorMap[Math.floor(Math.random() * colorMap.length)];
  var captcha = svgCaptcha.create({
    color: true,
    inverse: false,
    background: randomColor,
    width: 100,
    height: 40,
    fontSize: 36,
    size: 4,
    noise: 3,
    ignoreChars: "0oO1ilI",
  });
  req.session.mcsmreg_captcha = captcha.text.toLowerCase();
  res.setHeader("Content-Type", "image/svg+xml");
  res.send(captcha.data);
});

//接口限速
const regLimiter = rateLimit({
  windowMs: 1 * 60 * 1000,
  max: 3,
  standardHeaders: true,
  legacyHeaders: false,
});

const adminApiLimiter = rateLimit({
  windowMs: 1 * 60 * 1000,
  max: 25,
  standardHeaders: true,
  legacyHeaders: false,
});

app.use("/api/register", regLimiter);
app.use("/api/admin", adminApiLimiter);
app.use("/api/renew", adminApiLimiter);

//注册
app.post("/api/register", async (req, res) => {
  var username = req.body.username;
  var password = req.body.password;
  var captcha0 = req.body.captcha;
  var panelNode = !req.body.node;
  if (captcha0 == null) {
    return res.json({
      status: 400,
      msg: "验证码不能为空",
    });
  }
  var captcha = captcha0.toLowerCase();

  //验证码检测
  console.log("验证码校验: ", captcha, req.session.mcsmreg_captcha);
  if (captcha !== req.session.mcsmreg_captcha) {
    delete req.session.mcsmreg_captcha;
    return res.json({
      status: 403,
      msg: "验证码错误或失效",
    });
  }

  delete req.session.mcsmreg_captcha;

  if (!username || !password)
    return res.json({
      status: 400,
      msg: "账号密码不能为空",
    });

  const data = {
    username: username,
    password: password,
    permission: 1,
  };

  //调用MCSM API
  console.log(username, "正在被创建");
  let currApi = panelNode ? APIURL : APIURL2;
  let currApiKey = panelNode ? APIKEY : APIKEY2;
  let resp = await axios
    .post(currApi + "/api/auth", data, {
      timeout: 5000,
      headers: HEADERS,
      params: {
        apikey: currApiKey,
      },
    })
    .catch((e) => {
      console.log(username, "创建失败", e.response.data.data);
      return res.json({
        status: 400,
        msg: `${e.response.data.data}`,
      });
    });

  //返回成功
  if (resp.status == 200 && resp.data.status == 200) {
    console.log(username, password, Date.now());
    database.add(username, password, Date.now());
    return res.json({
      status: 200,
      msg: "账号创建成功",
    });
  }
});

//续期
app.post("/api/renew", async (req, res) => {
  var guid = req.body.guid;
  var uuid = req.body.uuid;
  var panelNode = !req.body.node;

  let currApi = panelNode ? APIURL : APIURL2;
  let currApiKey = panelNode ? APIKEY : APIKEY2;

  if (!guid || !uuid)
    return res.json({
      status: 400,
      msg: "GUID/UUID不能为空",
    });

  const queryParams = {
    uuid: uuid,
    remote_uuid: guid,
    apikey: currApiKey,
  };

  //调用MCSM API
  console.log(guid, uuid, "续期");
  let respInst = await axios
    .get(currApi + "/api/instance", {
      timeout: 5000,
      headers: HEADERS,
      params: queryParams,
    })
    .catch((e) => {
      console.log(guid, uuid, "实例获取错误");
      return res.json({
        status: 400,
        msg: "实例获取错误",
      });
    });

  if (respInst.status != 200 || respInst.data.status != 200) return;
  let inst = respInst.data.data.config;

  let origDate = new Date(inst.endTime);

  let time = new Date();
  let oldTime = time.getTime();
  time.setTime(oldTime + 1000 * 60 * 60 * 24 * 7);
  let canRenew = origDate.getTime() - oldTime <= 1000 * 60 * 60 * 24 * 3;
  inst.endTime = time.toLocaleDateString();

  if (!canRenew) {
    console.log(guid, uuid, "续期太快");
    return res.json({
      status: 400,
      msg: "再等等吧~到期前3天可续",
    });
  }

  let resp2 = await axios
    .put(currApi + "/api/instance", inst, {
      timeout: 5000,
      headers: HEADERS,
      params: queryParams,
    })
    .catch((e) => {
      console.log(guid, uuid, "续期失败");
      return res.json({
        status: 400,
        msg: "续期失败",
      });
    });

  if (resp2.status == 200 && resp2.data.status == 200) {
    console.log(guid, uuid, "续期成功 结束时间", inst.endTime);
    return res.json({
      status: 200,
      msg: "续期成功, 请等三天后再来!",
    });
  }
});

app.get("/api/admin/queryreg", (req, res) => {
  if (req.query.key == PASSWORD) {
    console.log("查询注册");
    return res.status(200).json(database.query());
  } else {
    return res.status(403).json({});
  }
});

app.get("/api/admin/deletereg", (req, res) => {
  if (req.query.key == PASSWORD && req.query.name) {
    console.log("删除注册日志", req.query.name);
    database.remove(req.query.name);
    return res.status(200).json({});
  } else {
    return res.status(403).json({});
  }
});

app.listen(PORT, () => {
  console.log(`服务器端口监听: ${PORT}`);
});

//404页面
app.get("*", function (req, res) {
  res.sendFile("./404.html", {
    root: __dirname + "/static",
    status: 404,
  });
});