mirror of
https://github.com/4ev-link/4ev.link.git
synced 2026-01-14 00:28:05 +00:00
141 lines
3.2 KiB
JavaScript
141 lines
3.2 KiB
JavaScript
const genSlug = l =>
|
|
[...Array(l)]
|
|
.map(
|
|
() =>
|
|
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"[
|
|
(Math.random() * 62) | 0
|
|
]
|
|
)
|
|
.join("");
|
|
|
|
const RESERVED = new Set([
|
|
"api",
|
|
"dash",
|
|
"admin",
|
|
"login",
|
|
"logout",
|
|
"signin",
|
|
"signup",
|
|
"register",
|
|
"account",
|
|
"settings",
|
|
"profile",
|
|
"password",
|
|
"user",
|
|
"users",
|
|
"link",
|
|
"links",
|
|
"url",
|
|
"urls",
|
|
"robots",
|
|
"sitemap",
|
|
"favicon",
|
|
"well-known",
|
|
"assets",
|
|
"static",
|
|
"img",
|
|
"js",
|
|
"css",
|
|
"public",
|
|
]);
|
|
|
|
const notify = (env, title, message, level = 2) =>
|
|
env.NTFY_TOPIC
|
|
? fetch(`https://ntfy.sh/${env.NTFY_TOPIC}`, {
|
|
method: "POST",
|
|
headers: {
|
|
"Content-Type": "text/plain",
|
|
Title: title,
|
|
Priority: String(level),
|
|
},
|
|
body: message,
|
|
}).catch(() => {})
|
|
: Promise.resolve();
|
|
|
|
export async function onRequestPost({ request, env }) {
|
|
try {
|
|
const { "g-recaptcha-response": token, ...body } = await request.json();
|
|
|
|
const vR = await fetch(
|
|
"https://www.google.com/recaptcha/api/siteverify",
|
|
{
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
body: `secret=${env.RECAPCHA_KEY}&response=${token}`,
|
|
}
|
|
);
|
|
|
|
if (!(await vR.json()).success)
|
|
return new Response("CAPTCHA verification failed.", { status: 403 });
|
|
|
|
const { destination_url, slug, username, pass_hash } = body;
|
|
if (!destination_url || !username || !pass_hash)
|
|
return new Response("Missing fields", { status: 400 });
|
|
|
|
const user = await env.D1_EV.prepare(
|
|
"SELECT pass_hash, custom_slugs FROM users WHERE username = ?"
|
|
)
|
|
.bind(username)
|
|
.first();
|
|
|
|
if (user?.pass_hash !== pass_hash)
|
|
return new Response("Invalid credentials", { status: 401 });
|
|
|
|
let finalSlug = slug;
|
|
|
|
if (finalSlug) {
|
|
if (
|
|
RESERVED.has(finalSlug.toLowerCase()) ||
|
|
!/^[a-zA-Z0-9-]{3,32}$/.test(finalSlug) ||
|
|
(await env.KV_EV.get(finalSlug))
|
|
)
|
|
return new Response("Invalid or taken slug", { status: 400 });
|
|
} else {
|
|
do {
|
|
finalSlug = genSlug(6);
|
|
} while (await env.KV_EV.get(finalSlug));
|
|
}
|
|
|
|
let url = destination_url.startsWith("http")
|
|
? destination_url
|
|
: `https://${destination_url}`;
|
|
|
|
try {
|
|
new URL(url);
|
|
} catch {
|
|
return new Response("Invalid destination URL", { status: 400 });
|
|
}
|
|
|
|
const dest_no_proto = url.replace(/^https?:\/\//, "");
|
|
|
|
let slugs;
|
|
try {
|
|
slugs = JSON.parse(user.custom_slugs);
|
|
} catch {}
|
|
|
|
const newSlugs = Array.isArray(slugs) ? slugs : [];
|
|
newSlugs.push(finalSlug);
|
|
|
|
await Promise.all([
|
|
env.KV_EV.put(finalSlug, dest_no_proto),
|
|
env.D1_EV.prepare(
|
|
"UPDATE users SET custom_slugs = ? WHERE username = ?"
|
|
)
|
|
.bind(JSON.stringify(newSlugs), username)
|
|
.run(),
|
|
]);
|
|
|
|
env.NTFY_TOPIC &&
|
|
notify(
|
|
env,
|
|
"4ev.link: link created",
|
|
`user=${username} slug=${finalSlug} dest=${dest_no_proto}`,
|
|
2
|
|
);
|
|
|
|
return Response.json({ slug: finalSlug }, { status: 201 });
|
|
} catch (e) {
|
|
return new Response(e.message, { status: 500 });
|
|
}
|
|
}
|