-
Notifications
You must be signed in to change notification settings - Fork 44
/
web.js
176 lines (155 loc) · 5.34 KB
/
web.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
var express = require('express');
var qs = require('querystring');
var crypto = require('crypto');
var pg = require('pg');
var app = express.createServer(express.logger());
app.enable("jsonp callback");
app.use(express.bodyParser());
var conn_string = process.env.DATABASE_URL || "tcp://michael:1234@localhost/michael";
var skip_hmac = process.env.SKIP_HMAC
function create_account(account_id, respond){
pg.connect(conn_string, function(err, client) {
console.log(err)
var query = client.query('select count(*) from account where account_id = $1',[account_id]);
query.on('error', function() {
console.log(query)
respond({status: "error"}, 500);
});
query.on('row', function(row) {
if (row.count) {
respond({
status: "exists",
login: {
url: "https://mysite.com/login",
expires: "2012-09-05 23:23:56 UTC"
}
})
} else {
var query2 = client.query('insert into account(account_id) values ($1)',[account_id]);
query2.on('end', function() {
respond({
status: "approve",
login: {
url: "https://mysite.com/login",
expires: "2012-09-05 23:23:56 UTC"
}
});
});
query2.on('error', function() {
console.log(query2)
respond({status:"error"}, 500);
});
}
});
});
}
function create_domain(body, respond){
pg.connect(conn_string, function(err, client) {
var query = client.query('select count(*) from domain where account_id = $1 and domain_id = $2',[body.account_id, body.domain_id]);
query.on('error', function() {
console.log(query)
respond("BADNESS", 500);
});
query.on('row', function(row) {
if (row.count) {
respond("exists")
} else {
var query = client.query('insert into domain(account_id, domain_id) values ($1, $2)', [body.account_id,body.domain_id]);
query.on('end', function() {
respond("approve");
});
query.on('error', function(something) {
respond("error: " + something.detail);
});
}
});
});
}
function log_hit(domain_id, respond){
pg.connect(conn_string, function(err, client) {
if (err) {
console.log(err)
respond("DB error", 500)
return
}
var query = client.query('insert into hit(domain_id) values ($1)', [domain_id]);
var error;
query.on('end', function() {
if (error) return;
console.log(arguments)
var query2 = client.query('select count(*) from hit where domain_id = $1', [domain_id]);
query2.on('row', function(row) {
respond({count: row.count});
});
query2.on('error', function(something) {
console.log(something);
respond({error: "no count"});
});
});
query.on('error', function(something) {
error = true;
console.log(domain_id);
console.log(something);
respond({error: "no inc"});
});
});
}
function valid(req) {
// console.log(req.body)
if (skip_hmac) return true;
var hmac_secret = '09aed14f2a579b0f50965418c67b600d';
var hmac = crypto.createHmac("sha256", hmac_secret);
var contents = JSON.stringify(req.body);
hmac.update(contents);
return req.headers.hmac == hmac.digest('hex');
}
app.post('/api/accounts', function(request, response) {
if (!valid(request)) {
response.send("Bad HMAC");
} else {
var respond = function(vals, code){
response.status(code || 200);
vals.account_id = request.body.account_id
response.send(JSON.stringify(vals));
}
if (!request.body.account_id) {
respond({error: "no account_id"}, 400)
} else {
create_account(request.body.account_id, respond);
}
};
});
app.post('/api/domains', function(request, response) {
if (!valid(request)) {
response.send("Bad HMAC");
response.status(433);
} else {
var respond = function(status, code){
response.status(code || 200);
if (status == 'error') {
response.send("error");
} else {
response.send(JSON.stringify({
"account_id":request.body.account_id,
"domain_id":request.body.domain_id,
"status":status
}));
}
}
create_domain(request.body, respond);
};
});
app.get('/hit', function(request, response) {
var respond = function(obj){
response.json(JSON.stringify(obj));
}
if (!request.query.domain_id) {
respond({error: "no domain_id"})
} else {
log_hit(request.query.domain_id, respond);
}
});
var port = process.env.PORT
app.listen(port, function() {
console.log("Listening on " + port);
});