MAJOR CLEANING

phish-directory · Feb 26, 2025 · 165bf48 · 165bf48
1 parent 02867d1
commit 165bf48
Show file tree

Hide file tree

Showing 37 changed files with 281 additions and 322 deletions.
diff --git a/src/utils/headers.ts → src/defs/headers.ts b/src/utils/headers.ts → src/defs/headers.ts
diff --git a/src/defs/interfaces.ts b/src/defs/interfaces.ts
@@ -0,0 +1,13 @@
+/**
+ * Interface for domain check response
+ */
+export interface DomainCheckResponse {
+  domain: string;
+  phishing: boolean;
+  times: {
+    createdAt: Date;
+    updatedAt: Date;
+    lastChecked: Date | null;
+  };
+  rawData?: any[]; // Optional property for extended data
+}
diff --git a/src/middleware/logRequest.ts b/src/middleware/logRequest.ts
@@ -1,8 +1,8 @@
 import { NextFunction, Request, Response } from "express";
 import requestIp from "request-ip";
 
-import { getUserInfo } from "../functions/jwt";
 import { prisma } from "../prisma";
+import { getUserInfo } from "../utils/jwt";
 import { log } from "../utils/logger";
 
 let monitoringAgents = ["Checkly/", "Uptime-Kuma/"];

diff --git a/src/routes/admin/router.ts b/src/routes/admin/router.ts
@@ -1,9 +1,9 @@
 import express from "express";
 import moment from "moment";
-import { getPackageVersion, getVersion } from "../../functions/getVersion";
-import { authenticateToken, getUserInfo } from "../../functions/jwt";
 import { logRequest } from "../../middleware/logRequest";
 import { prisma } from "../../prisma";
+import { getPackageVersion, getVersion } from "../../utils/getVersion";
+import { authenticateToken, getUserInfo } from "../../utils/jwt";
 import domainRouter from "./routes/domain";
 import userRouter from "./routes/user";
 

diff --git a/src/routes/admin/routes/domain.ts b/src/routes/admin/routes/domain.ts
@@ -1,11 +1,11 @@
 import axios from "axios";
 import express, { Request, Response } from "express";
 
-import { getDbDomain } from "../../../functions/db/getDbDomain";
-import { domainReport } from "../../../functions/domain";
-import { getUserInfo } from "../../../functions/jwt";
+import { headersWithOTX } from "../../../defs/headers";
 import { prisma } from "../../../prisma";
-import { headersWithOTX } from "../../../utils/headers";
+import { getDbDomain } from "../../../utils/db/getDbDomain";
+import { domainReport } from "../../../utils/domain/domainReport";
+import { getUserInfo } from "../../../utils/jwt";
 
 /*
 GET domain - Get all domains

diff --git a/src/routes/admin/swaggerOptions.ts b/src/routes/admin/swaggerOptions.ts
@@ -1,4 +1,4 @@
-import { getVersion } from "../../functions/getVersion";
+import { getVersion } from "../../utils/getVersion";
 
 let filePattern;
 if (process.env.NODE_ENV === "production") {

diff --git a/src/routes/domain/check.ts b/src/routes/domain/check.ts
@@ -1,272 +1,42 @@
-import axios from "axios";
-
 import express from "express";
 const router = express.Router();
 
-import { domainCheck } from "../../functions/domain";
-import { authenticateToken } from "../../functions/jwt";
-import { parseData } from "../../functions/parseData";
-import { userNeedsExtendedData } from "../../functions/userNeedsExtendedData";
-import { prisma } from "../../prisma";
-
-import { headersWithOTX } from "../../utils/headers";
+import { findOrCreateDomain } from "../../utils/db/findOrCreateDomain";
+import { prepareResponse } from "../../utils/domain/prepareResponse";
+import { validateAndExtractParams } from "../../utils/domain/validateAndExtractDomainParams";
+import { authenticateToken } from "../../utils/jwt";
+import { ValidationError } from "../../utils/validationError";
 
 /**
  * GET /domain/check
  * @summary Checks if a domain is phishing/malicious.
  * @description This endpoint checks if a domain is phishing/malicious.
- It will return a boolean value of true if it is phishing/malicious and false if it is not, and some other data.
-
- Internally, this queries multiple sources to check if the domain is phishing/malicious, including but not limited to:
-    - Walshy's API
-    - IPQualityScore
-    - Google Safebrowsing
-    - Sinking Yahts
-    - PhishTank
-    - OpenPhish
-    - Lots more...
-
-We also keep our own database of domains and their status, so we can return the status of the domain quickly if it has been checked before.
-
+ * It will return a boolean value of true if it is phishing/malicious and false if it is not, and some other data.
  * @tags Domain - Endpoints for checking / reporting domains.
  * @security BearerAuth
  * @param {string} domain.query.required - Domain to check
  * @param {boolean} extendData.query.optional - Optionally, request extra information about the domain (MAY HAVE LONGER RESPONSE TIME). You need special permissions to access this.
  * @return {object} 200 - Success message
  * @return {string} 400 - Error message
- * @example response - 200 - Success message
- * {
- *   "domain": "google.com",
- *   "phishing": false,
- *   "times": {
- *     "createdAt": "2024-08-14T00:00:00.000Z",
- *     "updatedAt": "2024-08-14T00:00:00.000Z",
- *     "lastChecked": "2024-08-14T00:00:00.000Z"
- *   }
- * }
- * @example response - 400 - Error: No domain parameter
- * "No domain parameter found"
- * @example response - 400 - Error: Invalid domain parameter
- * "Invalid domain parameter, should be a top level domain. Ex: google.com, amazon.com"
  */
 router.get("/", authenticateToken, async (req, res) => {
-  // metrics.increment("endpoint.domain.check");
-
-  // look for the query parameter
-  const query = req.query!;
-
-  let domain: string = query.domain! as string;
-  let extendData = await userNeedsExtendedData(req);
-
-  // check for domain parameter
-  if (!domain || domain === "" || domain === undefined || domain === null) {
-    return res.status(400).json("No domain parameter found");
-  }
-
-  // validate the domain (should be a top level domain
-  // and not a subdomain
-  // ex: google.com amazn.com
-  // not: mail.google.com, docs.google.com)
-
-  let regex = new RegExp("^(?!http://|https://)[a-zA-Z0-9-]+.[a-zA-Z]{2,}$");
-  if (!regex.test(domain)) {
-    return res
-      .status(400)
-      .json(
-        "Invalid domain parameter, should be a top level domain. Ex: google.com, amazon.com"
-      );
-  }
-
-  let dbDomain = await prisma.domain.findFirst({
-    where: {
-      domain: domain,
-    },
-  });
-
-  if (!dbDomain) {
-    dbDomain = await prisma.domain.create({
-      data: {
-        domain: domain,
-      },
-    });
-
-    let data = await domainCheck(domain);
-
-    let walshyData = data.walshyData;
-    let ipQualityScoreData = data.ipQualityScoreData;
-    let googleSafebrowsingData = data.googleSafebrowsingData;
-    let sinkingYahtsData = data.sinkingYahtsData;
-    let virusTotalData = data.virusTotalData;
-    let phishObserverData = data.phishObserverData;
-    let urlScanData = data.urlScanData;
-    let securitytrailsData = data.securitytrailsData;
-    let phishreportData = data.phishreportData;
-
-    let isPhish = await parseData(
-      walshyData,
-      ipQualityScoreData,
-      googleSafebrowsingData,
-      sinkingYahtsData,
-      virusTotalData,
-      phishObserverData,
-      urlScanData,
-      securitytrailsData,
-      phishreportData
-    );
-
-    if (isPhish) {
-      await prisma.domain.update({
-        where: {
-          id: dbDomain.id,
-        },
-        data: {
-          malicious: true,
-          lastChecked: new Date(),
-        },
-      });
-
-      await axios.patch(
-        "https://otx.alienvault.com/api/v1/pulses/6785dccb041b628fde283705",
-        {
-          indicators: {
-            add: [
-              {
-                indicator: `${domain}`,
-                type: "domain",
-                role: "phishing",
-              },
-            ],
-          },
-        },
-        {
-          headers: headersWithOTX,
-        }
-      );
-
-      let response = {
-        domain: domain,
-        phishing: true,
-        times: {
-          createdAt: dbDomain.createdAt,
-          updatedAt: dbDomain.updatedAt,
-          lastChecked: dbDomain.lastChecked,
-        },
-      };
-
-      if (extendData) {
-        let rawAPIData = await prisma.rawAPIData.findMany({
-          where: {
-            domainId: dbDomain.id,
-          },
-        });
-
-        // push the raw data to the response
-        response["rawData"] = rawAPIData;
-      }
-
-      return res.status(200).json(response);
-    } else {
-      await prisma.domain.update({
-        where: {
-          id: dbDomain.id,
-        },
-        data: {
-          malicious: false,
-          lastChecked: new Date(),
-        },
-      });
-
-      let response = {
-        domain: domain,
-        phishing: false,
-        times: {
-          createdAt: dbDomain.createdAt,
-          updatedAt: dbDomain.updatedAt,
-          lastChecked: dbDomain.lastChecked,
-        },
-      };
-
-      if (extendData) {
-        let rawAPIData = await prisma.rawAPIData.findMany({
-          where: {
-            domainId: dbDomain.id,
-          },
-        });
-
-        // push the raw data to the response
-        response["rawData"] = rawAPIData;
-      }
-
-      return res.status(200).json(response);
-    }
-  } else {
-    domainCheck(domain);
-
-    if (dbDomain.malicious) {
-      await axios.patch(
-        "https://otx.alienvault.com/api/v1/pulses/6785dccb041b628fde283705",
-        {
-          indicators: {
-            add: [
-              {
-                indicator: `${domain}`,
-                type: "domain",
-                role: "phishing",
-              },
-            ],
-          },
-        },
-        {
-          headers: headersWithOTX,
-        }
-      );
-
-      let response = {
-        domain: domain,
-        phishing: true,
-        times: {
-          createdAt: dbDomain.createdAt,
-          updatedAt: dbDomain.updatedAt,
-          lastChecked: dbDomain.lastChecked,
-        },
-      };
-
-      if (extendData) {
-        let rawAPIData = await prisma.rawAPIData.findMany({
-          where: {
-            domainId: dbDomain.id,
-          },
-        });
-
-        // push the raw data to the response
-        response["rawData"] = rawAPIData;
-      }
-
-      return res.status(200).json(response);
-    } else {
-      let response = {
-        domain: domain,
-        phishing: false,
-        times: {
-          createdAt: dbDomain.createdAt,
-          updatedAt: dbDomain.updatedAt,
-          lastChecked: dbDomain.lastChecked,
-        },
-      };
+  try {
+    // Validate and extract query parameters
+    const { domain, extendData } = await validateAndExtractParams(req);
 
-      if (extendData) {
-        let rawAPIData = await prisma.rawAPIData.findMany({
-          where: {
-            domainId: dbDomain.id,
-          },
-        });
+    // Check if domain exists in database
+    const dbDomain = await findOrCreateDomain(domain);
 
-        // push the raw data to the response
-        response["rawData"] = rawAPIData;
-      }
+    // Prepare and send response
+    const response = await prepareResponse(domain, dbDomain, extendData);
 
-      return res.status(200).json(response);
+    return res.status(200).json(response);
+  } catch (error) {
+    if (error instanceof ValidationError) {
+      return res.status(400).json(error.message);
     }
+    console.error("Error in domain check:", error);
+    return res.status(500).json("Internal server error");
   }
 });
 

diff --git a/src/routes/domain/classify.ts b/src/routes/domain/classify.ts
@@ -3,8 +3,8 @@ const router = express.Router();
 
 import { Classifications } from "@prisma/client";
 import * as jwt from "jsonwebtoken";
-import { authenticateToken } from "../../functions/jwt";
 import { prisma } from "../../prisma";
+import { authenticateToken } from "../../utils/jwt";
 
 /**
  * PUT /domain/classify

diff --git a/src/routes/domain/report.ts b/src/routes/domain/report.ts
@@ -1,10 +1,10 @@
 import express from "express";
 const router = express.Router();
 
-import { getDbDomain } from "../../functions/db/getDbDomain";
-import { domainReport } from "../../functions/domain";
-import { authenticateToken, getUserInfo } from "../../functions/jwt";
 import { prisma } from "../../prisma";
+import { getDbDomain } from "../../utils/db/getDbDomain";
+import { domainReport } from "../../utils/domain/domainReport";
+import { authenticateToken, getUserInfo } from "../../utils/jwt";
 
 /**
  * POST /domain/report

diff --git a/src/routes/email.ts b/src/routes/email.ts
@@ -1,7 +1,7 @@
 import * as express from "express";
-import { validateEmail } from "../functions/validateEmail";
 import { logRequest } from "../middleware/logRequest";
 import { ipQualityScoreService } from "../services/_index";
+import { validateEmail } from "../utils/validateEmail";
 
 const router = express.Router();
 router.use(express.json());

diff --git a/src/routes/misc.ts b/src/routes/misc.ts
@@ -1,8 +1,8 @@
 import * as express from "express";
 import moment from "moment";
-import { getVersion } from "../functions/getVersion";
 import { logRequest } from "../middleware/logRequest";
 import { prisma } from "../prisma";
+import { getVersion } from "../utils/getVersion";
 
 const router = express.Router();
 router.use(express.json());