import express from 'express'; import cors from 'cors'; import cookieParser from 'cookie-parser'; import http from 'http'; import fs from 'fs'; import os from 'os'; import chalk from 'chalk'; import moment from 'moment'; import path from 'path'; import * as useragent from 'express-useragent'; import { fileURLToPath } from "url" const __dirname = path.dirname(fileURLToPath(import.meta.url)) import "./util.js" import Socket from './ws/ws.js' import Database from "./db/db.js" import AuthHandler from './auth.js'; import PaymentsHandler from "./payments.js" class Server { db; auth; UIPath = path.join(__dirname, '../ui') DBPath = path.join(__dirname, '../db') ComalPath = path.join(os.homedir(), 'Sites/comalyr.com') registerRoutes(router) { /* Stripe */ router.post("/create-checkout-session", PaymentsHandler.newSubscription) router.post("/webhook", express.raw({ type: "application/json" }), PaymentsHandler.webhook) /* Auth */ router.post('/login', this.auth.login) router.get('/profile', this.auth.getProfile) router.get('/signout', this.auth.logout) /* Site */ router.post('/free', this.newUserSubmission) router.get('/db/images/*', this.getUserImage) router.get('/api/orgdata/*', this.getOrgData) router.get('/api/mydata/*', this.getPersonalData) router.get('/api/stripe/onboarded', this.stripeOnboarded) router.get('/*', this.get) return router } async stripeOnboarded() { const { code } = req.body; const response = await stripe.oauth.token({ grant_type: "authorization_code", code, }); const { stripe_user_id, access_token } = response; await db.users.update({ where: { id: req.user.id }, data: { stripeAccountId: stripe_user_id, stripeAccessToken: access_token, } }); res.json({ success: true }); } getPersonalData = async (req, res, next) => { try { const memberId = req.params[0] let data = await global.db.members.getPersonalData(memberId) res.json({ data }); } catch (err) { next(err); } } getOrgData = async (req, res, next) => { try { const networkId = req.params[0] if(networkId === "1") { const pathOne = path.join(this.ComalPath, "db", "join.json"); const pathTwo = path.join(this.ComalPath, "db", "contact.json"); const [joinRaw, contactRaw] = await Promise.all([ fs.promises.readFile(pathOne, "utf8"), fs.promises.readFile(pathTwo, "utf8") ]); const join = joinRaw.trim() ? JSON.parse(joinRaw) : []; const contact = contactRaw.trim() ? JSON.parse(contactRaw) : []; const members = db.members.getByNetwork(networkId) res.json({ join, contact, members }); } else { const members = db.members.getByNetwork(networkId) res.json({ members }); } } catch (err) { next(err); } } verifySignupToken = (req, res, next) => { const { token } = req.query; if (!token) { return res.status(400).json({ error: 'Token is required' }); } let fromDB = this.db.tokens.get(token) if (!fromDB) { return res.status(403).json({ error: 'Invalid or expired token' }); } else if(fromDB.used) { return res.status(403).json({ error: 'Invalid or expired token' }); } next() } newUserSubmission = async (req, res) => { const { network } = req.query; try { await db.members.add(req.body, network) global.db.saveData() return res.status(200).json({}); } catch(e) { console.log(e) return res.status(e.status).json({ error: 'Error adding new member' }); } } authMiddleware = (req, res, next) => { const authHeader = req.headers.authorization; if (!authHeader) { return res.status(401).json({ error: 'Authorization token required.' }); } const [scheme, token] = authHeader.split(' '); if (scheme !== 'Bearer' || !token) { return res.status(401).json({ error: 'Malformed authorization header.' }) } try { const payload = this.auth.verify(token); req.user = payload; return next(); } catch (err) { return res.status(403).json({ error: 'Invalid or expired token.' }); } } getUserImage = async (req, res) => { function getFileByNumber(dir, number) { const files = fs.readdirSync(dir); const match = files.find(file => { const base = path.parse(file).name; // filename without extension return base === String(number); }); return match ? path.join(dir, match) : null; } let filePath = path.join(this.DBPath, "images", path.basename(req.url)) if(filePath) { res.sendFile(filePath) } else { return res.status(404).json({error: "Can't find image"}) } } get = async (req, res) => { let url = req.url let publicSite = () => { let filePath; if(url.startsWith("/_")) { filePath = path.join(this.UIPath, url); } else if(url.includes("75820185")) { filePath = path.join(this.UIPath, "public", url.split("75820185")[1]); } else { filePath = path.join(this.UIPath, "public", "index.html"); } res.sendFile(filePath); } let privateSite = () => { let filePath; let platformFolder = req.useragent.isMobile ? "mobile" : "desktop" if(url.startsWith("/_")) { filePath = path.join(this.UIPath, url); } else if(url.includes("75820185")) { filePath = path.join(this.UIPath, platformFolder, url.split("75820185")[1]); } else { filePath = path.join(this.UIPath, platformFolder, "index.html"); } res.sendFile(filePath); } if(!this.auth.isLoggedInUser(req, res)) { publicSite() } else { privateSite() } } logRequest(req, res, next) { const formattedDate = moment().format('M.D'); const formattedTime = moment().format('h:mma'); if(req.url.includes("/api/")) { console.log(chalk.blue(` ${req.method} ${req.url} | ${formattedDate} ${formattedTime}`)); } else { if(req.url === "/") console.log(chalk.gray(` ${req.method} ${req.url} | ${formattedDate} ${formattedTime}`)); } next(); } logResponse(req, res, next) { const originalSend = res.send; res.send = function (body) { if(res.statusCode >= 400) { console.log(chalk.blue( `<-${chalk.red(res.statusCode)}- ${req.method} ${req.url} | ${chalk.red(body)}`)); } else { console.log(chalk.blue(`<-${res.statusCode}- ${req.method} ${req.url}`)); } originalSend.call(this, body); }; next(); } constructor() { this.db = new Database() global.db = this.db this.auth = new AuthHandler() const app = express(); app.post("/webhook", express.raw({ type: "application/json" }), PaymentsHandler.webhook) const allowedOrigins = new Set([ "https://www.frm.so", "https://frm.so", "http://localhost:5174", "http://sam.local:5174", "http://localhost:5173", "http://sam.local:5173", "http://localhost:10002", "http://sam.local:10002", "capacitor://localhost", "http://localhost" ]); app.use(cors({ origin(origin, cb) { if (!origin) return cb(null, true); // native / curl if (allowedOrigins.has(origin)) { return cb(null, true); } return cb(new Error("Blocked by CORS")); }, credentials: true })); app.use(express.json()); app.use(express.urlencoded({ extended: true })); app.use(cookieParser()); app.use(useragent.express()); app.use(this.logRequest); app.use(this.logResponse); let router = express.Router(); this.registerRoutes(router) app.use('/', router); const server = http.createServer(app); global.Socket = new Socket(server); const PORT = 10002; server.listen(PORT, () => { console.log("\n") console.log(chalk.yellow("*************** frm.so ********")) console.log(chalk.yellowBright(`Server is running on port ${PORT}: http://localhost`)); console.log(chalk.yellow("***************************************")) console.log("\n") }); process.on('SIGINT', async () => { console.log(chalk.red('Closing server...')); console.log(chalk.green('Database connection closed.')); process.exit(0); }); Object.preventExtensions(this); } } const server = new Server()