paul90/index.js Secret

## index.js
const express = require('express')
const bodyParser = require('body-parser')
const fetch = require('node-fetch')

const app = express()
const port = 8081

var random_id = function(chars) {
  var i, results;
  if (chars == null) {
    chars = 16;
  }
  return (function() {
    results = [];
    for (var i = 0; 0 <= chars ? i < chars : i > chars; 0 <= chars ? i++ : i--){ results.push(i); }
    return results;
  }).apply(this).map(function() {
    return Math.floor(Math.random() * 16).toString(16);
  }).join('');
}

app.use(function (req, res, next) {
  res.header('Access-Control-Allow-Origin', req.get('Origin')||'*')
  res.header('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type')
  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS, LINK, UNLINK')
  res.header('Access-Control-Allow-Credentials', 'true')

  if ('OPTIONS' === req.method) {
    res.sendStatus(200)
  } else {
    next()
  }
})


app.use(bodyParser.json())

app.get('/', function (req, res) {
  res.send(`<html>
<head>
  <link id='favicon' href='/favicon.png' rel='icon' type='image/png'>
</head>
<body style="padding:40px; text-align:center;">
  <h1>Echo Transporter (demo)</h1>
</body>
</html>
`)})

app.post('/echo', function (req, res) {
// So lets restrict access to this to only the owner of the wiki making the request.
//
// First we need to know which wiki the request was made on, and the wikiSession of the
// person making the request. So, lets extract the referer and cookie from the request.
  console.log('/echo')
  var wikiOrigin = undefined
  var wikiHost = undefined
  var requestCookies = undefined
  if (req.headers.referer) {
    wikiOrigin = new URL(req.headers.referer).origin
    wikiHost = new URL(req.headers.referer).host
  }
  if (req.headers.cookie) {
    requestCookies = req.headers.cookie
  }

  // An initial test we might want to include is a check that we are accepting requests from
  // the wiki host.

  if (typeof wikiOrigin !== 'undefined' && typeof requestCookies !== 'undefined') {
    // we now know the origin of the wiki the request was made on, and the user's cookies
    // so we can check that the user is the wiki owner.
    // we can use the private proxy in the wiki server to check if the user is the wiki owner
    var url = wikiOrigin + `/proxy/${wikiHost}/welcome-visitors.json`

    // isWikiOwner makes a call using the private proxy,
    // it will return true if the user is the owner, and false if they are not.
    const isWikiOwner = async url => {
      const response = await fetch(url, {'headers': {
          'accept': '*/*',
          'cookie': requestCookies
        }
      })
      .then(function(response) {
        if (response.ok)
          return true
      }).catch(function(error) {
        return false
      })
    }

    if (isWikiOwner(url)) {
      // the user is the wiki owner, so send the response
      res.json({'title': 'Transport Parameters',
                'story': [{'type': 'paragraph',
                          'id': random_id(),
                          'text': 'These are all of the parameters sent in the post body of the transport request.'},
                          {'type': 'code',
                          'id': random_id(),
                          'text': `${JSON.stringify(req.body, null, '  ')}`}],
                'journal': [] })
    } else {
      // we will get here if the check to see if the user is the wikiOwner fails.
      res.json({'title': 'Echo Transporter',
      'story': [{'type': 'paragraph',
                'id': random_id(),
                'text': 'This transporter is only available to the wiki owner.'},
                ],
      'journal': [] })
    }
  } else {
      // we will get here if the request does not include the referer or any cookies
      res.json({'title': 'Echo Transporter',
      'story': [{'type': 'paragraph',
                'id': random_id(),
                'text': 'This transporter is only available to the wiki owner.'},
                ],
      'journal': [] })
  }
})

app.listen(port, () => console.log(`Listening at on port ${port}`))
	const express = require('express')
	const bodyParser = require('body-parser')
	const fetch = require('node-fetch')

	const app = express()
	const port = 8081

	var random_id = function(chars) {
	var i, results;
	if (chars == null) {
	chars = 16;
	}
	return (function() {
	results = [];
	for (var i = 0; 0 <= chars ? i < chars : i > chars; 0 <= chars ? i++ : i--){ results.push(i); }
	return results;
	}).apply(this).map(function() {
	return Math.floor(Math.random() * 16).toString(16);
	}).join('');
	}

	app.use(function (req, res, next) {
	res.header('Access-Control-Allow-Origin', req.get('Origin')\|\|'*')
	res.header('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type')
	res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS, LINK, UNLINK')
	res.header('Access-Control-Allow-Credentials', 'true')

	if ('OPTIONS' === req.method) {
	res.sendStatus(200)
	} else {
	next()
	}
	})


	app.use(bodyParser.json())

	app.get('/', function (req, res) {
	res.send(`<html>
	<head>
	<link id='favicon' href='/favicon.png' rel='icon' type='image/png'>
	</head>
	<body style="padding:40px; text-align:center;">
	<h1>Echo Transporter (demo)</h1>
	</body>
	</html>
	`)})

	app.post('/echo', function (req, res) {
	// So lets restrict access to this to only the owner of the wiki making the request.
	//
	// First we need to know which wiki the request was made on, and the wikiSession of the
	// person making the request. So, lets extract the referer and cookie from the request.
	console.log('/echo')
	var wikiOrigin = undefined
	var wikiHost = undefined
	var requestCookies = undefined
	if (req.headers.referer) {
	wikiOrigin = new URL(req.headers.referer).origin
	wikiHost = new URL(req.headers.referer).host
	}
	if (req.headers.cookie) {
	requestCookies = req.headers.cookie
	}

	// An initial test we might want to include is a check that we are accepting requests from
	// the wiki host.

	if (typeof wikiOrigin !== 'undefined' && typeof requestCookies !== 'undefined') {
	// we now know the origin of the wiki the request was made on, and the user's cookies
	// so we can check that the user is the wiki owner.
	// we can use the private proxy in the wiki server to check if the user is the wiki owner
	var url = wikiOrigin + `/proxy/${wikiHost}/welcome-visitors.json`

	// isWikiOwner makes a call using the private proxy,
	// it will return true if the user is the owner, and false if they are not.
	const isWikiOwner = async url => {
	const response = await fetch(url, {'headers': {
	'accept': '/',
	'cookie': requestCookies
	}
	})
	.then(function(response) {
	if (response.ok)
	return true
	}).catch(function(error) {
	return false
	})
	}

	if (isWikiOwner(url)) {
	// the user is the wiki owner, so send the response
	res.json({'title': 'Transport Parameters',
	'story': [{'type': 'paragraph',
	'id': random_id(),
	'text': 'These are all of the parameters sent in the post body of the transport request.'},
	{'type': 'code',
	'id': random_id(),
	'text': `${JSON.stringify(req.body, null, ' ')}`}],
	'journal': [] })
	} else {
	// we will get here if the check to see if the user is the wikiOwner fails.
	res.json({'title': 'Echo Transporter',
	'story': [{'type': 'paragraph',
	'id': random_id(),
	'text': 'This transporter is only available to the wiki owner.'},
	],
	'journal': [] })
	}
	} else {
	// we will get here if the request does not include the referer or any cookies
	res.json({'title': 'Echo Transporter',
	'story': [{'type': 'paragraph',
	'id': random_id(),
	'text': 'This transporter is only available to the wiki owner.'},
	],
	'journal': [] })
	}
	})

	app.listen(port, () => console.log(`Listening at on port ${port}`))