-
-
Save paul90/fa54c1a112f8fa0b2b3a5ea19e085c4e to your computer and use it in GitHub Desktop.
Sample wiki echo transporter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const express = require('express') | |
const bodyParser = require('body-parser') | |
const fetch = require('node-fetch') | |
const app = express() | |
const port = 8081 | |
var random_id = function(chars) { | |
var i, results; | |
if (chars == null) { | |
chars = 16; | |
} | |
return (function() { | |
results = []; | |
for (var i = 0; 0 <= chars ? i < chars : i > chars; 0 <= chars ? i++ : i--){ results.push(i); } | |
return results; | |
}).apply(this).map(function() { | |
return Math.floor(Math.random() * 16).toString(16); | |
}).join(''); | |
} | |
app.use(function (req, res, next) { | |
res.header('Access-Control-Allow-Origin', req.get('Origin')||'*') | |
res.header('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type') | |
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS, LINK, UNLINK') | |
res.header('Access-Control-Allow-Credentials', 'true') | |
if ('OPTIONS' === req.method) { | |
res.sendStatus(200) | |
} else { | |
next() | |
} | |
}) | |
app.use(bodyParser.json()) | |
app.get('/', function (req, res) { | |
res.send(`<html> | |
<head> | |
<link id='favicon' href='/favicon.png' rel='icon' type='image/png'> | |
</head> | |
<body style="padding:40px; text-align:center;"> | |
<h1>Echo Transporter (demo)</h1> | |
</body> | |
</html> | |
`)}) | |
app.post('/echo', function (req, res) { | |
// So lets restrict access to this to only the owner of the wiki making the request. | |
// | |
// First we need to know which wiki the request was made on, and the wikiSession of the | |
// person making the request. So, lets extract the referer and cookie from the request. | |
console.log('/echo') | |
var wikiOrigin = undefined | |
var wikiHost = undefined | |
var requestCookies = undefined | |
if (req.headers.referer) { | |
wikiOrigin = new URL(req.headers.referer).origin | |
wikiHost = new URL(req.headers.referer).host | |
} | |
if (req.headers.cookie) { | |
requestCookies = req.headers.cookie | |
} | |
// An initial test we might want to include is a check that we are accepting requests from | |
// the wiki host. | |
if (typeof wikiOrigin !== 'undefined' && typeof requestCookies !== 'undefined') { | |
// we now know the origin of the wiki the request was made on, and the user's cookies | |
// so we can check that the user is the wiki owner. | |
// we can use the private proxy in the wiki server to check if the user is the wiki owner | |
var url = wikiOrigin + `/proxy/${wikiHost}/welcome-visitors.json` | |
// isWikiOwner makes a call using the private proxy, | |
// it will return true if the user is the owner, and false if they are not. | |
const isWikiOwner = async url => { | |
const response = await fetch(url, {'headers': { | |
'accept': '*/*', | |
'cookie': requestCookies | |
} | |
}) | |
.then(function(response) { | |
if (response.ok) | |
return true | |
}).catch(function(error) { | |
return false | |
}) | |
} | |
if (isWikiOwner(url)) { | |
// the user is the wiki owner, so send the response | |
res.json({'title': 'Transport Parameters', | |
'story': [{'type': 'paragraph', | |
'id': random_id(), | |
'text': 'These are all of the parameters sent in the post body of the transport request.'}, | |
{'type': 'code', | |
'id': random_id(), | |
'text': `${JSON.stringify(req.body, null, ' ')}`}], | |
'journal': [] }) | |
} else { | |
// we will get here if the check to see if the user is the wikiOwner fails. | |
res.json({'title': 'Echo Transporter', | |
'story': [{'type': 'paragraph', | |
'id': random_id(), | |
'text': 'This transporter is only available to the wiki owner.'}, | |
], | |
'journal': [] }) | |
} | |
} else { | |
// we will get here if the request does not include the referer or any cookies | |
res.json({'title': 'Echo Transporter', | |
'story': [{'type': 'paragraph', | |
'id': random_id(), | |
'text': 'This transporter is only available to the wiki owner.'}, | |
], | |
'journal': [] }) | |
} | |
}) | |
app.listen(port, () => console.log(`Listening at on port ${port}`)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment