import * as config from "./config"; import * as requests from "./requests"; import * as twitch from "./twitch"; import * as queries from "./queries"; import { log, LogLevel } from "./logging" import { URLSearchParams } from "url"; import express from "express"; import session from "express-session"; import pg from "pg"; import pgSessionStore from "connect-pg-simple"; import fetch, { Response as FetchResponse } from "node-fetch"; import db from "./db"; import errorHandler from "./errors"; console.log("Starting at " + new Date().toISOString()); // Ensure that any API token we have is valid - if not, destroy the session, // logging out the user. Should be called before checking whether a user is // logged in. async function validateApiToken(session: Express.Session) { if (session.tokenpair && ! (await twitch.isApiTokenValid(session.tokenpair))) { session.destroy(()=>{}); } } const app = express(); app.use(express.static('public')); app.use(express.urlencoded({extended: false})); app.use(session({ secret: config.sessionSecret, saveUninitialized: false, resave: false, store: new (pgSessionStore(session))({ pool: db }) })); // API app.get("/api/getRequests", async (request, response) => { if (!request.session) { throw new Error ("Missing request.session") } var requestCount = ( request.query.count ? parseInt(request.query.count as string, 10) : 5 ); await validateApiToken(request.session); if (request.session.user) { requests.getRequestsVoted(requestCount,request.session.user.id).then((val: Array) => response.send(val)) .catch((e: any) => errorHandler(request,response,e)); } else { requests.getRequests(requestCount).then((val: Array) => response.send(val)) .catch((e: any) => errorHandler(request,response,e)); } }); app.get("/api/getAllRequests", async (request, response) => { if (!request.session) { throw new Error ("Missing request.session") } var requestCount = ( request.query.count ? parseInt(request.query.count as string, 10) : 5 ); await validateApiToken(request.session); if (request.session.user) { requests.getAllRequestsVoted(requestCount,request.session.user.id).then((val: Array) => response.send(val)) .catch((e: any) => errorHandler(request,response,e)); } else { requests.getAllRequests(requestCount).then((val: Array) => response.send(val)) .catch((e: any) => errorHandler(request,response,e)); } }); app.post("/api/addRequest", async (request, response) => { response.type('text/plain'); if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } var banned = await db.query(Object.assign(queries.checkBan, { values: [request.session.user.id] })).then((result: pg.QueryResult) => result.rowCount > 0); if (banned) { response.status(401); response.send("You are banned; you may not add new requests."); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } var url = request.body.url as string; var requester = request.session.user.id; requests.addRequest(url,requester).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); app.post("/api/updateRequestState", async (request, response) => { if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']); if (request.session.user.id != streamerid) { response.status(401); response.send("You are not the streamer"); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } if (!request.body.state) { response.status(400); response.send("Missing state"); return; } var url = request.body.url as string; var state = request.body.state as string; response.type('text/plain'); requests.updateRequestState(url,state).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); app.post("/api/updateRequestScore", async (request, response) => { if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']); if (request.session.user.id != streamerid) { response.status(401); response.send("You are not the streamer"); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } if (!request.body.scoreDiff) { response.status(400); response.send("Missing scoreDiff"); return; } var url = request.body.url as string; var scoreDiff = parseInt(request.body.scoreDiff as string, 10); response.type('text/plain'); requests.updateRequestScore(url,scoreDiff).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); app.post("/api/deleteRequest", async (request, response) => { if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } var streamerid = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]['userid']); if (request.session.user.id != streamerid) { response.status(401); response.send("You are not the streamer"); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } var url = request.body.url as string; response.type('text/plain'); requests.deleteRequest(url).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); app.post("/api/addVote", async (request,response) => { response.type('text/plain'); if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } var banned = await db.query(Object.assign(queries.checkBan,{ values: [request.session.user.id] })).then((result: pg.QueryResult) => result.rowCount > 0); if (banned) { response.status(401); response.send("You are banned; you may not vote on requests."); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } var url = request.body.url as string; var user = request.session.user.id; requests.addVote(url,user).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); app.post("/api/deleteVote", async (request,response) => { response.type('text/plain'); if (request.session) await validateApiToken(request.session); if (!request.session || !request.session.user) { response.status(401); response.send("Must be logged in"); return; } if (!request.body.url) { response.status(400); response.send("Missing url"); return; } var url = request.body.url as string; var user = request.session.user.id; requests.deleteVote(url,user).then((val: [number,string]) => { response.status(val[0]); response.send(val[1]); }) .catch((e: any) => errorHandler(request,response,e)); }); // Twitch callback app.get("/callback", async (request, response) => { if (request.query.error) { response.redirect(307, '/'); return; } var authcode = request.query.code as string; var tokenResponse = await fetch("https://id.twitch.tv/oauth2/token", { method: "POST", body: new URLSearchParams({ client_id: config.twitchClientId, client_secret: config.twitchSecret, code: authcode, grant_type: "authorization_code", redirect_uri: `${config.urlPrefix}/callback` })}).then((res: FetchResponse) => res.json() as Promise) .catch((e: any) => errorHandler(request,response,e)); if (typeof request.session == 'undefined') throw new Error('Session is undefined'); if (typeof tokenResponse == 'undefined') throw new Error('tokenResponse is undefined'); request.session.tokenpair = { access_token: tokenResponse.access_token, refresh_token: tokenResponse.refresh_token }; request.session.user = (await twitch.apiRequest(request.session.tokenpair,"/users")).data[0]; db.query(Object.assign(queries.updateUser,{ values: [request.session.user.id,request.session.user.display_name,request.session.user.profile_image_url] })); var streamer = await db.query(queries.getStreamerId).then((result: pg.QueryResult) => result.rows[0]); if (typeof streamer == 'undefined' || request.session.user.id == streamer['userid']) { if (typeof (tokenResponse as any).scope != 'undefined') { // Scopes requested - update streamer info db.query(Object.assign(queries.updateStreamer,{ values: [request.session.user.id,JSON.stringify(request.session.tokenpair)] })); } else { // Scopes not requested - redirect and request them response.redirect(307, `https://id.twitch.tv/oauth2/authorize?client_id=${config.twitchClientId}&redirect_uri=${config.urlPrefix}/callback&response_type=code&scope=channel:read:subscriptions moderation:read`); return; } } response.redirect(307, '/'); }); // Frontend templates app.get("/", async (request, response) => { if (request.session) await validateApiToken(request.session); var streamerInfo = await db.query(queries.getStreamerInfo).then((result: pg.QueryResult) => result.rows[0]); if (typeof streamerInfo == 'undefined') response.redirect(307, `https://id.twitch.tv/oauth2/authorize?client_id=${config.twitchClientId}&redirect_uri=${config.urlPrefix}/callback&response_type=code&scope=channel:read:subscriptions moderation:read`); if (!request.session || !request.session.user) { response.render('main.eta', { loggedIn: false, clientId: config.twitchClientId, urlPrefix: config.urlPrefix, streamerName: streamerInfo['displayname'], streamerProfilePicture: streamerInfo['imageurl'] }); } else { response.render('main.eta', { loggedIn: true, userName: request.session.user.display_name, userProfilePicture: request.session.user.profile_image_url, streamerName: streamerInfo['displayname'], streamerProfilePicture: streamerInfo['imageurl'] }); } }); // Streamer Panel //app.get("/streamer/", async (request, response) => { // //}); // Logout app.get("/logout", async (request, response) => request.session!.destroy(() => response.redirect(307, '/'))); async function processBannedUsers() { log(LogLevel.INFO,"processBannedUsers run at " + new Date().toISOString()); var streamer = await db.query(queries.getStreamerIdToken).then((result: pg.QueryResult) => result.rows[0]); if (typeof streamer == 'undefined') return; var response = await twitch.streamerApiRequest("/moderation/banned?broadcaster_id=" + streamer['userid']); var dbconn = await db.connect(); try { await dbconn.query('BEGIN'); for (var ban of response.data) { if (ban.expires_at == '') dbconn.query(Object.assign(queries.insertBan,{ values: [ban.user_id] })) } await dbconn.query('COMMIT'); } catch (e) { await dbconn.query('ROLLBACK'); } finally { dbconn.release(); } setTimeout(processBannedUsers,3600000+Math.floor(Math.random()*900000)) // Run every 1-1.25 hours to balance load } setTimeout(processBannedUsers,3600000+Math.floor(Math.random()*900000)) // Run every 1-1.25 hours to balance load app.listen(config.port, () => { console.log(`Listening on port ${config.port}`); });