Update index.js

index.js

@@ -2,10 +2,10 @@ const express = require('express');
 const { connect } = require("puppeteer-real-browser");
 const fs = require('fs');
 const path = require('path');
-
 const app = express();
+
 const port = process.env.PORT || 7860;
-const authToken = process.env.authToken || null;
+const authToken = process.env.AUTH_TOKEN || process.env.authToken || null; // <- env name AUTH_TOKEN
 const domain = process.env.DOMAIN || `https://forgets-Indrabot.hf.space`;
 
 global.browserLimit = Number(process.env.browserLimit) || 100;
@@ -17,29 +17,18 @@ const CACHE_TTL = 5 * 60 * 1000;
 
 function loadCache() {
   if (!fs.existsSync(CACHE_FILE)) return {};
-  try {
-    return JSON.parse(fs.readFileSync(CACHE_FILE, 'utf-8'));
-  } catch {
-    return {};
-  }
+  try { return JSON.parse(fs.readFileSync(CACHE_FILE, 'utf-8')); } catch { return {}; }
 }
-
 function saveCache(cache) {
-  if (!fs.existsSync(CACHE_DIR)) {
-    fs.mkdirSync(CACHE_DIR, { recursive: true });
-  }
+  if (!fs.existsSync(CACHE_DIR)) fs.mkdirSync(CACHE_DIR, { recursive: true });
   fs.writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2), 'utf-8');
 }
-
 function readCache(key) {
   const cache = loadCache();
   const entry = cache[key];
-  if (entry && Date.now() - entry.timestamp < CACHE_TTL) {
-    return entry.value;
-  }
+  if (entry && Date.now() - entry.timestamp < CACHE_TTL) return entry.value;
   return null;
 }
-
 function writeCache(key, value) {
   const cache = loadCache();
   cache[key] = { timestamp: Date.now(), value };
@@ -49,19 +38,22 @@ function writeCache(key, value) {
 app.use(express.json({ limit: "50mb" }));
 app.use(express.urlencoded({ extended: true, limit: "50mb" }));
 
+// --- Auth middleware ---
+function requireAuth(req, res, next) {
+  if (!authToken) return next(); // jika env tidak di-set, izinkan (backwards compat)
+  const h = req.headers.authorization || req.headers.Authorization || '';
+  if (!h.startsWith('Bearer ')) return res.status(401).json({ message: 'Unauthorized' });
+  const token = h.slice(7).trim();
+  if (token !== authToken) return res.status(403).json({ message: 'Forbidden' });
+  next();
+}
+
 app.get("/", (req, res) => {
   res.json({
     message: "Server is running!",
     domain: domain,
-    endpoints: {
-      cloudflare: `${domain}/cloudflare`,
-      antibot: `${domain}/antibot`
-    },
-    status: {
-      browserLimit: global.browserLimit,
-      timeOut: global.timeOut,
-      authRequired: authToken !== null
-    }
+    endpoints: { cloudflare: `${domain}/cloudflare`, antibot: `${domain}/antibot` },
+    status: { browserLimit: global.browserLimit, timeOut: global.timeOut, authRequired: authToken !== null }
   });
 });
 
@@ -71,9 +63,7 @@ if (process.env.NODE_ENV !== 'development') {
     console.log(`Domain: ${domain}`);
     console.log(`Auth required: ${authToken !== null}`);
   });
-  try {
-    server.timeout = global.timeOut;
-  } catch {}
+  try { server.timeout = global.timeOut; } catch {}
 }
 
 async function createBrowser(proxyServer = null) {
@@ -84,10 +74,8 @@ async function createBrowser(proxyServer = null) {
     disableXvfb: false,
   };
   if (proxyServer) connectOptions.args = [`--proxy-server=${proxyServer}`];
-
   const { browser } = await connect(connectOptions);
   const [page] = await browser.pages();
-
   await page.goto('about:blank');
   await page.setRequestInterception(true);
   page.on('request', (req) => {
@@ -95,7 +83,6 @@ async function createBrowser(proxyServer = null) {
     if (["image", "stylesheet", "font", "media"].includes(type)) req.abort();
     else req.continue();
   });
-
   return { browser, page };
 }
 
@@ -103,13 +90,11 @@ const turnstile = require('./endpoints/turnstile');
 const cloudflare = require('./endpoints/cloudflare');
 const antibot = require('./endpoints/antibot');
 
-app.post('/cloudflare', async (req, res) => {
+// gunakan requireAuth pada route yang butuh proteksi
+app.post('/cloudflare', requireAuth, async (req, res) => {
   const data = req.body;
-  if (!data || typeof data.mode !== 'string')
-    return res.status(400).json({ message: 'Bad Request: missing or invalid mode' });
-
-  if (global.browserLimit <= 0)
-    return res.status(429).json({ message: 'Too Many Requests' });
+  if (!data || typeof data.mode !== 'string') return res.status(400).json({ message: 'Bad Request: missing or invalid mode' });
+  if (global.browserLimit <= 0) return res.status(429).json({ message: 'Too Many Requests' });
 
   let cacheKey, cached;
   if (data.mode === "iuam") {
@@ -120,29 +105,24 @@ app.post('/cloudflare', async (req, res) => {
 
   global.browserLimit--;
   let result, browser;
-
   try {
     const proxyServer = data.proxy ? `${data.proxy.hostname}:${data.proxy.port}` : null;
     const ctx = await createBrowser(proxyServer);
     browser = ctx.browser;
     const page = ctx.page;
-
     await page.goto('about:blank');
 
     switch (data.mode) {
       case "turnstile":
         result = await turnstile(data, page).then(t => ({ token: t }));
         break;
-
       case "iuam":
         result = await cloudflare(data, page).then(r => ({ ...r }));
         writeCache(cacheKey, result);
         break;
-
       case "antibot":
         result = await antibot(data);
         break;
-
       default:
         result = { code: 400, message: 'Invalid mode' };
     }
@@ -152,16 +132,12 @@ app.post('/cloudflare', async (req, res) => {
     if (browser) try { await browser.close(); } catch {}
     global.browserLimit++;
   }
-
   res.status(result.code ?? 200).json(result);
 });
 
-app.post("/antibot", async (req, res) => {
+app.post("/antibot", requireAuth, async (req, res) => {
   const data = req.body;
-
-  if (!data || !data.main || !Array.isArray(data.bots))
-    return res.status(400).json({ message: "Invalid body" });
-
+  if (!data || !data.main || !Array.isArray(data.bots)) return res.status(400).json({ message: "Invalid body" });
   try {
     const result = await antibot(data);
     res.json(result);