Spaces:

dieumercimvemba
/

StenyBridge

Sleeping

App Files Files Community

dieumercimvemba commited on Jan 30

Commit

16b462c

verified ·

1 Parent(s): 2d0fe47

Update src/server.js

Browse files

Files changed (1) hide show

src/server.js +46 -58

src/server.js CHANGED Viewed

@@ -4,10 +4,11 @@
  * Secure HTTP Gateway + n8n Bridge
  * Scientific-grade operational constraints:
  * - Minimal public surface area
- * - API key authentication for outbound send requests
  * - Rate limiting
- * - Optional HMAC signature to n8n
  * - Strict input validation (Zod)
  * ============================================================
  */
@@ -15,9 +16,13 @@ const express = require("express");
 const helmet = require("helmet");
 const rateLimit = require("express-rate-limit");
 const axios = require("axios");
-const pino = require("pino-http");
 const { z } = require("zod");
 const { startWhatsApp } = require("./whatsapp");
 const { requireApiKey, signPayload } = require("./security");
@@ -25,7 +30,7 @@ const app = express();
 app.disable("x-powered-by");
 app.use(helmet());
 app.use(express.json({ limit: "256kb" }));
-app.use(pino());
 const limiter = rateLimit({
   windowMs: 60 * 1000,
@@ -42,71 +47,54 @@ const ALLOWED_TO_PREFIX = process.env.ALLOWED_TO_PREFIX || "";
 let sock = null;
 app.get("/health", (req, res) => {
   res.json({ ok: true, whatsappReady: Boolean(sock) });
 });
-const SendSchema = z.object({
-  to: z.string().min(10).max(40),
-  text: z.string().min(1).max(3000)
-});
-app.post("/v1/send", requireApiKey, async (req, res) => {
   try {
-    if (!sock) return res.status(503).json({ error: "WhatsApp not ready" });
-    const parsed = SendSchema.safeParse(req.body);
-    if (!parsed.success) return res.status(400).json({ error: "Invalid payload" });
-    const { to, text } = parsed.data;
-    if (ALLOWED_TO_PREFIX) {
-      // Basic safety: allow only JIDs matching your expected prefix
-      // Example: 243xxxx@s.whatsapp.net
-      if (!to.startsWith(ALLOWED_TO_PREFIX) && !to.startsWith(`${ALLOWED_TO_PREFIX}`)) {
-        return res.status(403).json({ error: "Recipient not allowed" });
-      }
-    }
-    await sock.sendMessage(to, { text });
-    return res.json({ sent: true });
   } catch (e) {
-    return res.status(500).json({ error: "Send failed" });
   }
-});
-async function postToN8n(event) {
-  if (!N8N_WEBHOOK_INBOUND) return;
-  const headers = {};
-  if (N8N_HMAC_SECRET) {
-    headers["x-steny-signature"] = signPayload(event, N8N_HMAC_SECRET);
-  }
-  await axios.post(N8N_WEBHOOK_INBOUND, event, { headers, timeout: 15000 });
-}
-async function main() {
-  console.log("Steny Bridge booting...");
-  sock = await startWhatsApp({
-    onIncomingText: async ({ from, text }) => {
-      // Conservative policy: only handle inbound user messages.
-      const event = { from, text, timestamp: Date.now() };
-      try {
-        await postToN8n(event);
-      } catch (e) {
-        // Do not leak secrets or stack traces
-      }
-    }
   });
-  app.listen(PORT, () => {
-    // No console secrets; logs only operational signals
-    console.log(`Steny Bridge listening on port ${PORT}`);
-  });
-}
-main().catch(() => {
-  process.exit(1);
 });

  * Secure HTTP Gateway + n8n Bridge
  * Scientific-grade operational constraints:
  * - Minimal public surface area
+ * - API key auth for outbound send requests
  * - Rate limiting
+ * - HMAC signature to n8n (optional but recommended)
  * - Strict input validation (Zod)
+ * - Runtime diagnostics endpoint (/diag) for network validation
  * ============================================================
  */
 const helmet = require("helmet");
 const rateLimit = require("express-rate-limit");
 const axios = require("axios");
+const pinoHttp = require("pino-http");
 const { z } = require("zod");
+// Diagnostics
+const dns = require("dns").promises;
+const https = require("https");
 const { startWhatsApp } = require("./whatsapp");
 const { requireApiKey, signPayload } = require("./security");
 app.disable("x-powered-by");
 app.use(helmet());
 app.use(express.json({ limit: "256kb" }));
+app.use(pinoHttp());
 const limiter = rateLimit({
   windowMs: 60 * 1000,
 let sock = null;
+/**
+ * Root endpoint (prevents HF "connection not allowed" confusion)
+ */
+app.get("/", (req, res) => {
+  res.status(200).send("Steny Bridge is running.");
+});
 app.get("/health", (req, res) => {
   res.json({ ok: true, whatsappReady: Boolean(sock) });
 });
+/**
+ * Diagnostics endpoint
+ * Use it to confirm if the container can resolve and reach WhatsApp Web.
+ * - DNS check for web.whatsapp.com
+ * - HTTPS check to a neutral endpoint (google.com)
+ */
+app.get("/diag", async (req, res) => {
+  const out = {};
   try {
+    out.dns_web_whatsapp = await dns.lookup("web.whatsapp.com");
   } catch (e) {
+    out.dns_web_whatsapp_error = e.message;
   }
+  out.https_google = await new Promise((resolve) => {
+    const r = https.get("https://www.google.com", (resp) => {
+      resolve({ status: resp.statusCode });
+      resp.resume();
+    });
+    r.on("error", (e) => resolve({ error: e.message }));
+    r.setTimeout(8000, () => {
+      r.destroy(new Error("timeout"));
+    });
   });
+  res.json(out);
+});
+const SendSchema = z.object({
+  to: z.string().min(10).max(60),
+  text: z.string().min(1).max(3000)
 });
+app.post("/v1/send", requireApiKey, async (req, res) => {
+  try {
+    if (!sock) return res.status(503).json({ error: "WhatsApp not ready" });
+    const parse