Spaces:

ruvatron
/

proxy

Running

App Files Files Community

unknownfriend00007 commited on Nov 25, 2025

Commit

591c716

verified ·

1 Parent(s): 330d686

Update server.js

Browse files

Files changed (1) hide show

server.js +144 -65

server.js CHANGED Viewed

@@ -9,7 +9,7 @@ const app = express();
 // --- 1. SECURITY: TRUST PROXY ---
 app.set('trust proxy', 1);
-// --- 2. SECURITY: RATE LIMITING ---
 const limiter = rateLimit({
     windowMs: 15 * 60 * 1000,
     max: 100,
@@ -34,9 +34,71 @@ app.use(cors({
     }
 }));
 app.use(express.json());
-// --- 4. MULTI-INSTANCE CONFIGURATION ---
 let INSTANCES = [];
 try {
     INSTANCES = JSON.parse(process.env.FLOWISE_INSTANCES || '[]');
@@ -44,92 +106,109 @@ try {
     console.error("CRITICAL ERROR: Could not parse FLOWISE_INSTANCES JSON", e);
 }
-let flowDirectory = {};
-let lastCacheUpdate = 0;
-// --- 5. DYNAMIC DISCOVERY ---
-async function refreshFlowDirectory() {
-    if (Date.now() - lastCacheUpdate < 60000 && Object.keys(flowDirectory).length > 0) return;
-    console.log(`[System] Scanning ${INSTANCES.length} Flowise Instances...`);
-    const newDirectory = {};
-    const promises = INSTANCES.map(async (inst) => {
-        try {
             const headers = {};
-            if (inst.key && inst.key.length > 0) {
-                headers['Authorization'] = `Bearer ${inst.key}`;
             }
-            const res = await fetch(`${inst.url}/api/v1/chatflows`, { headers });
-            if(!res.ok) throw new Error(`Status ${res.status}`);
-            const flows = await res.json();
-            flows.forEach(flow => {
-                const alias = flow.name.toLowerCase().replace(/\s+/g, '-');
-                newDirectory[alias] = {
-                    id: flow.id,
-                    host: inst.url,
-                    key: inst.key
-                };
-            });
-        } catch (err) {
-            console.error(`[Error] Failed to fetch from ${inst.url}:`, err.message);
-        }
-    });
-    await Promise.allSettled(promises);
-    flowDirectory = newDirectory;
-    lastCacheUpdate = Date.now();
-    console.log(`[System] Directory Updated. Serving ${Object.keys(flowDirectory).length} bots.`);
-}
-// --- 6. THE ROUTE ---
-app.post('/api/v1/prediction/:botName', async (req, res) => {
-    const botName = req.params.botName.toLowerCase();
-    await refreshFlowDirectory();
-    const target = flowDirectory[botName];
-    if (!target) {
-        lastCacheUpdate = 0;
-        await refreshFlowDirectory();
-        if (!flowDirectory[botName]) {
-            return res.status(404).json({ error: `Bot '${botName}' not found.` });
         }
-    }
-    const finalTarget = flowDirectory[botName];
-    try {
         const forwardHeaders = {
             'Content-Type': 'application/json',
             'HTTP-Referer': req.headers.origin || 'https://huggingface.co',
             'X-Title': 'FederatedProxy'
         };
-        if (finalTarget.key && finalTarget.key.length > 0) {
-            forwardHeaders['Authorization'] = `Bearer ${finalTarget.key}`;
         }
-        const flowiseResponse = await fetch(`${finalTarget.host}/api/v1/prediction/${finalTarget.id}`, {
             method: 'POST',
             headers: forwardHeaders,
             body: JSON.stringify(req.body)
         });
         const data = await flowiseResponse.json();
         res.status(flowiseResponse.status).json(data);
     } catch (error) {
-        console.error("Proxy Forwarding Error:", error);
-        res.status(500).json({ error: 'Proxy forwarding failed.' });
     }
 });
 app.get('/', (req, res) => res.send('Federated Proxy Active'));
 app.listen(7860, '0.0.0.0', () => console.log('Federated Proxy running on port 7860'));

 // --- 1. SECURITY: TRUST PROXY ---
 app.set('trust proxy', 1);
+// --- 2. SECURITY: RATE LIMITING (Per 15 Minutes) ---
 const limiter = rateLimit({
     windowMs: 15 * 60 * 1000,
     max: 100,
     }
 }));
+// JSON error handler for CORS failures
+app.use((err, req, res, next) => {
+    if (err.message === 'Not allowed by CORS') {
+        return res.status(403).json({
+            error: 'Access denied',
+            message: 'This chatbot can only be used on authorized websites.'
+        });
+    }
+    next(err);
+});
 app.use(express.json());
+// --- FEATURE 1: REQUEST LOGGING ---
+app.use((req, res, next) => {
+    const ip = req.ip || req.connection.remoteAddress;
+    console.log(`[${new Date().toISOString()}] ${ip} -> ${req.method} ${req.path} from ${req.headers.origin || 'unknown'}`);
+    next();
+});
+// --- FEATURE 3: DAILY USAGE CAPS ---
+const dailyUsage = new Map();
+// Reset daily counts at midnight IST
+setInterval(() => {
+    dailyUsage.clear();
+    console.log('[System] Daily usage counters reset');
+}, 24 * 60 * 60 * 1000);
+// Daily limit middleware
+app.use((req, res, next) => {
+    if (req.method === 'POST' && req.path.includes('/prediction/')) {
+        const ip = req.ip;
+        const today = new Date().toDateString();
+        const key = `${ip}-${today}`;
+        const count = dailyUsage.get(key) || 0;
+        if (count >= 200) { // 200 requests per day per IP
+            return res.status(429).json({
+                error: 'Daily limit reached',
+                message: 'You have reached your daily usage limit. Try again tomorrow.'
+            });
+        }
+        dailyUsage.set(key, count + 1);
+    }
+    next();
+});
+// --- FEATURE 5: BOT DETECTION ---
+app.use((req, res, next) => {
+    const userAgent = req.headers['user-agent'] || '';
+    const suspiciousBots = ['python-requests', 'curl', 'wget', 'scrapy', 'bot', 'crawler'];
+    if (req.path.includes('/prediction/') && suspiciousBots.some(bot => userAgent.toLowerCase().includes(bot))) {
+        console.log(`[Security] Blocked bot: ${userAgent} from ${req.ip}`);
+        return res.status(403).json({
+            error: 'Automated access detected',
+            message: 'This service is for web browsers only.'
+        });
+    }
+    next();
+});
+// --- INSTANCES CONFIGURATION ---
 let INSTANCES = [];
 try {
     INSTANCES = JSON.parse(process.env.FLOWISE_INSTANCES || '[]');
     console.error("CRITICAL ERROR: Could not parse FLOWISE_INSTANCES JSON", e);
 }
+console.log(`[System] Loaded ${INSTANCES.length} instances`);
+// Cache for chatflow lookups: "instanceNum-botName" -> chatflowId
+let flowCache = new Map();
+// --- INSTANCE-SPECIFIC ROUTE ---
+app.post('/api/v1/prediction/:instanceNum/:botName', async (req, res) => {
+    const instanceNum = parseInt(req.params.instanceNum);
+    const botName = req.params.botName.toLowerCase();
+    // FEATURE 2: MESSAGE LENGTH LIMIT
+    if (req.body.question && req.body.question.length > 2000) {
+        return res.status(400).json({
+            error: 'Message too long',
+            message: 'Please keep messages under 2000 characters.'
+        });
+    }
+    // Validate instance number
+    if (isNaN(instanceNum) || instanceNum < 1 || instanceNum > INSTANCES.length) {
+        return res.status(404).json({
+            error: 'Invalid instance',
+            message: `Instance ${instanceNum} does not exist. Valid instances: 1-${INSTANCES.length}`
+        });
+    }
+    const instance = INSTANCES[instanceNum - 1];
+    const cacheKey = `${instanceNum}-${botName}`;
+    try {
+        // Check cache first
+        let chatflowId = flowCache.get(cacheKey);
+        // If not cached, fetch from instance
+        if (!chatflowId) {
+            console.log(`[System] Looking up '${botName}' in instance ${instanceNum}...`);
             const headers = {};
+            if (instance.key && instance.key.length > 0) {
+                headers['Authorization'] = `Bearer ${instance.key}`;
             }
+            const listResponse = await fetch(`${instance.url}/api/v1/chatflows`, { headers });
+            if (!listResponse.ok) {
+                throw new Error(`Instance ${instanceNum} returned status ${listResponse.status}`);
+            }
+            const flows = await listResponse.json();
+            const matchedFlow = flows.find(f => f.name.toLowerCase().replace(/\s+/g, '-') === botName);
+            if (!matchedFlow) {
+                return res.status(404).json({
+                    error: 'Bot not found',
+                    message: `Bot '${botName}' not found in instance ${instanceNum}`
+                });
+            }
+            chatflowId = matchedFlow.id;
+            flowCache.set(cacheKey, chatflowId);
+            setTimeout(() => flowCache.delete(cacheKey), 5 * 60 * 1000);
+            console.log(`[System] Found '${botName}' -> ${chatflowId}`);
         }
+        // Forward request to Flowise
         const forwardHeaders = {
             'Content-Type': 'application/json',
             'HTTP-Referer': req.headers.origin || 'https://huggingface.co',
             'X-Title': 'FederatedProxy'
         };
+        if (instance.key && instance.key.length > 0) {
+            forwardHeaders['Authorization'] = `Bearer ${instance.key}`;
         }
+        const flowiseResponse = await fetch(`${instance.url}/api/v1/prediction/${chatflowId}`, {
             method: 'POST',
             headers: forwardHeaders,
             body: JSON.stringify(req.body)
         });
         const data = await flowiseResponse.json();
         res.status(flowiseResponse.status).json(data);
     } catch (error) {
+        console.error(`[Error] Instance ${instanceNum} request failed:`, error.message);
+        res.status(500).json({
+            error: 'Proxy forwarding failed',
+            message: error.message
+        });
     }
 });
 app.get('/', (req, res) => res.send('Federated Proxy Active'));
+app.get('/health', (req, res) => {
+    res.json({
+        status: 'healthy',
+        instances: INSTANCES.length,
+        cached_bots: flowCache.size,
+        daily_active_ips: dailyUsage.size
+    });
+});
 app.listen(7860, '0.0.0.0', () => console.log('Federated Proxy running on port 7860'));