Spaces:
Paused
Paused
Upload 2 files
Browse files
api.js
CHANGED
|
@@ -1,71 +1,71 @@
|
|
| 1 |
-
const express = require('express');
|
| 2 |
-
const axios = require('axios');
|
| 3 |
-
const jwt = require('jsonwebtoken');
|
| 4 |
-
const vm = require('vm');
|
| 5 |
-
const { JSDOM } = require('jsdom');
|
| 6 |
-
const logger = require('./logger');
|
| 7 |
-
|
| 8 |
-
const app = express();
|
| 9 |
-
app.use(express.json());
|
| 10 |
-
|
| 11 |
-
// 日志中间件
|
| 12 |
-
app.use((req, res, next) => {
|
| 13 |
-
const forwarded = req.headers['x-forwarded-for'];
|
| 14 |
-
let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress;
|
| 15 |
-
ip0 = ip0 ? ip0 : 'unknown';
|
| 16 |
-
res.on('finish', () => {
|
| 17 |
-
logger.info("", {
|
| 18 |
-
meta: { ip: ip0, path: req.originalUrl, statusCode: res.statusCode }
|
| 19 |
-
});
|
| 20 |
-
});
|
| 21 |
-
next();
|
| 22 |
-
});
|
| 23 |
-
|
| 24 |
-
// hsw 函数
|
| 25 |
-
async function hsw(req, host) {
|
| 26 |
-
try {
|
| 27 |
-
const url = jwt.decode(req, { complete: true }).payload.l;
|
| 28 |
-
const hsw = (await axios.get(`${url}/hsw.js`)).data;
|
| 29 |
-
const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`, {
|
| 30 |
-
runScripts: "outside-only",
|
| 31 |
-
resources: "usable"
|
| 32 |
-
});
|
| 33 |
-
const script = new vm.Script(`
|
| 34 |
-
Object.defineProperty(navigator, "webdriver", { get: () => false });
|
| 35 |
-
${hsw};
|
| 36 |
-
hsw("${req}");
|
| 37 |
-
`);
|
| 38 |
-
dom.window.navigator.language = 'en-US';
|
| 39 |
-
dom.window.navigator.languages = ['en-US', 'en'];
|
| 40 |
-
dom.window.location.host = host;
|
| 41 |
-
|
| 42 |
-
const context = vm.createContext(dom.window);
|
| 43 |
-
const result = await script.runInContext(context);
|
| 44 |
-
|
| 45 |
-
return String(result); // Assuming `hsw` sets `window.result`
|
| 46 |
-
} catch (e) {
|
| 47 |
-
console.error(e);
|
| 48 |
-
return "None";
|
| 49 |
-
}
|
| 50 |
-
}
|
| 51 |
-
|
| 52 |
-
// 定义 /hsw 路由
|
| 53 |
-
app.post('/hsw', async (req, res) => {
|
| 54 |
-
const data = req.body;
|
| 55 |
-
const result = await hsw(data.req, data.host);
|
| 56 |
-
res.send(result);
|
| 57 |
-
});
|
| 58 |
-
|
| 59 |
-
// 定义 /ping 路由
|
| 60 |
-
app.get('/ping', (req, res) => {
|
| 61 |
-
res.json({ status: "ok" });
|
| 62 |
-
});
|
| 63 |
-
|
| 64 |
-
// 捕获所有未定义的路由并返回403
|
| 65 |
-
app.use((req, res) => {
|
| 66 |
-
res.status(403).send('Forbidden');
|
| 67 |
-
});
|
| 68 |
-
|
| 69 |
-
app.listen(5000, '0.0.0.0', () => {
|
| 70 |
-
console.log('Server is running on port 5000');
|
| 71 |
-
});
|
|
|
|
| 1 |
+
const express = require('express');
|
| 2 |
+
const axios = require('axios');
|
| 3 |
+
const jwt = require('jsonwebtoken');
|
| 4 |
+
const vm = require('vm');
|
| 5 |
+
const { JSDOM } = require('jsdom');
|
| 6 |
+
const logger = require('./logger');
|
| 7 |
+
|
| 8 |
+
const app = express();
|
| 9 |
+
app.use(express.json());
|
| 10 |
+
|
| 11 |
+
// 日志中间件
|
| 12 |
+
app.use((req, res, next) => {
|
| 13 |
+
const forwarded = req.headers['x-forwarded-for'];
|
| 14 |
+
let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress;
|
| 15 |
+
ip0 = ip0 ? ip0 : 'unknown';
|
| 16 |
+
res.on('finish', () => {
|
| 17 |
+
logger.info("", {
|
| 18 |
+
meta: { ip: ip0, path: req.originalUrl, statusCode: res.statusCode }
|
| 19 |
+
});
|
| 20 |
+
});
|
| 21 |
+
next();
|
| 22 |
+
});
|
| 23 |
+
|
| 24 |
+
// hsw 函数
|
| 25 |
+
async function hsw(req, host) {
|
| 26 |
+
try {
|
| 27 |
+
const url = jwt.decode(req, { complete: true }).payload.l;
|
| 28 |
+
const hsw = (await axios.get(`${url}/hsw.js`)).data;
|
| 29 |
+
const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`, {
|
| 30 |
+
runScripts: "outside-only",
|
| 31 |
+
resources: "usable"
|
| 32 |
+
});
|
| 33 |
+
const script = new vm.Script(`
|
| 34 |
+
Object.defineProperty(navigator, "webdriver", { get: () => false });
|
| 35 |
+
${hsw};
|
| 36 |
+
hsw("${req}");
|
| 37 |
+
`);
|
| 38 |
+
dom.window.navigator.language = 'en-US';
|
| 39 |
+
dom.window.navigator.languages = ['en-US', 'en'];
|
| 40 |
+
dom.window.location.host = host;
|
| 41 |
+
|
| 42 |
+
const context = vm.createContext(dom.window);
|
| 43 |
+
const result = await script.runInContext(context);
|
| 44 |
+
|
| 45 |
+
return String(result); // Assuming `hsw` sets `window.result`
|
| 46 |
+
} catch (e) {
|
| 47 |
+
console.error(e);
|
| 48 |
+
return "None";
|
| 49 |
+
}
|
| 50 |
+
}
|
| 51 |
+
|
| 52 |
+
// 定义 /hsw 路由
|
| 53 |
+
app.post('/hsw', async (req, res) => {
|
| 54 |
+
const data = req.body;
|
| 55 |
+
const result = await hsw(data.req, data.host);
|
| 56 |
+
res.send(result);
|
| 57 |
+
});
|
| 58 |
+
|
| 59 |
+
// 定义 /ping 路由
|
| 60 |
+
app.get('/ping', (req, res) => {
|
| 61 |
+
res.json({ status: "ok" });
|
| 62 |
+
});
|
| 63 |
+
|
| 64 |
+
// 捕获所有未定义的路由并返回403
|
| 65 |
+
app.use((req, res) => {
|
| 66 |
+
res.status(403).send('Forbidden');
|
| 67 |
+
});
|
| 68 |
+
|
| 69 |
+
app.listen(5000, '0.0.0.0', () => {
|
| 70 |
+
console.log('Server is running on port 5000');
|
| 71 |
+
});
|
logger.js
CHANGED
|
@@ -8,8 +8,8 @@ const timestampInBeijing = winston.format((info) => {
|
|
| 8 |
});
|
| 9 |
|
| 10 |
// 使用 printf 格式化日志输出
|
| 11 |
-
const myFormat = winston.format.printf(({ level, message, timestamp,
|
| 12 |
-
console.log(level, timestamp, meta); // 这行用来调试
|
| 13 |
return `[${level.toUpperCase()}] ${timestamp} ${meta.ip} ${meta.path} ${meta.statusCode} ${message}`;
|
| 14 |
});
|
| 15 |
|
|
|
|
| 8 |
});
|
| 9 |
|
| 10 |
// 使用 printf 格式化日志输出
|
| 11 |
+
const myFormat = winston.format.printf(({ level, message, timestamp, meta }) => {
|
| 12 |
+
//console.log(level, timestamp, meta); // 这行用来调试
|
| 13 |
return `[${level.toUpperCase()}] ${timestamp} ${meta.ip} ${meta.path} ${meta.statusCode} ${message}`;
|
| 14 |
});
|
| 15 |
|