Spaces:

Niansuh
/

Redeem

Sleeping

File size: 17,301 Bytes

9be9fcf

// app.js

const express = require('express');
const bodyParser = require('body-parser');
const axios = require('axios');
const path = require('path');
const mysql = require('mysql2');
const morgan = require('morgan'); // For logging HTTP requests
const helmet = require('helmet'); // For securing HTTP headers
const { body, validationResult } = require('express-validator'); // For input validation
require('dotenv').config(); // For environment variables

const app = express();
const port = process.env.PORT || 3000;

// Middleware Setup
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(helmet());
app.use(morgan('combined'));
app.use(express.static('public')); // Serve static files from 'public' directory

// Database Connection Configuration with Connection Pooling
const pool = mysql.createPool({
  host: process.env.DB_HOST,
  port: process.env.DB_PORT || 3306,
  user: process.env.DB_USER,
  password: process.env.DB_PASSWORD,
  database: process.env.DB_NAME,
  waitForConnections: true,
  connectionLimit: 10, // Adjust based on your requirements
  queueLimit: 0
});

// Promisify for async/await usage
const promisePool = pool.promise();

// Function to Initialize Database Tables
async function initializeDatabase() {
  try {
    // Create redemption_codes Table
    const createRedemptionCodesTable = `
      CREATE TABLE IF NOT EXISTS redemption_codes (
        id INT AUTO_INCREMENT PRIMARY KEY,
        code TEXT NOT NULL,
        name VARCHAR(255),
        quota INT,
        count INT,
        user_ip VARCHAR(45),
        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
      )
    `;

    await promisePool.query(createRedemptionCodesTable);
    console.log('Redemption codes table is ready.');

    // Create session_cookies Table
    const createSessionCookiesTable = `
      CREATE TABLE IF NOT EXISTS session_cookies (
        id INT AUTO_INCREMENT PRIMARY KEY,
        username VARCHAR(255) NOT NULL,
        session_cookies TEXT NOT NULL,
        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
        updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
      )
    `;

    await promisePool.query(createSessionCookiesTable);
    console.log('Session_cookies table is ready.');

    // Create tokens Table with renamed `token_key` column
    const createTokensTable = `
      CREATE TABLE IF NOT EXISTS tokens (
        id INT AUTO_INCREMENT PRIMARY KEY,
        name VARCHAR(255) NOT NULL,
        token TEXT NOT NULL,
        token_key VARCHAR(255) NOT NULL,
        remain_quota INT NOT NULL,
        expired_time INT NOT NULL,
        unlimited_quota BOOLEAN NOT NULL,
        model_limits_enabled BOOLEAN NOT NULL,
        model_limits TEXT,
        allow_ips TEXT,
        group_name VARCHAR(255),
        user_ip VARCHAR(45),
        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
      )
    `;

    await promisePool.query(createTokensTable);
    console.log('Tokens table is ready.');
  } catch (err) {
    console.error('Error initializing database tables:', err);
    process.exit(1);
  }
}

// Initialize Database Tables
initializeDatabase();

// Serve the HTML Form (Assuming you have an index.html in the 'views' directory)
app.get('/', (req, res) => {
  res.sendFile(path.join(__dirname, 'views', 'index.html'));
});

// Utility Function to Get User's IP Address
function getUserIP(req) {
  const xForwardedFor = req.headers['x-forwarded-for'];
  if (xForwardedFor) {
    const ips = xForwardedFor.split(',').map(ip => ip.trim());
    return ips[0];
  }
  return req.socket.remoteAddress;
}

// Function to Save Session Cookies to the Database
async function saveSessionCookies(username, sessionCookies) {
  try {
    const insertQuery = `
      INSERT INTO session_cookies (username, session_cookies)
      VALUES (?, ?)
    `;

    await promisePool.query(insertQuery, [username, sessionCookies]);
    console.log(`New session cookies for user '${username}' saved successfully.`);
  } catch (err) {
    console.error(`Error saving session cookies for user '${username}':`, err);
    throw err;
  }
}

// Function to Perform Login and Retrieve Session Cookies
async function performLogin() {
  const loginUrl = `${process.env.BASE_URL}/api/user/login?turnstile=`;

  const headers = {
    'Accept': 'application/json, text/plain, */*',
    'Accept-Language': 'en-US,en;q=0.9',
    'Connection': 'keep-alive',
    'Content-Type': 'application/json',
    'Origin': process.env.BASE_URL,
    'Referer': `${process.env.BASE_URL}/login`,
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
    'VoApi-User': '-1'
  };

  const data = {
    username: process.env.ADMIN_USERNAME,
    password: process.env.ADMIN_PASSWORD
  };

  try {
    const response = await axios.post(loginUrl, data, {
      headers: headers,
      withCredentials: true,
      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: false }) // Equivalent to --insecure
    });

    // Extract all cookies from response headers
    const setCookieHeader = response.headers['set-cookie'];
    if (setCookieHeader) {
      // Parse the set-cookie header to extract all cookies
      const cookies = setCookieHeader.map(cookie => cookie.split(';')[0]);
      const cookieString = cookies.join('; '); // Join all cookies into a single string

      if (cookieString) {
        console.log('Session cookies obtained from login.');
        return cookieString;
      }
    }

    throw new Error('No session cookies received from login response.');
  } catch (error) {
    if (error.response) {
      throw new Error(`Login API Error: ${JSON.stringify(error.response.data)}`);
    } else if (error.request) {
      throw new Error('Login API Error: No response received from the login service.');
    } else {
      throw new Error(`Login Error: ${error.message}`);
    }
  }
}

// Function to Generate Redemption Code
async function generateRedemptionCode(name, quota, count, sessionCookies) {
  console.log(`Using session cookies: ${sessionCookies}`); // Log the cookies being used

  const url = `${process.env.BASE_URL}/api/redemption/`;

  const headers = {
    'Accept': 'application/json, text/plain, */*',
    'Accept-Language': 'en-US,en;q=0.9',
    'Connection': 'keep-alive',
    'Content-Type': 'application/json',
    'Origin': process.env.BASE_URL,
    'Referer': `${process.env.BASE_URL}/redemption`,
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
    'VoApi-User': '1',
    'Cookie': sessionCookies // Use all stored cookies
  };

  const data = {
    name: name,
    quota: parseInt(quota),
    count: parseInt(count)
  };

  try {
    const response = await axios.post(url, data, {
      headers: headers,
      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: false }) // Equivalent to --insecure
    });

    console.log('Redemption code generated successfully.');
    return response.data;
  } catch (error) {
    if (error.response) {
      throw new Error(`API Error: ${JSON.stringify(error.response.data)}`);
    } else if (error.request) {
      throw new Error('API Error: No response received from the redemption service.');
    } else {
      throw new Error(`Error: ${error.message}`);
    }
  }
}

// Function to Save Redemption Code to the Database
async function saveRedemptionCode(codeData, name, quota, count, userIP) {
  try {
    // Assuming the API returns the code in codeData.code
    const code = codeData.code || JSON.stringify(codeData);

    const insertQuery = `
      INSERT INTO redemption_codes (code, name, quota, count, user_ip)
      VALUES (?, ?, ?, ?, ?)
    `;

    await promisePool.query(insertQuery, [code, name, quota, count, userIP]);
    console.log('Redemption code saved to database.');
  } catch (err) {
    console.error('Error saving redemption code to database:', err);
    throw err;
  }
}

// Function to Create Token
async function createToken(name, remain_quota, expired_time, unlimited_quota, model_limits_enabled, model_limits, allow_ips, group_name, sessionCookies) {
  console.log(`Using session cookies for token creation: ${sessionCookies}`); // Log the cookies being used

  const url = `${process.env.BASE_URL}/api/token/`;

  const headers = {
    'Accept': 'application/json, text/plain, */*',
    'Accept-Language': 'en-US,en;q=0.9,ru;q=0.8',
    'Connection': 'keep-alive',
    'Content-Type': 'application/json',
    'Origin': process.env.BASE_URL,
    'Referer': `${process.env.BASE_URL}/token`,
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
    'VoApi-User': '1',
    'Cookie': sessionCookies // Use the new session cookie
  };

  const data = {
    name: name,
    remain_quota: parseInt(remain_quota),
    expired_time: parseInt(expired_time),
    unlimited_quota: unlimited_quota,
    model_limits_enabled: model_limits_enabled,
    model_limits: model_limits || '',
    allow_ips: allow_ips || '',
    group: group_name || ''
  };

  try {
    const response = await axios.post(url, data, {
      headers: headers,
      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: false }) // Equivalent to --insecure
    });

    console.log('Token creation API call successful.');
    return response.data;
  } catch (error) {
    if (error.response) {
      throw new Error(`Token API Error: ${JSON.stringify(error.response.data)}`);
    } else if (error.request) {
      throw new Error('Token API Error: No response received from the token service.');
    } else {
      throw new Error(`Error: ${error.message}`);
    }
  }
}

// Function to List Tokens
async function listTokens(sessionCookies, p = 0, size = 100) {
  console.log(`Listing tokens with session cookies: ${sessionCookies}`);

  const url = `${process.env.BASE_URL}/api/token/?p=${p}&size=${size}`;

  const headers = {
    'Accept': 'application/json, text/plain, */*',
    'Accept-Language': 'en-US,en;q=0.9,ru;q=0.8',
    'Connection': 'keep-alive',
    'Referer': `${process.env.BASE_URL}/token`,
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
    'VoApi-User': '1',
    'Cookie': sessionCookies // Use the session cookie
  };

  try {
    const response = await axios.get(url, {
      headers: headers,
      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: false }) // Equivalent to --insecure
    });

    console.log('Tokens list retrieved successfully.');
    return response.data;
  } catch (error) {
    if (error.response) {
      throw new Error(`List Tokens API Error: ${JSON.stringify(error.response.data)}`);
    } else if (error.request) {
      throw new Error('List Tokens API Error: No response received from the token service.');
    } else {
      throw new Error(`Error: ${error.message}`);
    }
  }
}

// Function to Save Token to the Database with 'sk-' Prefix
async function saveToken(tokenData, name, remain_quota, expired_time, unlimited_quota, model_limits_enabled, model_limits, allow_ips, group_name, userIP) {
  try {
    // Extract the 'key' from tokenData and add 'sk-' prefix
    const key = tokenData.key ? `sk-${tokenData.key}` : null;

    if (!key) {
      throw new Error('Token key not found in the response.');
    }

    // Save the token along with its prefixed key
    const insertQuery = `
      INSERT INTO tokens (name, token, token_key, remain_quota, expired_time, unlimited_quota, model_limits_enabled, model_limits, allow_ips, group_name, user_ip)
      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
    `;

    const [result] = await promisePool.query(insertQuery, [
      name,
      JSON.stringify(tokenData), // Store the entire token data as JSON
      key, // Prefixed key
      parseInt(remain_quota),
      parseInt(expired_time),
      unlimited_quota,
      model_limits_enabled,
      model_limits || '',
      allow_ips || '',
      group_name || '',
      userIP
    ]);

    console.log(`Token saved to database with ID: ${result.insertId} and key: ${key}`);
  } catch (err) {
    console.error('Error saving token to database:', err);
    throw err;
  }
}

// Route: POST /api/create
app.post('/api/create', [
  body('username').isString().trim().notEmpty(),
  body('name').isString().trim().notEmpty(),
  body('quota').isInt({ min: 1 }),
  body('count').isInt({ min: 1 })
], async (req, res) => {
  // Validate Input
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ success: false, errors: errors.array() });
  }

  const { username, name, quota, count } = req.body;
  const userIP = getUserIP(req);
  const apiKey = req.headers['x-api-key'];

  // Check API Key
  if (apiKey !== process.env.API_KEY) {
    return res.status(401).json({
      success: false,
      error: 'Unauthorized: Invalid API key'
    });
  }

  try {
    // Perform Login to Obtain New Session Cookies
    console.log('Performing login to obtain new session cookies...');
    const sessionCookies = await performLogin();

    // Save the New Session Cookies to the Database
    await saveSessionCookies(username, sessionCookies);
    console.log('New session cookies saved to the database.');

    // Generate Redemption Code Using the New Session Cookies
    const redemptionCode = await generateRedemptionCode(name, quota, count, sessionCookies);

    // Save Redemption Code to Database
    await saveRedemptionCode(redemptionCode, name, quota, count, userIP);

    res.json({
      success: true,
      data: redemptionCode
    });
  } catch (error) {
    console.error('Error:', error.message);
    res.status(500).json({
      success: false,
      error: error.message
    });
  }
});

// Route: POST /api/token
app.post('/api/token', [
  body('name').isString().trim().notEmpty(),
  body('remain_quota').isInt({ min: 1 }),
  body('expired_time').isInt(), // Assuming negative values are allowed
  body('unlimited_quota').isBoolean(),
  body('model_limits_enabled').isBoolean(),
  body('model_limits').optional().isString(),
  body('allow_ips').optional().isString(),
  body('group').optional().isString()
], async (req, res) => {
  // Validate Input
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ success: false, errors: errors.array() });
  }

  const {
    name,
    remain_quota,
    expired_time,
    unlimited_quota,
    model_limits_enabled,
    model_limits,
    allow_ips,
    group
  } = req.body;

  const userIP = getUserIP(req);
  const apiKey = req.headers['x-api-key'];

  // Check API Key
  if (apiKey !== process.env.API_KEY) {
    return res.status(401).json({
      success: false,
      error: 'Unauthorized: Invalid API key'
    });
  }

  try {
    // Perform Login to Obtain New Session Cookies
    console.log('Performing login to obtain new session cookies for token creation...');
    const sessionCookies = await performLogin();

    // Save the New Session Cookies to the Database with Correct Username
    await saveSessionCookies(process.env.ADMIN_USERNAME, sessionCookies); // Use ADMIN_USERNAME instead of 'name'
    console.log('New session cookies saved to the database.');

    // Create Token Using the New Session Cookies
    const tokenData = await createToken(
      name,
      remain_quota,
      expired_time,
      unlimited_quota,
      model_limits_enabled,
      model_limits,
      allow_ips,
      group,
      sessionCookies
    );

    // If the token creation API does not return the 'key', fetch it using the listTokens function
    let tokenKey = tokenData.key; // Attempt to get the key directly
    if (!tokenKey) {
      console.log('Token key not found in creation response. Fetching from tokens list...');
      const tokensList = await listTokens(sessionCookies, 0, 100);
      
      if (tokensList.success && Array.isArray(tokensList.data) && tokensList.data.length > 0) {
        // Assuming the latest token is the first in the list
        const latestToken = tokensList.data[0];
        tokenKey = latestToken.key;

        if (!tokenKey) {
          throw new Error('Token key not found in the tokens list response.');
        }
      } else {
        throw new Error('Failed to retrieve tokens list or no tokens available.');
      }
    }

    // Update the tokenData with the retrieved key and add 'sk-' prefix
    tokenData.key = `sk-${tokenKey}`;

    // Save Token to Database
    await saveToken(
      tokenData,
      name,
      remain_quota,
      expired_time,
      unlimited_quota,
      model_limits_enabled,
      model_limits,
      allow_ips,
      group,
      userIP
    );

    res.json({
      success: true,
      data: tokenData.key // Return the 'token_key' with 'sk-' prefix
    });
  } catch (error) {
    console.error('Error:', error.message);
    res.status(500).json({
      success: false,
      error: error.message
    });
  }
});

// Health Check Endpoint
app.get('/health', (req, res) => {
  res.status(200).json({ status: 'OK' });
});

// Start the Server
app.listen(port, () => {
  console.log(`App is running at http://localhost:${port}`);
});