babolivier
/
smam
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
SMAM (short for Send Me A Mail) is a free (as in freedom) contact form embedding software.
61 Commits
4 Branches
Tree: 1663978d6c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1663978d6c'
${ noResults }
smam/server.js

server.js 8.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318 
  1. var pug			= require('pug');

  2. var nodemailer  = require('nodemailer');

  3. var crypto		= require('crypto');

  4. var settings	= require('./settings');

  5. 

  6. // Translation

  7. var locale		= require('./locales/' + settings.language);

  8. var lang		= locale.server;

  9. 

  10. // Web server

  11. var bodyParser	= require('body-parser');

  12. var cors		= require('cors');

  13. var express		= require('express');

  14. var app			= express();

  15. 

  16. // Logging

  17. var printit = require('printit');

  18. var log = printit({

  19. 	prefix: 'SMAM',

  20. 	date: true

  21. });

  22. 

  23. 

  24. // nodemailer initial configuration

  25. var transporter = nodemailer.createTransport(settings.mailserver);

  26. 

  27. 

  28. // Verification tokens

  29. var tokens = {};

  30. 

  31. 

  32. // Serve static (JS + HTML) files

  33. app.use(express.static('front'));

  34. // Body parsing

  35. app.use(bodyParser.urlencoded({ extended: true }));

  36. app.use(bodyParser.json());

  37. // Allow cross-origin requests.

  38. var corsOptions = {

  39.   origin: settings.formOrigin,

  40.   optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204

  41. };

  42. app.use(cors(corsOptions));

  43. // Taking care of preflight requests

  44. app.options('*', cors(corsOptions));

  45. 

  46. 

  47. // A request on /register generates a token and store it, along the user's

  48. // address, on the tokens object

  49. app.get('/register', function(req, res, next) {

  50. 	// Get IP from express

  51. 	let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  52. 	if(tokens[ip] === undefined) {

  53. 		tokens[ip] = [];

  54. 	}

  55. 	// Generate token

  56. 	crypto.randomBytes(10, (err, buf) => { 

  57. 		let token = buf.toString('hex');

  58. 		// Store and send the token

  59. 		tokens[ip].push({

  60. 			token: token,

  61. 			// A token expires after 12h

  62. 			expire: new Date().getTime() + 12 * 3600 * 1000

  63. 		});

  64. 		res.status(200).send(token);

  65. 	});

  66. });

  67. 

  68. 

  69. // A request on /send with user input = mail to be sent

  70. app.post('/send', function(req, res, next) {

  71. 	// Response will be JSON

  72. 	res.header('Access-Control-Allow-Headers', 'Content-Type');

  73. 	

  74. 	if(!checkBody(req.body)) {

  75. 		return res.status(400).send();

  76. 	}

  77. 	

  78. 	let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  79. 	

  80. 	// Token verification

  81. 	if(!checkToken(ip, req.body.token)) {

  82. 		return res.status(403).send();

  83. 	}

  84. 	

  85. 	// Count the failures

  86. 	let status = {

  87. 		failed: 0,

  88. 		total: settings.recipients.length

  89. 	};

  90. 	

  91. 	// params will be used as:

  92. 	// - values for html generation from the pug template

  93. 	// - parameters for sending the mail(s)

  94. 	let params = {

  95. 		subject: req.body.subj,

  96. 		from: req.body.name + '<' + settings.mailserver.auth.user + '>',

  97. 		replyTo: req.body.name + ' <' + req.body.addr + '>',

  98. 		html: req.body.text

  99. 	};

  100. 

  101. 	// Process custom fields to get data we can use in the HTML generation

  102. 	params.custom = processCustom(req.body.custom);

  103. 	

  104. 	// Replacing the mail's content with HTML from the pug template

  105. 	// Commenting the line below will bypass the generation and only user the

  106. 	// text entered by the user

  107. 	params.html = pug.renderFile('template.pug', params);

  108. 	

  109. 	log.info(lang.log_sending, params.replyTo);

  110. 	

  111. 	// Send the email to all users

  112. 	sendMails(params, function(err, infos) {

  113. 		if(err) {

  114. 			log.error(err);

  115. 		}

  116. 		logStatus(infos);

  117. 	}, function() {

  118. 		if(status.failed === status.total) {

  119. 			res.status(500).send();

  120. 		} else {

  121. 			res.status(200).send();

  122. 		}

  123. 	})

  124. });

  125. 

  126. 

  127. // A request on /lang sends translated strings (according to the locale set in

  128. // the app settings), alongside the boolean for the display of labels in the

  129. // form block.

  130. app.get('/lang', function(req, res, next) {

  131. 	// Response will be JSON

  132. 	res.header('Access-Control-Allow-Headers', 'Content-Type');

  133. 

  134. 	// Preventing un-updated settings files

  135. 	let labels = true;

  136. 	if(settings.labels !== undefined) {

  137. 		labels = settings.labels;

  138. 	}

  139. 	

  140. 	// Send the infos

  141. 	res.status(200).send({

  142. 		'labels': labels,

  143. 		'translations': locale.client

  144. 	});

  145. });

  146. 

  147. 

  148. // A request on /fields sends data on custom fields.

  149. app.get('/fields', function(req, res, next) {

  150. 	// Response will be JSON

  151. 	res.header('Access-Control-Allow-Headers', 'Content-Type');

  152. 

  153. 	// Send an array anyway, its length will determine if we need to display any

  154. 	let customFields = settings.customFields || [];

  155. 	

  156. 	// Send custom fields data

  157. 	res.status(200).send(customFields);

  158. });

  159. 

  160. 

  161. // Use either the default port or the one chosen by the user (PORT env variable)

  162. var port = process.env.PORT || 1970;

  163. // Same for the host (using the HOST env variable)

  164. var host = process.env.HOST || '0.0.0.0';

  165. // Start the server

  166. app.listen(port, host, function() {

  167. 	log.info(lang.log_server_start, host + ':' + port);

  168. });

  169. 

  170. 

  171. // Run the clean every hour

  172. var tokensChecks = setTimeout(cleanTokens, 3600 * 1000);

  173. 

  174. 

  175. // Send mails to the recipients specified in the JSON settings file

  176. // content: object containing mail params

  177. //  {

  178. //	  subject: String

  179. //	  from: String (following RFC 1036 (https://tools.ietf.org/html/rfc1036#section-2.1.1))

  180. //	  html: String

  181. //  }

  182. // update(next, infos): Called each time a mail is sent with the infos provided

  183. //					  by nodemailer

  184. // done(): Called once each mail has been sent

  185. function sendMails(params, update, done) {

  186. 	let mails = settings.recipients.map((recipient) => {

  187. 		// Promise for each recipient to send each mail asynchronously

  188. 		return new Promise((sent) => {

  189. 			params.to = recipient;

  190. 			// Send the email

  191. 			transporter.sendMail(params, (err, infos) => {

  192. 				sent();

  193. 				if(err) {

  194. 					return update(err, recipient);

  195. 				}

  196. 				update(null, infos);

  197. 				// Promise callback

  198. 			});

  199. 		});

  200. 	});

  201. 	// Run all the promises (= send all the mails)

  202. 	Promise.all(mails).then(done);

  203. }

  204. 

  205. 

  206. // Produces log from the infos provided by nodemailer

  207. // infos: infos provided by nodemailer

  208. // return: nothing

  209. function logStatus(infos) {

  210. 	if(infos.accepted.length !== 0) {

  211. 		log.info(lang.log_send_success, infos.accepted[0]);

  212. 	}

  213. 	if(infos.rejected.length !== 0) {

  214. 		status.failed++;

  215. 		log.info(lang.log_send_failure, infos.rejected[0]);

  216. 	}

  217. }

  218. 

  219. 

  220. // Checks if the request's sender has been registered (and unregister it if not)

  221. // ip: sender's IP address

  222. // token: token used by the sender

  223. // return: true if the user was registered, false else

  224. function checkToken(ip, token) {

  225. 	let verified = false;

  226. 	

  227. 	// Check if there's at least one token for this IP

  228. 	if(tokens[ip] !== undefined) {

  229. 		if(tokens[ip].length !== 0) {

  230. 			// There's at least one element for this IP, let's check the tokens

  231. 			for(var i = 0; i < tokens[ip].length; i++) {

  232. 				if(!tokens[ip][i].token.localeCompare(token)) {

  233. 					// We found the right token

  234. 					verified = true;

  235. 					// Removing the token

  236. 					tokens[ip].pop(tokens[ip][i]);

  237. 					break;

  238. 				}

  239. 			}

  240. 		} 

  241. 	}

  242. 	

  243. 	if(!verified) {

  244. 		log.warn(ip, lang.log_invalid_token);

  245. 	}

  246. 	

  247. 	return verified;

  248. }

  249. 

  250. 

  251. // Checks if all the required fields are in the request body

  252. // body: body taken from express's request object

  253. // return: true if the body is valid, false else

  254. function checkBody(body) {

  255. 	let valid = false;

  256. 	

  257. 	if(body.token !== undefined && body.subj !== undefined 

  258. 		&& body.name !== undefined && body.addr !== undefined 

  259. 		&& body.text !== undefined) {

  260. 		valid = true;

  261. 	}

  262. 	

  263. 	return valid;

  264. }

  265. 

  266. 

  267. // Checks the tokens object to see if no token has expired

  268. // return: nothing

  269. function cleanTokens() {

  270. 	// Get current time for comparison

  271. 	let now = new Date().getTime();

  272. 	

  273. 	for(let ip in tokens) { // Check for each IP in the object

  274. 		for(let token of tokens[ip]) { // Check for each token of an IP

  275. 			if(token.expire < now) { // Token has expired

  276. 				tokens[ip].pop(token);

  277. 			}

  278. 		}

  279. 		if(tokens[ip].length === 0) { // No more element for this IP

  280. 			delete tokens[ip];

  281. 		}

  282. 	}

  283. 	

  284. 	log.info(lang.log_cleared_token);

  285. }

  286. 

  287. 

  288. // Process custom fields to something usable in the HTML generation

  289. // For example, this function replaces indexes with answers in select fields

  290. // custom: object describing data from custom fields

  291. // return: an object with user-input data from each field:

  292. // {

  293. //	  field name: {

  294. //		  value: String,

  295. //		  label: String

  296. //	  }

  297. // }

  298. function processCustom(custom) {

  299. 	let fields = {};

  300. 

  301. 	// Process each field

  302. 	for(let field in custom) {

  303. 		let type = settings.customFields[field].type;

  304. 		// Match indexes with data when needed

  305. 		switch(type) {

  306. 			case 'select':  custom[field] = settings.customFields[field]

  307. 											.options[custom[field]];

  308. 							break;

  309. 		}

  310. 		// Insert data into the finale object

  311. 		fields[field] = {

  312. 			value: custom[field],

  313. 			label: settings.customFields[field].label

  314. 		}

  315. 	}

  316. 	

  317. 	return fields;

  318. }