babolivier
/
smam
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
SMAM (short for Send Me A Mail) is a free (as in freedom) contact form embedding software.
56 Commits
4 Branches
Tree: 61e15baf9c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '61e15baf9c'
${ noResults }
smam/server.js

server.js 8.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305 
  1. var pug         = require('pug');

  2. var nodemailer  = require('nodemailer');

  3. var crypto      = require('crypto');

  4. var settings    = require('./settings');

  5. 

  6. // Translation

  7. var locale  = require('./locales/' + settings.language);

  8. var lang    = locale.server;

  9. 

  10. // Web server

  11. var bodyParser  = require('body-parser');

  12. var cors        = require('cors');

  13. var express     = require('express');

  14. var app = express();

  15. 

  16. // Logging

  17. var printit = require('printit');

  18. var log = printit({

  19.     prefix: 'SMAM',

  20.     date: true

  21. });

  22. 

  23. 

  24. // nodemailer initial configuration

  25. var transporter = nodemailer.createTransport(settings.mailserver);

  26. 

  27. 

  28. // Verification tokens

  29. var tokens = {};

  30. 

  31. 

  32. // Serve static (JS + HTML) files

  33. app.use(express.static('front'));

  34. // Body parsing

  35. app.use(bodyParser.urlencoded({ extended: true }));

  36. app.use(bodyParser.json());

  37. // Allow cross-origin requests.

  38. var corsOptions = {

  39.   origin: settings.formOrigin,

  40.   optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204

  41. };

  42. app.use(cors(corsOptions));

  43. // Taking care of preflight requests

  44. app.options('*', cors(corsOptions));

  45. 

  46. 

  47. // A request on /register generates a token and store it, along the user's

  48. // address, on the tokens object

  49. app.get('/register', function(req, res, next) {

  50.     // Get IP from express

  51.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  52.     if(tokens[ip] === undefined) {

  53.         tokens[ip] = [];

  54.     }

  55.     // Generate token

  56.     crypto.randomBytes(10, (err, buf) => { 

  57.         let token = buf.toString('hex');

  58.         // Store and send the token

  59.         tokens[ip].push({

  60.             token: token,

  61.             // A token expires after 12h

  62.             expire: new Date().getTime() + 12 * 3600 * 1000

  63.         });

  64.         res.status(200).send(token);

  65.     });

  66. });

  67. 

  68. 

  69. // A request on /send with user input = mail to be sent

  70. app.post('/send', function(req, res, next) {

  71.     // Response will be JSON

  72.     res.header('Access-Control-Allow-Headers', 'Content-Type');

  73.     

  74.     if(!checkBody(req.body)) {

  75.         return res.status(400).send();

  76.     }

  77.     

  78.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  79.     

  80.     if(!checkToken(ip, req.body.token)) {

  81.         return res.status(403).send();

  82.     }

  83.     

  84.     // Count the failures

  85.     let status = {

  86.         failed: 0,

  87.         total: settings.recipients.length

  88.     };

  89.     

  90.     // params will be used as:

  91.     // - values for html generation from the pug template

  92.     // - parameters for sending the mail(s)

  93.     let params = {

  94.         subject: req.body.subj,

  95.         from: req.body.name + '<' + settings.mailserver.auth.user + '>',

  96.         replyTo: req.body.name + ' <' + req.body.addr + '>',

  97.         html: req.body.text

  98.     };

  99. 

  100.     params.custom = processCustom(req.body.custom);

  101.     

  102.     // Replacing the mail's content with HTML from the pug template

  103.     // Commenting the line below will bypass the generation and only user the

  104.     // text entered by the user

  105.     params.html = pug.renderFile('template.pug', params);

  106.     

  107.     log.info(lang.log_sending, params.replyTo);

  108.     

  109.     // Send the email to all users

  110.     sendMails(params, function(err, infos) {

  111.         if(err) {

  112.             log.error(err);

  113.         }

  114.         logStatus(infos);

  115.     }, function() {

  116.         if(status.failed === status.total) {

  117.             res.status(500).send();

  118.         } else {

  119.             res.status(200).send();

  120.         }

  121.     })

  122. });

  123. 

  124. 

  125. // A request on /lang sends translated strings (according to the locale set in

  126. // the app settings), alongside the boolean for the display of labels in the

  127. // form block.

  128. app.get('/lang', function(req, res, next) {

  129.     // Response will be JSON

  130.     res.header('Access-Control-Allow-Headers', 'Content-Type');

  131. 

  132.     // Preventing un-updated settings files

  133.     let labels = true;

  134.     if(settings.labels !== undefined) {

  135.         labels = settings.labels;

  136.     }

  137.     

  138.     // Send the infos

  139.     res.status(200).send({

  140.         'labels': labels,

  141.         'translations': locale.client

  142.     });

  143. });

  144. 

  145. 

  146. // A request on /fields sends data on custom fields.

  147. app.get('/fields', function(req, res, next) {

  148. 	// Response will be JSON

  149.     res.header('Access-Control-Allow-Headers', 'Content-Type');

  150. 

  151. 	// Send an array anyway, its length will determine if we need to display any

  152. 	let customFields = settings.customFields || [];

  153. 	

  154. 	// Send custom fields data

  155. 	res.status(200).send(customFields);

  156. });

  157. 

  158. 

  159. // Use either the default port or the one chosen by the user (PORT env variable)

  160. var port = process.env.PORT || 1970;

  161. // Same for the host (using the HOST env variable)

  162. var host = process.env.HOST || '0.0.0.0';

  163. // Start the server

  164. app.listen(port, host, function() {

  165.     log.info(lang.log_server_start, host + ':' + port);

  166. });

  167. 

  168. 

  169. // Run the clean every hour

  170. var tokensChecks = setTimeout(cleanTokens, 3600 * 1000);

  171. 

  172. 

  173. // Send mails to the recipients specified in the JSON settings file

  174. // content: object containing mail params

  175. //  {

  176. //      subject: String

  177. //      from: String (following RFC 1036 (https://tools.ietf.org/html/rfc1036#section-2.1.1))

  178. //      html: String

  179. //  }

  180. // update(next, infos): Called each time a mail is sent with the infos provided

  181. //                      by nodemailer

  182. // done(): Called once each mail has been sent

  183. function sendMails(params, update, done) {

  184.     let mails = settings.recipients.map((recipient) => {

  185.         // Promise for each recipient to send each mail asynchronously

  186.         return new Promise((sent) => {

  187.             params.to = recipient;

  188.             // Send the email

  189.             transporter.sendMail(params, (err, infos) => {

  190.                 sent();

  191.                 if(err) {

  192.                     return update(err, recipient);

  193.                 }

  194.                 update(null, infos);

  195.                 // Promise callback

  196.             });

  197.         });

  198.     });

  199.     // Run all the promises (= send all the mails)

  200.     Promise.all(mails).then(done);

  201. }

  202. 

  203. 

  204. // Produces log from the infos provided by nodemailer

  205. // infos: infos provided by nodemailer

  206. // return: nothing

  207. function logStatus(infos) {

  208.     if(infos.accepted.length !== 0) {

  209.         log.info(lang.log_send_success, infos.accepted[0]);

  210.     }

  211.     if(infos.rejected.length !== 0) {

  212.         status.failed++;

  213.         log.info(lang.log_send_failure, infos.rejected[0]);

  214.     }

  215. }

  216. 

  217. 

  218. // Checks if the request's sender has been registered (and unregister it if not)

  219. // ip: sender's IP address

  220. // token: token used by the sender

  221. // return: true if the user was registered, false else

  222. function checkToken(ip, token) {

  223.     let verified = false;

  224.     

  225.     // Check if there's at least one token for this IP

  226.     if(tokens[ip] !== undefined) {

  227.         if(tokens[ip].length !== 0) {

  228.             // There's at least one element for this IP, let's check the tokens

  229.             for(var i = 0; i < tokens[ip].length; i++) {

  230.                 if(!tokens[ip][i].token.localeCompare(token)) {

  231.                     // We found the right token

  232.                     verified = true;

  233.                     // Removing the token

  234.                     tokens[ip].pop(tokens[ip][i]);

  235.                     break;

  236.                 }

  237.             }

  238.         } 

  239.     }

  240.     

  241.     if(!verified) {

  242.         log.warn(ip, lang.log_invalid_token);

  243.     }

  244.     

  245.     return verified;

  246. }

  247. 

  248. 

  249. // Checks if all the required fields are in the request body

  250. // body: body taken from express's request object

  251. // return: true if the body is valid, false else

  252. function checkBody(body) {

  253.     let valid = false;

  254.     

  255.     if(body.token !== undefined && body.subj !== undefined 

  256.         && body.name !== undefined && body.addr !== undefined 

  257.         && body.text !== undefined) {

  258.         valid = true;

  259.     }

  260.     

  261.     return valid;

  262. }

  263. 

  264. 

  265. // Checks the tokens object to see if no token has expired

  266. // return: nothing

  267. function cleanTokens() {

  268.     // Get current time for comparison

  269.     let now = new Date().getTime();

  270.     

  271.     for(let ip in tokens) { // Check for each IP in the object

  272.         for(let token of tokens[ip]) { // Check for each token of an IP

  273.             if(token.expire < now) { // Token has expired

  274.                 tokens[ip].pop(token);

  275.             }

  276.         }

  277.         if(tokens[ip].length === 0) { // No more element for this IP

  278.             delete tokens[ip];

  279.         }

  280.     }

  281.     

  282.     log.info(lang.log_cleared_token);

  283. }

  284. 

  285. 

  286. function processCustom(custom) {

  287.     let fields = {};

  288.     

  289.     for(let field in custom) {

  290.         let type = settings.customFields[field].type;

  291. 

  292.         switch(type) {

  293.             case 'select':  custom[field] = settings.customFields[field]

  294.                                             .options[custom[field]];

  295.                             break;

  296.         }

  297. 

  298.         fields[field] = {

  299.             value: custom[field],

  300.             label: settings.customFields[field].label

  301.         }

  302.     }

  303.     

  304.     return fields;

  305. }