babolivier
/
smam
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
SMAM (short for Send Me A Mail) is a free (as in freedom) contact form embedding software.
28 Commits
4 Branches
Tree: b52093834b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b52093834b'
${ noResults }
smam/server.js

server.js 6.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 
  1. var pug         = require('pug');

  2. var nodemailer  = require('nodemailer');

  3. var crypto      = require('crypto');

  4. var settings    = require('./settings');

  5. 

  6. // Web server

  7. var bodyParser  = require('body-parser');

  8. var express     = require('express');

  9. var app = express();

  10. 

  11. // Logging

  12. var printit = require('printit');

  13. var log = printit({

  14.     prefix: 'SMAM',

  15.     date: true

  16. });

  17. 

  18. 

  19. // nodemailer initial configuration

  20. var transporter = nodemailer.createTransport(settings.mailserver);

  21. 

  22. 

  23. // Verification tokens

  24. var tokens = {};

  25. 

  26. 

  27. // Serve static (JS + HTML) files

  28. app.use(express.static('front'));

  29. // Body parsing

  30. app.use(bodyParser.urlencoded({ extended: true }));

  31. app.use(bodyParser.json());

  32. 

  33. 

  34. // A request on /register generates a token and store it, along the user's

  35. // address, on the tokens object

  36. app.get('/register', function(req, res, next) {

  37.     // Get IP from express

  38.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  39.     if(tokens[ip] === undefined) {

  40.         tokens[ip] = [];

  41.     }

  42.     // Generate token

  43.     crypto.randomBytes(10, (err, buf) => { 

  44.         let token = buf.toString('hex');

  45.         // Store and send the token

  46.         tokens[ip].push({

  47.             token: token,

  48.             // A token expires after 12h

  49.             expire: new Date().getTime() + 12 * 3600 * 1000

  50.         });

  51.         res.status(200).send(token);

  52.     });

  53. });

  54. 

  55. 

  56. // A request on /send with user input = mail to be sent

  57. app.post('/send', function(req, res, next) {

  58.     if(!checkBody(req.body)) {

  59.         return res.status(400).send();

  60.     }

  61.     

  62.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  63.     

  64.     if(!checkToken(ip, req.body.token)) {

  65.         return res.status(403).send();

  66.     }

  67.     

  68.     // Count the failures

  69.     let status = {

  70.         failed: 0,

  71.         total: settings.recipients.length

  72.     };

  73.     

  74.     // params will be used as:

  75.     // - values for html generation from the pug template

  76.     // - parameters for sending the mail(s)

  77.     let params = {

  78.         subject: req.body.subj,

  79.         from: req.body.name + ' <' + req.body.addr + '>',

  80.         html: req.body.text

  81.     };

  82.     

  83.     // Replacing the mail's content with HTML from the pug template

  84.     // Commenting the line below will bypass the generation and only user the

  85.     // text entered by the user

  86.     params.html = pug.renderFile('template.pug', params);

  87.     

  88.     log.info('Sending message from ' + params.from);

  89.     

  90.     // Send the email to all users

  91.     sendMails(params, function(err, infos) {

  92.         if(err) {

  93.             log.error(err);

  94.         }

  95.         logStatus(infos);

  96.     }, function() {

  97.         if(status.failed === status.total) {

  98.             res.status(500).send();

  99.         } else {

  100.             res.status(200).send();

  101.         }

  102.     })

  103. });

  104. 

  105. 

  106. // Use either the default port or the one chosen by the user (PORT env variable)

  107. var port = process.env.PORT || 1970;

  108. // Start the server

  109. app.listen(port, function() {

  110.     log.info('Server started on port ' + port);

  111. });

  112. 

  113. 

  114. // Run the clean every hour

  115. var tokensChecks = setTimeout(cleanTokens, 3600 * 1000);

  116. 

  117. 

  118. // Send mails to the recipients specified in the JSON settings file

  119. // content: object containing mail params

  120. //  {

  121. //      subject: String

  122. //      from: String (following RFC 1036 (https://tools.ietf.org/html/rfc1036#section-2.1.1))

  123. //      html: String

  124. //  }

  125. // update(next, infos): Called each time a mail is sent with the infos provided

  126. //                      by nodemailer

  127. // done(): Called once each mail has been sent

  128. function sendMails(params, update, done) {

  129.     let mails = settings.recipients.map((recipient) => {

  130.         // Promise for each recipient to send each mail asynchronously

  131.         return new Promise((sent) => {

  132.             params.to = recipient;

  133.             // Send the email

  134.             transporter.sendMail(params, (err, infos) => {

  135.                 if(err) {

  136.                     return update(err, recipient);

  137.                 }

  138.                 update(null, infos);

  139.                 // Promise callback

  140.                 sent();

  141.             });

  142.         });

  143.     });

  144.     // Run all the promises (= send all the mails)

  145.     Promise.all(mails).then(done);

  146. }

  147. 

  148. 

  149. // Produces log from the infos provided by nodemailer

  150. // infos: infos provided by nodemailer

  151. // return: nothing

  152. function logStatus(infos) {

  153.     if(infos.accepted.length !== 0) {

  154.         log.info('Message sent to ' + infos.accepted[0]);

  155.     }

  156.     if(infos.rejected.length !== 0) {

  157.         status.failed++;

  158.         log.info('Message failed to send to ' + infos.rejected[0]);

  159.     }

  160. }

  161. 

  162. 

  163. // Checks if the request's sender has been registered (and unregister it if not)

  164. // ip: sender's IP address

  165. // token: token used by the sender

  166. // return: true if the user was registered, false else

  167. function checkToken(ip, token) {

  168.     let verified = false;

  169.     

  170.     // Check if there's at least one token for this IP

  171.     if(tokens[ip] !== undefined) {

  172.         if(tokens[ip].length !== 0) {

  173.             // There's at least one element for this IP, let's check the tokens

  174.             for(var i = 0; i < tokens[ip].length; i++) {

  175.                 if(!tokens[ip][i].token.localeCompare(token)) {

  176.                     // We found the right token

  177.                     verified = true;

  178.                     // Removing the token

  179.                     tokens[ip].pop(tokens[ip][i]);

  180.                     break;

  181.                 }

  182.             }

  183.         } 

  184.     }

  185.     

  186.     if(!verified) {

  187.         log.warn(ip + ' just tried to send a message with an invalid token');

  188.     }

  189.     

  190.     return verified;

  191. }

  192. 

  193. 

  194. // Checks if all the required fields are in the request body

  195. // body: body taken from express's request object

  196. // return: true if the body is valid, false else

  197. function checkBody(body) {

  198.     let valid = false;

  199.     

  200.     if(body.token !== undefined && body.subj !== undefined 

  201.         && body.name !== undefined && body.addr !== undefined 

  202.         && body.text !== undefined) {

  203.         valid = true;

  204.     }

  205.     

  206.     return valid;

  207. }

  208. 

  209. 

  210. // Checks the tokens object to see if no token has expired

  211. // return: nothing

  212. function cleanTokens() {

  213.     // Get current time for comparison

  214.     let now = new Date().getTime();

  215.     

  216.     for(let ip in tokens) { // Check for each IP in the object

  217.         for(let token of tokens[ip]) { // Check for each token of an IP

  218.             if(token.expire < now) { // Token has expired

  219.                 tokens[ip].pop(token);

  220.             }

  221.         }

  222.         if(tokens[ip].length === 0) { // No more element for this IP

  223.             delete tokens[ip];

  224.         }

  225.     }

  226.     

  227.     log.info('Cleared expired tokens');

  228. }