babolivier
/
smam
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
SMAM (short for Send Me A Mail) is a free (as in freedom) contact form embedding software.
31 Commits
4 Branches
Tree: d1d21dd1df
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd1d21dd1df'
${ noResults }
smam/server.js

server.js 6.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 
  1. var pug         = require('pug');

  2. var nodemailer  = require('nodemailer');

  3. var crypto      = require('crypto');

  4. var settings    = require('./settings');

  5. 

  6. // Web server

  7. var bodyParser  = require('body-parser');

  8. var express     = require('express');

  9. var app = express();

  10. 

  11. // Logging

  12. var printit = require('printit');

  13. var log = printit({

  14.     prefix: 'SMAM',

  15.     date: true

  16. });

  17. 

  18. 

  19. // nodemailer initial configuration

  20. var transporter = nodemailer.createTransport(settings.mailserver);

  21. 

  22. 

  23. // Verification tokens

  24. var tokens = {};

  25. 

  26. 

  27. // Serve static (JS + HTML) files

  28. app.use(express.static('front'));

  29. // Body parsing

  30. app.use(bodyParser.urlencoded({ extended: true }));

  31. app.use(bodyParser.json());

  32. 

  33. 

  34. // A request on /register generates a token and store it, along the user's

  35. // address, on the tokens object

  36. app.get('/register', function(req, res, next) {

  37.     // Get IP from express

  38.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  39.     if(tokens[ip] === undefined) {

  40.         tokens[ip] = [];

  41.     }

  42.     // Generate token

  43.     crypto.randomBytes(10, (err, buf) => { 

  44.         let token = buf.toString('hex');

  45.         // Store and send the token

  46.         tokens[ip].push({

  47.             token: token,

  48.             // A token expires after 12h

  49.             expire: new Date().getTime() + 12 * 3600 * 1000

  50.         });

  51.         res.status(200).send(token);

  52.     });

  53. });

  54. 

  55. 

  56. // A request on /send with user input = mail to be sent

  57. app.post('/send', function(req, res, next) {

  58.     if(!checkBody(req.body)) {

  59.         return res.status(400).send();

  60.     }

  61.     

  62.     let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

  63.     

  64.     if(!checkToken(ip, req.body.token)) {

  65.         return res.status(403).send();

  66.     }

  67.     

  68.     // Count the failures

  69.     let status = {

  70.         failed: 0,

  71.         total: settings.recipients.length

  72.     };

  73.     

  74.     // params will be used as:

  75.     // - values for html generation from the pug template

  76.     // - parameters for sending the mail(s)

  77.     let params = {

  78.         subject: req.body.subj,

  79.         from: req.body.name + ' <' + req.body.addr + '>',

  80.         html: req.body.text

  81.     };

  82.     

  83.     // Replacing the mail's content with HTML from the pug template

  84.     // Commenting the line below will bypass the generation and only user the

  85.     // text entered by the user

  86.     params.html = pug.renderFile('template.pug', params);

  87.     

  88.     log.info('Sending message from ' + params.from);

  89.     

  90.     // Send the email to all users

  91.     sendMails(params, function(err, infos) {

  92.         if(err) {

  93.             log.error(err);

  94.         }

  95.         logStatus(infos);

  96.     }, function() {

  97.         if(status.failed === status.total) {

  98.             res.status(500).send();

  99.         } else {

  100.             res.status(200).send();

  101.         }

  102.     })

  103. });

  104. 

  105. 

  106. // Use either the default port or the one chosen by the user (PORT env variable)

  107. var port = process.env.PORT || 1970;

  108. // Same for the host (using the HOST env variable)

  109. var host = process.env.HOST || '0.0.0.0';

  110. // Start the server

  111. app.listen(port, host, function() {

  112.     log.info('Server started on ' + host + ':' + port);

  113. });

  114. 

  115. 

  116. // Run the clean every hour

  117. var tokensChecks = setTimeout(cleanTokens, 3600 * 1000);

  118. 

  119. 

  120. // Send mails to the recipients specified in the JSON settings file

  121. // content: object containing mail params

  122. //  {

  123. //      subject: String

  124. //      from: String (following RFC 1036 (https://tools.ietf.org/html/rfc1036#section-2.1.1))

  125. //      html: String

  126. //  }

  127. // update(next, infos): Called each time a mail is sent with the infos provided

  128. //                      by nodemailer

  129. // done(): Called once each mail has been sent

  130. function sendMails(params, update, done) {

  131.     let mails = settings.recipients.map((recipient) => {

  132.         // Promise for each recipient to send each mail asynchronously

  133.         return new Promise((sent) => {

  134.             params.to = recipient;

  135.             // Send the email

  136.             transporter.sendMail(params, (err, infos) => {

  137.                 if(err) {

  138.                     return update(err, recipient);

  139.                 }

  140.                 update(null, infos);

  141.                 // Promise callback

  142.                 sent();

  143.             });

  144.         });

  145.     });

  146.     // Run all the promises (= send all the mails)

  147.     Promise.all(mails).then(done);

  148. }

  149. 

  150. 

  151. // Produces log from the infos provided by nodemailer

  152. // infos: infos provided by nodemailer

  153. // return: nothing

  154. function logStatus(infos) {

  155.     if(infos.accepted.length !== 0) {

  156.         log.info('Message sent to ' + infos.accepted[0]);

  157.     }

  158.     if(infos.rejected.length !== 0) {

  159.         status.failed++;

  160.         log.info('Message failed to send to ' + infos.rejected[0]);

  161.     }

  162. }

  163. 

  164. 

  165. // Checks if the request's sender has been registered (and unregister it if not)

  166. // ip: sender's IP address

  167. // token: token used by the sender

  168. // return: true if the user was registered, false else

  169. function checkToken(ip, token) {

  170.     let verified = false;

  171.     

  172.     // Check if there's at least one token for this IP

  173.     if(tokens[ip] !== undefined) {

  174.         if(tokens[ip].length !== 0) {

  175.             // There's at least one element for this IP, let's check the tokens

  176.             for(var i = 0; i < tokens[ip].length; i++) {

  177.                 if(!tokens[ip][i].token.localeCompare(token)) {

  178.                     // We found the right token

  179.                     verified = true;

  180.                     // Removing the token

  181.                     tokens[ip].pop(tokens[ip][i]);

  182.                     break;

  183.                 }

  184.             }

  185.         } 

  186.     }

  187.     

  188.     if(!verified) {

  189.         log.warn(ip + ' just tried to send a message with an invalid token');

  190.     }

  191.     

  192.     return verified;

  193. }

  194. 

  195. 

  196. // Checks if all the required fields are in the request body

  197. // body: body taken from express's request object

  198. // return: true if the body is valid, false else

  199. function checkBody(body) {

  200.     let valid = false;

  201.     

  202.     if(body.token !== undefined && body.subj !== undefined 

  203.         && body.name !== undefined && body.addr !== undefined 

  204.         && body.text !== undefined) {

  205.         valid = true;

  206.     }

  207.     

  208.     return valid;

  209. }

  210. 

  211. 

  212. // Checks the tokens object to see if no token has expired

  213. // return: nothing

  214. function cleanTokens() {

  215.     // Get current time for comparison

  216.     let now = new Date().getTime();

  217.     

  218.     for(let ip in tokens) { // Check for each IP in the object

  219.         for(let token of tokens[ip]) { // Check for each token of an IP

  220.             if(token.expire < now) { // Token has expired

  221.                 tokens[ip].pop(token);

  222.             }

  223.         }

  224.         if(tokens[ip].length === 0) { // No more element for this IP

  225.             delete tokens[ip];

  226.         }

  227.     }

  228.     

  229.     log.info('Cleared expired tokens');

  230. }