1. const express = require("express");
2. const app = express();
3. const fileUpload = require("express-fileupload");
4. const rateLimit = require("express-rate-limit");
5. const fs = require("fs-extra");
6. const session = require("express-session");
7. const eta = require("eta");
8. const bodyParser = require("body-parser");
9. const { google } = require("googleapis");
10. const nodemailer = require("nodemailer");
11. const cookieParser = require("cookie-parser");
12. const flash = require("connect-flash");
13. const Passport = require("passport");
14. const bcrypt = require("bcrypt");
15. const axios = require("axios");
16. const mimeDB = require("mime-db");
17. const http = require("http");
18. const server = http.createServer(app);
19.  
20. const imageExt = ["png", "gif", "webp", "jpeg", "jpg"];
21. const videoExt = ["webm", "mkv", "flv", "vob", "ogv", "ogg", "rrc", "gifv",
22.  "mng", "mov", "avi", "qt", "wmv", "yuv", "rm", "asf", "amv", "mp4",
23.  "m4p", "m4v", "mpg", "mp2", "mpeg", "mpe", "mpv", "m4v", "svi", "3gp",
24.  "3g2", "mxf", "roq", "nsv", "flv", "f4v", "f4p", "f4a", "f4b", "mod"
25. ];
26. const audioExt = ["3gp", "aa", "aac", "aax", "act", "aiff", "alac", "amr",
27.  "ape", "au", "awb", "dss", "dvf", "flac", "gsm", "iklax", "ivs",
28.  "m4a", "m4b", "m4p", "mmf", "mp3", "mpc", "msv", "nmf",
29.  "ogg", "oga", "mogg", "opus", "ra", "rm", "raw", "rf64", "sln", "tta",
30.  "voc", "vox", "wav", "wma", "wv", "webm", "8svx", "cd"
31. ];
32.  
33.  
34. module.exports = async (api) => {
35.  if (!api)
36.   await require("./connectDB.js")();
37.  
38.  const { utils, utils: { drive } } = global;
39.  const { config } = global.GoatBot;
40.  const { expireVerifyCode } = config.dashBoard;
41.  const { gmailAccount, gRecaptcha } = config.credentials;
42.  
43.  const getText = global.utils.getText;
44.  
45.  const {
46.   email,
47.   clientId,
48.   clientSecret,
49.   refreshToken
50.  } = gmailAccount;
51.  
52.  const OAuth2 = google.auth.OAuth2;
53.  const OAuth2_client = new OAuth2(clientId, clientSecret);
54.  OAuth2_client.setCredentials({ refresh_token: refreshToken });
55.  let accessToken;
56.  try {
57.   accessToken = await OAuth2_client.getAccessToken();
58.  }
59.  catch (err) {
60.   throw new Error(getText("Goat", "googleApiRefreshTokenExpired"));
61.  }
62.  
63.  const transporter = nodemailer.createTransport({
64.   host: "smtp.gmail.com",
65.   service: "Gmail",
66.   auth: {
67.    type: "OAuth2",
68.    user: email,
69.    clientId,
70.    clientSecret,
71.    refreshToken,
72.    accessToken
73.   }
74.  });
75.  
76.  
77.  const {
78.   threadModel,
79.   userModel,
80.   dashBoardModel,
81.   threadsData,
82.   usersData,
83.   dashBoardData
84.  } = global.db;
85.  
86.  
87.  // const verifyCodes = {
88.  //     fbid: [],
89.  //     register: [],
90.  //     forgetPass: []
91.  // };
92.  
93.  eta.configure({
94.   useWith: true
95.  });
96.  
97.  app.set("views", `${__dirname}/views`);
98.  app.engine("eta", eta.renderFile);
99.  app.set("view engine", "eta");
100.  
101.  app.use(bodyParser.json());
102.  app.use(bodyParser.urlencoded({ extended: true }));
103.  app.use(cookieParser());
104.  app.use(session({
105.   secret: randomStringApikey(10),
106.   resave: false,
107.   saveUninitialized: true,
108.   cookie: {
109.    secure: false,
110.    httpOnly: true,
111.    maxAge: 1000 * 60 * 60 * 24 * 7 // 7 days
112.   }
113.  }));
114.  
115.  
116.  // public folder
117.  app.use("/css", express.static(`${__dirname}/css`));
118.  app.use("/js", express.static(`${__dirname}/js`));
119.  app.use("/images", express.static(`${__dirname}/images`));
120.  
121.  require("./passport-config.js")(Passport, dashBoardData, bcrypt);
122.  app.use(Passport.initialize());
123.  app.use(Passport.session());
124.  app.use(fileUpload());
125.  
126.  app.use(flash());
127.  app.use(function (req, res, next) {
128.   res.locals.gRecaptcha_siteKey = gRecaptcha.siteKey;
129.   res.locals.__dirname = __dirname;
130.   res.locals.success = req.flash("success") || [];
131.   res.locals.errors = req.flash("errors") || [];
132.   res.locals.warnings = req.flash("warnings") || [];
133.   res.locals.user = req.user || null;
134.   next();
135.  });
136.  
137.  const generateEmailVerificationCode = require("./scripts/generate-Email-Verification.js");
138.  
139.  // ————————————————— MIDDLEWARE ————————————————— //
140.  const createLimiter = (ms, max) => rateLimit({
141.   windowMs: ms, // 5 minutes
142.   max,
143.   handler: (req, res) => {
144.    res.status(429).send({
145.     status: "error",
146.     message: getText("app", "tooManyRequests")
147.    });
148.   }
149.  });
150.  
151.  const middleWare = require("./middleware/index.js")(checkAuthConfigDashboardOfThread);
152.  
153.  // ————————————————————————————————————————————— //
154.  
155.  async function checkAuthConfigDashboardOfThread(threadData, userID) {
156.   if (!isNaN(threadData))
157.    threadData = await threadsData.get(threadData);
158.   return threadData.adminIDs?.includes(userID) || threadData.members?.some(m => m.userID == userID && m.permissionConfigDashboard == true) || false;
159.  }
160.  
161.  const isVideoFile = (mimeType) => videoExt.includes(mimeDB[mimeType]?.extensions?.[0]);
162.  
163.  async function isVerifyRecaptcha(responseCaptcha) {
164.   const secret = gRecaptcha.secretKey;
165.   const verifyUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secret}&response;=${responseCaptcha}`;
166.   const verify = await axios.get(verifyUrl);
167.   return verify.data.success;
168.  }
169.  
170.  
171.  // ROUTES & MIDDLWARE
172.  const {
173.   unAuthenticated,
174.   isWaitVerifyAccount,
175.   isAuthenticated,
176.   isAdmin,
177.   isVeryfiUserIDFacebook,
178.   checkHasAndInThread,
179.   middlewareCheckAuthConfigDashboardOfThread
180.  } = middleWare;
181.  
182.  const paramsForRoutes = {
183.   unAuthenticated, isWaitVerifyAccount, isAdmin, isAuthenticated,
184.   isVeryfiUserIDFacebook, checkHasAndInThread, middlewareCheckAuthConfigDashboardOfThread,
185.  
186.   isVerifyRecaptcha, validateEmail, randomNumberApikey, transporter,
187.   generateEmailVerificationCode, dashBoardData, expireVerifyCode, Passport, isVideoFile,
188.  
189.   threadsData, api, createLimiter, config, checkAuthConfigDashboardOfThread,
190.   imageExt, videoExt, audioExt, convertSize, drive, usersData
191.  };
192.  
193.  const registerRoute = require("./routes/register.js")(paramsForRoutes);
194.  const loginRoute = require("./routes/login.js")(paramsForRoutes);
195.  const forgotPasswordRoute = require("./routes/forgotPassword.js")(paramsForRoutes);
196.  const changePasswordRoute = require("./routes/changePassword.js")(paramsForRoutes);
197.  const dashBoardRoute = require("./routes/dashBoard.js")(paramsForRoutes);
198.  const verifyFbidRoute = require("./routes/verifyfbid.js")(paramsForRoutes);
199.  const apiRouter = require("./routes/api.js")(paramsForRoutes);
200.  
201.  app.get(["/", "/home"], (req, res) => {
202.   res.render("home");
203.  });
204.  
205.  app.get("/stats", async (req, res) => {
206.   let fcaVersion;
207.   try {
208.    fcaVersion = require("fb-chat-api/package.json").version;
209.   }
210.   catch (e) {
211.    fcaVersion = "unknown";
212.   }
213.  
214.   const totalThread = (await threadsData.getAll()).filter(t => t.threadID.toString().length > 15).length;
215.   const totalUser = (await usersData.getAll()).length;
216.   const prefix = config.prefix;
217.   const uptime = utils.convertTime(process.uptime() * 1000);
218.  
219.   res.render("stats", {
220.    fcaVersion,
221.    totalThread,
222.    totalUser,
223.    prefix,
224.    uptime,
225.    uptimeSecond: process.uptime()
226.   });
227.  });
228.  
229.  app.get("/profile", isAuthenticated, async (req, res) => {
230.   res.render("profile", {
231.    userData: await usersData.get(req.user.facebookUserID) || {}
232.   });
233.  });
234.  
235.  app.get("/donate", (req, res) => res.render("donate"));
236.  
237.  app.get("/logout", (req, res, next) => {
238.   req.logout(function (err) {
239.    if (err)
240.     return next(err);
241.    res.redirect("/");
242.   });
243.  });
244.  
245.  app.post("/changefbstate", isAuthenticated, isVeryfiUserIDFacebook, (req, res) => {
246.   if (!global.GoatBot.config.adminBot.includes(req.user.facebookUserID))
247.    return res.send({
248.     status: "error",
249.     message: getText("app", "notPermissionChangeFbstate")
250.    });
251.   const { fbstate } = req.body;
252.   if (!fbstate)
253.    return res.send({
254.     status: "error",
255.     message: getText("app", "notFoundFbstate")
256.    });
257.  
258.   fs.writeFileSync(process.cwd() + (process.env.NODE_ENV == "production" || process.env.NODE_ENV == "development" ? "/account.dev.txt" : "/account.txt"), fbstate);
259.   res.send({
260.    status: "success",
261.    message: getText("app", "changedFbstateSuccess")
262.   });
263.  
264.   res.on("finish", () => {
265.    process.exit(2);
266.   });
267.  });
268.  app.get("/uptime", global.responseUptimeCurrent);
269.  
270.  app.get("/changefbstate", isAuthenticated, isVeryfiUserIDFacebook, isAdmin, (req, res) => {
271.   res.render("changeFbstate", {
272.    currentFbstate: fs.readFileSync(process.cwd() + (process.env.NODE_ENV == "production" || process.env.NODE_ENV == "development" ? "/account.dev.txt" : "/account.txt"), "utf8")
273.   });
274.  });
275.  
276.  app.use("/register", registerRoute);
277.  app.use("/login", loginRoute);
278.  app.use("/forgot-password", forgotPasswordRoute);
279.  app.use("/change-password", changePasswordRoute);
280.  app.use("/dashboard", dashBoardRoute);
281.  app.use("/verifyfbid", verifyFbidRoute);
282.  app.use("/api", apiRouter);
283.  
284.  app.get("*", (req, res) => {
285.   res.status(404).render("404");
286.  });
287.  
288.  // catch global error
289.  app.use((err, req, res, next) => {
290.   if (err.message == "Login sessions require session support. Did you forget to use `express-session` middleware?")
291.    return res.status(500).send(getText("app", "serverError"));
292.  });
293.  
294.  const PORT = process.env.PORT || 3001;
295.  let dashBoardUrl = `https://${process.env.REPL_OWNER
296.   ? `${process.env.REPL_SLUG}.${process.env.REPL_OWNER}.repl.co`
297.   : process.env.API_SERVER_EXTERNAL == "https://api.glitch.com"
298.    ? `${process.env.PROJECT_DOMAIN}.glitch.me`
299.    : `localhost:${PORT}`}`;
300.  dashBoardUrl.includes("localhost") && (dashBoardUrl = dashBoardUrl.replace("https", "http"));
301.  await server.listen(PORT);
302.  utils.log.info("DASHBOARD", `Dashboard is running: ${dashBoardUrl}`);
303.  if (config.serverUptime.socket.enable == true)
304.   require("../bot/login/socketIO.js")(server);
305. };
306.  
307. function randomStringApikey(max) {
308.  let text = "";
309.  const possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
310.  for (let i = 0; i < max; i++)
311.   text += possible.charAt(Math.floor(Math.random() * possible.length));
312.  return text;
313. }
314.  
315. function randomNumberApikey(maxLength) {
316.  let text = "";
317.  const possible = "0123456789";
318.  for (let i = 0; i < maxLength; i++)
319.   text += possible.charAt(Math.floor(Math.random() * possible.length));
320.  return text;
321. }
322.  
323. function validateEmail(email) {
324.  const re = /^(([^<>()\[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
325.  return re.test(email);
326. }
327.  
328. function convertSize(byte) {
329.  return byte > 1024 ? byte > 1024 * 1024 ? (byte / 1024 / 1024).toFixed(2) + " MB" : (byte / 1024).toFixed(2) + " KB" : byte + " Byte";
330. }
331.