This repository has been archived by the owner on Mar 9, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
server.js
94 lines (78 loc) · 2.29 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import "dotenv/config.js";
import { performance } from "perf_hooks";
import express from "express";
import rateLimit from "express-rate-limit";
import list from "./src/list.js";
import admin from "./src/admin.js";
import video from "./src/video.js";
import image from "./src/image.js";
import file from "./src/file.js";
import checkSecret from "./src/check-secret.js";
import checkIP from "./src/check-ip.js";
const {
SERVER_ADDR = "0.0.0.0",
SERVER_PORT = 3000,
VIDEO_PATH = "/mnt/",
TRACE_MEDIA_SALT,
TRACE_API_SECRET,
} = process.env;
const app = express();
app.disable("x-powered-by");
app.set("trust proxy", 1);
app.use((req, res, next) => {
const startTime = performance.now();
console.log("=>", new Date().toISOString(), req.ip, req.path);
res.on("finish", () => {
console.log(
"<=",
new Date().toISOString(),
req.ip,
req.path,
res.statusCode,
`${(performance.now() - startTime).toFixed(0)}ms`,
);
});
next();
});
app.use((req, res, next) => {
res.set("Access-Control-Allow-Origin", "*");
res.set("Access-Control-Allow-Methods", "GET, OPTIONS");
res.set("Referrer-Policy", "no-referrer");
res.set("X-Content-Type-Options", "nosniff");
res.set(
"Content-Security-Policy",
[
"default-src 'none'",
"media-src 'self'",
"base-uri 'none'",
"frame-ancestors 'none'",
"form-action 'none'",
"block-all-mixed-content",
].join("; "),
);
next();
});
app.use(
rateLimit({
max: 60, // limit each IP to 60 requests per 60 seconds
delayMs: 0, // disable delaying - full speed until the max limit is reached
}),
);
app.locals.queue = 0;
app.get("/", (req, res) => res.send("ok"));
app.get("/video/:anilistID/:filename", video);
app.get("/image/:anilistID/:filename", image);
app.use("/file/:anilistID/:filename", checkSecret, file);
app.use("/list", list);
app.use("/admin", checkIP, admin);
app.use("/admin", checkIP, express.static(VIDEO_PATH));
if (TRACE_API_SECRET) {
console.log("Video upload/download secured by TRACE_API_SECRET");
}
if (TRACE_MEDIA_SALT) {
console.log("Video clip and image secured by TRACE_MEDIA_SALT");
}
console.log(`VIDEO_PATH: ${VIDEO_PATH}`);
app.listen(SERVER_PORT, SERVER_ADDR, () =>
console.log(`Media server listening on ${SERVER_ADDR}:${SERVER_PORT}`),
);