nodejs discord server wors

DecentralCardGame · May 23, 2024 · 96f919a · 96f919a
1 parent f25476d
commit 96f919a
Show file tree

Hide file tree

Showing 4 changed files with 165 additions and 20 deletions.
diff --git a/config/nginx-test.conf b/config/nginx-test.conf
@@ -0,0 +1,137 @@
+
+server {
+  listen 443 http2;
+  listen [::]:443 http2;
+  server_name cardchain.crowdcontrol.network;
+  #ssl_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem;
+  #ssl_certificate_key /etc/letsencrypt/live/cardchain.crowdcontrol.network/privkey.pem;
+
+  # Improve HTTPS performance with session resumption
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  # Enable server-side protection against BEAST attacks
+  ssl_protocols TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
+
+  # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
+  ssl_dhparam /etc/nginx/ssl/dhparam-4096.pem;
+  ssl_ecdh_curve secp521r1:secp384r1;
+
+  # Aditional Security Headers
+  # ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  add_header X-Frame-Options DENY always;
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+  add_header X-Content-Type-Options nosniff always;
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+  add_header X-Xss-Protection "1; mode=block" always;
+
+  # Enable OCSP stapling
+  # ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem;
+  #resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
+  resolver 127.0.0.11;
+  resolver_timeout 5s;
+
+  location ~ ^/cosmos(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://blockchain:1317$1$is_args$args;
+  }
+
+  location ~ ^/grpc(/.*)?$ {
+    grpc_pass grpcs://blockchain:9090$1$is_args$args;
+  }
+
+  location ~ ^/grpc2(/.*)?$ {
+    grpc_pass grpcs://blockchain:9091$1$is_args$args;
+  }
+
+  location ~ ^/tendermint(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_set_header X-forwarded-proto $scheme;
+    proxy_intercept_errors on;
+    proxy_pass http://blockchain:26657$1$is_args$args;
+  }
+
+  location ~ ^/faucet(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://blockchain:4500$1$is_args$args;
+  }
+
+  location /files/ {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    root /;
+  }
+
+  location /goat/ {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://goat:31337;
+  }
+}
diff --git a/config/nginx.conf b/config/nginx.conf
@@ -121,7 +121,7 @@ server {
     root /;
   }
 
-  location /goat {
+  location /goat/ {
     add_header 'Access-Control-Allow-Origin' '*' always;
     add_header 'Access-Control-Allow-Credentials' 'true' always;
     add_header 'Access-Control-Allow-Methods' '*' always;
@@ -132,6 +132,6 @@ server {
     proxy_set_header host $host;
     proxy_set_header X-real-ip $remote_addr;
     proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
-    proxy_pass http://goat:31337
+    proxy_pass http://goat:31337;
   }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -38,3 +38,4 @@ services:
     command: /bin/bash -c "exec nginx -g 'daemon off;'"
     depends_on: 
       - blockchain
+      - goat
diff --git a/goat/app.js b/goat/app.js
@@ -7,7 +7,7 @@ const PORT = process.env.PORT || 31337;
 
 //let codeValue = 'oHISzAR5RdTef7jVntWuA48Gf044Vr'
 
-const fetchUser = async code => {
+const fetchUser = code => {
 	let query = querystring.stringify({
 		'client_id': '1242405621815316502',
 		'client_secret': 'SdY9h2ilQb42AKV3dL8pscd9vcvUc0Bo',
@@ -20,28 +20,35 @@ const fetchUser = async code => {
         'Content-Type': 'application/x-www-form-urlencoded'
     }
 
-	const token = await axios.post('https://discordapp.com/api/oauth2/token', query, headers)
+	return axios.post('https://discordapp.com/api/oauth2/token', query, headers)
+	.then(token => {
+		return axios.get(`https://discordapp.com/api/users/@me`, {
+	        headers: {
+	            "Authorization": "Bearer " + token.data.access_token,
+	    	}
+	    })
+	})
 
-	console.log("token", token.status)
-
-    const user = await axios.get(`https://discordapp.com/api/users/@me`, {
-        headers: {
-            "Authorization": "Bearer " + token.data.access_token,
-    	}
-    })
-
-	console.log("user", user.status)
-	return await user
 }
 
 app.get('/', (req, res) => {
+	if (!req.query.code) {
+		throw new Error('No code provided - you must provide a token code from Discord')
+	}
+
 	console.log("code", req.query.code)
-	fetchUser(req.query.code)
-		.then(user => {
-			console.log("response", user)
-			console.log(user.status, user.statusText);
-		 	res.send(user.data);
-		});
+
+	return fetchUser(req.query.code)
+	.then(user => {
+		console.log("response", user.data)
+		console.log("status", user.status, user.statusText);
+	 	res.send(user.data);
+	})
+	.catch(err => {
+		console.error(err.response)
+		res.status(500).send(err)
+	})
+
 });
 
 app.listen(PORT, () => {