twister-proxy/twister-proxy.js

var fs = require("fs");
var https = require("https");
var http = require("http");
var express = require("express");
var console = require("console");

var app = express();

try
{
    var settings = JSON.parse(fs.readFileSync("settings.json"));
}
catch(e)
{
    console.log("Error: Configuration file settings.json couldn't be parsed.\nSee Troubleshooting section in README.md for instructions.");
    process.exit(1);
}

if(settings.Server.enable_https)
{
    try
    {
	var privateKey  = fs.readFileSync(settings.Server.ssl_key_file).toString();
    }
    catch(e)
    {
	console.log("Error: unable to load SSL key. Please edit setting.json and put the correct path to your SSL private key file into \"ssl_key_file.\"");
	process.exit(1);
    }
    try
    {
	var certificate = fs.readFileSync(settings.Server.ssl_certificate_file).toString();
    }
    catch(e)
    {
	console.log("Error: unable to load SSL certificate. Please edit setting.json and put the correct path to your SSL certificate file into \"ssl_certificate_file.\"");
	process.exit(1);
    }
    var credentials = {key: privateKey, cert: certificate};
}

maxCallsPerMinute = {};
maxCallsPerMinutePerIP = {};
callsRemaining = {};
perIPCounter = {};
droppedCallsCounter = {};

var invalidRequestCounter = 0;
var forbiddenCallCounter = 0;
var connectionErrorMessageDisplayed = false;

settings.CallLimits.forEach(function(x) {
    maxCallsPerMinute[x.name] = x.maxPerMinute;
    maxCallsPerMinutePerIP[x.name] = x.maxPerMinutePerIP;
    callsRemaining[x.name] = x.maxPerMinute;
    droppedCallsCounter[x.name] = 0;
});

CounterInstance = function()
{
    this.overLimit=0;
    this.invalidRequests=0;
    this.forbiddenCalls=0;
    this.callsRemaining={};
    for (x in maxCallsPerMinutePerIP)
    {
      if(maxCallsPerMinutePerIP[x]!==null)
	  this.callsRemaining[x]=maxCallsPerMinutePerIP[x];
    }
}

require("log-timestamp");

app.get("*", function(request, response)
{
    if(settings.Server.enable_https&&request.protocol=="http")
    {
	if(settings.Server.https_port==443)
	    secureUrl="https://"+request.host+request.path;
	else
	    secureUrl="https://"+request.host+":"+settings.Server.https_port+request.path;
	response.writeHead(302, {"Location": secureUrl});
	response.end();
	return;
    }

    var webProxy = http.request({host: settings.RPC.host, port: settings.RPC.port, method: request.method, path: request.path, headers: request.headers}, function (proxy_res)
    {
	proxy_res.pipe(response, {end: true});
    });
    
    webProxy.on("error", function(error)
    {
	if(!connectionErrorMessageDisplayed)
	{
	    console.log("Error: cannot connect to twisterd.\nSee Troubleshooting section in README.md for instructions.");
	    connectionErrorMessageDisplayed=true;
	}
	response.send(502);
    });
    
    request.pipe(webProxy, {end: true});
});

app.post("/", function(request, response)
{       
    request.rawBody = "";
    request.setEncoding("utf8");

    request.addListener("data", function(chunk)
    {
        request.rawBody += chunk;
    });

    request.addListener("end", function()
    {
	var remoteIP = request.connection.remoteAddress;
	    
	if(perIPCounter[remoteIP]===undefined)
	{	
	    perIPCounter[remoteIP]=new CounterInstance();
	}
	try
	{
	    bodyJson=JSON.parse(request.rawBody);
	    rpcMethod=bodyJson.method;
	}
	catch(e)
	{
	    perIPCounter[remoteIP].invalidRequests++;
	    invalidRequestCounter++;
	    return;
	}
	if(maxCallsPerMinute[rpcMethod]===undefined)
	{
	    perIPCounter[remoteIP].forbiddenCalls++;
	    forbiddenCallCounter++;
	    return;
	}
	if(maxCallsPerMinute[rpcMethod]!==null)
	{
	    if(callsRemaining[rpcMethod]<1)
	    {
	        droppedCallsCounter[rpcMethod]++;
		return;
	    }
	    else
	    {
		callsRemaining[rpcMethod]--;
	    }
	}
	
	if(maxCallsPerMinutePerIP[rpcMethod]!==null)
	{	
	    if(perIPCounter[remoteIP].callsRemaining[rpcMethod]<1)
	    {
		perIPCounter[remoteIP].overLimit++;
		return;
	    }
	    else
	    {
		perIPCounter[remoteIP].callsRemaining[rpcMethod]--;
	    }
	}
	
	var rpcProxy = http.request({host: settings.RPC.host, port: settings.RPC.port, method: request.method, headers: request.headers}, function(proxy_res)
	{
	    proxy_res.on("data", function(chunk)
	    {
		response.write(chunk, "binary");
	    });

	    proxy_res.on("end", function(chunk)
	    {
		response.end();
	    });
	    
	    proxy_res.on("error", function(error)
	    {
		if(!connectionErrorMessageDisplayed)
		{
		    console.log("Error: cannot connect to twisterd.\nSee Troubleshooting section in README.md for instructions.");
		    connectionErrorMessageDisplayed=true;
		}
		response.send(502);
	    });

	    response.writeHead(proxy_res.statusCode, proxy_res.headers);
	});
	
	rpcProxy.write(request.rawBody, "binary");
	rpcProxy.end();
    });
});

if(settings.Server.enable_https)
{
    https.createServer(credentials, app).listen(settings.Server.https_port);
}

http.createServer(app).listen(settings.Server.http_port);

setInterval(function()
{
    for(method in maxCallsPerMinute)
    {
	callsRemaining[method] = maxCallsPerMinute[method];
	if(droppedCallsCounter[method]!==0)
	{
	    console.log("Dropped "+droppedCallsCounter[method]+" calls to "+method+" over the limit of "+maxCallsPerMinute[method]);
	    droppedCallsCounter[method] = 0;
	}
    };
    if(invalidRequestCounter!==0)
    {
	console.log("Received "+invalidRequestCounter+" invalid POST requests.");
	invalidRequestCounter = 0;
    }
    if(forbiddenCallCounter!==0)
    {
	console.log("Denied "+forbiddenCallCounter+" attempts to access forbidden API calls.");
	forbiddenCallCounter = 0;
    }
    
    for(ip in perIPCounter)
    {
	if(perIPCounter[ip].overLimit>=settings.LogAsAttackThreshold.callsOverLimits)
	{
	    console.log("IP "+ip+" tried to send "+perIPCounter[ip].overLimit+" calls more than the limits allow.");
	};
	if(perIPCounter[ip].invalidRequests>=settings.LogAsAttackThreshold.invalidRequests)
	{
	    console.log("IP "+ip+" sent "+perIPCounter[ip].invalidRequests+" invalid request that couldn't be parsed.");
	};
	if(perIPCounter[ip].forbiddenCalls>=settings.LogAsAttackThreshold.forbiddenCalls)
	{
	    console.log("IP "+ip+" tried to send "+perIPCounter[ip].forbiddenCalls+" calls to forbidden functions.");
	};
    }
    
    perIPCounter = {};
    connectionErrorMessageDisplayed = false;
    
}, 60000);
Initial commit 11 years ago			`var fs = require("fs");`
			`var https = require("https");`
			`var http = require("http");`
			`var express = require("express");`
			`var console = require("console");`

			`var app = express();`

			`try`
			`{`
			`var settings = JSON.parse(fs.readFileSync("settings.json"));`
			`}`
			`catch(e)`
			`{`
			`console.log("Error: Configuration file settings.json couldn't be parsed.\nSee Troubleshooting section in README.md for instructions.");`
			`process.exit(1);`
			`}`

			`if(settings.Server.enable_https)`
			`{`
			`try`
			`{`
			`var privateKey = fs.readFileSync(settings.Server.ssl_key_file).toString();`
			`}`
			`catch(e)`
			`{`
			`console.log("Error: unable to load SSL key. Please edit setting.json and put the correct path to your SSL private key file into \"ssl_key_file.\"");`
			`process.exit(1);`
			`}`
			`try`
			`{`
			`var certificate = fs.readFileSync(settings.Server.ssl_certificate_file).toString();`
			`}`
			`catch(e)`
			`{`
			`console.log("Error: unable to load SSL certificate. Please edit setting.json and put the correct path to your SSL certificate file into \"ssl_certificate_file.\"");`
			`process.exit(1);`
			`}`
			`var credentials = {key: privateKey, cert: certificate};`
			`}`

			`maxCallsPerMinute = {};`
			`maxCallsPerMinutePerIP = {};`
			`callsRemaining = {};`
			`perIPCounter = {};`
			`droppedCallsCounter = {};`

			`var invalidRequestCounter = 0;`
			`var forbiddenCallCounter = 0;`
			`var connectionErrorMessageDisplayed = false;`

			`settings.CallLimits.forEach(function(x) {`
			`maxCallsPerMinute[x.name] = x.maxPerMinute;`
			`maxCallsPerMinutePerIP[x.name] = x.maxPerMinutePerIP;`
			`callsRemaining[x.name] = x.maxPerMinute;`
			`droppedCallsCounter[x.name] = 0;`
			`});`

			`CounterInstance = function()`
			`{`
			`this.overLimit=0;`
			`this.invalidRequests=0;`
			`this.forbiddenCalls=0;`
			`this.callsRemaining={};`
			`for (x in maxCallsPerMinutePerIP)`
			`{`
			`if(maxCallsPerMinutePerIP[x]!==null)`
			`this.callsRemaining[x]=maxCallsPerMinutePerIP[x];`
			`}`
			`}`

			`require("log-timestamp");`

			`app.get("*", function(request, response)`
			`{`
			`if(settings.Server.enable_https&&request.protocol=="http")`
			`{`
			`if(settings.Server.https_port==443)`
			`secureUrl="https://"+request.host+request.path;`
			`else`
			`secureUrl="https://"+request.host+":"+settings.Server.https_port+request.path;`
			`response.writeHead(302, {"Location": secureUrl});`
			`response.end();`
			`return;`
			`}`

			`var webProxy = http.request({host: settings.RPC.host, port: settings.RPC.port, method: request.method, path: request.path, headers: request.headers}, function (proxy_res)`
			`{`
			`proxy_res.pipe(response, {end: true});`
			`});`

			`webProxy.on("error", function(error)`
			`{`
			`if(!connectionErrorMessageDisplayed)`
			`{`
			`console.log("Error: cannot connect to twisterd.\nSee Troubleshooting section in README.md for instructions.");`
			`connectionErrorMessageDisplayed=true;`
			`}`
			`response.send(502);`
			`});`

			`request.pipe(webProxy, {end: true});`
			`});`

			`app.post("/", function(request, response)`
			`{`
			`request.rawBody = "";`
			`request.setEncoding("utf8");`

			`request.addListener("data", function(chunk)`
			`{`
			`request.rawBody += chunk;`
			`});`

			`request.addListener("end", function()`
			`{`
			`var remoteIP = request.connection.remoteAddress;`

			`if(perIPCounter[remoteIP]===undefined)`
			`{`
			`perIPCounter[remoteIP]=new CounterInstance();`
			`}`
			`try`
			`{`
			`bodyJson=JSON.parse(request.rawBody);`
			`rpcMethod=bodyJson.method;`
			`}`
			`catch(e)`
			`{`
			`perIPCounter[remoteIP].invalidRequests++;`
			`invalidRequestCounter++;`
			`return;`
			`}`
			`if(maxCallsPerMinute[rpcMethod]===undefined)`
			`{`
			`perIPCounter[remoteIP].forbiddenCalls++;`
			`forbiddenCallCounter++;`
			`return;`
			`}`
			`if(maxCallsPerMinute[rpcMethod]!==null)`
			`{`
			`if(callsRemaining[rpcMethod]<1)`
			`{`
			`droppedCallsCounter[rpcMethod]++;`
			`return;`
			`}`
			`else`
			`{`
			`callsRemaining[rpcMethod]--;`
			`}`
			`}`

			`if(maxCallsPerMinutePerIP[rpcMethod]!==null)`
			`{`
			`if(perIPCounter[remoteIP].callsRemaining[rpcMethod]<1)`
			`{`
			`perIPCounter[remoteIP].overLimit++;`
			`return;`
			`}`
			`else`
			`{`
			`perIPCounter[remoteIP].callsRemaining[rpcMethod]--;`
			`}`
			`}`

			`var rpcProxy = http.request({host: settings.RPC.host, port: settings.RPC.port, method: request.method, headers: request.headers}, function(proxy_res)`
			`{`
			`proxy_res.on("data", function(chunk)`
			`{`
			`response.write(chunk, "binary");`
			`});`

			`proxy_res.on("end", function(chunk)`
			`{`
			`response.end();`
			`});`

			`proxy_res.on("error", function(error)`
			`{`
			`if(!connectionErrorMessageDisplayed)`
			`{`
			`console.log("Error: cannot connect to twisterd.\nSee Troubleshooting section in README.md for instructions.");`
			`connectionErrorMessageDisplayed=true;`
			`}`
			`response.send(502);`
			`});`

			`response.writeHead(proxy_res.statusCode, proxy_res.headers);`
			`});`

			`rpcProxy.write(request.rawBody, "binary");`
			`rpcProxy.end();`
			`});`
			`});`

			`if(settings.Server.enable_https)`
			`{`
			`https.createServer(credentials, app).listen(settings.Server.https_port);`
			`}`

			`http.createServer(app).listen(settings.Server.http_port);`

			`setInterval(function()`
			`{`
			`for(method in maxCallsPerMinute)`
			`{`
			`callsRemaining[method] = maxCallsPerMinute[method];`
			`if(droppedCallsCounter[method]!==0)`
			`{`
			`console.log("Dropped "+droppedCallsCounter[method]+" calls to "+method+" over the limit of "+maxCallsPerMinute[method]);`
			`droppedCallsCounter[method] = 0;`
			`}`
			`};`
			`if(invalidRequestCounter!==0)`
			`{`
			`console.log("Received "+invalidRequestCounter+" invalid POST requests.");`
			`invalidRequestCounter = 0;`
			`}`
			`if(forbiddenCallCounter!==0)`
			`{`
			`console.log("Denied "+forbiddenCallCounter+" attempts to access forbidden API calls.");`
			`forbiddenCallCounter = 0;`
			`}`

			`for(ip in perIPCounter)`
			`{`
			`if(perIPCounter[ip].overLimit>=settings.LogAsAttackThreshold.callsOverLimits)`
			`{`
			`console.log("IP "+ip+" tried to send "+perIPCounter[ip].overLimit+" calls more than the limits allow.");`
			`};`
			`if(perIPCounter[ip].invalidRequests>=settings.LogAsAttackThreshold.invalidRequests)`
			`{`
			`console.log("IP "+ip+" sent "+perIPCounter[ip].invalidRequests+" invalid request that couldn't be parsed.");`
			`};`
			`if(perIPCounter[ip].forbiddenCalls>=settings.LogAsAttackThreshold.forbiddenCalls)`
			`{`
typos 11 years ago			`console.log("IP "+ip+" tried to send "+perIPCounter[ip].forbiddenCalls+" calls to forbidden functions.");`
Initial commit 11 years ago			`};`
			`}`

			`perIPCounter = {};`
			`connectionErrorMessageDisplayed = false;`

			`}, 60000);`