p2ply/server.js at main · DeepPythonist/p2ply · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
const express = require('express');
const http = require('http');
const { Server } = require('socket.io');
const crypto = require('crypto');

const app = express();
const server = http.createServer(app);
const io = new Server(server, {
    cors: {
        origin: "*",
        methods: ["GET", "POST"]
    }
});

const PORT = parseInt(process.env.PORT) || 0;
const MAX_CONNS_PER_IP = 10;
const RATE_LIMIT_WINDOW = 60000;
const RATE_LIMIT_MAX_REQS = 100;

const ipRequestCounts = new Map();
const activePairingCodes = new Map();

function rateLimiter(req, res, next) {
    const ip = req.ip;
    const now = Date.now();

    if (!ipRequestCounts.has(ip)) {
        ipRequestCounts.set(ip, { count: 1, resetTime: now + RATE_LIMIT_WINDOW });
    } else {
        const data = ipRequestCounts.get(ip);
        if (now > data.resetTime) {
            data.count = 1;
            data.resetTime = now + RATE_LIMIT_WINDOW;
        } else {
            data.count++;
            if (data.count > RATE_LIMIT_MAX_REQS) {
                return res.status(429).send('Too Many Requests');
            }
        }
    }
    next();
}

app.use((req, res, next) => {
    res.setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *;");
    res.setHeader('X-Content-Type-Options', 'nosniff');
    res.setHeader('X-Frame-Options', 'DENY');
    res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
    next();
});

app.use(rateLimiter);
app.use(express.json());
app.use(express.static('public'));

let remoteUrl = null;

app.post('/set-remote-url', (req, res) => {
    if (req.body.url) {
        remoteUrl = req.body.url;
    }
    res.sendStatus(200);
});

io.on('connection', (socket) => {
    const ip = socket.handshake.address;

    socket.on('create-pair', () => {
        let code;
        do {
            code = Math.floor(100000 + Math.random() * 900000).toString();
        } while (activePairingCodes.has(code));

        activePairingCodes.set(code, {
            host: socket.id,
            created: Date.now()
        });

        socket.emit('pair-code', { code, remoteUrl });

        setTimeout(() => {
            if (activePairingCodes.has(code)) {
                activePairingCodes.delete(code);
            }
        }, 60000);
    });

    socket.on('join-pair', (code) => {
        const session = activePairingCodes.get(code);
        if (session && session.host) {
            if (session.host === socket.id) {
                socket.emit('error', 'You cannot pair with yourself!');
                return;
            }
            io.to(session.host).emit('peer-joined', socket.id);
            socket.emit('peer-found', session.host);
            activePairingCodes.delete(code);
        } else {
            socket.emit('error', 'Invalid or expired code');
        }
    });

    socket.on('signal', (data) => {
        if (data.target) {
            io.to(data.target).emit('signal', {
                sender: socket.id,
                payload: data.payload,
                type: data.type
            });
        }
    });

    socket.on('end-session', (data) => {
        if (data && data.target) {
            io.to(data.target).emit('session-ended');
        }
    });
});

const listener = server.listen(PORT, '0.0.0.0', () => {
    console.log(`Server running on port ${listener.address().port}`);
});

process.on('SIGTERM', () => {
    server.close(() => {
        process.exit(0);
    });
});