import { Database } from '../database/database.js'; import { rateLimit } from 'express-rate-limit'; const authenticateApiKey = async (req, res, next) => { const apiKey = req.headers['x-api-key']; const dbClient = new Database("AkenoXJs"); const db = dbClient.collection("api_keys"); if (!apiKey) { return res.status(401).json({ error: 'API Key required' }); } try { const keyDoc = await db.findOne({key: apiKey}); if (!keyDoc) { return res.status(403).json({ error: 'Invalid API Key' }); } next(); } catch (err) { res.status(500).json({ error: 'Server error' }); } }; const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100, keyGenerator: (req) => req.headers['x-api-key'], message: 'Too many requests from this API Key' }); class CheckMilWare { constructor() { this.dbClient = new Database("AkenoXJs"); } async handle(req, res, next) { try { delete req.headers["link"]; const xForwardedFor = req.headers['x-forwarded-for']; const xRealIP = req.headers['x-real-ip']; const cfConnectingIP = req.headers['cf-connecting-ip']; let realIP = req.ip; if (xForwardedFor) { realIP = xForwardedFor.split(',')[0].trim(); } else if (xRealIP) { realIP = xRealIP; } else if (cfConnectingIP) { realIP = cfConnectingIP; } req.realIP = realIP; const isBlocked = await this.dbClient.CheckIsBlocked(realIP); if (isBlocked && isBlocked.blocked) { return res.status(403).send("Access denied: IP is blocked"); } if (req.path === '/.env') { console.log("Check path /env"); await this.dbClient.AddIpisBlocked(realIP); return res.status(403).send("Access denied: IP is blocked.."); } console.log(`Real IP address is: ${realIP} path method: ${req.path} method: ${req.method} header used: ${xForwardedFor ? "x-forwarded-for" : xRealIP ? "x-real-ip" : cfConnectingIP ? "cf-connecting-ip" : "req.ip"} `); next(); } catch (error) { console.error("Error in middleware: " + error); res.status(500).send("Something bad happened"); } } } export { CheckMilWare, authenticateApiKey, apiLimiter };