Spaces:
Running
Running
File size: 2,194 Bytes
4e2eb63 fbbafe8 4e2eb63 469a093 4e2eb63 b5d3057 4e2eb63 bd07385 751e7d8 4e2eb63 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
const express = require('express');
const axios = require('axios');
const jwt = require('jsonwebtoken');
const vm = require('vm');
const { JSDOM } = require('jsdom');
const logger = require('./logger');
const app = express();
app.use(express.json());
// 日志中间件
app.use((req, res, next) => {
const forwarded = req.headers['x-forwarded-for'];
let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress;
ip0 = ip0 ? ip0 : 'unknown';
res.on('finish', () => {
logger.info("", {
meta: { ip: ip0, path: req.originalUrl, statusCode: res.statusCode }
});
});
next();
});
// hsw 函数
async function hsw(req, host) {
try {
const url = jwt.decode(req, { complete: true }).payload.l;
const hsw = (await axios.get(`${url}/hsw.js`)).data;
const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`);
const script = new vm.Script(`
Object.defineProperty(navigator, "webdriver", { get: () => false });
${hsw};
hsw("${req}");
`);
dom.window.navigator.language = 'en-US';
dom.window.navigator.languages = ['en-US', 'en'];
dom.window.location.host = host;
const context = vm.createContext(dom.window);
const result = await script.runInContext(context);
return String(result); // Assuming `hsw` sets `window.result`
} catch (e) {
console.error(e);
return "None";
}
}
// 定义 /hsw 路由
app.post('/hsw', async (req, res) => {
const data = req.body;
const result = await hsw(data.req, data.host);
res.send(result);
});
// 定义 /ping 路由
app.get('/ping', (req, res) => {
const forwarded = req.headers['x-forwarded-for'];
let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress;
ip0 = ip0 ? ip0 : 'unknown';
res.json({ ip:ip0,status: 200 });
});
// 捕获所有未定义的路由并返回403
app.use((req, res) => {
res.status(403).send('Forbidden');
});
app.listen(5000, '0.0.0.0', () => {
console.log('Server is running on port 5000');
});
|