api.js

const express = require('express'); 
const axios = require('axios'); 
const jwt = require('jsonwebtoken'); 
const vm = require('vm'); 
const { JSDOM } = require('jsdom'); 
const logger = require('./logger'); 
 
const app = express(); 
app.use(express.json()); 
// 日志中间件 
app.use((req, res, next) => { 
 const forwarded = req.headers['x-forwarded-for']; 
 let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress; 
 ip0 = ip0 ? ip0 : 'unknown'; 
 res.on('finish', () => { 
 logger.info("", { 
 meta: { ip: ip0, path: req.originalUrl, statusCode: res.statusCode } 
 }); 
 }); 
 next(); 
}); 
 
// hsw 函数 
async function hsw(req, host) { 
 try { 
 const url = jwt.decode(req, { complete: true }).payload.l; 
 const hsw = (await axios.get(`${url}/hsw.js`)).data; 
 const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`); 
 const script = new vm.Script(` 
 Object.defineProperty(navigator, "webdriver", { get: () => false }); 
 ${hsw}; 
 hsw("${req}"); 
 `); 
 dom.window.navigator.language = 'en-US'; 
 dom.window.navigator.languages = ['en-US', 'en']; 
 dom.window.location.host = host; 
 
 const context = vm.createContext(dom.window); 
 const result = await script.runInContext(context); 
 
 return String(result); // Assuming `hsw` sets `window.result` 
 } catch (e) { 
 console.error(e); 
 return "None"; 
 } 
} 
 
// 定义 /hsw 路由 
app.post('/hsw', async (req, res) => { 
 const data = req.body; 
 const result = await hsw(data.req, data.host); 
 res.send(result); 
}); 
 
// 定义 /ping 路由 
app.get('/ping', (req, res) => { 
 const forwarded = req.headers['x-forwarded-for']; 
 let ip0 = forwarded ? forwarded.split(/, /)[0] : req.connection.remoteAddress; 
 ip0 = ip0 ? ip0 : 'unknown'; 
 res.json({ ip:ip0,status: 200 }); 
}); 
 
// 捕获所有未定义的路由并返回403 
app.use((req, res) => { 
 res.status(403).send('Forbidden'); 
}); 
 
app.listen(5000, '0.0.0.0', () => { 
 console.log('Server is running on port 5000'); 
});