added a bouncer

2017-10-01 13:37:31 +01:00 · 2017-10-01 13:37:31 +01:00 · 007d2c8de1
commit 007d2c8de1
parent efb3aa4e60
1 changed files with 65 additions and 1 deletions
--- a/server.js
+++ b/server.js
@ -24,9 +24,74 @@ const cache = apicache.middleware;

 app.use(cache('15 minutes'));

+const bouncer = ['phpmyadmin',
+  'phpMyadmin',
+  'phpMyAdmin',
+  'phpmyAdmin',
+  'phpmyadmin2',
+  'phpmyadmin3',
+  'phpmyadmin4',
+  '2phpmyadmin',
+  'phpmy',
+  'phppma',
+  'myadmin',
+  'shopdb',
+  'MyAdmin',
+  'program',
+  'PMA',
+  'dbadmin',
+  'pma',
+  'db',
+  'admin',
+  'mysql',
+  'database',
+  'sqlmanager',
+  'mysqlmanager',
+  'php-myadmin',
+  'phpmy-admin',
+  'mysqladmin',
+  'mysql-admin',
+  'phpMyAdmin2',
+  'phpMyAdmin3',
+  'phpMyAdmin4',
+  'phpMyAdmin-3',
+  'php-my-admin',
+  'PMA2011',
+  'PMA2012',
+  'PMA2013',
+  'PMA2014',
+  'PMA2015',
+  'PMA2016',
+  'PMA2017',
+  'PMA2018',
+  'pma2011',
+  'pma2012',
+  'pma2013',
+  'pma2014',
+  'pma2015',
+  'pma2016',
+  'pma2017',
+  'pma2018',
+  'phpmyadmin2011',
+  'phpmyadmin2012',
+  'phpmyadmin2013',
+  'phpmyadmin2014',
+  'phpmyadmin2015',
+  'phpmyadmin2016',
+  'phpmyadmin2017',
+  'phpmyadmin2018',
+  'phpmanager'];
+
 function getUrl (req, res) {
  const theUrl = req.params.encoded_id;
  logger.debug('Want', theUrl);
+  if (theUrl === undefined || bouncer.findIndex(theUrl) !== -1 || theUrl === '') {
+    logger.warn(`You're not getting in ${theUrl}`);
+    res.status(403);
+    
+    return;
+  }
+
  const options = URL.parse(theUrl);
  options.followAllRedirects = true;
  options.headers = {
@ -60,7 +125,6 @@ function getUrl (req, res) {
            https.request(rUrl, responseHandler).end();
          else 
            http.request(rUrl, responseHandler).end();
-
        }

        let data = '';