diff --git a/server/controllers/index.js b/server/controllers/index.js index 4b416ca..5ddee2a 100644 --- a/server/controllers/index.js +++ b/server/controllers/index.js @@ -1,11 +1,12 @@ -import {getTemplate} from "../lib/sso-render.js"; +import {getTemplate} from '../lib/sso-render.js'; import { search, getFacets } from '../lib/search.js'; import classNames from 'html-classnames'; import {getDefaultViewData} from '../lib/view.js'; import {emitPageView} from '../lib/plausible.js'; import {parseQuery} from '../lib/parseQuery.js'; import {trackQuery} from '../lib/mongo.js'; -import {renderHtml} from "../lib/sso-render.js"; +import {renderHtml} from '../lib/sso-render.js'; +import {isBanned} from '../lib/ban/isBanned.js'; const indexTemplate = getTemplate(import.meta.dirname, './template.html'); @@ -15,6 +16,12 @@ export const indexController = async (req, res) => { const { searchParams } = new URL(req.originalUrl, 'http://localhost'); const { q } = Object.fromEntries(searchParams.entries()); const { q: searchQuery, lang } = parseQuery(q); + + if (isBanned(searchQuery)) { + res.status(403).send('Forbidden query. This is a niche search engine. Please do not abuse it.'); + return; + } + const searchTimeStamp = Date.now(); const result = q ? await search(env, searchQuery, lang) : null; const doneIn = Date.now() - searchTimeStamp; @@ -92,7 +99,7 @@ export const indexController = async (req, res) => { langs, }; - const html = await renderHtml(indexTemplate, view) + const html = await renderHtml(indexTemplate, view); console.log(`Last milestone took ${Date.now() - startTime}ms`); res.status(200).type('text/html').send(html); diff --git a/server/lib/ban/isBanned.js b/server/lib/ban/isBanned.js new file mode 100644 index 0000000..fa4db56 --- /dev/null +++ b/server/lib/ban/isBanned.js @@ -0,0 +1,9 @@ +import shortener from './shortener.js'; + +export const isBanned = (query) => { + if (shortener.includes(query)) { + return true; + } + + return false; +}; diff --git a/server/lib/ban/shortener.js b/server/lib/ban/shortener.js new file mode 100644 index 0000000..040b580 --- /dev/null +++ b/server/lib/ban/shortener.js @@ -0,0 +1,506 @@ +export default [ + '"Seed" "A clue for easy reference" "Target URL"', + '"Use this URL shortener service to shorten your long URLs" "Custom URL (Optional)"', + '"shorten a link"', + '"URL Shortener"', + '"Short URL"', + '"Shrink URL"', + '"Create small URL"', + '"Tiny URL"', + '"TODAY SHORTENED URLS"', + '"/api.php?url=http://pricop.info"', + '"Powered by lilURL"', + 'lilĀ“ URL Generator', + '"lilĀ“ URL Generator"', + '"PHPurl is a simple script made for anyone to be able to turn a long URL into a shorter address"', + '"Make a long URL short." "Great for SMS!" "Friendly re-direct URL"', + '"Enter Long URL Here" "http:// To Make It Work"', + '"Enter a short tag to identify your URL (optional)" "Only alphanumeric characters allowed (but no digits-only - optional)"', + '"Designed By: Nile" "Powered by PHPurl"', + '"Create a short URL" "Enter web address (URL) here" "Custom alias (optional)"', + '"Creez des liens courts" "Entrez l\'address web (URL) here" "Custom alias (optional)"', + '"May contain letters, numbers, dashes and underscores" "Browser Bookmarklets"', + '"Drag these links to your browser toolbar" "Shorten with a custom alias" "Shorten without a custom alias"', + '"Please check out the template at http://gempixel.com/shortener/developer.html and copy the template or"', + '"Advanced Statistics" "Store and Manage" "Share them anytime" "Track each short URL from A to Z."', + '"We are social! Follow us for new exciting features" "Share them anytime"', + '"You are about to be redirected to another page. We are not responisible for the content of that page." "If you are ready to proceed, click the button below."', + '"Enter your URL" "Advanced" "Short URL Bookmarklet"', + '"Here you can create a short URL that can be effectively used instead of an existing, long URL."', + '"Please fill in the following field with the URL you want to shorten"', + '"&finaldestination="', + '".aspx?ReturnUrl="', + '"/?ac=links&go="', + '"/?api=redirect&url="', + '"/?go="', + '"/?goto="', + '"/?r=crossDomainAuth/passport&domain="', + '"/?url="', + '"/_linkout.pxp"', + '"/adclick.php?"', + '"/adlog.php?url="', + '"/adredir.asp?url="', + '"/adsavess?"', + '"/adserver.php?u="', + '"/Aggregator.ashx?url="', + '"/api/redirect/"', + '"/app/home/link.php?url="', + '"/appreciative-community/home/link.php?url="', + '"/apps/link.php?url="', + '"/articles/out?url="', + '"/as_site.php?u="', + '"/away.php?s="', + '"/away.php?to="', + '"/banner.php?link="', + '"/bbcodes/go.php?url="', + '"/book.php?pid="', + '"/cgi/out.cgi?"', + '"/cgi-bin/crtr/out.cgi?"', + '"/cgi-bin/go.pl?url="', + '"/cgi-bin/links/cougalinks.cgi?direct="', + '"/cgi-bin/nph-job.cgi?url="', + '"/cgi-bin/otsing?query="', + '"/cgi-bin/out.cgi?"', + '"/cgi-bin/outlog.cgi?url="', + '"/cgi-bin/rb4/cout.cgi?url="', + '"/cgi-bin/redirect.cgi?url="', + '"/cgi-bin/redirect?url="', + '"/cgi-bin/ucj/c.cgi?url="', + '"/click.php?id="', + '"/click.php?url="', + '"/click/redirect.aspx?url="', + '"/click?_URL="', + '"/click?url="', + '"/clickcount.pl?url="', + '"/clickfeed.asp?url="', + '"/clickthrough.html?url="', + '"/clickthrough.php?url="', + '"/clickthru.cgi?id="', + '"/clickthru.php?url="', + '"/closetools.aspx?u="', + '"/club/link.php?url="', + '"/cntb.php?id="', + '"/config.php?u="', + '"/cougalinks.cgi?direct="', + '"/countries_change.php?url="', + '"/ct.ashx?url="', + '"/d.php?no="', + '"/dating/go.php?url="', + '"/disclaimer.asp?url="', + '"/dtr/link.php?"', + '"/EBayRedirectServlet?jumpto="', + '"/ept/out.php?"', + '"/ex.aspx?t="', + '"/exit.php?url="', + '"/exitpage.aspx?return="', + '"/exlink.php?url="', + '"/ext.aspx?url="', + '"/external_link.php?url="', + '"/externalLink.asp?url="', + '"/externalsearchstart/?return="', + '"/externalsiteredirect.asp?"', + '"/externlink.php?url="', + '"/foro/g.php?url="', + '"/forum/away.php?s="', + '"/forum/exit.php?url="', + '"/forum/g.php?url="', + '"/forum/go.php?to="', + '"/forum/go.php?url="', + '"/forum/home/link.php?url="', + '"/forum/redirector.php?url="', + '"/forum/ref.php?url="', + '"/forum/space/link.php?url="', + '"/forum/uc_server/link.php?url="', + '"/forum/visit.php?url="', + '"/forum_redir.cfm?d="', + '"/forums/home/link.php?url="', + '"/forums/redirector.php?url="', + '"/forumv2/g.php?url="', + '"/forumv3/index.php?thememode=full;redirect="', + '"/forward.php?tid=4062&url="', + '"/furnizor-link.php?url="', + '"/fwd.php?url="', + '"/get.link?linkid="', + '"/go.asp?URL="', + '"/go.aspx?"', + '"/go.aspx?url="', + '"/go.htm?url="', + '"/go.php?gid="', + '"/go.php?go="', + '"/go.php?to="', + '"/go.php?u="', + '"/go.php?url="', + '"/go/?id="', + '"/go/url="', + '"/go2link.php?desturl="', + '"/gos.php?id="', + '"/goto.php?url="', + '"/goto/?href="', + '"/goto/link.php?url="', + '"/goto_extern.php?goto="', + '"/gotourl.php?url="', + '"/gourl.php?go="', + '"/govisit.php?url="', + '"/graduate/link.php?url="', + '"/hide-address-redirect.php?url="', + '"/home/link.php?url="', + '"/html-link.php?url="', + '"/hyperlink.php?url="', + '"/impakredirect.aspx?url="', + '"/includes/redirect.php?url="', + '"/index.php?go="', + '"/index.php?redirect="', + '"/index.php?thememode=full;redirect="', + '"/index.php?URL="', + '"/index?URL="', + '"/inout_redirect.php?"', + '"/jump.asp?url="', + '"/jump.php?sid="', + '"/jump.php?url="', + '"/jumplink.php?target="', + '"/Klik.asp?URL="', + '"/leaving.php?u="', + '"/leaving.php?url="', + '"/lgate.php?link="', + '"/link.asp?"', + '"/link.php?p="', + '"/link.php?url="', + '"/link/url="', + '"/link_external.php?name="', + '"/linkCounter.aspx?id="', + '"/linkDown.asp?filename="', + '"/linklog.php?url="', + '"/linkredir.cfm?"', + '"/ln_c.php?url="', + '"/lnspel_refer.php?url="', + '"/login?url="', + '"/logout.cfm?parent="', + '"/logout.php?referrer="', + '"/logout.php?return="', + '"/logout?redirect="', + '"/Mainf.asp?link="', + '"/map.aspx?url="', + '"/mcache.php?u="', + '"/member/link.php?url="', + '"/MobileDefault.aspx?reff="', + '"/out.cgi?"', + '"/out.cgi?id="', + '"/out.php?cod_banner="', + '"/out.php?id="', + '"/out.php?link="', + '"/out.php?site="', + '"/out.php?url="', + '"/outbound.php?url="', + '"/outsideNav.asp?href="', + '"/ouvrirpub.asp?f="', + '"/r.php?link="', + '"/r.php?r="', + '"/r.php?u="', + '"/ra.asp?url="', + '"/rank.php?mode=link&id="', + '"/re?url="', + '"/ReceiveAutoRedirect/false?desiredLocationUrl="', + '"/redir.asp?"', + '"/redir.axd?url="', + '"/redir.html?url="', + '"/redir.php?"', + '"/redir.php?id="', + '"/redir.php?link="', + '"/redir.php?redir="', + '"/redir.php?url="', + '"/redir.php3?u="', + '"/redir/?url="', + '"/redir?siteID="', + '"/redirect.asp?"', + '"/redirect.asp?page="', + '"/redirect.asp?sUrl="', + '"/Redirect.asp?UID="', + '"/redirect.asp?url="', + '"/redirect.aspx?url="', + '"/redirect.cfm?address="', + '"/redirect.do?"', + '"/redirect.html?docId="', + '"/redirect.html?site_url="', + '"/redirect.php"', + '"/redirect.php?action=url&goto="', + '"/redirect.php?f="', + '"/redirect.php?id="', + '"/redirect.php?link="', + '"/redirect.php?listid="', + '"/redirect.php?redir="', + '"/redirect.php?redirect_link="', + '"/redirect.php?redirect="', + '"/redirect.php?storyID="', + '"/redirect.php?url="', + '"/redirect/bounce.php?"', + '"/redirect?link="', + '"/redirect?url="', + '"/redirector.php?url="', + '"/RedirectURL.aspx?JobURL="', + '"/Refer.aspx?Type=WebResult&Query=&url="', + '"/register.asp?Link="', + '"/ren_out_link.php?link="', + '"/rk.php?goto="', + '"/rss?redirect_url="', + '"/ru/link.php?url="', + '"/s?action=editReg&rurl="', + '"/s?action=reg&rurl="', + '"/site_exit.php?url="', + '"/site_redir.php?url="', + '"/ToggleMobile?ReturnTo="', + '"/track_it.php?url="', + '"/tracker.php?aid=google_cpc&url="', + '"/translate.php?pid="', + '"/url.php?url="', + '"/url-link.php?url="', + '"/urlredirect.php?go="', + '"/UserLogin?logout=1&NEXTURL="', + '"/vb/redirector.php?url="', + '"/view_activity.php?url="', + '"/visit.aspx?u="', + '"/visit.php?url="', + '"/vosexit.php?url="', + '"/voucherHandler.asp?redirectURL="', + '"/write-referral-link.php?url="', + '"?action=redirect&"', + '"redirect=yes&url="', + '"type=1&url="', + 'inurl:"&finaldestination="', + 'inurl:".aspx?ReturnUrl="', + 'inurl:"/?ac=links&go="', + 'inurl:"/?api=redirect&url="', + 'inurl:"/?go="', + 'inurl:"/?goto="', + 'inurl:"/?r=crossDomainAuth/passport&domain="', + 'inurl:"/?url="', + 'inurl:"/_linkout.pxp"', + 'inurl:"/adclick.php?"', + 'inurl:"/adlog.php?url="', + 'inurl:"/adredir.asp?url="', + 'inurl:"/adsavess?"', + 'inurl:"/adserver.php?u="', + 'inurl:"/Aggregator.ashx?url="', + 'inurl:"/api/redirect/"', + 'inurl:"/app/home/link.php?url="', + 'inurl:"/appreciative-community/home/link.php?url="', + 'inurl:"/apps/link.php?url="', + 'inurl:"/articles/out?url="', + 'inurl:"/as_site.php?u="', + 'inurl:"/away.php?s="', + 'inurl:"/away.php?to="', + 'inurl:"/banner.php?link="', + 'inurl:"/bbcodes/go.php?url="', + 'inurl:"/book.php?pid="', + 'inurl:"/cgi/out.cgi?"', + 'inurl:"/cgi-bin/crtr/out.cgi?"', + 'inurl:"/cgi-bin/go.pl?url="', + 'inurl:"/cgi-bin/links/cougalinks.cgi?direct="', + 'inurl:"/cgi-bin/nph-job.cgi?url="', + 'inurl:"/cgi-bin/otsing?query="', + 'inurl:"/cgi-bin/out.cgi?"', + 'inurl:"/cgi-bin/outlog.cgi?url="', + 'inurl:"/cgi-bin/rb4/cout.cgi?url="', + 'inurl:"/cgi-bin/redirect.cgi?url="', + 'inurl:"/cgi-bin/redirect?url="', + 'inurl:"/cgi-bin/ucj/c.cgi?url="', + 'inurl:"/click.php?id="', + 'inurl:"/click.php?url="', + 'inurl:"/click/redirect.aspx?url="', + 'inurl:"/click?_URL="', + 'inurl:"/click?url="', + 'inurl:"/clickcount.pl?url="', + 'inurl:"/clickfeed.asp?url="', + 'inurl:"/clickthrough.html?url="', + 'inurl:"/clickthrough.php?url="', + 'inurl:"/clickthru.cgi?id="', + 'inurl:"/clickthru.php?url="', + 'inurl:"/closetools.aspx?u="', + 'inurl:"/club/link.php?url="', + 'inurl:"/cntb.php?id="', + 'inurl:"/config.php?u="', + 'inurl:"/cougalinks.cgi?direct="', + 'inurl:"/countries_change.php?url="', + 'inurl:"/ct.ashx?url="', + 'inurl:"/d.php?no="', + 'inurl:"/dating/go.php?url="', + 'inurl:"/disclaimer.asp?url="', + 'inurl:"/dtr/link.php?"', + 'inurl:"/EBayRedirectServlet?jumpto="', + 'inurl:"/ept/out.php?"', + 'inurl:"/ex.aspx?t="', + 'inurl:"/exit.php?url="', + 'inurl:"/exitpage.aspx?return="', + 'inurl:"/exlink.php?url="', + 'inurl:"/ext.aspx?url="', + 'inurl:"/external_link.php?url="', + 'inurl:"/externalLink.asp?url="', + 'inurl:"/externalsearchstart/?return="', + 'inurl:"/externalsiteredirect.asp?"', + 'inurl:"/externlink.php?url="', + 'inurl:"/foro/g.php?url="', + 'inurl:"/forum/away.php?s="', + 'inurl:"/forum/exit.php?url="', + 'inurl:"/forum/g.php?url="', + 'inurl:"/forum/go.php?to="', + 'inurl:"/forum/go.php?url="', + 'inurl:"/forum/home/link.php?url="', + 'inurl:"/forum/redirector.php?url="', + 'inurl:"/forum/ref.php?url="', + 'inurl:"/forum/space/link.php?url="', + 'inurl:"/forum/uc_server/link.php?url="', + 'inurl:"/forum/visit.php?url="', + 'inurl:"/forum_redir.cfm?d="', + 'inurl:"/forums/home/link.php?url="', + 'inurl:"/forums/redirector.php?url="', + 'inurl:"/forumv2/g.php?url="', + 'inurl:"/forumv3/index.php?thememode=full;redirect="', + 'inurl:"/forward.php?tid=4062&url="', + 'inurl:"/furnizor-link.php?url="', + 'inurl:"/fwd.php?url="', + 'inurl:"/get.link?linkid="', + 'inurl:"/go.asp?URL="', + 'inurl:"/go.aspx?"', + 'inurl:"/go.aspx?url="', + 'inurl:"/go.htm?url="', + 'inurl:"/go.php?gid="', + 'inurl:"/go.php?go="', + 'inurl:"/go.php?to="', + 'inurl:"/go.php?u="', + 'inurl:"/go.php?url="', + 'inurl:"/go/?id="', + 'inurl:"/go/url="', + 'inurl:"/go2link.php?desturl="', + 'inurl:"/gos.php?id="', + 'inurl:"/goto.php?url="', + 'inurl:"/goto/?href="', + 'inurl:"/goto/link.php?url="', + 'inurl:"/goto_extern.php?goto="', + 'inurl:"/gotourl.php?url="', + 'inurl:"/gourl.php?go="', + 'inurl:"/govisit.php?url="', + 'inurl:"/graduate/link.php?url="', + 'inurl:"/hide-address-redirect.php?url="', + 'inurl:"/home/link.php?url="', + 'inurl:"/html-link.php?url="', + 'inurl:"/hyperlink.php?url="', + 'inurl:"/impakredirect.aspx?url="', + 'inurl:"/includes/redirect.php?url="', + 'inurl:"/index.php?go="', + 'inurl:"/index.php?redirect="', + 'inurl:"/index.php?thememode=full;redirect="', + 'inurl:"/index.php?URL="', + 'inurl:"/index?URL="', + 'inurl:"/inout_redirect.php?"', + 'inurl:"/jump.asp?url="', + 'inurl:"/jump.php?sid="', + 'inurl:"/jump.php?url="', + 'inurl:"/jumplink.php?target="', + 'inurl:"/Klik.asp?URL="', + 'inurl:"/leaving.php?u="', + 'inurl:"/leaving.php?url="', + 'inurl:"/lgate.php?link="', + 'inurl:"/link.asp?"', + 'inurl:"/link.php?p="', + 'inurl:"/link.php?url="', + 'inurl:"/link/url="', + 'inurl:"/link_external.php?name="', + 'inurl:"/linkCounter.aspx?id="', + 'inurl:"/linkDown.asp?filename="', + 'inurl:"/linklog.php?url="', + 'inurl:"/linkredir.cfm?"', + 'inurl:"/ln_c.php?url="', + 'inurl:"/lnspel_refer.php?url="', + 'inurl:"/login?url="', + 'inurl:"/logout.cfm?parent="', + 'inurl:"/logout.php?referrer="', + 'inurl:"/logout.php?return="', + 'inurl:"/logout?redirect="', + 'inurl:"/Mainf.asp?link="', + 'inurl:"/map.aspx?url="', + 'inurl:"/mcache.php?u="', + 'inurl:"/member/link.php?url="', + 'inurl:"/MobileDefault.aspx?reff="', + 'inurl:"/out.cgi?"', + 'inurl:"/out.cgi?id="', + 'inurl:"/out.php?cod_banner="', + 'inurl:"/out.php?id="', + 'inurl:"/out.php?link="', + 'inurl:"/out.php?site="', + 'inurl:"/out.php?url="', + 'inurl:"/outbound.php?url="', + 'inurl:"/outsideNav.asp?href="', + 'inurl:"/ouvrirpub.asp?f="', + 'inurl:"/r.php?link="', + 'inurl:"/r.php?r="', + 'inurl:"/r.php?u="', + 'inurl:"/ra.asp?url="', + 'inurl:"/rank.php?mode=link&id="', + 'inurl:"/re?url="', + 'inurl:"/ReceiveAutoRedirect/false?desiredLocationUrl="', + 'inurl:"/redir.asp?"', + 'inurl:"/redir.axd?url="', + 'inurl:"/redir.html?url="', + 'inurl:"/redir.php?"', + 'inurl:"/redir.php?id="', + 'inurl:"/redir.php?link="', + 'inurl:"/redir.php?redir="', + 'inurl:"/redir.php?url="', + 'inurl:"/redir.php3?u="', + 'inurl:"/redir/?url="', + 'inurl:"/redir?siteID="', + 'inurl:"/redirect.asp?"', + 'inurl:"/redirect.asp?page="', + 'inurl:"/redirect.asp?sUrl="', + 'inurl:"/Redirect.asp?UID="', + 'inurl:"/redirect.asp?url="', + 'inurl:"/redirect.aspx?url="', + 'inurl:"/redirect.cfm?address="', + 'inurl:"/redirect.do?"', + 'inurl:"/redirect.html?docId="', + 'inurl:"/redirect.html?site_url="', + 'inurl:"/redirect.php"', + 'inurl:"/redirect.php?action=url&goto="', + 'inurl:"/redirect.php?f="', + 'inurl:"/redirect.php?id="', + 'inurl:"/redirect.php?link="', + 'inurl:"/redirect.php?listid="', + 'inurl:"/redirect.php?redir="', + 'inurl:"/redirect.php?redirect_link="', + 'inurl:"/redirect.php?redirect="', + 'inurl:"/redirect.php?storyID="', + 'inurl:"/redirect.php?url="', + 'inurl:"/redirect/bounce.php?"', + 'inurl:"/redirect?link="', + 'inurl:"/redirect?url="', + 'inurl:"/redirector.php?url="', + 'inurl:"/RedirectURL.aspx?JobURL="', + 'inurl:"/Refer.aspx?Type=WebResult&Query=&url="', + 'inurl:"/register.asp?Link="', + 'inurl:"/ren_out_link.php?link="', + 'inurl:"/rk.php?goto="', + 'inurl:"/rss?redirect_url="', + 'inurl:"/ru/link.php?url="', + 'inurl:"/s?action=editReg&rurl="', + 'inurl:"/s?action=reg&rurl="', + 'inurl:"/site_exit.php?url="', + 'inurl:"/site_redir.php?url="', + 'inurl:"/ToggleMobile?ReturnTo="', + 'inurl:"/track_it.php?url="', + 'inurl:"/tracker.php?aid=google_cpc&url="', + 'inurl:"/translate.php?pid="', + 'inurl:"/url.php?url="', + 'inurl:"/url-link.php?url="', + 'inurl:"/urlredirect.php?go="', + 'inurl:"/UserLogin?logout=1&NEXTURL="', + 'inurl:"/vb/redirector.php?url="', + 'inurl:"/view_activity.php?url="', + 'inurl:"/visit.aspx?u="', + 'inurl:"/visit.php?url="', + 'inurl:"/vosexit.php?url="', + 'inurl:"/voucherHandler.asp?redirectURL="', + 'inurl:"/write-referral-link.php?url="', + 'inurl:"?action=redirect&"', + 'inurl:"redirect=yes&url="', + 'inurl:"type=1&url="', + '"Enter a new URL to shorten" "Powered by YOURLS"', +];