tuvme.xyz-server-main/server/server.js

const express = require('express');
const https = require('https');
const http = require('http');
const tls = require('tls');
const fs = require('fs');
const path = require('path');
const url = require('url');
const { execFile } = require('child_process');

require('dotenv').config({ path: path.join(__dirname, '.env') });

const app = express();

// Parse ALLOWED_DOMAINS environment variable as an array
const allowedDomains = process.env.ALLOWED_DOMAINS ? process.env.ALLOWED_DOMAINS.split(',') : [];

// Middleware to parse JSON request bodies
app.use(express.json());

// Helper function to get SSL options based on hostname
const getSSLOptions = (hostname) => {
  const sslPrefix = process.env.SSL_PREFIX || '/etc/letsencrypt/live/';
  
  try {
    return {
      key: fs.readFileSync(path.join(sslPrefix, hostname, 'privkey.pem')),
      cert: fs.readFileSync(path.join(sslPrefix, hostname, 'fullchain.pem')),
    };
  } catch (error) {
    // Fallback to default certificates if domain-specific ones aren't found
    console.warn(`Could not load SSL certificates for ${hostname}, using defaults`);
    return {
      key: fs.readFileSync(process.env.SSL_KEY_FILE),
      cert: fs.readFileSync(process.env.SSL_CRT_FILE),
    };
  }
};

// Redirect HTTP to HTTPS
app.use((req, res, next) => {
  if (!req.secure && req.headers['x-forwarded-proto'] !== 'https') {
    return res.redirect(`https://${req.headers.host}${req.url}`);
  }
  next();
});

// Handle API requests without using wildcard routes
app.use((req, res, next) => {
  // Check if the path starts with '/api/v1/'
  if (req.path.startsWith('/api/v1/')) {
    // Extract the part after '/api/v1/'
    const apiPath = req.path.substring('/api/v1/'.length);
    
    if (!apiPath) {
      return res.status(400).json({ error: 'Bad Request: No dynamic route found' });
    }

    const parsedUrl = url.parse(req.url);
    const requestOptions = {
      hostname: 'localhost',
      port: 3000,
      path: `/api/v1/${apiPath}${parsedUrl.search || ''}`,
      method: req.method,
      headers: { ...req.headers },
    };

    let jsonPayload = null;
    if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(req.method)) {
      jsonPayload = JSON.stringify(req.body);
      requestOptions.headers['Content-Type'] = 'application/json';
      requestOptions.headers['Content-Length'] = Buffer.byteLength(jsonPayload);
    }

    const proxyReq = http.request(requestOptions, (proxyRes) => {
      res.writeHead(proxyRes.statusCode, proxyRes.headers);
      proxyRes.pipe(res);
    });

    proxyReq.on('error', (error) => {
      console.error(`Error forwarding request: ${error.message}`);
      res.status(500).json({ error: 'Internal Server Error' });
    });

    if (jsonPayload) {
      proxyReq.write(jsonPayload);
    }

    proxyReq.end();
    return; // Stop further middleware execution
  }
  
  // If not an API request, continue to next middleware
  next();
});

// Function for direct PHP execution
const executePhpDirectly = (phpFilePath, domainPath, req, res) => {
  // Create environment variables that PHP might expect
  const env = {
    ...process.env,
    DOCUMENT_ROOT: domainPath,
    SCRIPT_FILENAME: phpFilePath,
    REQUEST_URI: req.url,
    QUERY_STRING: url.parse(req.url).query || '',
    REQUEST_METHOD: req.method,
    HTTP_HOST: req.headers.host,
    REMOTE_ADDR: req.ip,
    SERVER_NAME: req.headers.host.split(':')[0],
    // Additional variables that PHP might expect
    GATEWAY_INTERFACE: 'CGI/1.1',
    SERVER_PROTOCOL: 'HTTP/1.1',
    // Pass HTTP headers as environment variables
    ...Object.entries(req.headers).reduce((env, [key, value]) => {
      env[`HTTP_${key.toUpperCase().replace(/-/g, '_')}`] = value;
      return env;
    }, {})
  };
  
  execFile('php', [phpFilePath], { env }, (error, stdout, stderr) => {
    if (error) {
      console.error(`PHP execution error: ${error.message}`);
      return res.status(500).send(`PHP Execution Error: ${error.message}`);
    }
    
    if (stderr) {
      console.error(`PHP stderr output: ${stderr}`);
    }
    
    // Set Content-Type to HTML for proper rendering
    res.setHeader('Content-Type', 'text/html; charset=utf-8');
    res.send(stdout);
  });
};

// Helper function to check for index files
const findIndexFile = (directoryPath) => {
  // Common index file types to check for
  const indexFiles = ['index.html', 'index.htm', 'index.php'];
  
  for (const indexFile of indexFiles) {
    const filePath = path.join(directoryPath, indexFile);
    if (fs.existsSync(filePath)) {
      return { path: filePath, type: indexFile.endsWith('.php') ? 'php' : 'html' };
    }
  }
  
  return null;
};

// Handle PHP for all domains
app.use((req, res, next) => {
  const host = req.headers.host.split(':')[0]; // Remove port if present
  const domainPath = path.join('/var/www', host);
  
  // Make sure the domain directory exists
  if (!fs.existsSync(domainPath)) {
    return next();
  }
  
  // Handle direct PHP file requests
  if (req.path.endsWith('.php')) {
    const phpFilePath = path.join(domainPath, req.path);
    
    if (fs.existsSync(phpFilePath)) {
      return executePhpDirectly(phpFilePath, domainPath, req, res);
    }
  }
  
  // Handle directory requests - check for index files
  if (req.path === '/' || req.path.endsWith('/')) {
    const indexResult = findIndexFile(path.join(domainPath, req.path));
    
    if (indexResult) {
      if (indexResult.type === 'php') {
        return executePhpDirectly(indexResult.path, domainPath, req, res);
      } else {
        return res.sendFile(indexResult.path);
      }
    }
  }
  
  next();
});

// Serve static files from domain root first for all domains
app.use((req, res, next) => {
  const host = req.headers.host.split(':')[0];
  const domainPath = path.join('/var/www', host);
  
  if (!fs.existsSync(domainPath)) {
    return next();
  }
  
  express.static(domainPath)(req, res, (err) => {
    next();
  });
});

// Serve static files from build directory as fallback
app.use((req, res, next) => {
  const host = req.headers.host.split(':')[0];
  const domainPath = path.join('/var/www', host);
  const buildPath = path.join(domainPath, 'build');
  
  if (fs.existsSync(buildPath)) {
    express.static(buildPath)(req, res, next);
  } else {
    next();
  }
});

// Fall back to index.html without using catch-all route
app.use((req, res) => {
  const host = req.headers.host.split(':')[0];
  const domainPath = path.join('/var/www', host);
  
  // Check for index.html in domain root
  const rootIndexPath = path.join(domainPath, 'index.html');
  if (fs.existsSync(rootIndexPath)) {
    return res.sendFile(rootIndexPath);
  }
  
  // Check build folder
  const buildPath = path.join(domainPath, 'build');
  if (fs.existsSync(buildPath)) {
    const buildIndexPath = path.join(buildPath, 'index.html');
    if (fs.existsSync(buildIndexPath)) {
      return res.sendFile(buildIndexPath);
    }
  }
  
  // No matching file found
  res.status(404).send('Not Found');
});

// Create HTTPS server with SNI support for multiple domains
const server = https.createServer({ 
  SNICallback: (hostname, cb) => {
    const secureContext = tls.createSecureContext(getSSLOptions(hostname));
    if (cb) {
      cb(null, secureContext);
    } else {
      return secureContext;
    }
  }
}, app);

server.listen(443, '0.0.0.0', () => {
  console.log(`Server running on https://0.0.0.0:443`);
});

// Also create a HTTP server that redirects to HTTPS
http.createServer((req, res) => {
  res.writeHead(301, { Location: `https://${req.headers.host}${req.url}` });
  res.end();
}).listen(80, '0.0.0.0', () => {
  console.log('HTTP to HTTPS redirect server running on port 80');
});