-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudflaremiddleware.js
151 lines (138 loc) · 4.48 KB
/
cloudflaremiddleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
async function alterHeaders(req) {
//Request url
const url = new URL(req.request.url);
let FULL_URL = `https://${url.hostname}${url.pathname}`;
//Auth headers
const AUTH_HEADERS = {
Authorization: "Basic token",
"Check-Url": FULL_URL,
};
//Peekaboo url
const PEEKABOO = "http://ipaddress:8000/get";
//BOT array
const BOT_AGENTS = [
"googlebot",
"yahoo! slurp",
"bingbot",
"yandex",
"baiduspider",
"facebookexternalhit",
"twitterbot",
"rogerbot",
"linkedinbot",
"embedly",
"quora link preview",
"showyoubot",
"outbrain",
"pinterest/0.",
"developers.google.com/+/web/snippet",
"slackbot",
"vkshare",
"w3c_validator",
"redditbot",
"applebot",
"whatsapp",
"flipboard",
"tumblr",
"bitlybot",
"skypeuripreview",
"nuzzel",
"discordbot",
"google page speed",
"qwantify",
"pinterestbot",
"bitrix link preview",
"xing-contenttabreceiver",
"chrome-lighthouse",
"telegrambot",
];
//Checks if User-Agent contains values from the bot array
function containsOneOfThem(array, element) {
return array.includes(element);
}
//Gets headers
let requestHeaders = req.request.headers;
//Gets user agent
let requestUserAgent = requestHeaders.get("User-Agent");
requestUserAgent = String(requestUserAgent).toLowerCase();
//Gets peekaboo User-Agent
let peekabooprerender = requestHeaders.get("Peekaboo-Prerender");
//Not peekaboo, but one of the bots? Oh, we got you now.
if (
peekabooprerender === null &&
containsOneOfThem(BOT_AGENTS, requestUserAgent) === true
) {
//Forming new headers
let res = await fetch(PEEKABOO, { method: "GET", headers: AUTH_HEADERS });
let newHeaders = new Headers(res.headers);
newHeaders.set("Content-Type", "text/html;charset=UTF-8");
newHeaders.set("Server", "ArtefaktasServer");
newHeaders.set("X-Frame-Options", "DENY");
newHeaders.set("Content-Security-Policy", "upgrade-insecure-requests;");
newHeaders.set(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload"
);
newHeaders.set("X-Xss-Protection", "1; mode=block");
newHeaders.set("X-Content-Type-Options", "nosniff");
newHeaders.set("Referrer-Policy", "strict-origin-when-cross-origin");
newHeaders.set("Host", "www.artefaktas.eu");
newHeaders.set("Cache-Control", "max-age=14400, s-maxage=14400");
newHeaders.set("Permissions-Policy", "geolocation=(), microphone=()");
newHeaders.set("Peekaboo-Working", "yes");
let d = await res.json();
if (d.status !== false) {
///Muhahahaha ! No CSS and JavaScript for you.
return new Response(d.status, {
headers: newHeaders,
});
} else {
let response = await fetch(req.request);
let newHeaders = new Headers(response.headers);
newHeaders.set("Content-Type", "text/html;charset=UTF-8");
newHeaders.set("Server", "ArtefaktasServer");
newHeaders.set("X-Frame-Options", "DENY");
newHeaders.set("Content-Security-Policy", "upgrade-insecure-requests;");
newHeaders.set(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload"
);
newHeaders.set("X-Xss-Protection", "1; mode=block");
newHeaders.set("X-Content-Type-Options", "nosniff");
newHeaders.set("Referrer-Policy", "strict-origin-when-cross-origin");
newHeaders.set("Host", "www.artefaktas.eu");
newHeaders.set("Cache-Control", "max-age=14400, s-maxage=14400");
newHeaders.set("Permissions-Policy", "geolocation=(), microphone=()");
newHeaders.set("Peekaboo-Working", "yes");
return new Response(response.body, {
headers: newHeaders,
});
}
} else {
let response = await fetch(req.request);
//Altering headers
let newHeaders = new Headers(response.headers);
newHeaders.set("Server", "ArtefaktasServer");
newHeaders.set("X-Frame-Options", "DENY");
newHeaders.set("Content-Security-Policy", "upgrade-insecure-requests;");
newHeaders.set(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload"
);
newHeaders.set("X-Xss-Protection", "1; mode=block");
newHeaders.set("X-Content-Type-Options", "nosniff");
newHeaders.set("Referrer-Policy", "strict-origin-when-cross-origin");
newHeaders.set("Host", "www.artefaktas.eu");
newHeaders.set("Cache-Control", "max-age=14400, s-maxage=14400");
newHeaders.set("Permissions-Policy", "geolocation=(), microphone=()");
let modified = new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders,
});
return modified;
}
}
addEventListener("fetch", (event) => {
event.respondWith(alterHeaders(event));
});