Overhaul VT ID and Add gzip (#35)

Author: smashedr

.github/workflows/lint.yaml

@@ -18,6 +18,7 @@ jobs:
 
     permissions:
       pull-requests: write
+      checks: write
 
     steps:
       - name: "Checkout"

README.md

@@ -60,7 +60,7 @@ https://badges.cssnr.com/
 [![Uptime](https://badges.cssnr.com/uptime?style=for-the-badge)](https://badges.cssnr.com/uptime?style=for-the-badge)
 [![Deploy to Render](https://img.shields.io/badge/Deploy_to_Render-4351E8?style=for-the-badge&logo=render)](https://render.com/deploy?repo=https://github.com/smashedr/node-badges)
 
-> [!WARNING]  
+> [!IMPORTANT]  
 > This is currently in beta, expect breaking changes.
 
 ## Badges
@@ -129,18 +129,22 @@ https://badges.cssnr.com/ghcr/tags/smashedr/node-badges?labelColor=plum&lucide=a
 [![VT Hash](https://badges.cssnr.com/vt/sha/sha256:d54fd9a93f2aa25b5c95128f84de1a624783ded6e66554c12a5ffd07546146e4)](https://badges.cssnr.com/vt/sha/sha256:d54fd9a93f2aa25b5c95128f84de1a624783ded6e66554c12a5ffd07546146e4)
 [![VT Release](https://badges.cssnr.com/vt/cssnr/zipline-android/app-release.apk)](https://badges.cssnr.com/vt/cssnr/zipline-android/app-release.apk)
 
-`/vt/id/{id}`  
-`/vt/sha/{sha}`  
+`/vt/id/{hash}`  
 `/vt/{owner}/{repo}/{asset}`  
 `/vt/{owner}/{repo}/{asset}/{tag}`
 
-The `id` endpoint is used for VirusTotal File ID, and `sha` for a file hash/digest.
+> [!WARNING]  
+> Going forward you **need** to use the file hash: `SHA-256`, `SHA-1` or `MD5`.  
+> File ID's (which end with `==`) consume API calls where hashes do not.  
+> You **MUST** also update the endpoint to: `/vt/id/{hash}`  
+> File ID's will continue to work for existing badges; however, DO NOT ADD MORE!
 
-- https://badges.cssnr.com/vt/id/YjJmYTllMDdlMjFlMGUyOWEwMGVlMTM3MTM0ZGUzNGI6MTc1OTk2MDE4MQ==
-- https://badges.cssnr.com/vt/sha/sha256:d54fd9a93f2aa25b5c95128f84de1a624783ded6e66554c12a5ffd07546146e4
+- https://badges.cssnr.com/vt/id/sha256:d54fd9a93f2aa25b5c95128f84de1a624783ded6e66554c12a5ffd07546146e4
 - https://badges.cssnr.com/vt/cssnr/zipline-android/app-release.apk
 - https://badges.cssnr.com/vt/cssnr/zipline-android/app-release.apk/1.0.29
 
+The `hash` is the file's `SHA-256`, `SHA-1` or `MD5`. The prefix is optional and can be `sha256:xxxx` or just `xxxx`.
+
 The `owner/repo/asset` endpoints use the latest/tagged release asset for the repository.
 
 If the `tag` parameter is omitted, the release tagged as `latest` in GitHub is used.
@@ -215,6 +219,8 @@ _Note: the badge at the top is also from this [docker-compose-swarm.yaml](https:
 
 ### Static Badge
 
+[![Alt Text](https://badges.cssnr.com/static/is%20cool/node-badges)](https://badges.cssnr.com/static/is%20cool/node-badges)
+
 `/static/{message}`  
 `/static/{message}/{label}`
 

docker-compose-dev.yaml

@@ -4,8 +4,9 @@ services:
   nginx:
     image: ghcr.io/cssnr/docker-nginx-proxy:latest
     environment:
-      - SERVICE_NAME=app
-      - SERVICE_PORT=3000
+      SERVICE_NAME: "app"
+      SERVICE_PORT: "3000"
+      GZIP_TYPES: "text/html image/svg+xml"
     deploy:
       replicas: 1
       resources:

docker-compose-swarm.yaml

@@ -4,8 +4,9 @@ services:
   nginx:
     image: ghcr.io/cssnr/docker-nginx-proxy:latest
     environment:
-      - SERVICE_NAME=app
-      - SERVICE_PORT=3000
+      SERVICE_NAME: "app"
+      SERVICE_PORT: "3000"
+      GZIP_TYPES: "text/html image/svg+xml"
     deploy:
       replicas: 1
       resources:
@@ -39,10 +40,10 @@ services:
   app:
     image: ghcr.io/smashedr/node-badges:${VERSION:-latest}
     environment:
-      - GITHUB_TOKEN=${GITHUB_TOKEN}
-      - VT_API_KEY=${VT_API_KEY}
-      - SENTRY_URL=${SENTRY_URL}
-      - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT}
+      GITHUB_TOKEN: ${GITHUB_TOKEN}
+      VT_API_KEY: ${VT_API_KEY}
+      SENTRY_URL: ${SENTRY_URL}
+      SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT}
     deploy:
       replicas: 1
       resources:

docker-compose.yaml

@@ -4,8 +4,9 @@ services:
   nginx:
     image: ghcr.io/cssnr/docker-nginx-proxy:latest
     environment:
-      - SERVICE_NAME=app
-      - SERVICE_PORT=3000
+      SERVICE_NAME: "app"
+      SERVICE_PORT: "3000"
+      GZIP_TYPES: "text/html image/svg+xml"
     deploy:
       replicas: 1
       resources:

src/api.js

@@ -114,14 +114,14 @@ export class GhcrApi {
 
 /**
  * Get VirusTotal Stats for a Release Asset
- * @param {Request} req
+ * @param {import('express').Request} req
  * @return {Promise<Object>}
  */
 export async function getVTReleaseStats(req) {
     const tag = req.params.tag || 'latest'
     const key = `${req.params.owner}/${req.params.repo}/${req.params.asset}/${tag}`
     console.log('key:', key)
-    // NOTE: Consider making this block a reusable function similar to cacheError
+    // NOTE: Duplicate Code - 5 lines
     const cached = await cacheGet(key)
     if (cached) {
         if (cached.errorMessage) throw new Error(cached.errorMessage)
@@ -143,29 +143,24 @@ export async function getVTReleaseStats(req) {
     if (!asset) await cacheError(key, 'Asset Not Found')
     console.log('asset?.digest:', asset?.digest)
     if (!asset?.digest) await cacheError(key, 'Digest Not Found')
-    const sha = asset.digest.split(':')[1]
-    console.log('sha:', sha)
-    // const vt = new VTApi(process.env.VT_API_KEY)
-    // const report = await vt.getReport(sha)
-    // console.log('report:', report)
-    // if (!report) await cacheError(key, 'VT Report Not Found')
-    const stats = await getVTStats(sha)
+    const hash = asset.digest.split(':')[1]
+    console.log('hash:', hash)
+    const stats = await getVTStats(hash)
     console.log('last_analysis_stats:', stats)
     if (!stats) await cacheError(key, 'VT Stats Not Found')
     await cacheSet(key, stats)
     return stats
 }
 
 /**
- * Get VT Stats for a File ID/SHA
- * @param {String} sha
- * @param {Boolean} [id]
+ * Get VT Stats for a File ID/Hash
+ * @param {String} hash
  * @return {Promise<Object>}
  */
-export async function getVTStats(sha, id = false) {
-    const key = `/vt/${id ? 'id' : 'sha'}/${sha}`
+export async function getVTStats(hash) {
+    const key = `/vt/id/${hash}`
     console.log('key:', key)
-    // NOTE: Consider making this block a reusable function similar to cacheError
+    // NOTE: Duplicate Code - 5 lines
     const cached = await cacheGet(key)
     if (cached) {
         if (cached.errorMessage) throw new Error(cached.errorMessage)
@@ -174,29 +169,27 @@ export async function getVTStats(sha, id = false) {
     console.log(`-- CACHE MISS: ${key}`)
     const vt = new VTApi(process.env.VT_API_KEY)
     let stats
-    if (id) {
-        console.log('getAnalysis')
-        const data = await vt.getAnalysis(sha)
+    if (hash.endsWith('==')) {
+        console.log('getAnalysis - DEPRECATED') // TODO: Deprecated
+        const data = await vt.getAnalysis(hash)
         // console.log('data:', JSON.stringify(data, null, 2))
+        // noinspection JSUnresolvedReference
         stats = data?.data?.attributes?.stats
     } else {
         console.log('getReport')
-        const data = await vt.getReport(sha)
+        const data = await vt.getReport(hash)
         // console.log('data:', JSON.stringify(data, null, 2))
+        // noinspection JSUnresolvedReference
         stats = data?.data?.attributes?.last_analysis_stats
     }
-    // console.log('report:', report)
-    // if (!stats) await cacheError(key, 'VT Report Not Found')
-    // const stats = report?.data?.attributes?.last_analysis_stats
-    // console.log('stats:', stats)
     if (!stats) await cacheError(key, 'VT Stats Not Found')
-    await cacheSet(key, stats, 60 * 60 * 24)
+    await cacheSet(key, stats, 60 * 60 * 48)
     return stats
 }
 
 /**
  * Get JSONPath for JSON/YAML
- * @param {Request} req
+ * @param {import('express').Request} req
  * @return {Promise<String>}
  */
 export async function getJSONPath(req) {

src/app.js

@@ -27,21 +27,28 @@ const app = express()
 const port = process.env.PORT || 3000
 
 app.use(express.static('src/public'))
-app.use(express.json())
 app.use(cors({ methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE', 'PURGE'] }))
 
 app.set('views', 'src/views')
 app.set('view engine', 'pug')
 app.disable('view cache')
+app.disable('x-powered-by')
 
 console.log(`APP_VERSION: ${process.env.APP_VERSION}`)
 console.log(`GITHUB_TOKEN: ${process.env.GITHUB_TOKEN ? 'Loaded' : 'MISSING'}`)
 console.log(`VT_API_KEY: ${process.env.VT_API_KEY ? 'Loaded' : 'MISSING'}`)
 
-app.listen(port, () => {
+const server = app.listen(port, () => {
     console.log(`Listening on PORT: ${port}`)
 })
 
+process.on('SIGTERM', () => {
+    console.log('SIGTERM signal received: closing HTTP server')
+    server.close(() => {
+        console.log('HTTP server closed')
+    })
+})
+
 app.get('/app-health-check', (req, res) => {
     res.sendStatus(200)
 })
@@ -93,11 +100,11 @@ app.all('/vt/:type/:hash', async (req, res, next) => {
     if (req.method === 'PURGE') {
         console.log('PURGE:', req.originalUrl)
         if (!['id', 'sha'].includes(req.params.type)) return next()
-        let hash = req.params.hash
-        if (req.params.hash === 'sha') {
-            hash = hash.includes(':') ? hash.split(':')[1] : hash
-        }
-        const key = `/vt/${req.params.type === 'id' ? 'id' : 'sha'}/${hash}`
+        const hash = req.params.hash.includes(':')
+            ? req.params.hash.split(':')[1]
+            : req.params.hash
+        console.log('hash:', hash)
+        const key = `/vt/id/${hash}`
         return purgeKey(res, key)
     }
     next()
@@ -109,13 +116,14 @@ app.get(
         console.log(req.originalUrl)
         // console.log('req.params.type:', req.params.type)
         if (!['id', 'sha'].includes(req.params.type)) return res.sendStatus(404)
-
         if (!process.env.VT_API_KEY) throw new Error('Missing VT API Key')
-        let hash = req.params.hash
-        if (req.params.type === 'sha') {
-            hash = hash.includes(':') ? hash.split(':')[1] : hash
-        }
-        const stats = await getVTStats(hash, req.params.type === 'id')
+
+        const hash = req.params.hash.includes(':')
+            ? req.params.hash.split(':')[1]
+            : req.params.hash
+        console.log('hash:', hash)
+
+        const stats = await getVTStats(hash)
         // console.log('stats:', stats)
         const message = `${stats.malicious}/${stats.suspicious}/${stats.undetected}`
         console.log('message:', message)
@@ -277,6 +285,20 @@ app.get(
     })
 )
 
+// Handler 404
+app.use((req, res) => {
+    // res.status(404).send("Sorry can't find that!")
+    const data = {
+        message: '404 - URL Not Found',
+        color: 'red',
+        style: req.query.style || 'flat',
+    }
+    console.log('data:', data)
+    // noinspection JSCheckFunctionSignatures
+    const badge = makeBadge(data)
+    sendBadge(res, badge, 404)
+})
+
 if (Sentry) Sentry.setupExpressErrorHandler(app)
 
 function errorBadgeHandler(handler) {
@@ -298,12 +320,32 @@ function errorBadgeHandler(handler) {
     }
 }
 
+/**
+ * Set SVG Headers
+ * @param {express.Response} res
+ */
+function setHeaders(res) {
+    res.setHeader('Content-Type', 'image/svg+xml')
+    res.setHeader('Cache-Control', 'public, max-age=3600')
+}
+
+/**
+ * Send Badge
+ * @param {express.Response} res
+ * @param {String} badge
+ * @param {Number} [status]
+ */
+function sendBadge(res, badge, status = 200) {
+    setHeaders(res)
+    res.status(status).send(badge)
+}
+
 /**
  * Get Badge
  * @param {String} message Badge Message
  * @param {Object} [query] req.query Object
  * @param {Object} [options] Badge Options
- * @param {Response} [res] To also sendBadge
+ * @param {express.Response} [res] To sendBadge
  * @return {String}
  */
 function getBadge(message, query = {}, options = {}, res = null) {
@@ -327,17 +369,6 @@ function getBadge(message, query = {}, options = {}, res = null) {
     return badge
 }
 
-/**
- * Send Badge
- * @param {Response} res
- * @param {String} badge
- */
-function sendBadge(res, badge) {
-    res.setHeader('Content-Type', 'image/svg+xml')
-    res.setHeader('Cache-Control', 'public, max-age=3600')
-    res.send(badge)
-}
-
 /**
  * Get Logo String
  * @param {Object} query
@@ -380,7 +411,7 @@ function getLogo(query, opts, color = '#fff') {
 
 /**
  * Purge Key Response
- * @param {Response} res
+ * @param {express.Response} res
  * @param {String} key
  * @return {Promise<void>}
  */
@@ -420,7 +451,7 @@ function getUptime() {
 
 /**
  * Get Ranged Color w/ Options
- * @param {Request} req
+ * @param {express.Request} req
  * @param {Number} index
  * @param {Object} [options]
  * @return {String}