@@ -1,152 +1,52 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { esClient, INDEX_NAME, initializeIndex } from '@/lib/elasticsearch';
|
||||
import { storeHashDocument, findByPlaintext, findByHash, initializeRedis } from '@/lib/redis';
|
||||
import { generateHashes, detectHashType } from '@/lib/hash';
|
||||
|
||||
interface HashDocument {
|
||||
plaintext: string;
|
||||
md5: string;
|
||||
sha1: string;
|
||||
sha256: string;
|
||||
sha512: string;
|
||||
created_at?: string;
|
||||
}
|
||||
|
||||
// Maximum allowed query length
|
||||
const MAX_QUERY_LENGTH = 1000;
|
||||
|
||||
// Characters that could be used in NoSQL/Elasticsearch injection attacks
|
||||
const DANGEROUS_PATTERNS = [
|
||||
/[{}\[\]]/g, // JSON structure characters
|
||||
/\$[a-zA-Z]/g, // MongoDB-style operators
|
||||
/\\u[0-9a-fA-F]{4}/g, // Unicode escapes
|
||||
/<script/gi, // XSS attempts
|
||||
/javascript:/gi, // XSS attempts
|
||||
];
|
||||
|
||||
/**
|
||||
* Sanitize input to prevent NoSQL injection attacks
|
||||
* For hash lookups, we only need alphanumeric characters and $
|
||||
* For plaintext, we allow more characters but sanitize dangerous patterns
|
||||
*/
|
||||
function sanitizeInput(input: string): string {
|
||||
// Trim and take first word only
|
||||
let sanitized = input.trim().split(/\s+/)[0] || '';
|
||||
|
||||
// Limit length
|
||||
if (sanitized.length > MAX_QUERY_LENGTH) {
|
||||
sanitized = sanitized.substring(0, MAX_QUERY_LENGTH);
|
||||
}
|
||||
|
||||
// Remove null bytes
|
||||
sanitized = sanitized.replace(/\0/g, '');
|
||||
|
||||
// Check for dangerous patterns
|
||||
for (const pattern of DANGEROUS_PATTERNS) {
|
||||
sanitized = sanitized.replace(pattern, '');
|
||||
}
|
||||
|
||||
return sanitized;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that the input is safe for use in Elasticsearch queries
|
||||
*/
|
||||
function isValidInput(input: string): boolean {
|
||||
// Check for empty input
|
||||
if (!input || input.length === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check for excessively long input
|
||||
if (input.length > MAX_QUERY_LENGTH) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check for control characters (except normal whitespace)
|
||||
if (/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/.test(input)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
try {
|
||||
const body = await request.json();
|
||||
|
||||
// Validate request body structure
|
||||
if (!body || typeof body !== 'object') {
|
||||
return NextResponse.json(
|
||||
{ error: 'Invalid request body' },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
const { query } = await request.json();
|
||||
|
||||
const { query } = body;
|
||||
|
||||
// Validate query type
|
||||
if (!query || typeof query !== 'string') {
|
||||
return NextResponse.json(
|
||||
{ error: 'Query parameter is required and must be a string' },
|
||||
{ error: 'Query parameter is required' },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Validate input before processing
|
||||
if (!isValidInput(query)) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Invalid query: contains forbidden characters or is too long' },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
// Ensure Redis is connected
|
||||
await initializeRedis();
|
||||
|
||||
// Sanitize input
|
||||
const cleanQuery = sanitizeInput(query);
|
||||
const cleanQuery = query.trim().split(/\s+/)[0];
|
||||
|
||||
if (!cleanQuery) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Invalid query: only whitespace or invalid characters provided' },
|
||||
{ error: 'Invalid query: only whitespace provided' },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Ensure index exists
|
||||
await initializeIndex();
|
||||
|
||||
const cleanQueryLower = cleanQuery.toLowerCase();
|
||||
const hashType = detectHashType(cleanQueryLower);
|
||||
|
||||
if (hashType) {
|
||||
// Query is a hash - search for it in Elasticsearch
|
||||
const searchResponse = await esClient.search<HashDocument>({
|
||||
index: INDEX_NAME,
|
||||
query: {
|
||||
term: {
|
||||
[hashType]: cleanQueryLower
|
||||
}
|
||||
}
|
||||
});
|
||||
// Query is a hash - search for it in Redis
|
||||
const doc = await findByHash(hashType, cleanQueryLower);
|
||||
|
||||
const hits = searchResponse.hits.hits;
|
||||
|
||||
if (hits.length > 0) {
|
||||
if (doc) {
|
||||
// Found matching plaintext
|
||||
return NextResponse.json({
|
||||
found: true,
|
||||
hashType,
|
||||
hash: cleanQuery,
|
||||
results: hits.map((hit) => {
|
||||
const source = hit._source!;
|
||||
return {
|
||||
plaintext: source.plaintext,
|
||||
hashes: {
|
||||
md5: source.md5,
|
||||
sha1: source.sha1,
|
||||
sha256: source.sha256,
|
||||
sha512: source.sha512,
|
||||
}
|
||||
};
|
||||
})
|
||||
results: [{
|
||||
plaintext: doc.plaintext,
|
||||
hashes: {
|
||||
md5: doc.md5,
|
||||
sha1: doc.sha1,
|
||||
sha256: doc.sha256,
|
||||
sha512: doc.sha512,
|
||||
}
|
||||
}]
|
||||
});
|
||||
} else {
|
||||
// Hash not found in database
|
||||
@@ -159,20 +59,13 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
} else {
|
||||
// Query is plaintext - check if it already exists first
|
||||
const existsResponse = await esClient.search<HashDocument>({
|
||||
index: INDEX_NAME,
|
||||
query: {
|
||||
term: {
|
||||
'plaintext.keyword': cleanQuery
|
||||
}
|
||||
}
|
||||
});
|
||||
const existingDoc = await findByPlaintext(cleanQuery);
|
||||
|
||||
let hashes;
|
||||
let wasGenerated = false;
|
||||
|
||||
if (existsResponse.hits.hits.length > 0) {
|
||||
if (existingDoc) {
|
||||
// Plaintext found, retrieve existing hashes
|
||||
const existingDoc = existsResponse.hits.hits[0]._source!;
|
||||
hashes = {
|
||||
md5: existingDoc.md5,
|
||||
sha1: existingDoc.sha1,
|
||||
@@ -180,44 +73,22 @@ export async function POST(request: NextRequest) {
|
||||
sha512: existingDoc.sha512,
|
||||
};
|
||||
} else {
|
||||
// Plaintext not found, generate hashes and check if any hash already exists
|
||||
hashes = generateHashes(cleanQuery);
|
||||
// Plaintext not found, generate and store hashes
|
||||
hashes = await generateHashes(cleanQuery);
|
||||
|
||||
const hashExistsResponse = await esClient.search<HashDocument>({
|
||||
index: INDEX_NAME,
|
||||
query: {
|
||||
bool: {
|
||||
should: [
|
||||
{ term: { md5: hashes.md5 } },
|
||||
{ term: { sha1: hashes.sha1 } },
|
||||
{ term: { sha256: hashes.sha256 } },
|
||||
{ term: { sha512: hashes.sha512 } },
|
||||
],
|
||||
minimum_should_match: 1
|
||||
}
|
||||
}
|
||||
await storeHashDocument({
|
||||
...hashes,
|
||||
created_at: new Date().toISOString()
|
||||
});
|
||||
|
||||
if (hashExistsResponse.hits.hits.length === 0) {
|
||||
// No duplicates found, insert new document
|
||||
await esClient.index({
|
||||
index: INDEX_NAME,
|
||||
document: {
|
||||
...hashes,
|
||||
created_at: new Date().toISOString()
|
||||
}
|
||||
});
|
||||
|
||||
// Refresh index to make the document searchable immediately
|
||||
await esClient.indices.refresh({ index: INDEX_NAME });
|
||||
}
|
||||
|
||||
wasGenerated = true;
|
||||
}
|
||||
|
||||
return NextResponse.json({
|
||||
found: true,
|
||||
isPlaintext: true,
|
||||
plaintext: cleanQuery,
|
||||
wasGenerated: existsResponse.hits.hits.length === 0,
|
||||
wasGenerated,
|
||||
hashes: {
|
||||
md5: hashes.md5,
|
||||
sha1: hashes.sha1,
|
||||
|
||||
Referencia en una nueva incidencia
Block a user