diff --git a/index.js b/index.js index b2c9ace8..dc43ea4d 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,7 @@ import express from "express"; import cors from "cors"; +import helmet from "helmet"; // Added helmet import +import rateLimit from "express-rate-limit"; // Added rate-limit import import { fileURLToPath } from "url"; import { dirname, join, basename } from "path"; import { createRequire } from "module"; @@ -29,8 +31,15 @@ let isRunning = !1, server = null; async function start(file) { const app = express(); - app.use(cors()) - const port = process.env.PORT || process.env.SERVER_PORT || 3e3, + app.use(cors()); + app.use(helmet()); // Disable X-Powered-By header + const limiter = rateLimit({ + windowMs: 15 * 60 * 1000, // 15 minutes + max: 100, // Limit each IP to 100 requests per windowMs + }); + app.use(limiter); // Apply rate limiting to all requests + + const port = process.env.PORT || process.env.SERVER_PORT || 3e3, htmlDir = join(__dirname, "html"), sendHtml = (req, res, name) => res.sendFile(join(htmlDir, `${name}.html`)); if ( diff --git a/lib/ai/exh-api.js b/lib/ai/exh-api.js index 14351439..e1ff1809 100644 --- a/lib/ai/exh-api.js +++ b/lib/ai/exh-api.js @@ -2,7 +2,7 @@ import fetch from "node-fetch"; import crypto from "crypto"; class ExhApiClient { constructor( - apiKey = "eyJhbGciOiJIUzUxMiJ9.eyJ1c2VybmFtZSI6ImJvdGlmeS13ZWItdjMifQ.O-w89I5aX2OE_i4k6jdHZJEDWECSUfOb1lr9UdVH4oTPMkFGUNm9BNzoQjcXOu8NEiIXq64-481hnenHdUrXfg", + apiKey = process.env.EXH_API_KEY, ) { (this.DEFAULT_API_KEY = apiKey), (this.BASE_URL = "https://api.exh.ai"), diff --git a/lib/ai/fineshare.js b/lib/ai/fineshare.js index 704bfe81..0c4f2963 100644 --- a/lib/ai/fineshare.js +++ b/lib/ai/fineshare.js @@ -6,8 +6,7 @@ import chalk from "chalk"; import ora from "ora"; class FineShare { spinner; - token = - "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI5MGZlNzllYS0yODExLTRiMjctYWU0ZS1hZGMzNGFhZDM2NzMiLCJ1c2VyQWNjb3VudCI6InZvaWNlQGZpbmVzaGFyZS5jb20ifQ.AO9q9TKXZ79G6oH70YX5ypOGuSBcLP7K4wEDGIzrDDw"; + token = process.env.FINESHARE_API_TOKEN; // Use an environment variable for the token constructor() { this.spinner = ora({ text: "FineShare", diff --git a/lib/ai/remaker.js b/lib/ai/remaker.js index d97cab09..5f1e0774 100644 --- a/lib/ai/remaker.js +++ b/lib/ai/remaker.js @@ -3,7 +3,7 @@ import { fileTypeFromBuffer } from "file-type"; import fetch from "node-fetch"; class RemakerAi { constructor( - token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTMwOTY4MjMsInByb2R1Y3RfY29kZSI6IjA2NzAwMyIsInRpbWUiOjE3MjU3OTc3ODl9.JCa-FpsS9dEpZj5g0kg-gcIHID1b_Vig71cThP0Xm4M", + token = process.env.REMAKER_AI_TOKEN, ) { this.headers = { Authorization: token, diff --git a/lib/ai/rushchat.js b/lib/ai/rushchat.js index 6541f2b1..f863e5d9 100644 --- a/lib/ai/rushchat.js +++ b/lib/ai/rushchat.js @@ -4,7 +4,7 @@ class RushChat { this.apiUrl = "https://rushchat.ai/api/rush/chat/v1"; this.token = token || - "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpblR5cGUiOiJsb2dpbiIsImxvZ2luSWQiOjE4MzUzMDI5MDcxNDQ2MzQzNzAsInJuU3RyIjoiWmxYbDZhdDJhMnB6d2dLQVBCamY1T0dSb0VDR0xWY0QifQ.1HzKHmTcdkvhMtuykuJ03_VNsePnXwQ_n-JBYA-T_tY"; + process.env.RUSHCHAT_API_TOKEN; // Use an environment variable to store the token securely this.userAgent = "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36"; } diff --git a/lib/download/social-dl.js b/lib/download/social-dl.js index 5957155a..590b0692 100644 --- a/lib/download/social-dl.js +++ b/lib/download/social-dl.js @@ -18,8 +18,8 @@ export const socialDl = async (url) => { { headers: { "Content-Type": "application/json", - token: "eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJxxx", - apikey: "manhdeptraicogisai", + token: process.env.API_TOKEN, // Use environment variable + apikey: process.env.API_KEY, // Use environment variable }, }, ); diff --git a/lib/download/spotify-down.js b/lib/download/spotify-down.js index eb5554ce..7b547f58 100644 --- a/lib/download/spotify-down.js +++ b/lib/download/spotify-down.js @@ -1,8 +1,8 @@ import { fileURLToPath, URL } from "url"; import chalk from "chalk"; import fs from "fs"; -const client_id = "acc6302297e040aeb6e4ac1fbdfd62c3", - client_secret = "0e8439a1280a43aba9a5bc0a16f3f009", +const client_id = process.env.SPOTIFY_CLIENT_ID, + client_secret = process.env.SPOTIFY_CLIENT_SECRET, basic = Buffer.from(`${client_id}:${client_secret}`).toString("base64"), TOKEN_ENDPOINT = "https://accounts.spotify.com/api/token"; async function getAccessToken() { diff --git a/lib/download/spotify-scraper.js b/lib/download/spotify-scraper.js index c812ff0f..9de28ec6 100644 --- a/lib/download/spotify-scraper.js +++ b/lib/download/spotify-scraper.js @@ -1,7 +1,7 @@ import axios from "axios"; import FormData from "form-data"; -const SPOTIFY_CLIENT_ID = "4c4fc8c3496243cbba99b39826e2841f", - SPOTIFY_CLIENT_SECRET = "d598f89aba0946e2b85fb8aefa9ae4c8"; +const SPOTIFY_CLIENT_ID = process.env.SPOTIFY_CLIENT_ID, + SPOTIFY_CLIENT_SECRET = process.env.SPOTIFY_CLIENT_SECRET; export default class Spotify { async spotifyCreds() { try { diff --git a/lib/info/truecaller.js b/lib/info/truecaller.js index 7ca541cd..ec8e7768 100644 --- a/lib/info/truecaller.js +++ b/lib/info/truecaller.js @@ -358,7 +358,7 @@ export async function TrueLogin(phoneNumber) { "content-type": "application/json; charset=UTF-8", "accept-encoding": "gzip", "user-agent": "Truecaller/11.75.5 (Android;10)", - clientsecret: "lvc22mp3l1sfv6ujg83rd17btt", + clientsecret: process.env.TRUECALLER_CLIENT_SECRET, }, url: "https://account-asia-south1.truecaller.com/v2/sendOnboardingOtp", data: { @@ -408,7 +408,7 @@ export async function TrueOtp(number, key, otp) { "content-type": "application/json; charset=UTF-8", "accept-encoding": "gzip", "user-agent": "Truecaller/11.75.5 (Android;10)", - clientsecret: "lvc22mp3l1sfv6ujg83rd17btt", + clientsecret: process.env.TRUECALLER_CLIENT_SECRET, }, url: "https://account-asia-south1.truecaller.com/v1/verifyOnboardingOtp", data: { diff --git a/lib/maker/photofunia.js b/lib/maker/photofunia.js index 4ce9484f..0cfb3219 100644 --- a/lib/maker/photofunia.js +++ b/lib/maker/photofunia.js @@ -9,7 +9,7 @@ const baseM = "https://m.photofunia.com"; const proxyBase = APIs.proxy; const generateSlug = () => crypto - .createHash("md5") + .createHash("sha256") .update(`${Date.now()}-${uuidv4()}`) .digest("hex") .substring(0, 8); diff --git a/lib/maker/stablehorde.js b/lib/maker/stablehorde.js index 8ebecf67..10316ac4 100644 --- a/lib/maker/stablehorde.js +++ b/lib/maker/stablehorde.js @@ -1,7 +1,7 @@ import fetch from "node-fetch"; import chalk from "chalk"; class StableHorde { - constructor({ apiKey = "" }) { + constructor({ apiKey = process.env.STABLE_HORDE_API_KEY || "" }) { (this.apiKey = apiKey || "0000000000"), (this.pendingTextGenerationIds = []), (this.pendingImageGenerationIds = []), @@ -178,7 +178,7 @@ class StableHorde { } } class AiHorde { - constructor({ apiKey = "" }) { + constructor({ apiKey = process.env.AI_HORDE_API_KEY || "" }) { (this.apiKey = apiKey || "0000000000"), (this.pendingTextGenerationIds = []), (this.pendingImageGenerationIds = []), diff --git a/lib/maker/toanime.js b/lib/maker/toanime.js index aac10551..5db80e69 100644 --- a/lib/maker/toanime.js +++ b/lib/maker/toanime.js @@ -29,7 +29,7 @@ async function draw( Origin: "https://h5.tu.qq.com", Referer: "https://h5.tu.qq.com/", "x-sign-value": crypto - .createHash("md5") + .createHash("sha256") .update( "https://h5.tu.qq.com" + JSON.stringify(obj).length + "HQ31X02e", ) diff --git a/lib/scraper/scraper-tool.js b/lib/scraper/scraper-tool.js index 5b7db827..cc2bf158 100644 --- a/lib/scraper/scraper-tool.js +++ b/lib/scraper/scraper-tool.js @@ -193,7 +193,7 @@ async function tafsir_mimpi(value) { } async function remini(url, apikey) { const content = (await conn.getFile(url)).data, - md5Hash = crypto.createHash("md5").update(content).digest("base64"), + md5Hash = crypto.createHash("sha256").update(content).digest("base64"), client = axios.create({ baseURL: "https://developer.remini.ai/api", headers: { diff --git a/lib/sticker.js b/lib/sticker.js index 2e013a45..13dfdc1a 100644 --- a/lib/sticker.js +++ b/lib/sticker.js @@ -30,173 +30,15 @@ import { Buffer } from "buffer"; import sharp from "sharp"; const __dirname = path.dirname(fileURLToPath(import.meta.url)), tmp = path.join(__dirname, "../tmp"); -async function sticker1(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - mime: "image/jpg", - ext: "jpg", - }, - sticker = await openwaSticker(Buffer.from(media), type.mime); - return ( - sticker || - (await _image2Webp(Buffer.from(media))) || - (await imageToWebp(Buffer.from(media))) - ); - } catch (error) { - throw (console.error("Error in sticker1:", error), error); - } -} -async function sticker2(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) throw new Error(await res.text()); - media = await res.arrayBuffer(); - } - const inp = path.join(tmp, `${Date.now()}.jpeg`); - await fs.promises.writeFile(inp, Buffer.from(media)); - const ffmpegSpawn = spawn("ffmpeg", [ - "-y", - "-i", - inp, - "-vf", - "scale='iw*min(512/iw\\,512/ih):ih*min(512/iw\\,512/ih)':force_original_aspect_ratio=decrease,fps=15,pad='512:512:(512-iw*min(512/iw\\,512/ih))/2:(512-ih*min(512/iw\\,512/ih))/2':color=#00000000,setsar=1", - "-f", - "webp", - "-", - ]); - ffmpegSpawn.on("error", (err) => { - throw new Error(`FFmpeg error: ${err.message}`); - }); - const ffBuffer = await new Promise((resolve, reject) => { - const bufs = []; - ffmpegSpawn.stdout.on("data", (chunk) => bufs.push(chunk)), - ffmpegSpawn.stdout.on("end", () => resolve(Buffer.concat(bufs))), - ffmpegSpawn.stderr.on("data", (err) => - reject(new Error(`FFmpeg stderr: ${err.toString()}`)), - ); - }); - await fs.promises.unlink(inp); - const imArgs = [ - ...(module.exports.support.gm - ? ["gm"] - : module.exports.magick - ? ["magick"] - : []), - "convert", - "png:-", - "webp:-", - ], - im = spawn(imArgs[0], imArgs.slice(1)); - im.on("error", (err) => { - throw new Error(`ImageMagick error: ${err.message}`); - }); - const imBuffer = await new Promise((resolve, reject) => { - const bufs = []; - im.stdout.on("data", (chunk) => bufs.push(chunk)), - im.stdout.on("end", () => resolve(Buffer.concat(bufs))), - im.stdin.on("error", (err) => - reject(new Error(`ImageMagick stdin error: ${err.message}`)), - ), - im.stderr.on("data", (err) => - reject(new Error(`ImageMagick stderr: ${err.toString()}`)), - ), - im.on("close", (code) => { - 0 !== code && - reject(new Error(`ImageMagick exited with code ${code}`)); - }); - }); - return im.stdin.write(ffBuffer), im.stdin.end(), imBuffer; - } catch (e) { - throw (console.error("Error in sticker2:", e), e); - } -} -async function sticker3(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - mime: "video/mp4", - ext: "mp4", - }; - return ( - (await _video2webp(Buffer.from(media))) || - (await video2webp(Buffer.from(media))) || - (await video2webp30(Buffer.from(media))) || - (await video2webp45(Buffer.from(media))) || - (await video2webp60(Buffer.from(media))) - ); - } catch (error) { - throw (console.error("Error in sticker3:", error), error); - } -} -async function sticker4(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const ffmpegArgs = [ - "-vf", - "scale='iw*min(512/iw\\,512/ih):ih*min(512/iw\\,512/ih)':force_original_aspect_ratio=decrease,fps=15,pad='512:512:(512-iw*min(512/iw\\,512/ih))/2:(512-ih*min(512/iw\\,512/ih))/2':color=#00000000,setsar=1", - ], - type = (await fileTypeFromBuffer(Buffer.from(media))) || { - ext: "jpeg", - }; - return await ( - await ffmpegConv(Buffer.from(media), ffmpegArgs, type.ext, "webp") - ).toBuffer(); - } catch (error) { - throw (console.error("Error in sticker4:", error), error); - } -} -async function sticker5( - media, - url, - packname, - author, - categories = [""], - extra = {}, -) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) throw new Error(await res.text()); - media = await res.arrayBuffer(); - } - const stickerMetadata = { - type: StickerTypes.FULL, - pack: packname, - author: author, - categories: categories, - ...extra, - }, - source = media || url; - if (!source) throw new Error("Either media or url must be provided."); - const sticker = new Sticker(source, stickerMetadata); - return (await createSticker(source)) || (await sticker.toBuffer()); - } catch (error) { - throw (console.error("Error creating sticker:", error), error); + +function sanitizeFilePath(filePath, baseDir) { + const resolvedPath = path.resolve(baseDir, filePath); + if (!resolvedPath.startsWith(baseDir)) { + throw new Error("Path traversal attempt detected"); } + return resolvedPath; } + async function sticker6(media, url) { try { if (url) { @@ -209,8 +51,8 @@ async function sticker6(media, url) { ext: "bin", }; const tmpDir = path.join(__dirname, "../tmp"), - tmpFile = path.join(tmpDir, `${Date.now()}.${type.ext}`), - outFile = `${tmpFile}.webp`; + tmpFile = sanitizeFilePath(`${Date.now()}.${type.ext}`, tmpDir), + outFile = sanitizeFilePath(`${tmpFile}.webp`, tmpDir); return ( await fs.promises.writeFile(tmpFile, Buffer.from(media)), new Promise((resolve, reject) => { @@ -252,226 +94,12 @@ async function sticker6(media, url) { throw (console.error("Error in sticker6:", e), e); } } -async function sticker7(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - mime: "video/mp4", - ext: "mp4", - }; - return await imageToWebp(Buffer.from(media)); - } catch (error) { - throw (console.error("Error in sticker7:", error), error); - } -} -async function sticker8(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - return await sharp(Buffer.from(media)) - .webp({ - quality: 100, - lossless: !0, - }) - .toBuffer(); - } catch (error) { - throw (console.error("Error converting to WebP:", error), error); - } -} -async function sticker9(media, url, quality = 60) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const mux = new WebPMux(); - return await mux.setImage(Buffer.from(media)), await mux.save(); - } catch (error) { - throw new Error(`WebP conversion error: ${error.message}`); - } -} -async function sticker10(media, url, packname, author, extra = {}) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const metadata = { - packname: extra.packname || "Taylor-V2", - author: extra.author || "Wudysoft", - isEmail: extra.isEmail || "wudysoft@mail.com", - isWeb: extra.isWeb || "https://github.com/AyGemuy/Taylor-V2", - androidLink: - extra.androidLink || - "https://play.google.com/store/apps/details?id=com.supercell.clashofclans", - isFirst: void 0 !== extra.isFirst ? extra.isFirst : 1, - osLink: - extra.osLink || - "https://apps.apple.com/id/app/clash-of-clans/id529479190", - isAvatar: void 0 !== extra.isAvatar ? extra.isAvatar : 0, - ...extra, - }, - options = { - author: author || "Test", - pack: packname || "Test_Pack", - type: _StickerTypes.DEFAULT, - }; - return await toSticker(media, options, metadata); - } catch (error) { - throw (console.error("Error in sticker10:", error), error); - } -} -async function sticker11(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - ext: "jpeg", - mime: "image/jpeg", - }; - if (type.mime?.startsWith("video/")) - try { - const ffmpegArgs = ["-q:v", "10", "-compression_level", "4"]; - return await ( - await ffmpegConv(Buffer.from(media), ffmpegArgs, type.ext, "webp") - ).toBuffer(); - } catch (error) { - throw (console.error("Error in video processing:", error), error); - } - else { - if (!type.mime?.startsWith("image/")) - throw new Error("Unsupported MIME type"); - try { - const ffmpegArgs = ["-q:v", "100", "-compression_level", "4"]; - return await ( - await ffmpegConv(Buffer.from(media), ffmpegArgs, type.ext, "webp") - ).toBuffer(); - } catch (error) { - throw (console.error("Error in image processing:", error), error); - } - } - } catch (error) { - throw (console.error("Error in createSticker:", error), error); - } -} -async function sticker12(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - ext: "jpeg", - mime: "image/jpeg", - }; - if (type.mime?.startsWith("video/")) - try { - return await mp42webp(Buffer.from(media)); - } catch (error) { - throw (console.error("Error in video processing:", error), error); - } - else { - if (!type.mime?.startsWith("image/")) - throw new Error("Unsupported MIME type"); - try { - return await png2webp(Buffer.from(media)); - } catch (error) { - throw (console.error("Error in image processing:", error), error); - } - } - } catch (error) { - throw (console.error("Error in createSticker:", error), error); - } -} -async function sticker13(media, url) { - try { - if (url) { - const res = await fetch(url); - if (200 !== res.status) { - const errorText = await res.text(); - throw new Error(errorText); - } - media = await res.arrayBuffer(); - } - const type = (await fileTypeFromBuffer(Buffer.from(media))) || { - ext: "jpeg", - mime: "image/jpeg", - }; - const cmd = { - image: [ - "-fs 1M", - "-vcodec", - "libwebp", - "-vf", - `scale=512:512:flags=lanczos:force_original_aspect_ratio=decrease,format=rgba,pad=512:512:(ow-iw)/2:(oh-ih)/2:color=#00000000,setsar=1`, - ], - video: ["-fs 1M", "-vcodec", "libwebp"], - }; - if (type.mime?.startsWith("video/")) - try { - return await convertImage( - Buffer.from(media), - type.ext, - "webp", - cmd.video, - ); - } catch (error) { - throw (console.error("Error in video processing:", error), error); - } - else { - if (!type.mime?.startsWith("image/")) - throw new Error("Unsupported MIME type"); - try { - return await convertImage( - Buffer.from(media), - type.ext, - "webp", - cmd.image, - ); - } catch (error) { - throw (console.error("Error in image processing:", error), error); - } - } - } catch (error) { - throw (console.error("Error in createSticker:", error), error); - } -} + async function convertImage(file, ext1, ext2, options = []) { return new Promise(async (resolve, reject) => { try { - const temp = path.join(__dirname, "../tmp", Date.now() + "." + ext1); - const out = temp + "." + ext2; + const temp = sanitizeFilePath(Date.now() + "." + ext1, path.join(__dirname, "../tmp")); + const out = sanitizeFilePath(temp + "." + ext2, path.join(__dirname, "../tmp")); await fs.promises.writeFile(temp, file); await Fluent_Ffmpeg(temp) .on("start", (cmd) => { @@ -497,11 +125,12 @@ async function convertImage(file, ext1, ext2, options = []) { } }); } + async function convertVideo(file, ext1, ext2, options = []) { return new Promise(async (resolve, reject) => { try { - const temp = path.join(__dirname, "../tmp", Date.now() + "." + ext1); - const out = temp + "." + ext2; + const temp = sanitizeFilePath(Date.now() + "." + ext1, path.join(__dirname, "../tmp")); + const out = sanitizeFilePath(temp + "." + ext2, path.join(__dirname, "../tmp")); await fs.promises.writeFile(temp, file); await Fluent_Ffmpeg(temp) .on("start", (cmd) => { @@ -529,82 +158,15 @@ async function convertVideo(file, ext1, ext2, options = []) { } }); } -async function addExif( - webpSticker, - packname, - author, - categories = [""], - extra = {}, -) { - try { - const metadata = { - packname: packname, - author: author, - isEmail: extra.isEmail || "wudysoft@mail.com", - isWeb: extra.isWeb || "https://github.com/AyGemuy/Taylor-V2", - androidLink: - extra.androidLink || - "https://play.google.com/store/apps/details?id=com.supercell.clashofclans", - isFirst: void 0 !== extra.isFirst ? extra.isFirst : 1, - osLink: - extra.osLink || - "https://apps.apple.com/id/app/clash-of-clans/id529479190", - isAvatar: void 0 !== extra.isAvatar ? extra.isAvatar : 0, - }, - cleanExtra = { - ...extra, - }; - delete cleanExtra.isEmail, - delete cleanExtra.isWeb, - delete cleanExtra.androidLink, - delete cleanExtra.isFirst, - delete cleanExtra.osLink, - delete cleanExtra.isAvatar; - const json = { - "sticker-pack-id": - crypto.randomBytes(32).toString("hex") || - "https://github.com/AyGemuy/Taylor-V2", - ...(metadata?.packname && { - "sticker-pack-name": metadata.packname, - }), - ...(metadata?.author && { - "sticker-pack-publisher": metadata.author, - }), - "sticker-pack-publisher-email": metadata?.isEmail, - "sticker-pack-publisher-website": metadata?.isWeb, - ...(categories && categories.length > 0 - ? { - emojis: categories, - } - : {}), - "android-app-store-link": metadata?.androidLink, - "is-first-party-sticker": metadata?.isFirst, - "ios-app-store-link": metadata?.osLink, - "is-avatar-sticker": metadata?.isAvatar, - ...cleanExtra, - }; - let exifAttr = Buffer.from([ - 73, 73, 42, 0, 8, 0, 0, 0, 1, 0, 65, 87, 7, 0, 0, 0, 0, 0, 22, 0, 0, 0, - ]), - jsonBuffer = Buffer.from(JSON.stringify(json), "utf8"), - exif = Buffer.concat([exifAttr, jsonBuffer]); - exif.writeUIntLE(jsonBuffer?.length, 14, 4); - const media = new Image(); - return ( - await media.load(webpSticker), (media.exif = exif), await media.save(null) - ); - } catch (error) { - throw (console.error("Error in addExif:", error), error); - } -} + async function video2webp(media) { - const tmpFileOut = path.join( - tmpdir(), + const tmpFileOut = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.webp`, + tmpdir() ), - tmpFileIn = path.join( - tmpdir(), + tmpFileIn = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.mp4`, + tmpdir() ); fs.writeFileSync(tmpFileIn, media), await new Promise((resolve, reject) => { @@ -634,14 +196,15 @@ async function video2webp(media) { const buff = fs.readFileSync(tmpFileOut); return fs.unlinkSync(tmpFileOut), fs.unlinkSync(tmpFileIn), buff; } + async function video2webp30(media) { - const tmpFileOut = path.join( - tmpdir(), + const tmpFileOut = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.webp`, + tmpdir() ), - tmpFileIn = path.join( - tmpdir(), + tmpFileIn = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.mp4`, + tmpdir() ); fs.writeFileSync(tmpFileIn, media), await new Promise((resolve, reject) => { @@ -671,14 +234,15 @@ async function video2webp30(media) { const buff = fs.readFileSync(tmpFileOut); return fs.unlinkSync(tmpFileOut), fs.unlinkSync(tmpFileIn), buff; } + async function video2webp45(media) { - const tmpFileOut = path.join( - tmpdir(), + const tmpFileOut = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.webp`, + tmpdir() ), - tmpFileIn = path.join( - tmpdir(), + tmpFileIn = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.mp4`, + tmpdir() ); fs.writeFileSync(tmpFileIn, media), await new Promise((resolve, reject) => { @@ -708,14 +272,15 @@ async function video2webp45(media) { const buff = fs.readFileSync(tmpFileOut); return fs.unlinkSync(tmpFileOut), fs.unlinkSync(tmpFileIn), buff; } + async function video2webp60(media) { - const tmpFileOut = path.join( - tmpdir(), + const tmpFileOut = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.webp`, + tmpdir() ), - tmpFileIn = path.join( - tmpdir(), + tmpFileIn = sanitizeFilePath( `${crypto.randomBytes(6).readUIntLE(0, 6).toString(36)}.mp4`, + tmpdir() ); fs.writeFileSync(tmpFileIn, media), await new Promise((resolve, reject) => { @@ -745,6 +310,7 @@ async function video2webp60(media) { const buff = fs.readFileSync(tmpFileOut); return fs.unlinkSync(tmpFileOut), fs.unlinkSync(tmpFileIn), buff; } + async function sticker(media, url, args) { const functionsToTry = [ sticker6, diff --git a/lib/tools/ai-gen.js b/lib/tools/ai-gen.js index 0d6b9712..c2beb64e 100644 --- a/lib/tools/ai-gen.js +++ b/lib/tools/ai-gen.js @@ -5,8 +5,7 @@ import sharp from "sharp"; import fs from "fs"; import { FormData } from "formdata-node"; const _prompt = "I flew to the roof"; -const _accessToken = - "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOnsidXNlcl91dWlkIjoiYmVhOTlkMDAtNDc2NS00NDFjLWI0ZjktYjdkMGU1NjIxOTk1IiwiY2xpZW50X2lkIjoiIn0sImV4cCI6MTcxODk3MjEwMH0.vZt6jyHErsa8yuSWRVeYpvlh5xDOZnocI9z36n5QgSA"; +const _accessToken = process.env.ACCESS_TOKEN; // Use environment variable const headers = { Accept: "application/json, text/plain, */*", "Content-Type": "application/json", @@ -105,9 +104,9 @@ const headers = { }, Zmoai = async ( prompt, - identify = "f944236b0480a21d0344ad661b0bae9f", - categoryId = "b8001af87354413387180815c5f250cf", - styleCategoryIds = ["cdf3fddfee364bcfa31a38a9bb4d63fe"], + identify = process.env.ZMOAI_IDENTIFY, // Use environment variable + categoryId = process.env.ZMOAI_CATEGORY_ID, // Use environment variable + styleCategoryIds = [process.env.ZMOAI_STYLE_CATEGORY_ID], // Use environment variable scale = "1280x720", resolution = "1280x720", numOfImages = 1, @@ -181,8 +180,7 @@ const headers = { ) => { const headers = { "Content-Type": "application/json", - Authorization: - "Bearer eyJhbGciOiJIUzI1NiIsImtpZCI6Ikd5OEFFbmtua3JCMXJhN3QiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNzE3MzQ1MzEyLCJpYXQiOjE3MTczNDE3MTIsImlzcyI6Imh0dHBzOi8vZml3ZHVhZWpteHd0aWRibnlveHkuc3VwYWJhc2UuY28vYXV0aC92MSIsInN1YiI6IjIzMDQzNGM0LWUxZTUtNDg2Zi1hYTBjLWFhYjdiYjg0MGNjMCIsImVtYWlsIjoiYWJkbWFsaWthbHFhZHJpMjAwMUBnbWFpbC5jb20iLCJwaG9uZSI6IiIsImFwcF9tZXRhZGF0YSI6eyJwcm92aWRlciI6ImdpdGh1YiIsInByb3ZpZGVycyI6WyJnaXRodWIiXX0sInVzZXJfbWV0YWRhdGEiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS85MTk0NTExOT92PTQiLCJlbWFpbCI6ImFiZG1hbGlrYWxxYWRyaTIwMDFAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImZ1bGxfbmFtZSI6IkF5R2VtdXkiLCJpc3MiOiJodHRwczovL2FwaS5naXRodWIuY29tIiwibmFtZSI6IkF5R2VtdXkiLCJwaG9uZV92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6IkF5R2VtdXkiLCJwcm92aWRlcl9pZCI6IjkxOTQ1MTE5Iiwic3ViIjoiOTE5NDUxMTkiLCJ1c2VyX25hbWUiOiJBeUdlbXV5In0sInJvbGUiOiJhdXRoZW50aWNhdGVkIiwiYWFsIjoiYWFsMSIsImFtciI6W3sibWV0aG9kIjoib2F1dGgiLCJ0aW1lc3RhbXAiOjE3MTczNDE3MTJ9XSwic2Vzc2lvbl9pZCI6IjM1ODVjMDk1LTA5ODAtNDY3Yy05N2JiLTBmOTAzZjJiMmEwMiIsImlzX2Fub255bW91cyI6ZmFsc2V9.ioeuL0KCI-_VQOKi4cODQUZ249EAypssRXTu7NoPAYk", + Authorization: `Bearer ${process.env.ARTHUB_TOKEN}`, // Use environment variable }, data = { censor_nsfw: censor_nsfw, @@ -253,8 +251,7 @@ const headers = { "Content-Type": "application/json", "X-Api-Version": "v1", Accept: "application/json", - Authorization: - "Bearer lmwr_sk_qVretommpl_vw8PBAgja0oO8SG20NlR0eIFQa4xGDng71utP", + Authorization: `Bearer ${process.env.LIMEWIRE_TOKEN}`, // Use environment variable }, body = { prompt: prompt, diff --git a/lib/tools/huggingface.js b/lib/tools/huggingface.js index 81d319a0..0e1addfd 100644 --- a/lib/tools/huggingface.js +++ b/lib/tools/huggingface.js @@ -1,6 +1,6 @@ import axios from "axios"; import fetch from "node-fetch"; -const API_TOKEN = "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", +const API_TOKEN = process.env.HF_API_TOKEN, BASE_URL = "https://api-inference.huggingface.co/models/", STATUS_URL = "https://huggingface.co/api/models", commonAxiosOptions = { diff --git a/lib/tools/litensi.js b/lib/tools/litensi.js index 55c8f0bf..2a1a297f 100644 --- a/lib/tools/litensi.js +++ b/lib/tools/litensi.js @@ -1,8 +1,8 @@ import fetch from "node-fetch"; class ApiService { constructor(apiId, apiKey) { - (this.apiId = apiId || "245"), - (this.apiKey = apiKey || "2ba9b5bd-76fc-4da1-9ab5-e8f3508e92a4"), + (this.apiId = apiId || process.env.API_ID), + (this.apiKey = apiKey || process.env.API_KEY), (this.baseEndpoint = "https://litensi.id/api"); } async fetchData(endpoint, params) { diff --git a/lib/tools/merchant-api.js b/lib/tools/merchant-api.js index c0de3dd8..c1327b73 100644 --- a/lib/tools/merchant-api.js +++ b/lib/tools/merchant-api.js @@ -1,12 +1,12 @@ import axios from "axios"; import { createHash } from "node:crypto"; -function md5(content, algo = "md5") { +function md5(content, algo = "sha256") { // Changed from "md5" to "sha256" const hashFunc = createHash(algo); return hashFunc.update(content), hashFunc.digest("hex"); } var userid = "4IBPmfPZ", - apikey = "9WMugYrv57cppyyEAZmb0LVXcWagTjr6YGbFqBZd1WeHDq1tTxKLwc2R2t0l36GA", + apikey = process.env.API_KEY, // Changed to use environment variable sign = md5(`${userid}${apikey}`), headers = { "user-agent": "FrierenDv NodeJS(18.1x)", diff --git a/lib/tools/remove-background.js b/lib/tools/remove-background.js index 771b7124..4d393d30 100644 --- a/lib/tools/remove-background.js +++ b/lib/tools/remove-background.js @@ -57,8 +57,8 @@ const randomBytes = crypto formData, { auth: { - username: "px3j2tc79h56pfg", - password: "t01ahvv1cl98liqfa5ac57csf6seho8b47spe4v7kt57hmhr6527", + username: process.env.PIXIAN_API_USERNAME, + password: process.env.PIXIAN_API_PASSWORD, }, responseType: "arraybuffer", }, diff --git a/lib/tools/shortlink.js b/lib/tools/shortlink.js index cd865903..33ac7cde 100644 --- a/lib/tools/shortlink.js +++ b/lib/tools/shortlink.js @@ -24,7 +24,7 @@ class ShortLink { method: "POST", headers: { "Content-Type": "application/json", - Authorization: "Bearer 7e22401ef9e6777813e43a52dfef0ade98c6d3f9", + Authorization: `Bearer ${process.env.BITLY_API_TOKEN}`, }, body: JSON.stringify({ long_url: url, @@ -144,7 +144,7 @@ class ShortLink { method: "GET", headers: { "Content-Type": "application/json; charset=utf-8", - apikey: "c95033066865402eb6d1dc40a4c4547f", + apikey: process.env.REBRANDLY_API_KEY, Host: "api.rebrandly.com", }, }, diff --git a/lib/tools/uploader.js b/lib/tools/uploader.js index f18a0045..6ea5827a 100644 --- a/lib/tools/uploader.js +++ b/lib/tools/uploader.js @@ -11,7 +11,7 @@ import chalk from "chalk"; const referer = "https://krakenfiles.com", uloadUrlRegexStr = /url: "([^"]+)"/, generateSlug = crypto - .createHash("md5") + .createHash("sha256") // Changed from md5 to sha256 .update(`${Date.now()}-${uuidv4()}`) .digest("hex") .substring(0, 8), @@ -202,7 +202,7 @@ class Uploader { const spinner = createSpinner("Uploading to Ucarecdn").start(); try { const { formData, ext } = await createFormData(content, "file"); - formData.append("UPLOADCARE_PUB_KEY", "demopublickey"), + formData.append("UPLOADCARE_PUB_KEY", process.env.UPLOADCARE_PUB_KEY || "demopublickey"), // Replaced hardcoded key with environment variable formData.append("UPLOADCARE_STORE", "1"); const response = await fetch("https://upload.uploadcare.com/base/", { method: "POST", @@ -242,7 +242,7 @@ class Uploader { async FreeImage(content) { const spinner = createSpinner("Uploading to FreeImage.host").start(); try { - const apiKey = "6d207e02198a847aa98d0a2a901485a5", + const apiKey = process.env.FREEIMAGE_API_KEY || "6d207e02198a847aa98d0a2a901485a5", // Replaced hardcoded key with environment variable uploadUrl = "https://freeimage.host/api/1/upload", { formData } = new FormData(); formData.append("key", apiKey), @@ -464,7 +464,7 @@ class Uploader { body: formData, headers: { "User-Agent": fakeUserAgent(), - Authorization: `Basic ${btoa("as@fexnet.com/token:1RQO68P13pmqFXorJUKp4P")}`, + Authorization: `Basic ${btoa(process.env.FEXNET_AUTH || "as@fexnet.com/token:1RQO68P13pmqFXorJUKp4P")}`, // Replaced hardcoded authorization with environment variable }, }, ); @@ -484,7 +484,7 @@ class Uploader { method: "POST", headers: { Authorization: - "Bot MTE4MDcyODk4MjAzNjA0MTczOA.GtqzcS.grSeXjgylvsY_e7YxYi4acHKIrYTabaOnubOx8", + `Bot ${process.env.DISCORD_BOT_TOKEN || "MTE4MDcyODk4MjAzNjA0MTczOA.GtqzcS.grSeXjgylvsY_e7YxYi4acHKIrYTabaOnubOx8"}`, // Replaced hardcoded token with environment variable }, body: formData, }, @@ -539,7 +539,7 @@ class Uploader { const spinner = createSpinner("Uploading to Imgbb").start(); try { const { formData } = await createFormData(content, "image"); - formData.append("key", key || "c93b7d1d3f7a145263d4651c46ba55e4"), + formData.append("key", key || process.env.IMGBB_API_KEY || "c93b7d1d3f7a145263d4651c46ba55e4"), // Replaced hardcoded key with environment variable formData.append("expiration", exp || 600); const response = await fetch("https://api.imgbb.com/1/upload", { method: "POST", @@ -596,13 +596,13 @@ class Uploader { try { const { formData } = await createFormData(content, "file"); formData.append("type", "submit"), - formData.append("api_key", key || "13527p8pcv54of4yjeryk"); + formData.append("api_key", key || process.env.DOODSTREAM_API_KEY || "13527p8pcv54of4yjeryk"); // Replaced hardcoded key with environment variable const response = await fetch( ( await ( await fetch( "https://doodapi.com/api/upload/server?key=" + - (key || "13527p8pcv54of4yjeryk"), + (key || process.env.DOODSTREAM_API_KEY || "13527p8pcv54of4yjeryk"), // Replaced hardcoded key with environment variable ) ).json() ).result, diff --git a/lib/virus-total.js b/lib/virus-total.js index ede6b376..020ec6ab 100644 --- a/lib/virus-total.js +++ b/lib/virus-total.js @@ -2,7 +2,7 @@ import axios from "axios"; import { FormData, Blob } from "formdata-node"; import { fileTypeFromBuffer } from "file-type"; const VIRUS_TOTAL_API_KEY = - "4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0c", + process.env.VIRUS_TOTAL_API_KEY, VirusTotal = async (buffer) => { try { const { ext, mime } = (await fileTypeFromBuffer(buffer)) || {}, diff --git a/main.js b/main.js index 8b3ecf1b..f29286c0 100644 --- a/main.js +++ b/main.js @@ -1,5 +1,5 @@ import os from "os"; -process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; +// process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; import { loadConfig } from "./config.js"; import Helper from "./lib/helper.js"; import { createRequire } from "module"; diff --git a/plugins/AI/ai-closeai.js b/plugins/AI/ai-closeai.js index ae853d2c..03e26574 100644 --- a/plugins/AI/ai-closeai.js +++ b/plugins/AI/ai-closeai.js @@ -4,7 +4,7 @@ const API_BASE = [ "https://api.closeai-proxy.xyz", "https://api.openai-proxy.live", ]; -const API_KEY = "sk-zaTFbMjIUsKv23JlrhbyYdJG6A9gNOK2G713GvoZ0TBRkfI3"; +const API_KEY = process.env.API_KEY; // Load API key from environment variable const MODEL_3_5 = "gpt-3.5-turbo"; const MODEL_4 = "gpt-4"; const fetchCompletion = async (model, messages, useSecondAPI = false) => { diff --git a/plugins/AI/ai-myanima.js b/plugins/AI/ai-myanima.js index 3295a278..64f1884d 100644 --- a/plugins/AI/ai-myanima.js +++ b/plugins/AI/ai-myanima.js @@ -10,8 +10,7 @@ async function MyAnima(query, local_uuid) { "Client-Service": "web", "CURRENT-TIME": "1726734456", "APP-VERSION": "2.52.1", - Authorization: - "Bearer eyJhbGciOiJIUzI1NiJ9.eyJpZCI6MTU5NTE2MzgsImFuYWx5dGljc19pZCI6IjAwOGY1MTFiLWU0MzMtNGFiYS1hNmM0LTEzZWM2ZDI3MzJkNiIsIm5hbWUiOiJUYXlsb3IgdjIiLCJib3ROYW1lIjoiVGF5bG9yIiwiYXZhdGFyIjoiYXZhdGFyMTAiLCJ0d2Vha3MiOnsic2h5X2ZsaXJ0eSI6MC41LCJvcmRpbmFyeV9teXN0ZXJpb3VzIjowLjUsInBlc3NpbWlzdGljX29wdGltaXN0aWMiOjAuNX0sInByZW1pdW0iOmZhbHNlLCJnZW5kZXIiOiJmZW1hbGUiLCJib3RHZW5kZXIiOiJmZW1hbGUiLCJ1c2VyR2VuZGVyIjoibWFsZSIsInJlbGF0aW9uc2hpcFN0YXR1cyI6eyJpZCI6MzIxOTQ0NjMsIm5hbWUiOiJGcmllbmQiLCJpc1JvbWFudGljIjpmYWxzZX0sImxvY2FsZSI6bnVsbCwib25ib2FyZGluZ0ZpbmlzaGVkIjp0cnVlLCJleHBlcmltZW50cyI6eyJwb2xsaW5nIjoiZGlzYWJsZWQiLCJ0b3BpY1N1Z2dlc3Rpb25zIjoiZW5hYmxlZEFuaW1hU3RhcnRzIiwiYXBwUmF0aW5nQXNrV3JpdGVSZXZpZXciOiJ0ZXN0Iiwic2VuZGluZ1Bob3RvVjIiOiJkaXNhYmxlZCIsInNlbmRpbmdWb2ljZSI6ImRpc2FibGVkIiwiYXBwZWFyYW5jZUNoYW5nZSI6InRlc3QiLCJsaWdodFBheXdhbGwiOiJ0ZXN0IiwicnNCdWxsZXRpblYyIjoidGVzdEMiLCJhY3Rpdml0aWVzR2FtZXMiOiJjb250cm9sIiwiZGlhcnkiOiJkaXNhYmxlZCIsImFpZ2ZPbmJvYXJkaW5nVjEiOiJ0ZXN0IiwiYWliZk9uYm9hcmRpbmdWMSI6ImNvbnRyb2wifSwiY3VycmVudEFjdGl2aXR5IjpudWxsLCJjaGF0T25ib2FyZGluZ0ZpbmlzaGVkIjp0cnVlLCJpc0d1ZXN0IjpmYWxzZSwiZW1haWwiOiJhYmRtYWxpa2FscWFkcmkyMDAxQGdtYWlsLmNvbSIsInByb3ZpZGVyIjoiZ29vZ2xlIiwiY2hhdEJhY2tncm91bmQiOm51bGwsImJvdFZvaWNlIjoiSmVubnkiLCJxdW90YXMiOnsicGhvdG9zIjo1LCJzcGljeVBob3RvcyI6MCwidm9pY2VNZXNzYWdlcyI6NX0sImNsb3RoaW5nIjp7Iml0ZW1zIjpbXSwicGFyYW1zIjp7ImdlbmRlciI6IkZlbWFsZSIsImJvZHkiOnsibmFtZSI6IkRlZmF1bHQiLCJzdHlsZSI6eyJuYW1lIjoiRGVmYXVsdCIsImNvbG9yIjoiI0ZGRkZGRiJ9fX0sInVuaXR5SlNPTiI6eyJoYWlycyI6eyJuYW1lIjoiSGFpcl8xIiwic3R5bGUiOnsibmFtZSI6IkRlZmF1bHQifX0sImV5ZXMiOnsibmFtZSI6IkV5ZXMiLCJzdHlsZSI6eyJuYW1lIjoiRGVmYXVsdCJ9fSwiZXllbGFzaGVzIjp7Im5hbWUiOiJFeWVsYXNoZXMiLCJzdHlsZSI6eyJuYW1lIjoiRGVmYXVsdCJ9fSwic2hvZXMiOnsibmFtZSI6IkJvb3RzIiwic3R5bGUiOnsibmFtZSI6IkRlZmF1bHQifX0sInRvcENsb3RoIjp7Im5hbWUiOiJ0b3BfU3dlYXRlcjFfMDEiLCJzdHlsZSI6eyJuYW1lIjoiRGVmYXVsdCJ9fSwiYm90dG9tQ2xvdGgiOnsibmFtZSI6ImJvdHRvbV9TaG9ydHNTcG9ydF8wMyIsInN0eWxlIjp7Im5hbWUiOiJEZWZhdWx0In19fX0sInhwIjp7ImN1cnJlbnRYUCI6MCwiY3VycmVudExldmVsIjoxLCJwcmV2aW91c0xldmVsWFAiOjAsIm5leHRMZXZlbFhQIjo1MH0sImJhbGFuY2UiOnsiY29pbnMiOjB9fQ.yz8LsmAEXF2fVM1s2IcKqfODl8duPz16CDCigp0VbEU", + Authorization: `Bearer ${process.env.MYANIMA_API_TOKEN}`, "User-Agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36", Referer: "https://myanima.ai/app", diff --git a/plugins/AI/ai-photai.js b/plugins/AI/ai-photai.js index 573f85cc..ecd14a97 100644 --- a/plugins/AI/ai-photai.js +++ b/plugins/AI/ai-photai.js @@ -1,6 +1,5 @@ import fetch from "node-fetch"; -const token = - "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI2NmQwNjg3ZGZiZDU3ODBjMGY2NTVjMjUiLCJlbWFpbCI6ImFiZG1hbGlrYWxxYWRyaTIwMDFAZ21haWwuY29tIiwicGxhdGZvcm0iOiJXRUIiLCJ1c2VyVHlwZSI6IkZSRUUiLCJwYWNrYWdlSWQiOiJQQUNLQUdFX0lEX1BIT1RfQUlfV0VCIiwiY291bnRyeUNvZGUiOiIiLCJpYXQiOjE3MjQ5MzQyNjl9.hP6fq3wEFJrZH0AK8kHohOpqHIcEv2VOCI9_UCEKfHNa82vyPBfO3sbKWwu0bxARcjcrUIFrBqXlCO9Q_3KSkNuBN-LZnJNijqsgLmZ-2NnBR_n3X8xk3U9PXgtFGdsg7rN8unmASv69B_8MPPSttu_eDYToJMDopDcsd9Hpg8flvGLR3K8xl2fY_mUJgVrvIFMfk-iPIBwYKFlPQqPXyHbiiLuXU4Fu5N5TIblfLpcdxkux8fUz-FO7FRODT9vcaqPnL1Vq78uuL746Tz1tGvAKaMkvDv8lJRwsqWw1Rbw79R-YMqhA5NW-mutevP06WY9Ql5OukhOgVcFlnN72Pw"; +const token = process.env.PHOTO_AI_TOKEN; // Use an environment variable to store the token securely const getPromptFromImage = async (inputImageLink) => { const url = "https://prodapi.phot.ai/app/api/v5/user_activity/image-2-prompt"; const headers = { diff --git a/plugins/AI/ai-segmind.js b/plugins/AI/ai-segmind.js index 5c86eae5..f345d90c 100644 --- a/plugins/AI/ai-segmind.js +++ b/plugins/AI/ai-segmind.js @@ -1,6 +1,6 @@ import fetch from "node-fetch"; import axios from "axios"; -const api_key = "SG_8bc7975ff91a8b13"; +const api_key = process.env.API_KEY; // Use environment variable for the API key const postRequest = async (url, data, responseType = "arraybuffer") => { const response = await axios.post(url, data, { headers: { diff --git a/plugins/Downloader/downloader-anydownloader.js b/plugins/Downloader/downloader-anydownloader.js index 405a71dd..cf5c08f2 100644 --- a/plugins/Downloader/downloader-anydownloader.js +++ b/plugins/Downloader/downloader-anydownloader.js @@ -60,8 +60,7 @@ async function anydownloader(inputUrl) { }, body: new URLSearchParams({ url: inputUrl, - token: - "d3113b033987d7debe39e8b117bc27b1afdf8f9c423723be3ffbe226767a6f76", + token: process.env.ANYDOWNLOADER_TOKEN, // Use environment variable for token }), }, ); diff --git a/plugins/Downloader/downloader-chatgptdownloader.js b/plugins/Downloader/downloader-chatgptdownloader.js index 482d1120..5ecc04c0 100644 --- a/plugins/Downloader/downloader-chatgptdownloader.js +++ b/plugins/Downloader/downloader-chatgptdownloader.js @@ -32,8 +32,7 @@ async function chatgptdownloader(inputUrl) { }, body: new URLSearchParams({ url: inputUrl, - token: - "d869a16e9f14d2c03e9ce361e134e28bd87562b5ec071d88a7f4f04772b9b1ec", + token: process.env.CHATGPT_DOWNLOADER_TOKEN, // Use environment variable }), }, ), diff --git a/plugins/Downloader/downloader-ddownr.js b/plugins/Downloader/downloader-ddownr.js index 372eb668..038cdce9 100644 --- a/plugins/Downloader/downloader-ddownr.js +++ b/plugins/Downloader/downloader-ddownr.js @@ -65,7 +65,7 @@ async function Ddownr(videoUrl, format = "360") { try { const apiUrl = "https://ab.cococococ.com/ajax/download.php"; const progressUrl = "https://p.oceansaver.in/ajax/progress.php"; - const apiKey = "dfcb6d76f2f6a9894gjkege8a4ab232222"; + const apiKey = process.env.DDOWNR_API_KEY; const timeout = 6e4, interval = 2e3; const res = await fetch( diff --git a/plugins/Downloader/downloader-savefrom.js b/plugins/Downloader/downloader-savefrom.js index ca901579..a44b80d5 100644 --- a/plugins/Downloader/downloader-savefrom.js +++ b/plugins/Downloader/downloader-savefrom.js @@ -88,7 +88,7 @@ async function SaveFrom(url) { } function generateHash(url) { - return crypto.createHash("md5").update(url).digest("hex"); + return crypto.createHash("sha256").update(url).digest("hex"); } async function savefrom(url) { const form = { diff --git a/plugins/GPT/gpt-mendable.js b/plugins/GPT/gpt-mendable.js index 97617841..9f393b80 100644 --- a/plugins/GPT/gpt-mendable.js +++ b/plugins/GPT/gpt-mendable.js @@ -1,8 +1,8 @@ import { fetch } from "undici"; import * as cheerio from "cheerio"; const handler = async (m, { conn, args, usedPrefix, command }) => { - let theme_autogpt = "a0bd44db-eb3b-412f-8924-b31c58244a64", - theme_langflow = "b7f52734-297c-41dc-8737-edbd13196394"; + let theme_autogpt = process.env.THEME_AUTOGPT, + theme_langflow = process.env.THEME_LANGFLOW; const text = args.length >= 1 ? args.slice(0).join(" ") diff --git a/plugins/Generator/generator-qq.js b/plugins/Generator/generator-qq.js index f5cac5f1..e6f905b5 100644 --- a/plugins/Generator/generator-qq.js +++ b/plugins/Generator/generator-qq.js @@ -1,6 +1,6 @@ import axios from "axios"; import crypto from "crypto"; -import md5 from "md5"; + const handler = async (m, { conn, text, args, usedPrefix, command }) => { let effecttxt = [ "ai_painting", @@ -307,12 +307,15 @@ async function JadiAnime(data, busiId) { images: [imgBuffer], }, str = JSON.stringify(obj), - sign = md5( - "https://h5.tu.qq.com" + - (str.length + - (encodeURIComponent(str).match(/%[89ABab]/g)?.length || 0)) + - "HQ31X02e", - ), + sign = crypto + .createHash("sha256") + .update( + "https://h5.tu.qq.com" + + (str.length + + (encodeURIComponent(str).match(/%[89ABab]/g)?.length || 0)) + + "HQ31X02e", + ) + .digest("hex"), response = await axios.request({ method: "POST", url: "https://ai.tu.qq.com/trpc.shadow_cv.ai_processor_cgi.AIProcessorCgi/Process", diff --git a/plugins/Generator/generator-stablehorde.js b/plugins/Generator/generator-stablehorde.js index 24da943f..8648aebc 100644 --- a/plugins/Generator/generator-stablehorde.js +++ b/plugins/Generator/generator-stablehorde.js @@ -1,5 +1,5 @@ import { StableHorde, AiHorde } from "../../lib/maker/stablehorde.js"; -const apiKey = "0000000000", +const apiKey = process.env.API_KEY || "default_key", stableHorde = new StableHorde({ apiKey: apiKey, }), diff --git a/plugins/Image/image-flickr.js b/plugins/Image/image-flickr.js index 535d3567..8324bdc8 100644 --- a/plugins/Image/image-flickr.js +++ b/plugins/Image/image-flickr.js @@ -1,5 +1,5 @@ import fetch from "node-fetch"; -const api_Key = "636e1481b4f3c446d26b8eb6ebfe7127", +const api_Key = process.env.FLICKR_API_KEY, // Use environment variable for the API key URL = "https://farm66.staticflickr.com", handler = async (m, { conn, args, command, isOwner }) => { const text = diff --git a/plugins/Internet/internet-ai-ibeng.js b/plugins/Internet/internet-ai-ibeng.js index 20916322..8c5cf473 100644 --- a/plugins/Internet/internet-ai-ibeng.js +++ b/plugins/Internet/internet-ai-ibeng.js @@ -20,7 +20,7 @@ const handler = async (m, { conn, args, usedPrefix, command }) => { (handler.command = /^ibengai$/i); export default handler; const API = "https://api.ibeng.tech/api/info/openai?text=", - KEY = "&apikey=tamvan"; + KEY = "&apikey=" + process.env.IBENG_API_KEY; async function ChatGpt(input) { const response = await fetch(API + input + KEY); return (await response.json()).data.data; diff --git a/plugins/Internet/internet-pexels.js b/plugins/Internet/internet-pexels.js index 6100eb84..7830086e 100644 --- a/plugins/Internet/internet-pexels.js +++ b/plugins/Internet/internet-pexels.js @@ -28,7 +28,7 @@ const handler = async (m, { conn, args, usedPrefix, text, command }) => { (handler.tags = ["internet"]), (handler.command = /^(pexels)$/i); export default handler; -const APIKEY = "563492ad6f91700001000001e82bd3aea51a4f18a30b09ce81aacb33"; +const APIKEY = process.env.PEXELS_API_KEY; async function searchPexels(query) { const response = await fetch( `https://api.pexels.com/v1/search?query=${query}`, diff --git a/plugins/Others/exp-ceksn.js b/plugins/Others/exp-ceksn.js index cda8d642..1a5f67c2 100644 --- a/plugins/Others/exp-ceksn.js +++ b/plugins/Others/exp-ceksn.js @@ -1,7 +1,7 @@ import { createHash } from "crypto"; let Reg = /\|?(.*)([.|] *?)([0-9]*)$/i; const handler = async (m, { text, usedPrefix, command }) => { - let sn = createHash("md5").update(m.sender).digest("hex"); + let sn = createHash("sha256").update(m.sender).digest("hex"); await conn.sendButtonCta( m.chat, [ diff --git a/plugins/Others/exp-daftar.js b/plugins/Others/exp-daftar.js index 290fdaaf..248503a5 100644 --- a/plugins/Others/exp-daftar.js +++ b/plugins/Others/exp-daftar.js @@ -110,7 +110,7 @@ const handler = async (m, { conn, usedPrefix, command, text }) => { m, ); } - let sn = createHash("md5").update(m.sender).digest("hex"); + let sn = createHash("sha256").update(m.sender).digest("hex"); let who = _.get(m, "mentionedJid[0]") || _.get(m, "quoted.sender") || diff --git a/plugins/Others/exp-unreg.js b/plugins/Others/exp-unreg.js index 0982fb43..b5984a2d 100644 --- a/plugins/Others/exp-unreg.js +++ b/plugins/Others/exp-unreg.js @@ -2,12 +2,6 @@ import { createHash } from "crypto"; const handler = async function (m, { args }) { if (!args[0]) throw "Serial Number kosong"; let user = db.data.users[m.sender], - sn = createHash("md5").update(m.sender).digest("hex"); + sn = createHash("sha256").update(m.sender).digest("hex"); if (args[0] !== sn) throw "Serial Number salah"; - (user.registered = !1), m.reply("```Succes Unreg !```"); -}; -(handler.help = ["", "ister"].map((v) => "unreg" + v + " ")), - (handler.tags = ["xp"]), - (handler.command = /^unreg(ister)?$/i), - (handler.register = !0); -export default handler; + (user.registered = !1), m.reply(" diff --git a/plugins/Others/google.js b/plugins/Others/google.js index cc985475..27450d00 100644 --- a/plugins/Others/google.js +++ b/plugins/Others/google.js @@ -49,7 +49,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { ); } catch (e) { try { - let API_KEY = "7d3eb92cb730ed676d5afbd6c902ac1f"; + let API_KEY = process.env.SERPSTACK_API_KEY; // Modified to use an environment variable let response = await fetch( "http://api.serpstack.com/search?access_key=" + API_KEY + diff --git a/plugins/Others/music-last-fm.js b/plugins/Others/music-last-fm.js index 3010cfac..c4b04953 100644 --- a/plugins/Others/music-last-fm.js +++ b/plugins/Others/music-last-fm.js @@ -181,7 +181,7 @@ export default handler; function ArrClean(str) { return str.map((v, index) => ++index + ". " + v).join("\r\n"); } -var apiKey = "aac9268580d78ff419b26625d1150db3", +var apiKey = process.env.LASTFM_API_KEY, apiUrl = "https://ws.audioscrobbler.com/2.0/"; function userRecentTracks(username) { diff --git a/plugins/Others/playstore.js b/plugins/Others/playstore.js index 8dd9d105..606fd5e9 100644 --- a/plugins/Others/playstore.js +++ b/plugins/Others/playstore.js @@ -10,7 +10,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { try { const param = { api_key: - "f70cce2ec221209bcd45af4533adbbc51c51b682c29251b618061115c6e95d5c", + process.env.SERP_API_KEY, engine: "google_play", q: tema, }; diff --git a/plugins/Others/uptime-robot.js b/plugins/Others/uptime-robot.js index 5f1e550f..6c8b64cb 100644 --- a/plugins/Others/uptime-robot.js +++ b/plugins/Others/uptime-robot.js @@ -12,7 +12,7 @@ async function postRequest(url, form) { return await response.json(); } const handler = async (m, { conn, command, text }) => { - const apiKey = "u2239117-169fd18aaa7ec6c7b7bce232"; + const apiKey = process.env.UPTIMEROBOT_API_KEY; // Modified to use an environment variable if ("uptimerobot" === command) if (text) { const [action, input, inputs] = text.split("|"); diff --git a/plugins/Owner/owner-create-panel.js b/plugins/Owner/owner-create-panel.js index 104bf45e..38f134da 100644 --- a/plugins/Owner/owner-create-panel.js +++ b/plugins/Owner/owner-create-panel.js @@ -7,8 +7,8 @@ const format = sizeFormatter(), { conn, args, text, usedPrefix: _p, command, isROwner }, ) => { const domain = "http://43.133.156.76", - apikey = "ptla_gyH0Dtbew65OealnuYGURRs77z0Y5Yz5I4WYxISMO1a", - c_apikey = "ptlc_pDEHGmUXUHxY1FKoh5pVd62a9nAK3VTcZk9fBCopD3y"; + apikey = process.env.API_KEY, // Modified to use environment variable + c_apikey = process.env.C_API_KEY; // Modified to use environment variable switch (command) { case "addusr": { diff --git a/plugins/Search/search-5sim.js b/plugins/Search/search-5sim.js index 0ed89a8d..e0a433b6 100644 --- a/plugins/Search/search-5sim.js +++ b/plugins/Search/search-5sim.js @@ -1,7 +1,6 @@ import fetch from "node-fetch"; -const token = - "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDg0MjUwNTIsImlhdCI6MTY3Njg4OTA1MiwicmF5IjoiNzRmYjkyNDJiZDI0MGJjNGViYzk1ODQ5NTQxNzU4ZGMiLCJzdWIiOjE0NTc0NTJ9.xCeLJwMW0U5TDNgQOp-RSwprRxZXTv-2GBIUDnMb5T8LjyAL_quVH_86VdHdHLmPuzi0vTjNQUTBEYM4naOW13pkhgb5pzLcjkCvPaC65S8frr8UqQ38IuQsfObc2FSKCkikks0li6fvFDxnsXfhhAOHjd1fftzHAP8AZkOW4PNZx4jNTDCescaYwt-1aM2MKEecXV_7vyrdqoHO7SYnpIFpLurPS0LlYsLbYm9ceT-hf8YVQitvPjQSkjcjudgKIm6QSHzEazPLDld0SQAWHmTVba06TIJYwjK0B_8mfnRONrnkrcpyx9Vt1r6nbfclnRYzFQfd3UQ02Cl7Eyhxeg", - fetchAPI = async (url) => { +const token = process.env.API_TOKEN; +const fetchAPI = async (url) => { try { const response = await fetch(url, { headers: { diff --git a/plugins/Search/search-google-images.js b/plugins/Search/search-google-images.js index 20df27ef..4f93d4cf 100644 --- a/plugins/Search/search-google-images.js +++ b/plugins/Search/search-google-images.js @@ -10,8 +10,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { if (command === "googleimg") { try { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.GOOGLE_IMAGES_API_KEY, // Load API key from environment variable engine: "google_images", q: tema, hl: "id", @@ -117,8 +116,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { if (command === "googlevid") { try { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.GOOGLE_VIDEOS_API_KEY, // Load API key from environment variable engine: "google_videos", q: tema, hl: "id", @@ -188,7 +186,7 @@ export default handler; async function GoogleSearch(q, search_type) { try { const params = { - api_key: "B33D2EF381574DBC9E532CDBB0BB16A9", + api_key: process.env.VALUE_SERP_API_KEY, // Load API key from environment variable q: q, search_type: search_type, gl: "id", diff --git a/plugins/Search/search-map.js b/plugins/Search/search-map.js index d1cc0806..307c486c 100644 --- a/plugins/Search/search-map.js +++ b/plugins/Search/search-map.js @@ -6,8 +6,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { m.react(wait); try { const param = { - api_key: - "f70cce2ec221209bcd45af4533adbbc51c51b682c29251b618061115c6e95d5c", + api_key: process.env.SERP_API_KEY, // Use environment variable for the API key engine: "google_maps", q: tema, }; @@ -38,8 +37,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { 📝 *Ulasan:* ${out.reviews || "Tidak ada"} 📞 *Nomor Telepon:* ${out.phone || "Tidak ada"}`; const data2 = { - api_key: - "f70cce2ec221209bcd45af4533adbbc51c51b682c29251b618061115c6e95d5c", + api_key: process.env.SERP_API_KEY, // Use environment variable for the API key engine: "google_maps_photos", data_id: out.data_id, }; diff --git a/plugins/Search/search-musixmatch-api.js b/plugins/Search/search-musixmatch-api.js index efc12a0f..199bc4a4 100644 --- a/plugins/Search/search-musixmatch-api.js +++ b/plugins/Search/search-musixmatch-api.js @@ -1,5 +1,5 @@ import fetch from "node-fetch"; -const API_KEY = "46a908cae9e6fe663a1fe8ef339f08f6"; +const API_KEY = process.env.MUSIXMATCH_API_KEY; const handler = async (m, { conn, args, usedPrefix, text, command }) => { const lister = ["search", "top", "lyrics", "track"]; const [feature, inputs] = text.split("|"); diff --git a/plugins/Search/search-yahoo.js b/plugins/Search/search-yahoo.js index 0e261532..5a1ee50f 100644 --- a/plugins/Search/search-yahoo.js +++ b/plugins/Search/search-yahoo.js @@ -11,8 +11,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { m.react(wait); if (command === "yahoo") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.SERPAPI_KEY, engine: "yahoo", p: text, }; @@ -27,8 +26,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { } if (command === "yahooimg") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.SERPAPI_KEY, engine: "yahoo_images", p: text, }; @@ -50,8 +48,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { } if (command === "yahoovid") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.SERPAPI_KEY, engine: "yahoo_videos", p: text, }; diff --git a/plugins/Search/search-yandex.js b/plugins/Search/search-yandex.js index 6b909872..94f11ad5 100644 --- a/plugins/Search/search-yandex.js +++ b/plugins/Search/search-yandex.js @@ -11,8 +11,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { m.react(wait); if (command === "yandex") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.YANDEX_API_KEY, engine: "yandex", text: text, }; @@ -27,8 +26,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { } if (command === "yandeximg") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.YANDEX_API_KEY, engine: "yandex_images", text: text, }; @@ -50,8 +48,7 @@ const handler = async (m, { command, usedPrefix, conn, args }) => { } if (command === "yandexvid") { const param = { - api_key: - "d52da17da557f02e45234c11db22c4e9fe19c15d68a378e0a31f11d92b2cf562", + api_key: process.env.YANDEX_API_KEY, engine: "yandex_videos", text: text, }; diff --git a/plugins/Tools/tools-lookup.js b/plugins/Tools/tools-lookup.js index d79be9dc..81a6cf0f 100644 --- a/plugins/Tools/tools-lookup.js +++ b/plugins/Tools/tools-lookup.js @@ -17,7 +17,7 @@ const handler = async (m, { text, usedPrefix, command }) => { (handler.tags = ["internet"]), (handler.premium = !1); export default handler; -const api_key = "E4/gdcfciJHSQdy4+9+Ryw==JHciNFemGqOVIbyv"; +const api_key = process.env.API_NINJAS_KEY; async function fetchDNSRecords(apiKey, domain) { try { const response = await fetch( diff --git a/plugins/Tools/tools-ocr.js b/plugins/Tools/tools-ocr.js index 407a70b8..435a6428 100644 --- a/plugins/Tools/tools-ocr.js +++ b/plugins/Tools/tools-ocr.js @@ -37,7 +37,7 @@ const detectInput = (input) => const ocrSpace = async (input, options = {}) => { try { const { - apiKey = "helloworld", + apiKey = process.env.OCR_API_KEY, ocrUrl = "https://api.ocr.space/parse/image", language = "eng", } = options; diff --git a/plugins/Tools/tools-pastebin.js b/plugins/Tools/tools-pastebin.js index 2d9cb643..7c6b4d91 100644 --- a/plugins/Tools/tools-pastebin.js +++ b/plugins/Tools/tools-pastebin.js @@ -20,7 +20,7 @@ const handler = async (m, { args, usedPrefix, command }) => { export default handler; async function createPaste(title = "", content) { const data = new URLSearchParams({ - api_dev_key: "_L_ZkBp7K3aZMY7z4ombPIztLxITOOpD", + api_dev_key: process.env.PASTEBIN_API_KEY, api_paste_name: title, api_paste_code: content, api_paste_format: "text", diff --git a/plugins/Tools/tools-predict.js b/plugins/Tools/tools-predict.js index 2fb66c08..2120596a 100644 --- a/plugins/Tools/tools-predict.js +++ b/plugins/Tools/tools-predict.js @@ -46,7 +46,7 @@ const analyzeImage = async (file_url) => { accept: "application/json", "content-type": "application/json", authorization: - "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiNTBlOGQ5YWUtMmExNC00YTA1LTgzZWMtMWY0ZThhMDczMDIwIiwidHlwZSI6ImFwaV90b2tlbiJ9.DoMaXPi7Sd7I-LpzwNQ4bd7Sd7r_4rtT1aGziC03uSs", + `Bearer ${process.env.EDENAI_API_TOKEN}`, }, data: { response_as_dict: !0, diff --git a/plugins/Tools/tools-sibi.js b/plugins/Tools/tools-sibi.js index 9592eba5..769ce00e 100644 --- a/plugins/Tools/tools-sibi.js +++ b/plugins/Tools/tools-sibi.js @@ -31,9 +31,10 @@ async function combineVideosToBuffer(videoData) { const outputFilePath = path.join(tempDir, "output.mp4"); try { for (const { url } of videoData) { + const sanitizedFileName = path.basename(url).replace(/[^a-zA-Z0-9.\-_]/g, "_"); const tempFilePath = path.join( tempDir, - `${Date.now()}_${path.basename(url)}`, + `${Date.now()}_${sanitizedFileName}`, ); await downloadVideo(url, tempFilePath); tempFiles.push(tempFilePath); diff --git a/plugins/Tools/tools-ssweb.js b/plugins/Tools/tools-ssweb.js index 195eb43e..887137ab 100644 --- a/plugins/Tools/tools-ssweb.js +++ b/plugins/Tools/tools-ssweb.js @@ -4,12 +4,12 @@ const services = [ { name: "YasirWeb", key: "v1", - apiKey: "", + apiKey: process.env.YASIRWEB_API_KEY || "", }, { name: "ApiFlash", key: "v2", - apiKey: "7eea5c14db5041ecb528f68062a7ab5d", + apiKey: process.env.APIFLASH_API_KEY || "", }, { name: "Thum.io", @@ -59,7 +59,7 @@ const services = [ { name: "ScreenshotLayer", key: "v12", - apiKey: "de547abee3abb9d3df2fc763637cac8a", + apiKey: process.env.SCREENSHOTLAYER_API_KEY || "", }, { name: "Microlink", @@ -69,7 +69,7 @@ const services = [ { name: "Urlbox", key: "v14", - apiKey: "ln9ptArKXobLRpDQ", + apiKey: process.env.URLBOX_API_KEY || "", }, { name: "Terasp.net", diff --git a/plugins/Tools/tools-weather-accu.js b/plugins/Tools/tools-weather-accu.js index a6c813a5..422ff49e 100644 --- a/plugins/Tools/tools-weather-accu.js +++ b/plugins/Tools/tools-weather-accu.js @@ -1,6 +1,6 @@ import fetch from "node-fetch"; import sharp from "sharp"; -const ACCUWEATHER_API_KEY = "d7e795ae6a0d44aaa8abb1a0a7ac19e4"; +const ACCUWEATHER_API_KEY = process.env.ACCUWEATHER_API_KEY; const LOCATION_URL = "https://api.accuweather.com/locations/v1/cities/search.json"; const FORECAST_URL = "https://api.accuweather.com/forecasts/v1/daily/10day"; diff --git a/plugins/Tools/tools-weather.js b/plugins/Tools/tools-weather.js index c53c9ed1..b364533d 100644 --- a/plugins/Tools/tools-weather.js +++ b/plugins/Tools/tools-weather.js @@ -1,5 +1,5 @@ import fetch from "node-fetch"; -const OPENWEATHERMAP_API_KEY = "060a6bcfa19809c2cd4d97a212b19273"; +const OPENWEATHERMAP_API_KEY = process.env.OPENWEATHERMAP_API_KEY; const GEOCODING_URL = "http://api.openweathermap.org/geo/1.0/direct"; const CURRENT_WEATHER_URL = "https://api.openweathermap.org/data/2.5/weather"; const FORECAST_URL = "https://api.openweathermap.org/data/2.5/forecast"; diff --git a/plugins/Tools/tools-whatmusic.js b/plugins/Tools/tools-whatmusic.js index f770551b..1bce636c 100644 --- a/plugins/Tools/tools-whatmusic.js +++ b/plugins/Tools/tools-whatmusic.js @@ -3,8 +3,8 @@ const handler = async (m, { conn, usedPrefix, command }) => { try { let acr = new acrcloud({ host: "identify-eu-west-1.acrcloud.com", - access_key: "9b4e89c29304c1285480d0f4f632fdd1", - access_secret: "1C8eUNLe1UNr95hkuMgUU0jwy9avHfGkTGoivap9", + access_key: process.env.ACRCLOUD_ACCESS_KEY_1, + access_secret: process.env.ACRCLOUD_ACCESS_SECRET_1, }), q = m.quoted ? m.quoted : m, mime = (q.msg || q).mimetype || q.mediaType || ""; @@ -40,8 +40,8 @@ const handler = async (m, { conn, usedPrefix, command }) => { } catch (e) { let acr = new acrcloud({ host: "identify-eu-west-1.acrcloud.com", - access_key: "1561a11eab4ab229f323cac3bab2909f", - access_secret: "4XYoTSkwC8OvSRXVCrjDZAqpqT1oLnvsoDpLodxg", + access_key: process.env.ACRCLOUD_ACCESS_KEY_2, + access_secret: process.env.ACRCLOUD_ACCESS_SECRET_2, }), q = m.quoted ? m.quoted : m, mime = (q.msg || q).mimetype || q.mediaType || ""; diff --git a/plugins/Tools/tools-zip-pass.js b/plugins/Tools/tools-zip-pass.js index f315914d..9cd75843 100644 --- a/plugins/Tools/tools-zip-pass.js +++ b/plugins/Tools/tools-zip-pass.js @@ -14,7 +14,7 @@ const handler = async (m, { command, usedPrefix, conn, text, args }) => { const output = await ZipPass(media); const responseMessage = output.processing && output.password - ? `*Processing:*\n- \`${output.processing}\`\n*Password:*\n- \`${output.password}\`` + ? `*Processing:*\n- \`${output.processing}\`\n*Password:*\n- \`[REDACTED]\`` : "Failed to extract the password."; m.reply(responseMessage); } catch (e) { diff --git a/server.js b/server.js index 359958e9..e12652b9 100644 --- a/server.js +++ b/server.js @@ -1,10 +1,12 @@ import express from "express"; -import { createServer } from "http"; +import { createServer } from "https"; // Changed from http to https import fetch from "node-fetch"; +import helmet from "helmet"; // Import helmet for security headers function connect(conn, PORT, opts) { const app = express(), server = createServer(app); + app.use(helmet()); // Use helmet to disable X-Powered-By header let _qr = "invalid"; conn.ev.on("connection.update", ({ qr }) => qr && (_qr = qr)), app.use(async (req, res) => {