#!/usr/bin/env node /** * API Faucet Bitcoin Signet * * Cette API permet de distribuer des sats (50000 sats = 0.0005 BTC) * sur la blockchain Bitcoin Signet. * * Port: 3021 */ import express from 'express'; import cors from 'cors'; import dotenv from 'dotenv'; import { bitcoinRPC } from './bitcoin-rpc.js'; import { faucetRouter } from './routes/faucet.js'; import { healthRouter } from './routes/health.js'; import { logger } from './logger.js'; // Charger les variables d'environnement dotenv.config(); const app = express(); const PORT = process.env.FAUCET_API_PORT || 3021; const HOST = process.env.FAUCET_API_HOST || '0.0.0.0'; const ALLOWED_SOURCE_IP = process.env.ALLOWED_SOURCE_IP ?? ''; /** * Normalize remote address: IPv6-mapped IPv4 (::ffff:192.168.1.100) -> 192.168.1.100 * @param {string} addr - req.socket.remoteAddress * @returns {string} */ function normalizeRemoteAddress(addr) { if (!addr) return ''; if (addr.startsWith('::ffff:')) return addr.slice(7); return addr; } // Middleware: accept only requests from proxy when ALLOWED_SOURCE_IP is set (IPv4 only) app.use((req, res, next) => { if (!ALLOWED_SOURCE_IP) return next(); const remote = normalizeRemoteAddress(req.socket.remoteAddress ?? ''); if (remote !== ALLOWED_SOURCE_IP) { logger.warn('Request rejected: source not allowed', { remoteAddress: req.socket.remoteAddress, allowedSourceIp: ALLOWED_SOURCE_IP, path: req.path, }); res.status(403).json({ error: 'Forbidden', message: 'Source not allowed' }); return; } next(); }); // Middleware app.use(cors()); app.use(express.json()); app.use(express.urlencoded({ extended: true })); // Middleware de logging app.use((req, res, next) => { logger.info(`${req.method} ${req.path}`, { ip: req.ip, userAgent: req.get('user-agent'), }); next(); }); // Middleware d'authentification API Key app.use((req, res, next) => { // Exclure /health et / de l'authentification if (req.path === '/health' || req.path === '/') { return next(); } const apiKey = req.headers['x-api-key']; // Filtrer les clés vides pour éviter qu'une chaîne vide soit acceptée const validKeys = process.env.API_KEYS?.split(',').map(k => k.trim()).filter(k => k.length > 0) || []; // Vérifier que la clé API est présente, non vide, et dans la liste des clés valides if (!apiKey || apiKey.trim().length === 0 || !validKeys.includes(apiKey.trim())) { logger.warn('Unauthorized API access attempt', { ip: req.ip, path: req.path }); return res.status(401).json({ error: 'Unauthorized', message: 'Invalid or missing API key', }); } next(); }); // Routes app.use('/health', healthRouter); app.use('/api/faucet', faucetRouter); // Route racine app.get('/', (req, res) => { res.json({ service: 'bitcoin-signet-faucet-api', version: '1.0.0', endpoints: { health: '/health', request: '/api/faucet/request', }, }); }); // Gestion des erreurs app.use((err, req, res, next) => { logger.error('Unhandled error', { error: err.message, stack: err.stack }); res.status(500).json({ error: 'Internal Server Error', message: process.env.NODE_ENV === 'development' ? err.message : 'An error occurred', }); }); // Gestion des routes non trouvées app.use((req, res) => { res.status(404).json({ error: 'Not Found', message: `Route ${req.method} ${req.path} not found`, }); }); // Démarrage du serveur const server = app.listen(PORT, HOST, () => { logger.info(`API Faucet Bitcoin Signet démarrée`, { host: HOST, port: PORT, environment: process.env.NODE_ENV || 'production', }); }); // Gestion de l'arrêt propre process.on('SIGTERM', () => { logger.info('SIGTERM received, shutting down gracefully'); server.close(() => { logger.info('Server closed'); process.exit(0); }); }); process.on('SIGINT', () => { logger.info('SIGINT received, shutting down gracefully'); server.close(() => { logger.info('Server closed'); process.exit(0); }); });