nodejs doh proxy

"use strict";

const fs = require('fs');
const url = require('url');
const spdy = require('spdy');
const dgram = require('dgram');
const express = require('express');
const getRawBody = require('raw-body');
const base64url = require('base64url');

const cfg = {
    tls: {
        key: fs.readFileSync('/etc/letsencrypt/live/example.com/privkey.pem'),
        cert: fs.readFileSync('/etc/letsencrypt/live/example.com/fullchain.pem')
    },
    password: '',
    port: 443,
    'content-type': 'application/dns-message'
};

const app = express();

app.use((req, res, next) => {

    if (req.headers['accept'] !== cfg['content-type']) {
        res.statusCode = 415;
        return next('Unsupported Media Type');
    }

    next();
});

app.use((req, res, next) => {

    if (cfg.password && req.headers['authorization'] !== cfg.password) {
        res.statusCode = 403;
        return next('Access denied');
    }

    next();
});

app.use((req, res, next) => {
    getRawBody(req, {
        length: req.headers['content-length'],
        limit: 65535,
    }, (err, data) => {
        if (err) return next(err);
        req.body = data;
        next();
    })
});

app.post('/', (req, res) => {
    handle(req.body, res);
});

app.get('/', (req, res) => {
    const query = url.parse(req.url, true).query;
    const msg = base64url.toBuffer(query.dns);
    handle(msg, res);
});

function handle(msg, res)
{
    const server = dgram.createSocket('udp6');

    server.on('error', (err) => {
        res.statusCode = 500;
        res.end('Internal Server Error');
        server.close();
    });

    server.on('message', (msg) => {
        res.set('Content-Type', cfg['content-type']);
        res.end(msg);
        server.close();
    });

    server.bind(0, '::1', () => {
        server.send(msg, 53, '::1');
    });
}

spdy.createServer(cfg.tls, app).listen(cfg.port);

Yes, the code worked with Firefox Nightly at the time of posting. I haven't tested it since.