forked from svrjs/svrjs
Update to SVR.JS 3.14.1
This commit is contained in:
parent
91f2d3b50f
commit
06712f35b5
5 changed files with 175 additions and 81 deletions
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.14.0</title>
|
||||
<title>SVR.JS 3.14.1</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to SVR.JS 3.14.0</h1>
|
||||
<h1>Welcome to SVR.JS 3.14.1</h1>
|
||||
<br/>
|
||||
<img src="/logo.png" style="width: 256px;" />
|
||||
<br/>
|
||||
|
@ -134,9 +134,8 @@
|
|||
</div>
|
||||
<p>Changes:</p>
|
||||
<ul>
|
||||
<li>Added new <i>config.json</i> properties: <i>useClientCertificate</i>, <i>rejectUnauthorizedClientCertificates</i>, <i>cipherSuite</i>, <i>ecdhCurve</i>, <i>tlsMinVersion</i>, <i>tlsMaxVersion</i>, <i>signatureAlgorithms</i> and <i>http2Settings</i>.</li>
|
||||
<li>Added support for web root postfixes (along with postfix prefixes).</li>
|
||||
<li>Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server.</li>
|
||||
<li>Added support for IP-based virtual hosts.</li>
|
||||
<li>Fixed SVR.JS crashes with <i>X-SVR-JS-From-Main-Thread</i> header and unknown client IPs.</li>
|
||||
</ul>
|
||||
<br/>
|
||||
<a href="/tests.html">Tests</a><br/>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.14.0 Licenses</title>
|
||||
<title>SVR.JS 3.14.1 Licenses</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,8 +12,8 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.14.0 Licenses</h1>
|
||||
<h2>SVR.JS 3.14.0</h2>
|
||||
<h1>SVR.JS 3.14.1 Licenses</h1>
|
||||
<h2>SVR.JS 3.14.1</h2>
|
||||
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
|
||||
MIT License<br/>
|
||||
<br/>
|
||||
|
@ -37,7 +37,7 @@
|
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
|
||||
SOFTWARE.<br/>
|
||||
</div>
|
||||
<h2>Packages used by SVR.JS 3.14.0</h2>
|
||||
<h2>Packages used by SVR.JS 3.14.1</h2>
|
||||
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
|
||||
<div style="float: right;">License: MIT</div>
|
||||
<div style="font-size: 20px;">
|
||||
|
|
Binary file not shown.
233
svr.js
233
svr.js
|
@ -69,7 +69,7 @@ function deleteFolderRecursive(path) {
|
|||
}
|
||||
|
||||
var os = require("os");
|
||||
var version = "3.14.0";
|
||||
var version = "3.14.1";
|
||||
var singlethreaded = false;
|
||||
|
||||
if (process.versions) process.versions.svrjs = version; // Inject SVR.JS into process.versions
|
||||
|
@ -306,7 +306,7 @@ function generateETag(filePath, stat) {
|
|||
return ETagDB[filePath + "-" + stat.size + "-" + stat.mtime];
|
||||
}
|
||||
|
||||
// Brute force-related
|
||||
// Brute force protection-related
|
||||
var bruteForceDb = {};
|
||||
|
||||
// PBKDF2/scrypt cache
|
||||
|
@ -321,6 +321,7 @@ var reallyExiting = false;
|
|||
var crashed = false;
|
||||
var threadLimitWarned = false;
|
||||
|
||||
// SVR.JS worker forking function
|
||||
function SVRJSFork() {
|
||||
// Log
|
||||
if (SVRJSInitialized) serverconsole.locmessage("Starting next thread, because previous one hung up/crashed...");
|
||||
|
@ -531,7 +532,85 @@ function createRegex(regex, isPath) {
|
|||
return new RegExp(searchString, modifiers);
|
||||
}
|
||||
|
||||
function checkForEnabledDirectoryListing(hostname) {
|
||||
// Function to check if IPs are equal
|
||||
function ipMatch(IP1, IP2) {
|
||||
|
||||
if (!IP1) return true;
|
||||
if (!IP2) return false;
|
||||
|
||||
// Function to normalize IPv4 address (remove leading zeros)
|
||||
function normalizeIPv4Address(address) {
|
||||
return address.replace(/(^|\.)(?:0(?!\.|$))+/g, "");
|
||||
}
|
||||
|
||||
// Function to expand IPv6 address to full format
|
||||
function expandIPv6Address(address) {
|
||||
var fullAddress = "";
|
||||
var expandedAddress = "";
|
||||
var validGroupCount = 8;
|
||||
var validGroupSize = 4;
|
||||
|
||||
var ipv4 = "";
|
||||
var extractIpv4 = /([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/;
|
||||
var validateIpv4 = /((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})/;
|
||||
|
||||
if (validateIpv4.test(address)) {
|
||||
var oldGroups = address.match(extractIpv4);
|
||||
for (var i = 1; i < oldGroups.length; i++) {
|
||||
ipv4 += ("00" + (parseInt(oldGroups[i], 10).toString(16))).slice(-2) + (i == 2 ? ":" : "");
|
||||
}
|
||||
address = address.replace(extractIpv4, ipv4);
|
||||
}
|
||||
|
||||
if (address.indexOf("::") == -1) {
|
||||
fullAddress = address;
|
||||
} else {
|
||||
var sides = address.split("::");
|
||||
var groupsPresent = 0;
|
||||
sides.forEach(function (side) {
|
||||
groupsPresent += side.split(":").length;
|
||||
});
|
||||
fullAddress += sides[0] + ":";
|
||||
if (validGroupCount - groupsPresent > 1) {
|
||||
fullAddress += "0000:".repeat(validGroupCount - groupsPresent);
|
||||
}
|
||||
fullAddress += sides[1];
|
||||
}
|
||||
var groups = fullAddress.split(":");
|
||||
for (var i = 0; i < validGroupCount; i++) {
|
||||
if (groups[i].length < validGroupSize) {
|
||||
groups[i] = "0".repeat(validGroupSize - groups[i].length) + groups[i];
|
||||
}
|
||||
expandedAddress += (i != validGroupCount - 1) ? groups[i] + ":" : groups[i];
|
||||
}
|
||||
return expandedAddress;
|
||||
}
|
||||
|
||||
// Normalize or expand IP addresses
|
||||
IP1 = IP1.toLowerCase();
|
||||
if (IP1 == "localhost") IP1 = "::1";
|
||||
if (IP1.indexOf("::ffff:") == 0) IP1 = IP1.substr(7);
|
||||
if (IP1.indexOf(":") > -1) {
|
||||
IP1 = expandIPv6Address(IP1);
|
||||
} else {
|
||||
IP1 = normalizeIPv4Address(IP1);
|
||||
}
|
||||
|
||||
IP2 = IP2.toLowerCase();
|
||||
if (IP2 == "localhost") IP2 = "::1";
|
||||
if (IP2.indexOf("::ffff:") == 0) IP2 = IP2.substr(7);
|
||||
if (IP2.indexOf(":") > -1) {
|
||||
IP2 = expandIPv6Address(IP2);
|
||||
} else {
|
||||
IP2 = normalizeIPv4Address(IP2);
|
||||
}
|
||||
|
||||
// Check if processed IPs are equal
|
||||
if (IP1 == IP2) return true;
|
||||
else return false;
|
||||
}
|
||||
|
||||
function checkForEnabledDirectoryListing(hostname, localAddress) {
|
||||
function matchHostname(hostnameM) {
|
||||
if (typeof hostnameM == "undefined" || hostnameM == "*") {
|
||||
return true;
|
||||
|
@ -550,7 +629,7 @@ function checkForEnabledDirectoryListing(hostname) {
|
|||
if (!configJSON.enableDirectoryListingVHost) return main;
|
||||
var vhostP = null;
|
||||
configJSON.enableDirectoryListingVHost.every(function (vhost) {
|
||||
if (matchHostname(vhost.host)) {
|
||||
if (matchHostname(vhost.host) && ipMatch(vhost.ip, localAddress)) {
|
||||
vhostP = vhost;
|
||||
return false;
|
||||
} else {
|
||||
|
@ -757,7 +836,7 @@ function ipBlockList(rawBlockList) {
|
|||
|
||||
// Normalize or expand the IP address
|
||||
rawValue = rawValue.toLowerCase();
|
||||
if (rawValue == "localhost") rawValue = "127.0.0.1";
|
||||
if (rawValue == "localhost") rawValue = "::1";
|
||||
if (rawValue.indexOf("::ffff:") == 0) rawValue = rawValue.substr(7);
|
||||
if (rawValue.indexOf(":") > -1) {
|
||||
isIPv6 = true;
|
||||
|
@ -794,8 +873,8 @@ function generateErrorStack(errorObject) {
|
|||
|
||||
// If the error stack starts with the error name, return the original stack (it is V8-style then).
|
||||
if (errorStack.some(function (errorStackLine) {
|
||||
return (errorStackLine.indexOf(errorObject.name) == 0);
|
||||
})) {
|
||||
return (errorStackLine.indexOf(errorObject.name) == 0);
|
||||
})) {
|
||||
return errorObject.stack;
|
||||
}
|
||||
|
||||
|
@ -854,6 +933,7 @@ function calculateNetworkIPv4FromCidr(ipWithCidr) {
|
|||
}).join(".");
|
||||
}
|
||||
|
||||
// IP and network inteface-related
|
||||
var ifaces = {};
|
||||
var ifaceEx = null;
|
||||
try {
|
||||
|
@ -864,11 +944,7 @@ try {
|
|||
var ips = [];
|
||||
var brdIPs = ["255.255.255.255", "127.255.255.255", "0.255.255.255"];
|
||||
var netIPs = ["127.0.0.0"];
|
||||
var attmts = 5;
|
||||
var attmtsRedir = 5;
|
||||
var errors = os.constants.errno;
|
||||
var timestamp = new Date().getTime();
|
||||
var wwwredirect = false;
|
||||
|
||||
Object.keys(ifaces).forEach(function (ifname) {
|
||||
var alias = 0;
|
||||
ifaces[ifname].forEach(function (iface) {
|
||||
|
@ -885,6 +961,7 @@ Object.keys(ifaces).forEach(function (ifname) {
|
|||
alias++;
|
||||
});
|
||||
});
|
||||
|
||||
if (ips.length == 0) {
|
||||
Object.keys(ifaces).forEach(function (ifname) {
|
||||
var alias = 0;
|
||||
|
@ -901,9 +978,20 @@ if (ips.length == 0) {
|
|||
});
|
||||
});
|
||||
}
|
||||
|
||||
// Server startup attempt counter
|
||||
var attmts = 5;
|
||||
var attmtsRedir = 5;
|
||||
|
||||
// Some variables...
|
||||
var errors = os.constants.errno;
|
||||
var timestamp = new Date().getTime();
|
||||
|
||||
// Server IP address
|
||||
var host = ips[(ips.length) - 1];
|
||||
if (!host) host = "[offline]";
|
||||
|
||||
// Public IP address-related
|
||||
var ipRequestCompleted = false;
|
||||
var ipRequestGotError = false;
|
||||
if (host != "[offline]" || ifaceEx) {
|
||||
|
@ -1060,11 +1148,11 @@ if (fs.existsSync(__dirname + "/config.json")) {
|
|||
}
|
||||
} catch (err) {
|
||||
configJSONRErr = err2;
|
||||
// throw new Error("Cannot read JSON file.");
|
||||
}
|
||||
}
|
||||
|
||||
// Default server configuration properties
|
||||
var wwwredirect = false;
|
||||
var rawBlackList = [];
|
||||
var users = [];
|
||||
var page404 = "404.html";
|
||||
|
@ -1199,6 +1287,7 @@ try {
|
|||
if (vnum === undefined) vnum = 0;
|
||||
if (process.isBun) vnum = 64;
|
||||
|
||||
// SVR.JS path sanitizer function
|
||||
function sanitizeURL(resource) {
|
||||
if (resource == "*") return "*";
|
||||
if (resource == "") return "";
|
||||
|
@ -1231,6 +1320,7 @@ function sanitizeURL(resource) {
|
|||
else return sanitizedResource;
|
||||
}
|
||||
|
||||
// Node.JS mojibake URL fixing function
|
||||
function fixNodeMojibakeURL(string) {
|
||||
var encoded = "";
|
||||
|
||||
|
@ -1249,6 +1339,7 @@ function fixNodeMojibakeURL(string) {
|
|||
});
|
||||
}
|
||||
|
||||
// SSL-related
|
||||
var key = "";
|
||||
var cert = "";
|
||||
|
||||
|
@ -1277,7 +1368,7 @@ if (secure) {
|
|||
var sniNames = Object.keys(sni);
|
||||
var sniCredentials = [];
|
||||
sniNames.forEach(function (sniName) {
|
||||
if(typeof sniName === "string" && sniName.match(/\*[^*.:]*\*[^*.:]*(?:\.|:|$)/)) {
|
||||
if (typeof sniName === "string" && sniName.match(/\*[^*.:]*\*[^*.:]*(?:\.|:|$)/)) {
|
||||
sniReDos = true;
|
||||
}
|
||||
sniCredentials.push({
|
||||
|
@ -1306,7 +1397,7 @@ function LOG(s) {
|
|||
flags: "a",
|
||||
autoClose: false
|
||||
});
|
||||
logFile.on("error", function(err) {
|
||||
logFile.on("error", function (err) {
|
||||
if (!s.match(/^SERVER WARNING MESSAGE(?: \[Request Id: [0-9a-f]{6}\])?: There was a problem while saving logs! Logs will not be kept in log file\. Reason: /) && !reallyExiting) serverconsole.locwarnmessage("There was a problem while saving logs! Logs will not be kept in log file. Reason: " + err.message);
|
||||
});
|
||||
}
|
||||
|
@ -1403,7 +1494,7 @@ var serverconsole = {
|
|||
}
|
||||
};
|
||||
|
||||
// Wrap around process.exit, so log contents can flush.
|
||||
// Wrap around process.exit, so that log contents can be flushed.
|
||||
process.unsafeExit = process.exit;
|
||||
process.exit = function (code) {
|
||||
if (logFile && logFile.writable && !logFile.pending) {
|
||||
|
@ -1438,6 +1529,7 @@ process.exit = function (code) {
|
|||
}
|
||||
};
|
||||
|
||||
// SVR.JS mod loader
|
||||
var modLoadingErrors = [];
|
||||
var SSJSError = undefined;
|
||||
|
||||
|
@ -1742,6 +1834,7 @@ function sha256(s) {
|
|||
}
|
||||
}
|
||||
|
||||
// Function to get URL path for use in forbidden path adding.
|
||||
function getInitializePath(to) {
|
||||
var cwd = process.cwd();
|
||||
if (os.platform() == "win32") {
|
||||
|
@ -1758,6 +1851,7 @@ function getInitializePath(to) {
|
|||
}
|
||||
}
|
||||
|
||||
// Function to check if URL path name is a forbidden path.
|
||||
function isForbiddenPath(decodedHref, match) {
|
||||
var forbiddenPath = forbiddenPaths[match];
|
||||
if (!forbiddenPath) return false;
|
||||
|
@ -1772,6 +1866,7 @@ function isForbiddenPath(decodedHref, match) {
|
|||
return false;
|
||||
}
|
||||
|
||||
// Function to check if URL path name is index of one of defined forbidden paths.
|
||||
function isIndexOfForbiddenPath(decodedHref, match) {
|
||||
var forbiddenPath = forbiddenPaths[match];
|
||||
if (!forbiddenPath) return false;
|
||||
|
@ -1786,7 +1881,6 @@ function isIndexOfForbiddenPath(decodedHref, match) {
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
// Set up forbidden paths
|
||||
var forbiddenPaths = {};
|
||||
|
||||
|
@ -1864,7 +1958,7 @@ var serverErrorDescs = {
|
|||
599: "The server couldn't connect in time while it was acting as a proxy."
|
||||
};
|
||||
|
||||
// Create server
|
||||
// Create server instances
|
||||
if (!cluster.isPrimary) {
|
||||
var reqcounter = 0;
|
||||
var malformedcounter = 0;
|
||||
|
@ -2118,9 +2212,9 @@ if (!cluster.isPrimary) {
|
|||
});
|
||||
try {
|
||||
var snMatches = sniCredentialsSingle.name.match(/^([^:[]*|\[[^]]*\]?)((?::.*)?)$/);
|
||||
if(!snMatches[1][0].match(/^\.+$/)) snMatches[1][0] = snMatches[1][0].replace(/\.+$/,"");
|
||||
server._contexts[server._contexts.length-1][0] = new RegExp("^" + snMatches[1].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.:]*") + ((snMatches[1][0] == "[" || snMatches[1].match(/^(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$/)) ? "" : "\.?") + snMatches[2].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.]*") + "$", "i");
|
||||
} catch(ex) {
|
||||
if (!snMatches[1][0].match(/^\.+$/)) snMatches[1][0] = snMatches[1][0].replace(/\.+$/, "");
|
||||
server._contexts[server._contexts.length - 1][0] = new RegExp("^" + snMatches[1].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.:]*") + ((snMatches[1][0] == "[" || snMatches[1].match(/^(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$/)) ? "" : "\.?") + snMatches[2].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.]*") + "$", "i");
|
||||
} catch (ex) {
|
||||
// Can't replace regex, ignoring...
|
||||
}
|
||||
});
|
||||
|
@ -2226,8 +2320,8 @@ if (!cluster.isPrimary) {
|
|||
});
|
||||
};
|
||||
res.writeHead = function (code, name, headers) {
|
||||
if(code >= 400 && code <= 499) err4xxcounter++;
|
||||
if(code >= 500 && code <= 599) err5xxcounter++;
|
||||
if (code >= 400 && code <= 499) err4xxcounter++;
|
||||
if (code >= 500 && code <= 599) err5xxcounter++;
|
||||
var head = ("HTTP/1.1 " + code.toString() + " " + name + "\r\n");
|
||||
var headers = JSON.parse(JSON.stringify(headers));
|
||||
headers["Date"] = (new Date()).toGMTString();
|
||||
|
@ -2799,7 +2893,7 @@ if (!cluster.isPrimary) {
|
|||
if (configJSON.customHeadersVHost) {
|
||||
var vhostP = null;
|
||||
configJSON.customHeadersVHost.every(function (vhost) {
|
||||
if (matchHostname(vhost.host)) {
|
||||
if (matchHostname(vhost.host) && ipMatch(vhost.ip, req.socket ? req.socket.localAddress : undefined)) {
|
||||
vhostP = vhost;
|
||||
return false;
|
||||
} else {
|
||||
|
@ -2875,7 +2969,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
}
|
||||
|
||||
if (req.headers["x-svr-js-from-main-thread"] == "true" && (!req.socket.remoteAddress || req.socket.remoteAddress == "::1" || req.socket.remoteAddress == "::ffff:127.0.0.1" || req.socket.remoteAddress == "127.0.0.1" || req.socket.remoteAddress == "localhost" || req.socket.remoteAddress == host || req.socket.remoteAddress == "::ffff:" + host)) {
|
||||
if (req.headers["x-svr-js-from-main-thread"] == "true" && req.socket && (!req.socket.remoteAddress || req.socket.remoteAddress == "::1" || req.socket.remoteAddress == "::ffff:127.0.0.1" || req.socket.remoteAddress == "127.0.0.1" || req.socket.remoteAddress == "localhost" || req.socket.remoteAddress == host || req.socket.remoteAddress == "::ffff:" + host)) {
|
||||
var headers = getCustomHeaders();
|
||||
res.writeHead(204, "No Content", headers);
|
||||
res.end();
|
||||
|
@ -2975,7 +3069,7 @@ if (!cluster.isPrimary) {
|
|||
var oldHostHeader = req.headers.host;
|
||||
if (typeof req.headers.host == "string") {
|
||||
req.headers.host = req.headers.host.toLowerCase();
|
||||
if(!req.headers.host.match(/^\.+$/)) req.headers.host = req.headers.host.replace(/\.$/g,"");
|
||||
if (!req.headers.host.match(/^\.+$/)) req.headers.host = req.headers.host.replace(/\.$/g, "");
|
||||
}
|
||||
|
||||
if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (req.method == "GET" ? "content in " : (req.method == "POST" ? "to post content in " : (req.method == "PUT" ? "to add content in " : (req.method == "DELETE" ? "to delete content in " : (req.method == "PATCH" ? "to patch content in " : "to access content using " + req.method + " method in "))))) + (req.headers.host == undefined ? "" : req.headers.host) + req.url);
|
||||
|
@ -3067,7 +3161,7 @@ if (!cluster.isPrimary) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (list[_i].scode != errorCode || !matchHostname(list[_i].host)) {
|
||||
if (list[_i].scode != errorCode || !(matchHostname(list[_i].host) && ipMatch(list[_i].ip, req.socket ? req.socket.localAddress : undefined))) {
|
||||
getErrorFileName(list, callback, _i + 1);
|
||||
return;
|
||||
} else {
|
||||
|
@ -3286,7 +3380,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// URL-related objects.
|
||||
var uobject = parseURL(req.url);
|
||||
var search = uobject.search;
|
||||
var href = uobject.pathname;
|
||||
|
@ -3303,6 +3397,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
|
||||
if (req.headers["expect"] && req.headers["expect"] != "100-continue") {
|
||||
// Expectations not met.
|
||||
callServerError(417);
|
||||
return;
|
||||
}
|
||||
|
@ -3416,8 +3511,8 @@ if (!cluster.isPrimary) {
|
|||
statusBody += "Server errors (5xx): " + err5xxcounter + "<br/>";
|
||||
statusBody += "Average error rate: " + (Math.round(((err4xxcounter + err5xxcounter) / reqcounter) * 10000) / 100) + "%<br/>";
|
||||
statusBody += "Malformed HTTP requests: " + malformedcounter;
|
||||
if(process.memoryUsage) statusBody += "<br/>Memory usage of thread: " + sizify(process.memoryUsage().rss, true) + "B";
|
||||
if(process.cpuUsage) statusBody += "<br/>Total CPU usage by thread: u" + (process.cpuUsage().user / 1000) + "ms s" + (process.cpuUsage().system / 1000) + "ms - " + (Math.round((((process.cpuUsage().user + process.cpuUsage().system) / 1000000) / process.uptime()) * 1000) / 1000) + "%";
|
||||
if (process.memoryUsage) statusBody += "<br/>Memory usage of thread: " + sizify(process.memoryUsage().rss, true) + "B";
|
||||
if (process.cpuUsage) statusBody += "<br/>Total CPU usage by thread: u" + (process.cpuUsage().user / 1000) + "ms s" + (process.cpuUsage().system / 1000) + "ms - " + (Math.round((((process.cpuUsage().user + process.cpuUsage().system) / 1000000) / process.uptime()) * 1000) / 1000) + "%";
|
||||
statusBody += "<br/>Thread PID: " + process.pid + "<br/>";
|
||||
|
||||
var hdhds = getCustomHeaders();
|
||||
|
@ -3427,11 +3522,6 @@ if (!cluster.isPrimary) {
|
|||
return;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////
|
||||
////THERE IS NO MORE "THE BOOK OF ZSOIE"!////
|
||||
//// But it's in easteregg.tar.gz mod... ////
|
||||
/////////////////////////////////////////////
|
||||
|
||||
var pth = decodeURIComponent(href).replace(/\/+/g, "/").substr(1);
|
||||
var readFrom = "./" + pth;
|
||||
fs.stat(readFrom, function (err, stats) {
|
||||
|
@ -3516,7 +3606,7 @@ if (!cluster.isPrimary) {
|
|||
function properDirectoryListingAndStaticFileServe() {
|
||||
if (stats.isDirectory()) {
|
||||
// Check if directory listing is enabled in the configuration
|
||||
if (checkForEnabledDirectoryListing(req.headers.host)) {
|
||||
if (checkForEnabledDirectoryListing(req.headers.host, req.socket ? req.socket.localAddress : undefined)) {
|
||||
var customHeaders = getCustomHeaders();
|
||||
customHeaders["Content-Type"] = "text/html; charset=utf-8";
|
||||
res.writeHead(200, http.STATUS_CODES[200], customHeaders);
|
||||
|
@ -3525,23 +3615,23 @@ if (!cluster.isPrimary) {
|
|||
var customDirListingHeader = fs.existsSync(("." + decodeURIComponent(href) + "/.dirhead").replace(/\/+/g, "/")) ?
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/.dirhead").replace(/\/+/g, "/")).toString() :
|
||||
(fs.existsSync(("." + decodeURIComponent(href) + "/HEAD.html").replace(/\/+/g, "/")) && (os.platform != "win32" || href != "/")) ?
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/HEAD.html").replace(/\/+/g, "/")).toString() :
|
||||
"";
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/HEAD.html").replace(/\/+/g, "/")).toString() :
|
||||
"";
|
||||
var customDirListingFooter = fs.existsSync(("." + decodeURIComponent(href) + "/.dirfoot").replace(/\/+/g, "/")) ?
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/.dirfoot").replace(/\/+/g, "/")).toString() :
|
||||
(fs.existsSync(("." + decodeURIComponent(href) + "/FOOT.html").replace(/\/+/g, "/")) && (os.platform != "win32" || href != "/")) ?
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/FOOT.html").replace(/\/+/g, "/")).toString() :
|
||||
"";
|
||||
fs.readFileSync(("." + decodeURIComponent(href) + "/FOOT.html").replace(/\/+/g, "/")).toString() :
|
||||
"";
|
||||
|
||||
// Check if custom header has HTML tag
|
||||
var headerHasHTMLTag = customDirListingHeader.replace(/<!--(?:(?:(?!--\>)[\s\S])*|)(?:-->|$)/g, "").match(/<html(?![a-zA-Z0-9])(?:"(?:\\(?:[\s\S]|$)|[^\\"])*(?:"|$)|'(?:\\(?:[\s\S]|$)|[^\\'])*(?:'|$)|[^'">])*(?:>|$)/i);
|
||||
|
||||
// Generate HTML head and footer based on configuration and custom content
|
||||
var htmlHead = (!configJSON.enableDirectoryListingWithDefaultHead || head == "" ?
|
||||
(!headerHasHTMLTag ?
|
||||
"<!DOCTYPE html><html><head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title><meta charset=\"UTF-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /></head><body>" :
|
||||
customDirListingHeader.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) :
|
||||
head.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) +
|
||||
(!headerHasHTMLTag ?
|
||||
"<!DOCTYPE html><html><head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title><meta charset=\"UTF-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /></head><body>" :
|
||||
customDirListingHeader.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) :
|
||||
head.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) +
|
||||
(!headerHasHTMLTag ? customDirListingHeader : "") +
|
||||
"<h1>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</h1><table id=\"directoryListing\"> <tr> <th></th> <th>Filename</th> <th>Size</th> <th>Date</th> </tr>" + (checkPathLevel(decodeURIComponent(origHref)) < 1 ? "" : "<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/return.png\" width=\"24px\" height=\"24px\" alt=\"[RET]\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (origHref).replace(/\/+/g, "/").replace(/\/[^\/]*\/?$/, "/") + "\">Return</a></td><td></td><td></td></tr>");
|
||||
|
||||
|
@ -4185,7 +4275,7 @@ if (!cluster.isPrimary) {
|
|||
return;
|
||||
}
|
||||
|
||||
// Handle redirects to addresses with www.
|
||||
// Handle redirects to addresses with "www." prefix
|
||||
if (wwwredirect) {
|
||||
var hostname = req.headers.host.split[":"];
|
||||
var hostport = null;
|
||||
|
@ -4203,14 +4293,14 @@ if (!cluster.isPrimary) {
|
|||
if (!isProxy) {
|
||||
for (var i = (_mapBegIndex ? _mapBegIndex : 0); i < map.length; i++) {
|
||||
var mapEntry = map[i];
|
||||
if(href != "/" && (mapEntry.isNotDirectory || mapEntry.isNotFile) && !_fileState) {
|
||||
fs.stat("." + decodeURIComponent(href), function(err, stats) {
|
||||
if (href != "/" && (mapEntry.isNotDirectory || mapEntry.isNotFile) && !_fileState) {
|
||||
fs.stat("." + decodeURIComponent(href), function (err, stats) {
|
||||
var _fileState = 3;
|
||||
if(err) {
|
||||
if (err) {
|
||||
_fileState = 3;
|
||||
} else if(stats.isDirectory()) {
|
||||
} else if (stats.isDirectory()) {
|
||||
_fileState = 2;
|
||||
} else if(stats.isFile()) {
|
||||
} else if (stats.isFile()) {
|
||||
_fileState = 1;
|
||||
} else {
|
||||
_fileState = 3;
|
||||
|
@ -4220,7 +4310,7 @@ if (!cluster.isPrimary) {
|
|||
doCallback = false;
|
||||
break;
|
||||
}
|
||||
if (matchHostname(mapEntry.host) && address.match(createRegex(mapEntry.definingRegex)) && !(mapEntry.isNotDirectory && _fileState == 2) && !(mapEntry.isNotFile && _fileState == 1)) {
|
||||
if (matchHostname(mapEntry.host) && ipMatch(mapEntry.ip, req.socket ? req.socket.localAddress : undefined) && address.match(createRegex(mapEntry.definingRegex)) && !(mapEntry.isNotDirectory && _fileState == 2) && !(mapEntry.isNotFile && _fileState == 1)) {
|
||||
try {
|
||||
mapEntry.replacements.forEach(function (replacement) {
|
||||
rewrittenURL = rewrittenURL.replace(createRegex(replacement.regex), replacement.replacement);
|
||||
|
@ -4234,7 +4324,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
}
|
||||
}
|
||||
if(doCallback) callback(null, rewrittenURL);
|
||||
if (doCallback) callback(null, rewrittenURL);
|
||||
}
|
||||
|
||||
// Trailing slash redirection
|
||||
|
@ -4269,12 +4359,12 @@ if (!cluster.isPrimary) {
|
|||
var origHref = href;
|
||||
|
||||
// Add web root postfixes
|
||||
if(!isProxy) {
|
||||
if (!isProxy) {
|
||||
var urlWithPostfix = req.url;
|
||||
var postfixPrefix = "";
|
||||
wwwrootPostfixPrefixesVHost.every(function (currentPostfixPrefix) {
|
||||
if (req.url.indexOf(currentPostfixPrefix) == 0) {
|
||||
if (currentPostfixPrefix.match(/\/+$/)) postfixPrefix = currentPostfixPrefix.replace(/\/+$/,"");
|
||||
if (currentPostfixPrefix.match(/\/+$/)) postfixPrefix = currentPostfixPrefix.replace(/\/+$/, "");
|
||||
else if (urlWithPostfix.length == currentPostfixPrefix.length || urlWithPostfix[currentPostfixPrefix.length] == "?" || urlWithPostfix[currentPostfixPrefix.length] == "/" || urlWithPostfix[currentPostfixPrefix.length] == "#") postfixPrefix = currentPostfixPrefix;
|
||||
else return true;
|
||||
urlWithPostfix = urlWithPostfix.substr(postfixPrefix.length);
|
||||
|
@ -4284,7 +4374,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
});
|
||||
wwwrootPostfixesVHost.every(function (postfixEntry) {
|
||||
if (matchHostname(postfixEntry.host) && !(postfixEntry.skipRegex && req.url.match(createRegex(postfixEntry.skipRegex)))) {
|
||||
if (matchHostname(postfixEntry.host) && ipMatch(postfixEntry.ip, req.socket ? req.socket.localAddress : undefined) && !(postfixEntry.skipRegex && req.url.match(createRegex(postfixEntry.skipRegex)))) {
|
||||
urlWithPostfix = postfixPrefix + "/" + postfixEntry.postfix + urlWithPostfix;
|
||||
return false;
|
||||
} else {
|
||||
|
@ -4347,7 +4437,7 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
|
||||
// Rewrite URLs
|
||||
rewriteURL(req.url, rewriteMap, function(err, rewrittenURL) {
|
||||
rewriteURL(req.url, rewriteMap, function (err, rewrittenURL) {
|
||||
if (err) {
|
||||
callServerError(500, undefined, err);
|
||||
return;
|
||||
|
@ -4412,7 +4502,7 @@ if (!cluster.isPrimary) {
|
|||
try {
|
||||
res.setHeader(hkS, hkh[hkS]);
|
||||
} catch (err) {
|
||||
// Headers will not be set.
|
||||
// Headers will not be set.
|
||||
}
|
||||
});
|
||||
}
|
||||
|
@ -4446,20 +4536,20 @@ if (!cluster.isPrimary) {
|
|||
// Scan for non-standard codes
|
||||
if (!isProxy && nonStandardCodes != undefined) {
|
||||
for (var i = 0; i < nonStandardCodes.length; i++) {
|
||||
if (matchHostname(nonStandardCodes[i].host)) {
|
||||
if (matchHostname(nonStandardCodes[i].host) && ipMatch(nonStandardCodes[i].ip, req.socket ? req.socket.localAddress : undefined)) {
|
||||
var isMatch = false;
|
||||
if (nonStandardCodes[i].regex) {
|
||||
// Regex match
|
||||
// Regex match
|
||||
var createdRegex = createRegex(nonStandardCodes[i].regex, true);
|
||||
isMatch = req.url.match(createdRegex) || href.match(createdRegex);
|
||||
regexI[i] = createdRegex;
|
||||
} else {
|
||||
// Non-regex match
|
||||
// Non-regex match
|
||||
isMatch = nonStandardCodes[i].url == href || (os.platform() == "win32" && nonStandardCodes[i].url.toLowerCase() == href.toLowerCase());
|
||||
}
|
||||
if (isMatch) {
|
||||
if (nonStandardCodes[i].scode == 401) {
|
||||
// HTTP authentication
|
||||
// HTTP authentication
|
||||
if (authIndex == -1) {
|
||||
authIndex = i;
|
||||
}
|
||||
|
@ -4670,10 +4760,10 @@ if (!cluster.isPrimary) {
|
|||
}
|
||||
}
|
||||
if (authcode.disableBruteProtection) {
|
||||
// Don't brute-force protect it, just do HTTP authentication
|
||||
// Don't brute-force protect it, just do HTTP authentication
|
||||
authorizedCallback(false);
|
||||
} else if (!process.send) {
|
||||
// Query data from JS object database
|
||||
// Query data from JS object database
|
||||
if (!bruteForceDb[reqip] || !bruteForceDb[reqip].lastAttemptDate || (new Date() - 300000 >= bruteForceDb[reqip].lastAttemptDate)) {
|
||||
if (bruteForceDb[reqip] && bruteForceDb[reqip].invalidAttempts >= 10) bruteForceDb[reqip] = {
|
||||
invalidAttempts: 5
|
||||
|
@ -4794,12 +4884,14 @@ if (!cluster.isPrimary) {
|
|||
|
||||
var closedMaster = true;
|
||||
|
||||
// IPC listener for server listening signalization
|
||||
function listenConnListener(msg) {
|
||||
if (msg == "\x12LISTEN") {
|
||||
listeningMessage();
|
||||
}
|
||||
}
|
||||
|
||||
// IPC listener for brue force protection
|
||||
function bruteForceListenerWrapper(worker) {
|
||||
return function bruteForceListener(message) {
|
||||
var ip = "";
|
||||
|
@ -4834,6 +4926,7 @@ function bruteForceListenerWrapper(worker) {
|
|||
var isWorkerHungUpBuff = true;
|
||||
var isWorkerHungUpBuff2 = true;
|
||||
|
||||
// General IPC message listener
|
||||
function msgListener(msg) {
|
||||
for (var i = 0; i < Object.keys(cluster.workers).length; i++) {
|
||||
if (msg == "\x12END") {
|
||||
|
@ -4978,11 +5071,11 @@ function start(init) {
|
|||
if (process.isBun) {
|
||||
serverconsole.locwarnmessage("Bun support is experimental. Some features of SVR.JS, SVR.JS mods and SVR.JS server-side JavaScript may not work as expected.");
|
||||
if (users.some(function (entry) {
|
||||
return entry.pbkdf2;
|
||||
})) serverconsole.locwarnmessage("PBKDF2 password hashing function in Bun blocks the event loop, which may result in denial of service.");
|
||||
return entry.pbkdf2;
|
||||
})) serverconsole.locwarnmessage("PBKDF2 password hashing function in Bun blocks the event loop, which may result in denial of service.");
|
||||
if (users.some(function (entry) {
|
||||
return entry.scrypt;
|
||||
})) serverconsole.locwarnmessage("scrypt password hashing function in Bun blocks the event loop, which may result in denial of service.");
|
||||
return entry.scrypt;
|
||||
})) serverconsole.locwarnmessage("scrypt password hashing function in Bun blocks the event loop, which may result in denial of service.");
|
||||
}
|
||||
if (cluster.isPrimary === undefined) serverconsole.locwarnmessage("You're running SVR.JS on single thread. Reliability may suffer, as the server is stopped after crash.");
|
||||
if (crypto.__disabled__ !== undefined) serverconsole.locwarnmessage("Your Node.JS version doesn't have crypto support! The 'crypto' module is essential for providing cryptographic functionality in Node.JS. Without crypto support, certain security features may be unavailable, and some functionality may not work as expected. It's recommended to use a Node.JS version that includes crypto support to ensure the security and proper functioning of your server.");
|
||||
|
@ -5813,20 +5906,22 @@ if (cluster.isPrimary || cluster.isPrimary === undefined) {
|
|||
process.exit();
|
||||
});
|
||||
} else {
|
||||
// Crash handler
|
||||
process.on("uncaughtException", function (err) {
|
||||
// CRASH HANDLER
|
||||
serverconsole.locerrmessage("SVR.JS worker just crashed!!!");
|
||||
serverconsole.locerrmessage("Stack:");
|
||||
serverconsole.locerrmessage(generateErrorStack(err));
|
||||
process.exit(err.errno);
|
||||
});
|
||||
|
||||
process.on("unhandledRejection", function (err) {
|
||||
// CRASH HANDLER
|
||||
serverconsole.locerrmessage("SVR.JS worker just crashed!!!");
|
||||
serverconsole.locerrmessage("Stack:");
|
||||
serverconsole.locerrmessage(err.stack ? generateErrorStack(err) : String(err));
|
||||
process.exit(err.errno);
|
||||
});
|
||||
|
||||
// Warning handler
|
||||
process.on("warning", function (warning) {
|
||||
serverconsole.locwarnmessage(warning.message);
|
||||
if (warning.stack) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.14.0 Tests</title>
|
||||
<title>SVR.JS 3.14.1 Tests</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.14.0 Tests</h1>
|
||||
<h1>SVR.JS 3.14.1 Tests</h1>
|
||||
<h2>Directory (without trailing slash)</h2>
|
||||
<iframe src="/testdir" width="50%" height="300px"></iframe>
|
||||
<h2>Directory (with query)</h2>
|
||||
|
|
Reference in a new issue