1
0
Fork 0
forked from svrjs/svrjs

Update to SVR.JS 3.7.0

This commit is contained in:
Dorian Niemiec 2023-08-20 03:14:24 +02:00
parent d15373aa8e
commit 46a256d31f
10 changed files with 1021 additions and 651 deletions

1
.gitignore vendored
View file

@ -1 +1,2 @@
commit.sh commit.sh
log

View file

@ -3,7 +3,7 @@
"port": 80, "port": 80,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1680954429282, "timestamp": 1692493855777,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,
@ -77,10 +77,17 @@
} }
], ],
"allowStatus": true, "allowStatus": true,
"dontCompress": ["/.*\\.ipxe$/","/.*\\.img$/","/.*\\.iso$/"], "dontCompress": [
"/.*\\.ipxe$/",
"/.*\\.img$/",
"/.*\\.iso$/"
],
"enableIPSpoofing": false, "enableIPSpoofing": false,
"secure": false, "secure": false,
"sni": {}, "sni": {},
"disableNonEncryptedServer": false, "disableNonEncryptedServer": false,
"disableToHTTPSRedirect": false "disableToHTTPSRedirect": false,
"enableETag": true,
"disableUnusedWorkerTermination": false,
"rewriteDirtyURLs": false
} }

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.6.4</title> <title>SVR.JS 3.7.0</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>Welcome to SVR.JS 3.6.4</h1> <h1>Welcome to SVR.JS 3.7.0</h1>
<br/> <br/>
<img src="/logo.png" style="width: 256px;" /> <img src="/logo.png" style="width: 256px;" />
<br/> <br/>
@ -65,7 +65,7 @@
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"replacement": ""<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"replacement": ""<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]<br/>
&nbsp;&nbsp;&nbsp;&nbsp;},<br/>3.4.13 &nbsp;&nbsp;&nbsp;&nbsp;},<br/>
&nbsp;&nbsp;&nbsp;&nbsp;{<br/> &nbsp;&nbsp;&nbsp;&nbsp;{<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"definingRegex": "/\\/invoke500\\/.+/",<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"definingRegex": "/\\/invoke500\\/.+/",<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"replacements": [<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"replacements": [<br/>
@ -110,7 +110,23 @@
</div> </div>
<p>Changes:</p> <p>Changes:</p>
<ul> <ul>
<li>Improved reliability while loading server-side JavaScript.</li> <li>Added new config.json property - disableUnusedWorkerTermination.</li>
<li>Added option to rewrite "dirty" URLs - rewriteDirtyURLs.</li>
<li>Added PBKDF2 and scrypt support for HTTP authentication.</li>
<li>Added termination of unused workers.</li>
<li>Changed descriptions of 501 and 503 errors.</li>
<li>Disabled checking for hung up server processes, while SVR.JS is not yet listening.</li>
<li>Disabled open proxy in default server-side JavaScript.</li>
<li>Disabled X-SVR-JS-From-Main-Thread header for non-localhost clients.</li>
<li>EMFILE errors now correspond to 503 Service Unavailable error code.</li>
<li>Fixed NotImplementedError in "cluster" module when running SVR.JS on newer versions of Bun.</li>
<li>Fixed redirect loops related to URL sanitizer.</li>
<li>Fixed SVR.JS proxy API.</li>
<li>Improved Bun IPC shim connection error handling.</li>
<li>Improved extension checking function in directory listing generation.</li>
<li>Improved server error handling for Bun.</li>
<li>SVR.JS now exits gracefully on "stop" command.</li>
<li>Updated svrpasswd tool.</li>
</ul> </ul>
<p>Bugs:</p> <p>Bugs:</p>
<ul> <ul>

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.6.4 Licenses</title> <title>SVR.JS 3.7.0 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,8 +12,8 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.6.4 Licenses</h1> <h1>SVR.JS 3.7.0 Licenses</h1>
<h2>SVR.JS 3.6.4</h2> <h2>SVR.JS 3.7.0</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;"> <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/> MIT License<br/>
<br/> <br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/> SOFTWARE.<br/>
</div> </div>
<h2>Packages used by SVR.JS 3.6.4 and utilities</h2> <h2>Packages used by SVR.JS 3.7.0 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;"> <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div> <div style="float: right;">License: MIT</div>
<div style="font-size: 20px;"> <div style="font-size: 20px;">

BIN
mods/easteregg.tar.gz Normal file

Binary file not shown.

View file

@ -62,13 +62,19 @@ if(href == "/hello.svr") {
callServerError(403,"SVR.JS-exampleproxy"); //Server error callServerError(403,"SVR.JS-exampleproxy"); //Server error
serverconsole.errmessage("Client fails to recieve content."); //Log into SVR.JS serverconsole.errmessage("Client fails to recieve content."); //Log into SVR.JS
} else if(href.indexOf("/proxy.svr/") == 0) { } else if(href.indexOf("/proxy.svr/") == 0) {
var hn = href.split("/")[2]; //Hostname
if(hn != "this" && !(req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).match(/^(?:localhost$|::1$|f[c-d][0-9a-f]{2}:|(?:::ffff:)?(?:(?:127|10)\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|192\.168\.[0-9]{1,3}\.[0-9]{1,3}|172\.(?:1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.[0-9]{1,3})$)/i) ) {
//Prevent open proxy
callServerError(403,"SVR.JS-exampleproxy"); //Server error
serverconsole.errmessage("Client fails to recieve content."); //Log into SVR.JS
}
var hdrs = req.headers; var hdrs = req.headers;
hdrs["Host"] = (href.split("/")[2] == "this" ? req.headers.host : href.split("/")[2]); hdrs["Host"] = (hn == "this" ? req.headers.host : hn);
hdrs["Origin"] = (req.headers.host == undefined ? "" : req.headers.host); hdrs["Origin"] = (req.headers.host == undefined ? "" : req.headers.host);
var options = { var options = {
hostname: (href.split("/")[2] == "this" ? req.headers.host.split(":")[0] : href.split("/")[2].split(":")[0]), hostname: (hn == "this" ? req.headers.host.split(":")[0] : hn.split(":")[0]),
port: (href.split("/")[2] == "this" ? req.headers.host.split(":")[1] : (href.split("/")[2].split(":")[1] == undefined ? 80 : href.split("/")[2].split(":")[1])), port: (hn == "this" ? req.headers.host.split(":")[1] : (hn.split(":")[1] == undefined ? 80 : hn.split(":")[1])),
path: req.url.replace("/proxy.svr/" + href.split("/")[2],""), path: req.url.replace("/proxy.svr/" + hn,""),
method: req.method, method: req.method,
headers: filterHeaders(hdrs) headers: filterHeaders(hdrs)
}; };

1387
svr.js

File diff suppressed because it is too large Load diff

View file

@ -7,15 +7,15 @@ try {
} catch (ex) { } catch (ex) {
var crypto = {}; var crypto = {};
crypto.__disabled__ = null; crypto.__disabled__ = null;
crypto.createHash = function(type) { crypto.createHash = function (type) {
if (type != "SHA256") throw new Error("Hash type not supported!"); if (type != "SHA256") throw new Error("Hash type not supported!");
return { return {
msg: "", msg: "",
update: function(a) { update: function (a) {
this.msg = a; this.msg = a;
return this; return this;
}, },
digest: function(ty) { digest: function (ty) {
var chrsz = 8; var chrsz = 8;
var hexcase = 0; var hexcase = 0;
@ -163,7 +163,7 @@ try {
} }
if (!crypto.randomInt) { if (!crypto.randomInt) {
crypto.randomInt = function(min, max) { crypto.randomInt = function (min, max) {
return Math.round(Math.random() * (max - min)) + min; return Math.round(Math.random() * (max - min)) + min;
} }
} }
@ -196,42 +196,58 @@ function saveConfig() {
var args = process.argv; var args = process.argv;
var user = ""; var user = "";
var action = "change"; var action = "change";
var forcechange = false;
if (process.argv.length <= (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1)) args.push("-h"); if (process.argv.length <= (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1)) args.push("-h");
for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1); i < args.length; i++) { for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1); i < args.length; i++) {
if (args[i] == "-h" || args[i] == "--help" || args[i] == "-?" || args[i] == "/h" || args[i] == "/?") { if (args[i] == "-h" || args[i] == "--help" || args[i] == "-?" || args[i] == "/h" || args[i] == "/?") {
console.log("SVR.JS user tool usage:"); console.log("SVR.JS user tool usage:");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>"); console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help"); console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user"); console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user"); console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(0); process.exit(0);
} else if (args[i] == "-a" || args[i] == "--add") { } else if (args[i] == "-a" || args[i] == "--add") {
if (action != "change") { if (action != "change") {
console.log("Multiple actions specified."); console.log("Multiple actions specified.");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>"); console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help"); console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user"); console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user"); console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(1); process.exit(1);
} }
action = "add"; action = "add";
} else if (args[i] == "-d" || args[i] == "--delete") { } else if (args[i] == "-d" || args[i] == "--delete") {
if (action != "change") { if (action != "change") {
console.log("Multiple actions specified."); console.log("Multiple actions specified.");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>"); console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help"); console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user"); console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user"); console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(1); process.exit(1);
} }
action = "delete"; action = "delete";
} else { } else if (args[i] == "-x") {
if (user != "") { if (forcechange) {
console.log("Multiple users specified."); console.log("Multiple -x options specified.");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>"); console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help"); console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user"); console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user"); console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(1);
}
forcechange = true;
} else {
if (user != "") {
console.log("Multiple users specified.");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(1); process.exit(1);
} }
user = args[i]; user = args[i];
@ -240,10 +256,11 @@ for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("b
if (user == "") { if (user == "") {
console.log("No user specified."); console.log("No user specified.");
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>"); console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
console.log("-h -? /h /? --help -- Displays help"); console.log("-h -? /h /? --help -- Displays help");
console.log("-a --add -- Add an user"); console.log("-a --add -- Add an user");
console.log("-d --delete -- Deletes an user"); console.log("-d --delete -- Deletes an user");
console.log("-x -- Changes hash algorithm");
process.exit(1); process.exit(1);
} }
@ -277,28 +294,72 @@ function password(callback) {
var rl = readline.createInterface({ var rl = readline.createInterface({
input: process.stdin, input: process.stdin,
output: process.stdout, output: process.stdout,
prompt: 'Password: ', prompt: 'Password: '
terminal: false
}); });
rl.prompt(); rl.prompt();
rl.once('line', (line) => { process.stdout.writeold = process.stdout.write;
//rl.close(); process.stdout.write = function (s) {
process.stdout.writeold(s.replace(/[^\r\n]/g, ""));
};
rl.once('line', function (line) {
process.stdout.write = process.stdout.writeold;
var rl = readline.createInterface({ var rl = readline.createInterface({
input: process.stdin, input: process.stdin,
output: process.stdout, output: process.stdout,
prompt: 'Confirm password: ', prompt: 'Confirm password: ',
terminal: false
}); });
rl.prompt(); rl.prompt();
rl.on('line', (line2) => { process.stdout.writeold = process.stdout.write;
process.stdout.write = function (s) {
process.stdout.writeold(s.replace(/[^\r\n]/g, ""));
};
rl.on('line', function (line2) {
process.stdout.write = process.stdout.writeold;
rl.close(); rl.close();
if (line != line2) callback(false); if (line != line2) callback(false);
else callback(line); else callback(line);
}); });
}); });
} }
function promptAlgorithms(callback, bypass, pbkdf2, scrypt) {
if (bypass) {
if (scrypt) {
callback("scrypt");
} else if(pbkdf2) {
callback("pbkdf2");
} else {
callback("sha256");
}
return;
}
var algorithms = {
sha256: "Salted SHA256 (1 iteration) - fastest and uses least memory, but less secure",
pbkdf2: "PBKDF2 (PBKDF2-HMAC-SHA512, 36250 iterations) - more secure and uses less memory, but slower",
scrypt: "scrypt (N=2^14, r=8, p=1) - faster and more secure, but uses more memory"
}
if (!crypto.scrypt || process.isBun) delete algorithms.scrypt;
if (!crypto.pbkdf2 || process.isBun) delete algorithms.pbkdf2;
var algorithmNames = Object.keys(algorithms);
if (algorithmNames.length < 2) callback(algorithmNames[0]);
console.log("Select password hashing algorithm. Available algorithms:");
for (var i = 0; i < algorithmNames.length; i++) {
console.log(algorithmNames[i] + " - " + algorithms[algorithmNames[i]]);
}
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
prompt: 'Algorithm: '
});
rl.prompt();
rl.on('line', function (line) {
rl.close();
line = line.trim();
if (!algorithms[line]) callback(false);
else callback(line);
});
}
var userindex = getUserIndex(user); var userindex = getUserIndex(user);
if (action == "add" && userindex != -1) { if (action == "add" && userindex != -1) {
console.log("User alerady exists."); console.log("User alerady exists.");
@ -312,35 +373,71 @@ if (action == "delete") {
saveConfig(); saveConfig();
console.log("User deleted successfully"); console.log("User deleted successfully");
} else if (action == "add") { } else if (action == "add") {
password(function(password) { promptAlgorithms(function (algorithm) {
if (!password) { if (!algorithm) {
console.log("Passwords don't match!"); console.log("Invalid algorithm!");
process.exit(1); process.exit(1);
} else { } else {
var salt = generateSalt() password(function (password) {
users.push({ if (!password) {
name: user, console.log("Passwords don't match!");
pass: sha256(password + salt), process.exit(1);
salt: salt } else {
var salt = generateSalt();
var hash = "";
if (algorithm == "scrypt") {
hash = crypto.scryptSync(password, salt, 64).toString("hex");
} else if (algorithm == "pbkdf2") {
hash = crypto.pbkdf2Sync(password, salt, 36250, 64, "sha512").toString("hex");
} else {
hash = sha256(password + salt);
}
users.push({
name: user,
pass: hash,
salt: salt,
pbkdf2: (algorithm == "pbkdf2" ? true : undefined),
scrypt: (algorithm == "scrypt" ? true : undefined),
__svrpasswd_l2: true
});
saveConfig();
console.log("User added successfully");
}
}); });
saveConfig();
console.log("User added successfully");
} }
}); });
} else { } else {
password(function(password) { promptAlgorithms(function (algorithm) {
if (!password) { if (!algorithm) {
console.log("Passwords don't match!"); console.log("Invalid algorithm!");
process.exit(1); process.exit(1);
} else { } else {
var salt = generateSalt() password(function (password) {
users[userindex] = { if (!password) {
name: user, console.log("Passwords don't match!");
pass: sha256(password + salt), process.exit(1);
salt: salt } else {
}; var salt = generateSalt();
saveConfig(); var hash = "";
console.log("Password changed successfully"); if (algorithm == "scrypt") {
hash = crypto.scryptSync(password, salt, 64).toString("hex");
} else if (algorithm == "pbkdf2") {
hash = crypto.pbkdf2Sync(password, salt, 36250, 64, "sha512").toString("hex");
} else {
hash = sha256(password + salt);
}
users[userindex] = {
name: user,
pass: hash,
salt: salt,
pbkdf2: (algorithm == "pbkdf2" ? true : undefined),
scrypt: (algorithm == "scrypt" ? true : undefined),
__svrpasswd_l2: true
};
saveConfig();
console.log("Password changed successfully");
}
});
} }
}); }, (users[userindex].__svrpasswd_l2 && !forcechange), users[userindex].pbkdf2, users[userindex].scrypt);
} }

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.6.4 Tests</title> <title>SVR.JS 3.7.0 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.6.4 Tests</h1> <h1>SVR.JS 3.7.0 Tests</h1>
<h2>Directory</h2> <h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe> <iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2> <h2>Directory (with query)</h2>

View file

@ -1 +1 @@
0 1