forked from svrjs/svrjs
Update to SVR.JS 3.7.0
This commit is contained in:
parent
d15373aa8e
commit
46a256d31f
10 changed files with 1021 additions and 651 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
|||
commit.sh
|
||||
log
|
||||
|
|
13
config.json
13
config.json
|
@ -3,7 +3,7 @@
|
|||
"port": 80,
|
||||
"pubport": 80,
|
||||
"page404": "404.html",
|
||||
"timestamp": 1680954429282,
|
||||
"timestamp": 1692493855777,
|
||||
"blacklist": [],
|
||||
"nonStandardCodes": [],
|
||||
"enableCompression": true,
|
||||
|
@ -77,10 +77,17 @@
|
|||
}
|
||||
],
|
||||
"allowStatus": true,
|
||||
"dontCompress": ["/.*\\.ipxe$/","/.*\\.img$/","/.*\\.iso$/"],
|
||||
"dontCompress": [
|
||||
"/.*\\.ipxe$/",
|
||||
"/.*\\.img$/",
|
||||
"/.*\\.iso$/"
|
||||
],
|
||||
"enableIPSpoofing": false,
|
||||
"secure": false,
|
||||
"sni": {},
|
||||
"disableNonEncryptedServer": false,
|
||||
"disableToHTTPSRedirect": false
|
||||
"disableToHTTPSRedirect": false,
|
||||
"enableETag": true,
|
||||
"disableUnusedWorkerTermination": false,
|
||||
"rewriteDirtyURLs": false
|
||||
}
|
||||
|
|
24
index.html
24
index.html
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.6.4</title>
|
||||
<title>SVR.JS 3.7.0</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to SVR.JS 3.6.4</h1>
|
||||
<h1>Welcome to SVR.JS 3.7.0</h1>
|
||||
<br/>
|
||||
<img src="/logo.png" style="width: 256px;" />
|
||||
<br/>
|
||||
|
@ -65,7 +65,7 @@
|
|||
"replacement": ""<br/>
|
||||
}<br/>
|
||||
]<br/>
|
||||
},<br/>3.4.13
|
||||
},<br/>
|
||||
{<br/>
|
||||
"definingRegex": "/\\/invoke500\\/.+/",<br/>
|
||||
"replacements": [<br/>
|
||||
|
@ -110,7 +110,23 @@
|
|||
</div>
|
||||
<p>Changes:</p>
|
||||
<ul>
|
||||
<li>Improved reliability while loading server-side JavaScript.</li>
|
||||
<li>Added new config.json property - disableUnusedWorkerTermination.</li>
|
||||
<li>Added option to rewrite "dirty" URLs - rewriteDirtyURLs.</li>
|
||||
<li>Added PBKDF2 and scrypt support for HTTP authentication.</li>
|
||||
<li>Added termination of unused workers.</li>
|
||||
<li>Changed descriptions of 501 and 503 errors.</li>
|
||||
<li>Disabled checking for hung up server processes, while SVR.JS is not yet listening.</li>
|
||||
<li>Disabled open proxy in default server-side JavaScript.</li>
|
||||
<li>Disabled X-SVR-JS-From-Main-Thread header for non-localhost clients.</li>
|
||||
<li>EMFILE errors now correspond to 503 Service Unavailable error code.</li>
|
||||
<li>Fixed NotImplementedError in "cluster" module when running SVR.JS on newer versions of Bun.</li>
|
||||
<li>Fixed redirect loops related to URL sanitizer.</li>
|
||||
<li>Fixed SVR.JS proxy API.</li>
|
||||
<li>Improved Bun IPC shim connection error handling.</li>
|
||||
<li>Improved extension checking function in directory listing generation.</li>
|
||||
<li>Improved server error handling for Bun.</li>
|
||||
<li>SVR.JS now exits gracefully on "stop" command.</li>
|
||||
<li>Updated svrpasswd tool.</li>
|
||||
</ul>
|
||||
<p>Bugs:</p>
|
||||
<ul>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.6.4 Licenses</title>
|
||||
<title>SVR.JS 3.7.0 Licenses</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,8 +12,8 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.6.4 Licenses</h1>
|
||||
<h2>SVR.JS 3.6.4</h2>
|
||||
<h1>SVR.JS 3.7.0 Licenses</h1>
|
||||
<h2>SVR.JS 3.7.0</h2>
|
||||
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
|
||||
MIT License<br/>
|
||||
<br/>
|
||||
|
@ -37,7 +37,7 @@
|
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
|
||||
SOFTWARE.<br/>
|
||||
</div>
|
||||
<h2>Packages used by SVR.JS 3.6.4 and utilities</h2>
|
||||
<h2>Packages used by SVR.JS 3.7.0 and utilities</h2>
|
||||
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
|
||||
<div style="float: right;">License: MIT</div>
|
||||
<div style="font-size: 20px;">
|
||||
|
|
BIN
mods/easteregg.tar.gz
Normal file
BIN
mods/easteregg.tar.gz
Normal file
Binary file not shown.
|
@ -62,13 +62,19 @@ if(href == "/hello.svr") {
|
|||
callServerError(403,"SVR.JS-exampleproxy"); //Server error
|
||||
serverconsole.errmessage("Client fails to recieve content."); //Log into SVR.JS
|
||||
} else if(href.indexOf("/proxy.svr/") == 0) {
|
||||
var hn = href.split("/")[2]; //Hostname
|
||||
if(hn != "this" && !(req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).match(/^(?:localhost$|::1$|f[c-d][0-9a-f]{2}:|(?:::ffff:)?(?:(?:127|10)\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|192\.168\.[0-9]{1,3}\.[0-9]{1,3}|172\.(?:1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.[0-9]{1,3})$)/i) ) {
|
||||
//Prevent open proxy
|
||||
callServerError(403,"SVR.JS-exampleproxy"); //Server error
|
||||
serverconsole.errmessage("Client fails to recieve content."); //Log into SVR.JS
|
||||
}
|
||||
var hdrs = req.headers;
|
||||
hdrs["Host"] = (href.split("/")[2] == "this" ? req.headers.host : href.split("/")[2]);
|
||||
hdrs["Host"] = (hn == "this" ? req.headers.host : hn);
|
||||
hdrs["Origin"] = (req.headers.host == undefined ? "" : req.headers.host);
|
||||
var options = {
|
||||
hostname: (href.split("/")[2] == "this" ? req.headers.host.split(":")[0] : href.split("/")[2].split(":")[0]),
|
||||
port: (href.split("/")[2] == "this" ? req.headers.host.split(":")[1] : (href.split("/")[2].split(":")[1] == undefined ? 80 : href.split("/")[2].split(":")[1])),
|
||||
path: req.url.replace("/proxy.svr/" + href.split("/")[2],""),
|
||||
hostname: (hn == "this" ? req.headers.host.split(":")[0] : hn.split(":")[0]),
|
||||
port: (hn == "this" ? req.headers.host.split(":")[1] : (hn.split(":")[1] == undefined ? 80 : hn.split(":")[1])),
|
||||
path: req.url.replace("/proxy.svr/" + hn,""),
|
||||
method: req.method,
|
||||
headers: filterHeaders(hdrs)
|
||||
};
|
||||
|
|
179
svrpasswd.js
179
svrpasswd.js
|
@ -7,15 +7,15 @@ try {
|
|||
} catch (ex) {
|
||||
var crypto = {};
|
||||
crypto.__disabled__ = null;
|
||||
crypto.createHash = function(type) {
|
||||
crypto.createHash = function (type) {
|
||||
if (type != "SHA256") throw new Error("Hash type not supported!");
|
||||
return {
|
||||
msg: "",
|
||||
update: function(a) {
|
||||
update: function (a) {
|
||||
this.msg = a;
|
||||
return this;
|
||||
},
|
||||
digest: function(ty) {
|
||||
digest: function (ty) {
|
||||
var chrsz = 8;
|
||||
var hexcase = 0;
|
||||
|
||||
|
@ -163,7 +163,7 @@ try {
|
|||
}
|
||||
|
||||
if (!crypto.randomInt) {
|
||||
crypto.randomInt = function(min, max) {
|
||||
crypto.randomInt = function (min, max) {
|
||||
return Math.round(Math.random() * (max - min)) + min;
|
||||
}
|
||||
}
|
||||
|
@ -196,42 +196,58 @@ function saveConfig() {
|
|||
var args = process.argv;
|
||||
var user = "";
|
||||
var action = "change";
|
||||
var forcechange = false;
|
||||
if (process.argv.length <= (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1)) args.push("-h");
|
||||
for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1); i < args.length; i++) {
|
||||
if (args[i] == "-h" || args[i] == "--help" || args[i] == "-?" || args[i] == "/h" || args[i] == "/?") {
|
||||
console.log("SVR.JS user tool usage:");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(0);
|
||||
} else if (args[i] == "-a" || args[i] == "--add") {
|
||||
if (action != "change") {
|
||||
console.log("Multiple actions specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(1);
|
||||
}
|
||||
action = "add";
|
||||
} else if (args[i] == "-d" || args[i] == "--delete") {
|
||||
if (action != "change") {
|
||||
console.log("Multiple actions specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(1);
|
||||
}
|
||||
action = "delete";
|
||||
} else {
|
||||
if (user != "") {
|
||||
console.log("Multiple users specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>");
|
||||
} else if (args[i] == "-x") {
|
||||
if (forcechange) {
|
||||
console.log("Multiple -x options specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(1);
|
||||
}
|
||||
forcechange = true;
|
||||
} else {
|
||||
if (user != "") {
|
||||
console.log("Multiple users specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(1);
|
||||
}
|
||||
user = args[i];
|
||||
|
@ -240,10 +256,11 @@ for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("b
|
|||
|
||||
if (user == "") {
|
||||
console.log("No user specified.");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-a|--add|-d|--delete] <username>");
|
||||
console.log("node svrpasswd.js [-h] [--help] [-?] [/h] [/?] [-x] [-a|--add|-d|--delete] <username>");
|
||||
console.log("-h -? /h /? --help -- Displays help");
|
||||
console.log("-a --add -- Add an user");
|
||||
console.log("-d --delete -- Deletes an user");
|
||||
console.log("-x -- Changes hash algorithm");
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
|
@ -277,28 +294,72 @@ function password(callback) {
|
|||
var rl = readline.createInterface({
|
||||
input: process.stdin,
|
||||
output: process.stdout,
|
||||
prompt: 'Password: ',
|
||||
terminal: false
|
||||
prompt: 'Password: '
|
||||
});
|
||||
rl.prompt();
|
||||
rl.once('line', (line) => {
|
||||
//rl.close();
|
||||
process.stdout.writeold = process.stdout.write;
|
||||
process.stdout.write = function (s) {
|
||||
process.stdout.writeold(s.replace(/[^\r\n]/g, ""));
|
||||
};
|
||||
rl.once('line', function (line) {
|
||||
process.stdout.write = process.stdout.writeold;
|
||||
var rl = readline.createInterface({
|
||||
input: process.stdin,
|
||||
output: process.stdout,
|
||||
prompt: 'Confirm password: ',
|
||||
terminal: false
|
||||
});
|
||||
rl.prompt();
|
||||
rl.on('line', (line2) => {
|
||||
process.stdout.writeold = process.stdout.write;
|
||||
process.stdout.write = function (s) {
|
||||
process.stdout.writeold(s.replace(/[^\r\n]/g, ""));
|
||||
};
|
||||
rl.on('line', function (line2) {
|
||||
process.stdout.write = process.stdout.writeold;
|
||||
rl.close();
|
||||
if (line != line2) callback(false);
|
||||
else callback(line);
|
||||
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function promptAlgorithms(callback, bypass, pbkdf2, scrypt) {
|
||||
if (bypass) {
|
||||
if (scrypt) {
|
||||
callback("scrypt");
|
||||
} else if(pbkdf2) {
|
||||
callback("pbkdf2");
|
||||
} else {
|
||||
callback("sha256");
|
||||
}
|
||||
return;
|
||||
}
|
||||
var algorithms = {
|
||||
sha256: "Salted SHA256 (1 iteration) - fastest and uses least memory, but less secure",
|
||||
pbkdf2: "PBKDF2 (PBKDF2-HMAC-SHA512, 36250 iterations) - more secure and uses less memory, but slower",
|
||||
scrypt: "scrypt (N=2^14, r=8, p=1) - faster and more secure, but uses more memory"
|
||||
}
|
||||
if (!crypto.scrypt || process.isBun) delete algorithms.scrypt;
|
||||
if (!crypto.pbkdf2 || process.isBun) delete algorithms.pbkdf2;
|
||||
var algorithmNames = Object.keys(algorithms);
|
||||
if (algorithmNames.length < 2) callback(algorithmNames[0]);
|
||||
console.log("Select password hashing algorithm. Available algorithms:");
|
||||
for (var i = 0; i < algorithmNames.length; i++) {
|
||||
console.log(algorithmNames[i] + " - " + algorithms[algorithmNames[i]]);
|
||||
}
|
||||
var rl = readline.createInterface({
|
||||
input: process.stdin,
|
||||
output: process.stdout,
|
||||
prompt: 'Algorithm: '
|
||||
});
|
||||
rl.prompt();
|
||||
rl.on('line', function (line) {
|
||||
rl.close();
|
||||
line = line.trim();
|
||||
if (!algorithms[line]) callback(false);
|
||||
else callback(line);
|
||||
});
|
||||
}
|
||||
|
||||
var userindex = getUserIndex(user);
|
||||
if (action == "add" && userindex != -1) {
|
||||
console.log("User alerady exists.");
|
||||
|
@ -312,35 +373,71 @@ if (action == "delete") {
|
|||
saveConfig();
|
||||
console.log("User deleted successfully");
|
||||
} else if (action == "add") {
|
||||
password(function(password) {
|
||||
if (!password) {
|
||||
console.log("Passwords don't match!");
|
||||
promptAlgorithms(function (algorithm) {
|
||||
if (!algorithm) {
|
||||
console.log("Invalid algorithm!");
|
||||
process.exit(1);
|
||||
} else {
|
||||
var salt = generateSalt()
|
||||
users.push({
|
||||
name: user,
|
||||
pass: sha256(password + salt),
|
||||
salt: salt
|
||||
password(function (password) {
|
||||
if (!password) {
|
||||
console.log("Passwords don't match!");
|
||||
process.exit(1);
|
||||
} else {
|
||||
var salt = generateSalt();
|
||||
var hash = "";
|
||||
if (algorithm == "scrypt") {
|
||||
hash = crypto.scryptSync(password, salt, 64).toString("hex");
|
||||
} else if (algorithm == "pbkdf2") {
|
||||
hash = crypto.pbkdf2Sync(password, salt, 36250, 64, "sha512").toString("hex");
|
||||
} else {
|
||||
hash = sha256(password + salt);
|
||||
}
|
||||
users.push({
|
||||
name: user,
|
||||
pass: hash,
|
||||
salt: salt,
|
||||
pbkdf2: (algorithm == "pbkdf2" ? true : undefined),
|
||||
scrypt: (algorithm == "scrypt" ? true : undefined),
|
||||
__svrpasswd_l2: true
|
||||
});
|
||||
saveConfig();
|
||||
console.log("User added successfully");
|
||||
}
|
||||
});
|
||||
saveConfig();
|
||||
console.log("User added successfully");
|
||||
}
|
||||
});
|
||||
} else {
|
||||
password(function(password) {
|
||||
if (!password) {
|
||||
console.log("Passwords don't match!");
|
||||
promptAlgorithms(function (algorithm) {
|
||||
if (!algorithm) {
|
||||
console.log("Invalid algorithm!");
|
||||
process.exit(1);
|
||||
} else {
|
||||
var salt = generateSalt()
|
||||
users[userindex] = {
|
||||
name: user,
|
||||
pass: sha256(password + salt),
|
||||
salt: salt
|
||||
};
|
||||
saveConfig();
|
||||
console.log("Password changed successfully");
|
||||
password(function (password) {
|
||||
if (!password) {
|
||||
console.log("Passwords don't match!");
|
||||
process.exit(1);
|
||||
} else {
|
||||
var salt = generateSalt();
|
||||
var hash = "";
|
||||
if (algorithm == "scrypt") {
|
||||
hash = crypto.scryptSync(password, salt, 64).toString("hex");
|
||||
} else if (algorithm == "pbkdf2") {
|
||||
hash = crypto.pbkdf2Sync(password, salt, 36250, 64, "sha512").toString("hex");
|
||||
} else {
|
||||
hash = sha256(password + salt);
|
||||
}
|
||||
users[userindex] = {
|
||||
name: user,
|
||||
pass: hash,
|
||||
salt: salt,
|
||||
pbkdf2: (algorithm == "pbkdf2" ? true : undefined),
|
||||
scrypt: (algorithm == "scrypt" ? true : undefined),
|
||||
__svrpasswd_l2: true
|
||||
};
|
||||
saveConfig();
|
||||
console.log("Password changed successfully");
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
}, (users[userindex].__svrpasswd_l2 && !forcechange), users[userindex].pbkdf2, users[userindex].scrypt);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.6.4 Tests</title>
|
||||
<title>SVR.JS 3.7.0 Tests</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.6.4 Tests</h1>
|
||||
<h1>SVR.JS 3.7.0 Tests</h1>
|
||||
<h2>Directory</h2>
|
||||
<iframe src="/testdir" width="50%" height="300px"></iframe>
|
||||
<h2>Directory (with query)</h2>
|
||||
|
|
|
@ -1 +1 @@
|
|||
0
|
||||
1
|
Reference in a new issue