1
0
Fork 0
forked from svrjs/svrjs

Update to SVR.JS 3.13.1

This commit is contained in:
Dorian Niemiec 2024-01-18 01:21:25 +01:00
parent 26214c9eb8
commit 688c850c50
4 changed files with 29 additions and 24 deletions

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.13.0</title> <title>SVR.JS 3.13.1</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>Welcome to SVR.JS 3.13.0</h1> <h1>Welcome to SVR.JS 3.13.1</h1>
<br/> <br/>
<img src="/logo.png" style="width: 256px;" /> <img src="/logo.png" style="width: 256px;" />
<br/> <br/>
@ -134,12 +134,8 @@
</div> </div>
<p>Changes:</p> <p>Changes:</p>
<ul> <ul>
<li>Added support for skipping URL rewriting, when the URL refers to a file or a directory.</li> <li>Fixed error handling for invalid URL rewrite regexes.</li>
<li>Dropped support for svrmodpack.</li> <li>Fixed bug with non-working HTTP proxy handler (excluding CONNECT method).</li>
<li>Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method).</li>
<li>Mitigated log file injection vulnerability for HTTP authentication.</li>
<li>Mitigated log file injection vulnerability for SVR.JS mod file names.</li>
<li>SVR.JS no longer crashes, when access to a log file is denied.</li>
</ul> </ul>
<br/> <br/>
<a href="/tests.html">Tests</a><br/> <a href="/tests.html">Tests</a><br/>

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.13.0 Licenses</title> <title>SVR.JS 3.13.1 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,8 +12,8 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.13.0 Licenses</h1> <h1>SVR.JS 3.13.1 Licenses</h1>
<h2>SVR.JS 3.13.0</h2> <h2>SVR.JS 3.13.1</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;"> <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/> MIT License<br/>
<br/> <br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/> SOFTWARE.<br/>
</div> </div>
<h2>Packages used by SVR.JS 3.13.0</h2> <h2>Packages used by SVR.JS 3.13.1</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;"> <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div> <div style="float: right;">License: MIT</div>
<div style="font-size: 20px;"> <div style="font-size: 20px;">

19
svr.js
View file

@ -69,7 +69,7 @@ function deleteFolderRecursive(path) {
} }
var os = require("os"); var os = require("os");
var version = "3.13.0"; var version = "3.13.1";
var singlethreaded = false; var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; // Inject SVR.JS into process.versions if (process.versions) process.versions.svrjs = version; // Inject SVR.JS into process.versions
@ -4168,9 +4168,9 @@ if (!cluster.isPrimary) {
// Handle URL rewriting // Handle URL rewriting
function rewriteURL(address, map, callback, _fileState, _mapBegIndex) { function rewriteURL(address, map, callback, _fileState, _mapBegIndex) {
var rewrittenURL = address; var rewrittenURL = address;
if (!isProxy) {
var doCallback = true; var doCallback = true;
for(var i=(_mapBegIndex ? _mapBegIndex : 0);i<map.length;i++) { if (!isProxy) {
for (var i = (_mapBegIndex ? _mapBegIndex : 0); i < map.length; i++) {
var mapEntry = map[i]; var mapEntry = map[i];
if(href != "/" && (mapEntry.isNotDirectory || mapEntry.isNotFile) && !_fileState) { if(href != "/" && (mapEntry.isNotDirectory || mapEntry.isNotFile) && !_fileState) {
fs.stat("." + decodeURIComponent(href), function(err, stats) { fs.stat("." + decodeURIComponent(href), function(err, stats) {
@ -4190,15 +4190,20 @@ if (!cluster.isPrimary) {
break; break;
} }
if (matchHostname(mapEntry.host) && createRegex(mapEntry.definingRegex).test(address) && !(mapEntry.isNotDirectory && _fileState == 2) && !(mapEntry.isNotFile && _fileState == 1)) { if (matchHostname(mapEntry.host) && createRegex(mapEntry.definingRegex).test(address) && !(mapEntry.isNotDirectory && _fileState == 2) && !(mapEntry.isNotFile && _fileState == 1)) {
try {
mapEntry.replacements.forEach(function (replacement) { mapEntry.replacements.forEach(function (replacement) {
rewrittenURL = rewrittenURL.replace(createRegex(replacement.regex), replacement.replacement); rewrittenURL = rewrittenURL.replace(createRegex(replacement.regex), replacement.replacement);
}); });
if (mapEntry.append) rewrittenURL += mapEntry.append; if (mapEntry.append) rewrittenURL += mapEntry.append;
} catch (err) {
doCallback = false;
callback(err, address);
}
break; break;
} }
} }
} }
if(doCallback) callback(rewrittenURL); if(doCallback) callback(null, rewrittenURL);
} }
// Trailing slash redirection // Trailing slash redirection
@ -4233,7 +4238,11 @@ if (!cluster.isPrimary) {
var origHref = href; var origHref = href;
// Rewrite URLs // Rewrite URLs
rewriteURL(req.url, rewriteMap, function(rewrittenURL) { rewriteURL(req.url, rewriteMap, function(err, rewrittenURL) {
if (err) {
callServerError(500, undefined, err);
return;
}
if (rewrittenURL != req.url) { if (rewrittenURL != req.url) {
serverconsole.resmessage("URL rewritten: " + req.url + " => " + rewrittenURL); serverconsole.resmessage("URL rewritten: " + req.url + " => " + rewrittenURL);
req.url = rewrittenURL; req.url = rewrittenURL;

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.13.0 Tests</title> <title>SVR.JS 3.13.1 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.13.0 Tests</h1> <h1>SVR.JS 3.13.1 Tests</h1>
<h2>Directory (without trailing slash)</h2> <h2>Directory (without trailing slash)</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe> <iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2> <h2>Directory (with query)</h2>