DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Update to SVR.JS 3.4.28

Browse source
This commit is contained in:
Dorian Niemiec 2023-09-03 22:44:26 +02:00
parent d2fa84a969
commit 816f96b064
5 changed files with 107 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.json
View file

@ -3,7 +3,7 @@
"port": 80, "port": 80,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1693508167592, "timestamp": 1693773733148,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,
@ -96,4 +96,4 @@
"sni": {}, "sni": {},
"disableNonEncryptedServer": false, "disableNonEncryptedServer": false,
"disableToHTTPSRedirect": false "disableToHTTPSRedirect": false
} }

7
index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.27</title> <title>SVR.JS 3.4.28</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>Welcome to SVR.JS 3.4.27</h1> <h1>Welcome to SVR.JS 3.4.28</h1>
<br/> <br/>
<img src="/logo.png" style="width: 256px;" /> <img src="/logo.png" style="width: 256px;" />
<br/> <br/>
@ -119,8 +119,7 @@
</div> </div>
<p>Changes:</p> <p>Changes:</p>
<ul> <ul>
<li>Dropped support for undocumented unused non-standard SVR.JS-specific headers.</li> <li>Added validation for X-Forwarded-For header.</li>
<li>Fixed bug with <i>wwwredirect</i>.</li>
</ul> </ul>
<p>Bugs:</p> <p>Bugs:</p>
<ul> <ul>

8
licenses/index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.27 Licenses</title> <title>SVR.JS 3.4.28 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,8 +12,8 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.4.27 Licenses</h1> <h1>SVR.JS 3.4.28 Licenses</h1>
<h2>SVR.JS 3.4.27</h2> <h2>SVR.JS 3.4.28</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;"> <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/> MIT License<br/>
<br/> <br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/> SOFTWARE.<br/>
</div> </div>
<h2>Packages used by SVR.JS 3.4.27 and utilities</h2> <h2>Packages used by SVR.JS 3.4.28 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;"> <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div> <div style="float: right;">License: MIT</div>
<div style="font-size: 20px;"> <div style="font-size: 20px;">

170
svr.js
View file

@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
} }
var os = require("os"); var os = require("os");
var version = "3.4.27"; var version = "3.4.28";
var singlethreaded = false; var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
@ -2064,31 +2064,37 @@ if (!cluster.isPrimary) {
} }
} }
var reqport = ""; var reqip = req.socket.remoteAddress;
var reqip = ""; var reqport = req.socket.remotePort;
var oldport = "";
var oldip = ""; var oldip = "";
if (req.headers["x-forwarded-for"] != undefined && enableIPSpoofing) { var oldport = "";
reqport = null; var isForwardedValid = true;
reqip = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, ""); if(enableIPSpoofing) {
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip; if (req.headers["x-forwarded-for"] != undefined) {
try { var preparedReqIP = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
oldport = req.socket.remotePort; var preparedReqIPvalid = net.isIP(preparedReqIP);
oldip = req.socket.remoteAddress; if(preparedReqIPvalid) {
req.socket.realRemotePort = reqport; if (preparedReqIPvalid == 4 && req.socket.remoteAddress && req.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
req.socket.realRemoteAddress = reqip; reqip = preparedReqIP;
req.socket.originalRemotePort = oldport; reqport = null;
req.socket.originalRemoteAddress = oldip; try {
res.socket.realRemotePort = reqport; oldport = req.socket.remotePort;
res.socket.realRemoteAddress = reqip; oldip = req.socket.remoteAddress;
res.socket.originalRemotePort = oldport; req.socket.realRemotePort = reqport;
res.socket.originalRemoteAddress = oldip; req.socket.realRemoteAddress = reqip;
} catch (ex) { req.socket.originalRemotePort = oldport;
//Nevermind... req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
} }
} else {
reqip = req.socket.remoteAddress;
reqport = req.socket.remotePort;
} }
if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (req.method == "GET" ? "content in " : (req.method == "POST" ? "to post content in " : (req.method == "PUT" ? "to add content in " : (req.method == "DELETE" ? "to delete content in " : (req.method == "PATCH" ? "to patch content in " : "to access content using " + req.method + " method in "))))) + (req.headers.host == undefined ? "" : req.headers.host) + req.url); if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (req.method == "GET" ? "content in " : (req.method == "POST" ? "to post content in " : (req.method == "PUT" ? "to add content in " : (req.method == "DELETE" ? "to delete content in " : (req.method == "PATCH" ? "to patch content in " : "to access content using " + req.method + " method in "))))) + (req.headers.host == undefined ? "" : req.headers.host) + req.url);
@ -2102,7 +2108,7 @@ if (!cluster.isPrimary) {
return; return;
} }
var hostx = req.headers.host; var hostx = req.headers.host;
if (hostx === undefined) { if (hostx === undefined || !isForwardedValid) {
serverconsole.errmessage("Bad request!"); serverconsole.errmessage("Bad request!");
callServerError(400); callServerError(400);
return; return;
@ -2887,31 +2893,37 @@ if (!cluster.isPrimary) {
return; return;
} }
var reqport = ""; var reqip = request.socket.remoteAddress;
var reqip = ""; var reqport = request.socket.remotePort;
var oldport = "";
var oldip = ""; var oldip = "";
if (request.headers["x-forwarded-for"] != undefined && enableIPSpoofing) { var oldport = "";
reqport = null; var isForwardedValid = true;
reqip = request.headers["x-forwarded-for"].split(",")[0].replace(/ /g, ""); if(enableIPSpoofing) {
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip; if (request.headers["x-forwarded-for"] != undefined) {
try { var preparedReqIP = request.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
oldport = request.socket.remotePort; var preparedReqIPvalid = net.isIP(preparedReqIP);
oldip = request.socket.remoteAddress; if(preparedReqIPvalid) {
request.socket.realRemotePort = reqport; if (preparedReqIPvalid == 4 && request.socket.remoteAddress && request.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
request.socket.realRemoteAddress = reqip; reqip = preparedReqIP;
request.socket.originalRemotePort = oldport; reqport = null;
request.socket.originalRemoteAddress = oldip; try {
response.socket.realRemotePort = reqport; oldport = request.socket.remotePort;
response.socket.realRemoteAddress = reqip; oldip = request.socket.remoteAddress;
response.socket.originalRemotePort = oldport; request.socket.realRemotePort = reqport;
response.socket.originalRemoteAddress = oldip; request.socket.realRemoteAddress = reqip;
} catch (ex) { request.socket.originalRemotePort = oldport;
//Address setting failed request.socket.originalRemoteAddress = oldip;
response.socket.realRemotePort = reqport;
response.socket.realRemoteAddress = reqip;
response.socket.originalRemotePort = oldport;
response.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
} }
} else {
reqip = request.socket.remoteAddress;
reqport = request.socket.remotePort;
} }
if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (request.method == "GET" ? "content in " : (request.method == "POST" ? "to post content in " : (request.method == "PUT" ? "to add content in " : (request.method == "DELETE" ? "to delete content in " : (request.method == "PATCH" ? "to patch content in " : "to access content using " + request.method + " method in "))))) + (request.headers.host == undefined ? "" : request.headers.host) + request.url); if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (request.method == "GET" ? "content in " : (request.method == "POST" ? "to post content in " : (request.method == "PUT" ? "to add content in " : (request.method == "DELETE" ? "to delete content in " : (request.method == "PATCH" ? "to patch content in " : "to access content using " + request.method + " method in "))))) + (request.headers.host == undefined ? "" : request.headers.host) + request.url);
@ -3009,7 +3021,6 @@ if (!cluster.isPrimary) {
599: "The server couldn't connect in time, while it was acting as a proxy." 599: "The server couldn't connect in time, while it was acting as a proxy."
}; };
//Server error calling method
// Server error calling method // Server error calling method
function callServerError(errorCode, extName, stack, ch) { function callServerError(errorCode, extName, stack, ch) {
if (typeof errorCode !== "number") { if (typeof errorCode !== "number") {
@ -3257,31 +3268,37 @@ if (!cluster.isPrimary) {
return; return;
} }
var reqport = ""; var reqip = req.socket.remoteAddress;
var reqip = ""; var reqport = req.socket.remotePort;
var oldport = "";
var oldip = ""; var oldip = "";
if (req.headers["x-forwarded-for"] != undefined && enableIPSpoofing) { var oldport = "";
reqport = null; var isForwardedValid = true;
reqip = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, ""); if(enableIPSpoofing) {
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip; if (req.headers["x-forwarded-for"] != undefined) {
try { var preparedReqIP = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
oldport = req.socket.remotePort; var preparedReqIPvalid = net.isIP(preparedReqIP);
oldip = req.socket.remoteAddress; if(preparedReqIPvalid) {
req.socket.realRemotePort = reqport; if (preparedReqIPvalid == 4 && req.socket.remoteAddress && req.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
req.socket.realRemoteAddress = reqip; reqip = preparedReqIP;
req.socket.originalRemotePort = oldport; reqport = null;
req.socket.originalRemoteAddress = oldip; try {
res.socket.realRemotePort = reqport; oldport = req.socket.remotePort;
res.socket.realRemoteAddress = reqip; oldip = req.socket.remoteAddress;
res.socket.originalRemotePort = oldport; req.socket.realRemotePort = reqport;
res.socket.originalRemoteAddress = oldip; req.socket.realRemoteAddress = reqip;
} catch (ex) { req.socket.originalRemotePort = oldport;
//Nevermind... req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
} }
} else {
reqip = req.socket.remoteAddress;
reqport = req.socket.remotePort;
} }
function checkLevel(e) { function checkLevel(e) {
@ -3488,7 +3505,6 @@ if (!cluster.isPrimary) {
} else { } else {
statsa.push("<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/bad.png\" alt=[BAD] width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (href + "/" + encodeURI(ename)).replace(/\/+/g, "/") + "\"><nocode>" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</nocode></a></td><td>-</td><td>-</td></tr>\r\n"); statsa.push("<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/bad.png\" alt=[BAD] width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (href + "/" + encodeURI(ename)).replace(/\/+/g, "/") + "\"><nocode>" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</nocode></a></td><td>-</td><td>-</td></tr>\r\n");
} }
} else { } else {
var entry = "<tr><td style=\"width: 24px;\"><img src=\"[img]\" alt=\"[alt]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (origHref + "/" + encodeURIComponent(ename)).replace(/\/+/g, "/") + (estats.isDirectory() ? "/" : "") + "\">" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</a></td><td>" + (estats.isDirectory() ? "-" : sizify(estats.size.toString())) + "</td><td>" + estats.mtime.toDateString() + "</td></tr>\r\n"; var entry = "<tr><td style=\"width: 24px;\"><img src=\"[img]\" alt=\"[alt]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (origHref + "/" + encodeURIComponent(ename)).replace(/\/+/g, "/") + (estats.isDirectory() ? "/" : "") + "\">" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</a></td><td>" + (estats.isDirectory() ? "-" : sizify(estats.size.toString())) + "</td><td>" + estats.mtime.toDateString() + "</td></tr>\r\n";
if (estats.isDirectory()) { if (estats.isDirectory()) {
@ -3837,6 +3853,12 @@ if (!cluster.isPrimary) {
return; return;
} }
if(!isForwardedValid) {
serverconsole.errmessage("X-Forwarded-For header is invalid.");
callServerError(400);
return;
}
//SANITIZE URL //SANITIZE URL
var sanitizedHref = sanitizeURL(href); var sanitizedHref = sanitizeURL(href);
@ -3855,8 +3877,8 @@ if (!cluster.isPrimary) {
redirect(sanitizedURL, false); redirect(sanitizedURL, false);
return; return;
} }
//URL REWRITING //URL REWRITING
function rewriteURL(address, map) { function rewriteURL(address, map) {
var rewrittenAddress = address; var rewrittenAddress = address;
for (var i = 0; i < map.length; i++) { for (var i = 0; i < map.length; i++) {

4
tests.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.27 Tests</title> <title>SVR.JS 3.4.28 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.4.27 Tests</h1> <h1>SVR.JS 3.4.28 Tests</h1>
<h2>Directory</h2> <h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe> <iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2> <h2>Directory (with query)</h2>