DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Update to SVR.JS 3.4.28

Browse source
This commit is contained in:
Dorian Niemiec 2023-09-03 22:44:26 +02:00
parent d2fa84a969
commit 816f96b064
5 changed files with 107 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.json
View file

@ -3,7 +3,7 @@
"port": 80,
"pubport": 80,
"page404": "404.html",
"timestamp": 1693508167592,
"timestamp": 1693773733148,
"blacklist": [],
"nonStandardCodes": [],
"enableCompression": true,
@ -96,4 +96,4 @@
"sni": {},
"disableNonEncryptedServer": false,
"disableToHTTPSRedirect": false
}
}

7
index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.27</title>
<title>SVR.JS 3.4.28</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,7 +12,7 @@
</style>
</head>
<body>
<h1>Welcome to SVR.JS 3.4.27</h1>
<h1>Welcome to SVR.JS 3.4.28</h1>
<br/>
<img src="/logo.png" style="width: 256px;" />
<br/>
@ -119,8 +119,7 @@
</div>
<p>Changes:</p>
<ul>
<li>Dropped support for undocumented unused non-standard SVR.JS-specific headers.</li>
<li>Fixed bug with <i>wwwredirect</i>.</li>
<li>Added validation for X-Forwarded-For header.</li>
</ul>
<p>Bugs:</p>
<ul>

8
licenses/index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.27 Licenses</title>
<title>SVR.JS 3.4.28 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,8 +12,8 @@
</style>
</head>
<body>
<h1>SVR.JS 3.4.27 Licenses</h1>
<h2>SVR.JS 3.4.27</h2>
<h1>SVR.JS 3.4.28 Licenses</h1>
<h2>SVR.JS 3.4.28</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/>
<br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/>
</div>
<h2>Packages used by SVR.JS 3.4.27 and utilities</h2>
<h2>Packages used by SVR.JS 3.4.28 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div>
<div style="font-size: 20px;">

170
svr.js
View file

@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
}
var os = require("os");
var version = "3.4.27";
var version = "3.4.28";
var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
@ -2064,31 +2064,37 @@ if (!cluster.isPrimary) {
}
}
var reqport = "";
var reqip = "";
var oldport = "";
var reqip = req.socket.remoteAddress;
var reqport = req.socket.remotePort;
var oldip = "";
if (req.headers["x-forwarded-for"] != undefined && enableIPSpoofing) {
reqport = null;
reqip = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip;
try {
oldport = req.socket.remotePort;
oldip = req.socket.remoteAddress;
req.socket.realRemotePort = reqport;
req.socket.realRemoteAddress = reqip;
req.socket.originalRemotePort = oldport;
req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (ex) {
//Nevermind...
var oldport = "";
var isForwardedValid = true;
if(enableIPSpoofing) {
if (req.headers["x-forwarded-for"] != undefined) {
var preparedReqIP = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
var preparedReqIPvalid = net.isIP(preparedReqIP);
if(preparedReqIPvalid) {
if (preparedReqIPvalid == 4 && req.socket.remoteAddress && req.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
reqip = preparedReqIP;
reqport = null;
try {
oldport = req.socket.remotePort;
oldip = req.socket.remoteAddress;
req.socket.realRemotePort = reqport;
req.socket.realRemoteAddress = reqip;
req.socket.originalRemotePort = oldport;
req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
}
} else {
reqip = req.socket.remoteAddress;
reqport = req.socket.remotePort;
}
if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (req.method == "GET" ? "content in " : (req.method == "POST" ? "to post content in " : (req.method == "PUT" ? "to add content in " : (req.method == "DELETE" ? "to delete content in " : (req.method == "PATCH" ? "to patch content in " : "to access content using " + req.method + " method in "))))) + (req.headers.host == undefined ? "" : req.headers.host) + req.url);
@ -2102,7 +2108,7 @@ if (!cluster.isPrimary) {
return;
}
var hostx = req.headers.host;
if (hostx === undefined) {
if (hostx === undefined || !isForwardedValid) {
serverconsole.errmessage("Bad request!");
callServerError(400);
return;
@ -2887,31 +2893,37 @@ if (!cluster.isPrimary) {
return;
}
var reqport = "";
var reqip = "";
var oldport = "";
var reqip = request.socket.remoteAddress;
var reqport = request.socket.remotePort;
var oldip = "";
if (request.headers["x-forwarded-for"] != undefined && enableIPSpoofing) {
reqport = null;
reqip = request.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip;
try {
oldport = request.socket.remotePort;
oldip = request.socket.remoteAddress;
request.socket.realRemotePort = reqport;
request.socket.realRemoteAddress = reqip;
request.socket.originalRemotePort = oldport;
request.socket.originalRemoteAddress = oldip;
response.socket.realRemotePort = reqport;
response.socket.realRemoteAddress = reqip;
response.socket.originalRemotePort = oldport;
response.socket.originalRemoteAddress = oldip;
} catch (ex) {
//Address setting failed
var oldport = "";
var isForwardedValid = true;
if(enableIPSpoofing) {
if (request.headers["x-forwarded-for"] != undefined) {
var preparedReqIP = request.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
var preparedReqIPvalid = net.isIP(preparedReqIP);
if(preparedReqIPvalid) {
if (preparedReqIPvalid == 4 && request.socket.remoteAddress && request.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
reqip = preparedReqIP;
reqport = null;
try {
oldport = request.socket.remotePort;
oldip = request.socket.remoteAddress;
request.socket.realRemotePort = reqport;
request.socket.realRemoteAddress = reqip;
request.socket.originalRemotePort = oldport;
request.socket.originalRemoteAddress = oldip;
response.socket.realRemotePort = reqport;
response.socket.realRemoteAddress = reqip;
response.socket.originalRemotePort = oldport;
response.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
}
} else {
reqip = request.socket.remoteAddress;
reqport = request.socket.remotePort;
}
if (!isProxy) serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (request.method == "GET" ? "content in " : (request.method == "POST" ? "to post content in " : (request.method == "PUT" ? "to add content in " : (request.method == "DELETE" ? "to delete content in " : (request.method == "PATCH" ? "to patch content in " : "to access content using " + request.method + " method in "))))) + (request.headers.host == undefined ? "" : request.headers.host) + request.url);
@ -3009,7 +3021,6 @@ if (!cluster.isPrimary) {
599: "The server couldn't connect in time, while it was acting as a proxy."
};
//Server error calling method
// Server error calling method
function callServerError(errorCode, extName, stack, ch) {
if (typeof errorCode !== "number") {
@ -3257,31 +3268,37 @@ if (!cluster.isPrimary) {
return;
}
var reqport = "";
var reqip = "";
var oldport = "";
var reqip = req.socket.remoteAddress;
var reqport = req.socket.remotePort;
var oldip = "";
if (req.headers["x-forwarded-for"] != undefined && enableIPSpoofing) {
reqport = null;
reqip = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
if (reqip.indexOf(":") == -1) reqip = "::ffff:" + reqip;
try {
oldport = req.socket.remotePort;
oldip = req.socket.remoteAddress;
req.socket.realRemotePort = reqport;
req.socket.realRemoteAddress = reqip;
req.socket.originalRemotePort = oldport;
req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (ex) {
//Nevermind...
var oldport = "";
var isForwardedValid = true;
if(enableIPSpoofing) {
if (req.headers["x-forwarded-for"] != undefined) {
var preparedReqIP = req.headers["x-forwarded-for"].split(",")[0].replace(/ /g, "");
var preparedReqIPvalid = net.isIP(preparedReqIP);
if(preparedReqIPvalid) {
if (preparedReqIPvalid == 4 && req.socket.remoteAddress && req.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
reqip = preparedReqIP;
reqport = null;
try {
oldport = req.socket.remotePort;
oldip = req.socket.remoteAddress;
req.socket.realRemotePort = reqport;
req.socket.realRemoteAddress = reqip;
req.socket.originalRemotePort = oldport;
req.socket.originalRemoteAddress = oldip;
res.socket.realRemotePort = reqport;
res.socket.realRemoteAddress = reqip;
res.socket.originalRemotePort = oldport;
res.socket.originalRemoteAddress = oldip;
} catch (err) {
// Address setting failed
}
} else {
isForwardedValid = false;
}
}
} else {
reqip = req.socket.remoteAddress;
reqport = req.socket.remotePort;
}
function checkLevel(e) {
@ -3488,7 +3505,6 @@ if (!cluster.isPrimary) {
} else {
statsa.push("<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/bad.png\" alt=[BAD] width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (href + "/" + encodeURI(ename)).replace(/\/+/g, "/") + "\"><nocode>" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</nocode></a></td><td>-</td><td>-</td></tr>\r\n");
}
} else {
var entry = "<tr><td style=\"width: 24px;\"><img src=\"[img]\" alt=\"[alt]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (origHref + "/" + encodeURIComponent(ename)).replace(/\/+/g, "/") + (estats.isDirectory() ? "/" : "") + "\">" + ename.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + "</a></td><td>" + (estats.isDirectory() ? "-" : sizify(estats.size.toString())) + "</td><td>" + estats.mtime.toDateString() + "</td></tr>\r\n";
if (estats.isDirectory()) {
@ -3837,6 +3853,12 @@ if (!cluster.isPrimary) {
return;
}
if(!isForwardedValid) {
serverconsole.errmessage("X-Forwarded-For header is invalid.");
callServerError(400);
return;
}
//SANITIZE URL
var sanitizedHref = sanitizeURL(href);
@ -3855,8 +3877,8 @@ if (!cluster.isPrimary) {
redirect(sanitizedURL, false);
return;
}
//URL REWRITING
function rewriteURL(address, map) {
var rewrittenAddress = address;
for (var i = 0; i < map.length; i++) {

4
tests.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.27 Tests</title>
<title>SVR.JS 3.4.28 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,7 +12,7 @@
</style>
</head>
<body>
<h1>SVR.JS 3.4.27 Tests</h1>
<h1>SVR.JS 3.4.28 Tests</h1>
<h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2>