DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Update to SVR.JS 3.4.25

Browse source
This commit is contained in:
Dorian Niemiec 2023-08-31 22:54:48 +02:00
parent ee5bd3938e
commit c672268fa3
6 changed files with 73 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2020 DorianTech S.A. Copyright (c) 2020-2023 DorianTech
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

2
config.json
View file

@ -3,7 +3,7 @@
"port": 80, "port": 80,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1692482564058, "timestamp": 1693508167592,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,

7
index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.24</title> <title>SVR.JS 3.4.25</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>Welcome to SVR.JS 3.4.24</h1> <h1>Welcome to SVR.JS 3.4.25</h1>
<br/> <br/>
<img src="/logo.png" style="width: 256px;" /> <img src="/logo.png" style="width: 256px;" />
<br/> <br/>
@ -110,7 +110,8 @@
</div> </div>
<p>Changes:</p> <p>Changes:</p>
<ul> <ul>
<li>Added reverse DNS lookup support.</li> <li>Improved HTTP authentication error handling.</li>
<li>Updated SVR.JS license.</li>
</ul> </ul>
<p>Bugs:</p> <p>Bugs:</p>
<ul> <ul>

10
licenses/index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.24 Licenses</title> <title>SVR.JS 3.4.25 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,12 +12,12 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.4.24 Licenses</h1> <h1>SVR.JS 3.4.25 Licenses</h1>
<h2>SVR.JS 3.4.24</h2> <h2>SVR.JS 3.4.25</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;"> <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/> MIT License<br/>
<br/> <br/>
Copyright (c) 2020 DorianTech S.A.<br/> Copyright (c) 2020-2023 DorianTech<br/>
<br/> <br/>
Permission is hereby granted, free of charge, to any person obtaining a copy<br/> Permission is hereby granted, free of charge, to any person obtaining a copy<br/>
of this software and associated documentation files (the "Software"), to deal<br/> of this software and associated documentation files (the "Software"), to deal<br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/> SOFTWARE.<br/>
</div> </div>
<h2>Packages used by SVR.JS 3.4.24 and utilities</h2> <h2>Packages used by SVR.JS 3.4.25 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;"> <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div> <div style="float: right;">License: MIT</div>
<div style="font-size: 20px;"> <div style="font-size: 20px;">

115
svr.js
View file

@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
} }
var os = require("os"); var os = require("os");
var version = "3.4.24"; var version = "3.4.25";
var singlethreaded = false; var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
@ -1029,7 +1029,7 @@ function sanitizeURL(resource) {
// Encode certain characters // Encode certain characters
resource = resource.replace(/[<>^`{|}]]/g, function (character) { resource = resource.replace(/[<>^`{|}]]/g, function (character) {
var charCode = character.charCodeAt(0); var charCode = character.charCodeAt(0);
return "%" + (charcode < 16 ? "0" : "") + charCode.toString(16).toUpperCase(); return "%" + (charCode < 16 ? "0" : "") + charCode.toString(16).toUpperCase();
}); });
var sanitizedResource = resource; var sanitizedResource = resource;
// Ensure the resource starts with a slash // Ensure the resource starts with a slash
@ -4085,64 +4085,69 @@ if (!cluster.isPrimary) {
var authcode = nonStandardCodes[authIndex]; var authcode = nonStandardCodes[authIndex];
function authorizedCallback(bruteProtection) { function authorizedCallback(bruteProtection) {
var ha = getCustomHeaders(); try {
ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\""; var ha = getCustomHeaders();
var credentials = req.headers["authorization"]; ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
if (!credentials) { var credentials = req.headers["authorization"];
callServerError(401, undefined, undefined, ha); if (!credentials) {
serverconsole.errmessage("Content needs authorization."); callServerError(401, undefined, undefined, ha);
return; serverconsole.errmessage("Content needs authorization.");
} return;
var cmatch = credentials.match(/^Basic (.+)$/);
if (!cmatch) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var c2 = Buffer.from(cmatch[1], "base64").toString("utf8");
var c2match = c2.match(/^([^:]*):(.*)$/);
if (!c2match) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var username = c2match[1];
var password = c2match[2];
var authorized = false;
for (var i = 0; i < users.length; i++) {
var hash = sha256(password + users[i].salt);
if (users[i].name == username && users[i].pass == hash) {
authorized = true;
break;
} }
} var cmatch = credentials.match(/^Basic (.+)$/);
if (!authorized) { if (!cmatch) {
if (bruteProtection) { callServerError(401, undefined, undefined, ha);
if (process.send) { serverconsole.errmessage("Malformed credentials.");
process.send("\x12AUTHW" + reqip); return;
} else { }
if (!bruteForceDb[reqip]) bruteForceDb[reqip] = { var c2 = Buffer.from(cmatch[1], "base64").toString("utf8");
invalidAttempts: 0 var c2match = c2.match(/^([^:]*):(.*)$/);
}; if (!c2match) {
bruteForceDb[reqip].invalidAttempts++; callServerError(401, undefined, undefined, ha);
if (bruteForceDb[reqip].invalidAttempts >= 10) { serverconsole.errmessage("Malformed credentials.");
bruteForceDb[reqip].lastAttemptDate = new Date(); return;
}
var username = c2match[1];
var password = c2match[2];
var authorized = false;
for (var i = 0; i < users.length; i++) {
var hash = sha256(password + users[i].salt);
if (users[i].name == username && users[i].pass == hash) {
authorized = true;
break;
}
}
if (!authorized) {
if (bruteProtection) {
if (process.send) {
process.send("\x12AUTHW" + reqip);
} else {
if (!bruteForceDb[reqip]) bruteForceDb[reqip] = {
invalidAttempts: 0
};
bruteForceDb[reqip].invalidAttempts++;
if (bruteForceDb[reqip].invalidAttempts >= 10) {
bruteForceDb[reqip].lastAttemptDate = new Date();
}
} }
} }
} callServerError(401, undefined, undefined, ha);
callServerError(401, undefined, undefined, ha); serverconsole.errmessage("User " + username + " failed to log in.");
serverconsole.errmessage("User " + username + " failed to log in."); } else {
} else { if (bruteProtection) {
if (bruteProtection) { if (process.send) {
if (process.send) { process.send("\x12AUTHR" + reqip);
process.send("\x12AUTHR" + reqip); } else {
} else { if (bruteForceDb[reqip]) bruteForceDb[reqip] = {
if (bruteForceDb[reqip]) bruteForceDb[reqip] = { invalidAttempts: 0
invalidAttempts: 0 };
}; }
} }
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData));
} }
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData)); } catch(err) {
callServerError(500, undefined, generateErrorStack(err));
return;
} }
} }
if (authcode.disableBruteProtection) { if (authcode.disableBruteProtection) {

4
tests.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.4.24 Tests</title> <title>SVR.JS 3.4.25 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.4.24 Tests</h1> <h1>SVR.JS 3.4.25 Tests</h1>
<h2>Directory</h2> <h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe> <iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2> <h2>Directory (with query)</h2>