DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Update to SVR.JS 3.4.25

Browse source
This commit is contained in:
Dorian Niemiec 2023-08-31 22:54:48 +02:00
parent ee5bd3938e
commit c672268fa3
6 changed files with 73 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2020 DorianTech S.A.
Copyright (c) 2020-2023 DorianTech
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

2
config.json
View file

@ -3,7 +3,7 @@
"port": 80,
"pubport": 80,
"page404": "404.html",
"timestamp": 1692482564058,
"timestamp": 1693508167592,
"blacklist": [],
"nonStandardCodes": [],
"enableCompression": true,

7
index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.24</title>
<title>SVR.JS 3.4.25</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,7 +12,7 @@
</style>
</head>
<body>
<h1>Welcome to SVR.JS 3.4.24</h1>
<h1>Welcome to SVR.JS 3.4.25</h1>
<br/>
<img src="/logo.png" style="width: 256px;" />
<br/>
@ -110,7 +110,8 @@
</div>
<p>Changes:</p>
<ul>
<li>Added reverse DNS lookup support.</li>
<li>Improved HTTP authentication error handling.</li>
<li>Updated SVR.JS license.</li>
</ul>
<p>Bugs:</p>
<ul>

10
licenses/index.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.24 Licenses</title>
<title>SVR.JS 3.4.25 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,12 +12,12 @@
</style>
</head>
<body>
<h1>SVR.JS 3.4.24 Licenses</h1>
<h2>SVR.JS 3.4.24</h2>
<h1>SVR.JS 3.4.25 Licenses</h1>
<h2>SVR.JS 3.4.25</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/>
<br/>
Copyright (c) 2020 DorianTech S.A.<br/>
Copyright (c) 2020-2023 DorianTech<br/>
<br/>
Permission is hereby granted, free of charge, to any person obtaining a copy<br/>
of this software and associated documentation files (the "Software"), to deal<br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/>
</div>
<h2>Packages used by SVR.JS 3.4.24 and utilities</h2>
<h2>Packages used by SVR.JS 3.4.25 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div>
<div style="font-size: 20px;">

115
svr.js
View file

@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
}
var os = require("os");
var version = "3.4.24";
var version = "3.4.25";
var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
@ -1029,7 +1029,7 @@ function sanitizeURL(resource) {
// Encode certain characters
resource = resource.replace(/[<>^`{|}]]/g, function (character) {
var charCode = character.charCodeAt(0);
return "%" + (charcode < 16 ? "0" : "") + charCode.toString(16).toUpperCase();
return "%" + (charCode < 16 ? "0" : "") + charCode.toString(16).toUpperCase();
});
var sanitizedResource = resource;
// Ensure the resource starts with a slash
@ -4085,64 +4085,69 @@ if (!cluster.isPrimary) {
var authcode = nonStandardCodes[authIndex];
function authorizedCallback(bruteProtection) {
var ha = getCustomHeaders();
ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
var credentials = req.headers["authorization"];
if (!credentials) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Content needs authorization.");
return;
}
var cmatch = credentials.match(/^Basic (.+)$/);
if (!cmatch) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var c2 = Buffer.from(cmatch[1], "base64").toString("utf8");
var c2match = c2.match(/^([^:]*):(.*)$/);
if (!c2match) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var username = c2match[1];
var password = c2match[2];
var authorized = false;
for (var i = 0; i < users.length; i++) {
var hash = sha256(password + users[i].salt);
if (users[i].name == username && users[i].pass == hash) {
authorized = true;
break;
try {
var ha = getCustomHeaders();
ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
var credentials = req.headers["authorization"];
if (!credentials) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Content needs authorization.");
return;
}
}
if (!authorized) {
if (bruteProtection) {
if (process.send) {
process.send("\x12AUTHW" + reqip);
} else {
if (!bruteForceDb[reqip]) bruteForceDb[reqip] = {
invalidAttempts: 0
};
bruteForceDb[reqip].invalidAttempts++;
if (bruteForceDb[reqip].invalidAttempts >= 10) {
bruteForceDb[reqip].lastAttemptDate = new Date();
var cmatch = credentials.match(/^Basic (.+)$/);
if (!cmatch) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var c2 = Buffer.from(cmatch[1], "base64").toString("utf8");
var c2match = c2.match(/^([^:]*):(.*)$/);
if (!c2match) {
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("Malformed credentials.");
return;
}
var username = c2match[1];
var password = c2match[2];
var authorized = false;
for (var i = 0; i < users.length; i++) {
var hash = sha256(password + users[i].salt);
if (users[i].name == username && users[i].pass == hash) {
authorized = true;
break;
}
}
if (!authorized) {
if (bruteProtection) {
if (process.send) {
process.send("\x12AUTHW" + reqip);
} else {
if (!bruteForceDb[reqip]) bruteForceDb[reqip] = {
invalidAttempts: 0
};
bruteForceDb[reqip].invalidAttempts++;
if (bruteForceDb[reqip].invalidAttempts >= 10) {
bruteForceDb[reqip].lastAttemptDate = new Date();
}
}
}
}
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("User " + username + " failed to log in.");
} else {
if (bruteProtection) {
if (process.send) {
process.send("\x12AUTHR" + reqip);
} else {
if (bruteForceDb[reqip]) bruteForceDb[reqip] = {
invalidAttempts: 0
};
callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("User " + username + " failed to log in.");
} else {
if (bruteProtection) {
if (process.send) {
process.send("\x12AUTHR" + reqip);
} else {
if (bruteForceDb[reqip]) bruteForceDb[reqip] = {
invalidAttempts: 0
};
}
}
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData));
}
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData));
} catch(err) {
callServerError(500, undefined, generateErrorStack(err));
return;
}
}
if (authcode.disableBruteProtection) {

4
tests.html
View file

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>SVR.JS 3.4.24 Tests</title>
<title>SVR.JS 3.4.25 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" />
<style>
@ -12,7 +12,7 @@
</style>
</head>
<body>
<h1>SVR.JS 3.4.24 Tests</h1>
<h1>SVR.JS 3.4.25 Tests</h1>
<h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2>