DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Removed some easter eggs, to prevent SVR.JS version fingerprinting...

Browse source
This commit is contained in:
Dorian Niemiec 2023-08-19 21:03:05 +02:00
parent b96d39cb3e
commit fba0012690
2 changed files with 10 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.json
View file

@ -3,7 +3,7 @@
"port": 80,
"pubport": 80,
"page404": "404.html",
"timestamp": 1692394031580,
"timestamp": 1692471768431,
"blacklist": [],
"nonStandardCodes": [],
"enableCompression": true,

49
svr.js
View file

@ -3602,21 +3602,10 @@ if (!cluster.isPrimary) {
return;
}
if (href == "/invoke500.svr" || (os.platform() == "win32" && href.toLowerCase() == "/invoke500.svr")) {
if (version.indexOf("Nightly-") === 0 && uobject.query.crash !== undefined) throw new Error("Intentionally crashed");
if (version.indexOf("Nightly-") === 0 && (href == "/invoke500.svr" || (os.platform() == "win32" && href.toLowerCase() == "/invoke500.svr"))) {
if (uobject.query.crash !== undefined) throw new Error("Intentionally crashed");
try {
if (uobject.query.aprilfools === undefined) throw new Error("This page is intended to return 500 code.");
var hdhds = getCustomHeaders();
hdhds["Content-Type"] = "text/html; charset=utf-8";
if (uobject.query.activate === undefined) {
res.writeHead(599, "You may be a victim of software counterfeiting.", hdhds);
res.end("<html><head><title>Directory traversal prevention is not working.</title><style>body{background-color:#000;color:#fff}.a::after{content:\"\";clear:both;display:table}.button{text-decoration:none;color:#000;background-color:#f0f0f0;border:1px gray solid;padding:3px 20px 3px 20px}.button:hover{border:2px #00f solid}.close{text-decoration:none;color:#fff}</style></head><body><div style=\"text-align:center;font-family:sans-serif\"><div style=\"display:inline-block;background-color:gray\"><div style=\"background-color:#00f;color:#fff;text-align:left\"><a href=\"\" class=\"close\"><div style=\"float:right;background-color:red;padding:2px;margin-bottom:5px;margin-right:5px\"><small><b>&nbsp;&nbsp;X&nbsp;&nbsp;</b></small></div></a><div style=\"padding:5px\"><img src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAXElEQVQ4ja2TwQoAIAhDXfT/v7wOERTYrEzo5HSvUpiRloiikiSMxHuDFMHsrCgkAdDPNYHnuKP4/wbqvl7uL0H0554mTYAxyifuSyEYExzPwa37XFO1KG6E7Do3hN8jFFmoGsUAAAAASUVORK5CYII=\"> Directory traversal prevention is not working.</div></div><div class=\"a\" style=\"background-color:#fff;margin:0 5px 0 5px;text-align:left\"><img style=\"margin:5px\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAACXBIWXMAAA7EAAAOxAGVKw4bAAADZklEQVRoge2Zz0sbURDHPylqEyql3mwjBjx4EFHij4MX20O1B3/c9NhLoGAR400PIoUe4v8j1Ft/nLUXD0VED4KpVq3WgjH+nB7eCya72WT37W6k4Bceu5mZNzPf92Z2n2tERIT/GI/uOwG/eCDgjA/AY30NDyESWAYu9TU8hERgAdjQ9xv6dzgIicAykNP3OcLchRAIzAI7FtmOlgePEAh8AU4tslMtDx4BE3gL7DrodrU+WARMYAM4dtAdc9fYwSFAAm+A7So229ouOARI4IbC6h8dQSoFLS1qpFJKpvQ3wYUEkEDQISJPRQQ5PETicQRKRzyudMquI5iwIhLQDiSBvwDMzUE2a7fIZpVO2SWDCQtERPwep58A16hjgyqZcgQA4nHY3QVoAOqAM3+h8d0DC8B7CslDodbL4053qef5P2L43IEXwF6JpLERzhwWNhaDXK5Y8hz4aR4eXzuQBuzLPTHhPGN83Co50n7M4YPAZ1Ttl6ISgdFRq+Ra+/EBs4fXlIjERATbyOWQWKz0ERqNquvent1e+Zmq9WP0O8WNW4xYDIaGSmX5PHR3Q3NzuRmX2p8ZDAhMAz+o9EYdG7PLhoedrG+0v2nvqWBEYA2n1S9gZMQucyaA9rfmPRXw2gOzItJUtvato7+/tAfOz6vNadL+Q+2Br8C5K8viJ87gIESj1Waca//e4IHAPPALyLuyLu6DyuVTQF77n3efEngpoTYRiboqHxHk9hZpaFAltL7ubo7y3xZGCS2iDl/uVh8gEoGBAVU+nZ1uZ+V1nEXXcVzsQEZEnolIvevV9zfqdbxMUDuwAvwBrtyvii9c6XgrrqyrEFgCVj2nkMtBOg2JhBrptPUU6garOn4VVN6gHs8lcHGB9PXZ/6Ts61M6b/56qpZQBQIfxe1Lq3hkMvbkC2NpySuBJp2HEYEuz8mLIMmkM4GeHpOm7qpIwKEH5oEDr0ULwOammc4ZB1R6uTkQ+ATsm0Sjvd1M54x9nU95lCHwDjgxiQTA5KSZrjJOUHmVgb2qeo1qP5ynUPHoLdsDFgJjItLqi4AIcnaGzMwgiYQaMzNK5s9vq86vFJbPKq+Ab6b7XAO8xHrkLuqBJLBVy2wMsIX1s2Td3e1j4HVN0zHD75JfAXwbvV88/Kf+vvFA4L7xD6EQkx9oyJNyAAAAAElFTkSuQmCC\"><div style=\"color:#000;padding:7px 7px 5px 5px;float:right\"><big><big><span style=\"color:#5050ff\">You may be a victim of software<br>counterfeiting.</span></big></big><br><br>To use all DorianTech SVR.JS features, such as all<br>directory traversal protections; use server-side JS;<br>and recieve product support, your copy of DorianTech<br>SVR.JS must be validated as genuine.<br><br><a href=\"/invoke500.svr?aprilfools&activate\">Go online and resolve now</a><br><br></div></div><div style=\"padding:15px;border-top:1px silver solid;margin:0 5px 5px 5px;background-color:#e0e0e0;text-align:right\"><a href=\"javascript:location.reload();\" class=\"button\">Close</a></div></div></div><small>This copy of SVR.JS is not genuine.</small></body></html>");
serverconsole.resmessage("You may be a victim of software counterfeiting.");
} else {
res.writeHead(200, "OK", hdhds);
res.end("<style>body{background-color: black; color: white}</style><!DOCTYPE html>\n<!-- DON'T DELETE THE PAGE! THIS PAGE IS MEANT TO ACTIVATE SVR.JS!!! -->\n<html>\n<head>\n<title>SVR.JS Genuine Advantage</title>\n</head>\n<body>\n<h1>Activate SVR.JS</h1>\n<i>You will then be able to use all of SVR.JS features through SVR.JS Genuine Advantage!</i>\n<noscript>You need to enable JavaScript in order to activate SVR.JS.</noscript>\n<big><p id=\"activate\">Wait...</p></big>\n<script>\n setTimeout(function () {\n document.getElementById(\"activate\").innerHTML = \"Can't connect to DorianTech Activation Service! Check your internet connection.\";\n 'use doriantech activation technologies';\n //#$DAT%SURL http://cscsmaterials.ddns.net/dat/doriantech.dad\n //#$DAT%CONN __DORIANTECH__.__SVRJS__.__APRILFOOLS__.__ACTIVATE__(this,\"SVRJSSECRET32942832432\")\n //#$DAT%ATOV __DORIANTECH__.__SVRJS__.__APRILFOOLS__.__USECOPY__(this)\n //#$DAT%USEC this\n //#$DAT%IFOK __JSEXECUTE__(\"document.getElementById('activate').innerHTML = __dat__.exec('HTML');\")\n }, 2000);\n</script>\n</body>\n</html>\n<small>This copy of SVR.JS is not genuine.</small>");
}
return;
throw new Error("This page is intended to return 500 code.");
} catch (err) {
callServerError(500, undefined, generateErrorStack(err));
return;
@ -3632,35 +3621,15 @@ if (!cluster.isPrimary) {
res.writeHead(200, "OK", hdhds);
res.end((head == "" ? "<html><head><title>SVR.JS status" + (request.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;")) + "</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /></head><body>" : head.replace(/<head>/i, "<head><title>SVR.JS status" + (request.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;")) + "</title>")) + "<h1>SVR.JS status" + (request.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;")) + "</h1>Server version: " + (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + "<br/><hr/>Current time: " + new Date().toString() + "<br/>Thread start time: " + new Date(new Date() - (process.uptime() * 1000)).toString() + "<br/>Thread uptime: " + formatRelativeTime(Math.floor(process.uptime())) + "<br/>OS uptime: " + formatRelativeTime(os.uptime()) + "<br/>Total request count: " + reqcounter + "<br/>Average request rate: " + (Math.round((reqcounter / process.uptime()) * 100) / 100) + " requests/s" + (process.memoryUsage ? ("<br/>Memory usage of thread: " + sizify(process.memoryUsage().rss) + "B") : "") + (process.cpuUsage ? ("<br/>Total CPU usage by thread: u" + (process.cpuUsage().user / 1000) + "ms s" + (process.cpuUsage().system / 1000) + "ms - " + (Math.round((((process.cpuUsage().user + process.cpuUsage().system) / 1000000) / process.uptime()) * 1000) / 1000) + "%") : "") + "<br/>Thread PID: " + process.pid + "<br/>" + (foot == "" ? "</body></html>" : foot));
return;
} else if (href == "/zsoiebook.svr" || (os.platform() == "win32" && href.toLowerCase() == "/zsoiebook.svr")) {
var hdhds = getCustomHeaders();
hdhds["Content-Type"] = "text/html; charset=utf-8";
res.writeHead(200, "OK", hdhds);
if (typeof uobject.query.summary !== "undefined") {
res.end("<!DOCTYPE html>\n<html>\n <head>\n <title>The Summary of Book of ZSOiE</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">And Satan created <em>Mammon</em>. His work won people from all over the school. When people abandoned them through the <em>Piracy Window</em>, so Satan went back in time and created <em>the Server</em> to continue to wreak havoc all over the school.</p>\n <p class=\"from\">from <b>The Summary of Book of ZSOiE</b></p>\n </section>\n </body>\n</html>");
return;
}
var randomValue = Math.random();
if (randomValue > 0.85714) {
res.end("<!DOCTYPE html>\n<!-- Autor SVR.JS znalazł ChatGPT. ChatGPT pomógł autorowi w programowaniu SVR.JS. Author SVR.JS stworzył kolejny server, tym razem w bash... -->\n<!-- The author of SVR.JS found ChatGPT. ChatGPT helped the author develop SVR.JS. Author SVR.JS created another server, this time in bash... -->\n<html>\n <head>\n <title>The Book of ZSOiE, 7:28</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\"><em>The Server</em> continues to cultivate it's <em>Dafa</em>. <em>The Author</em> found <em>the Robot</em> and asked him for help. Then the Robot started to help the Author to improve his Server. And the Author tries to create <em>yet another server</em> without using the <em>main node</em>...</p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 7:28</p>\n </section>\n </body>\n</html>");
} else if (randomValue > 0.71429) {
res.end("<!DOCTYPE html>\n<!-- SVR.JS podzielił się na 2 gałęzie: jedną gałąź LTS SVR.JS 3.4.x i jedną gałąź najnowszych wersji SVR.JS. -->\n<!-- SVR.JS has split into 2 branches: one LTS SVR.JS 3.4.x branch and one branch of the latest versions of SVR.JS. -->\n<html>\n <head>\n <title>The Book of ZSOiE, 7:16</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\"><em>The Server</em> is still going. But <em>the Author</em> commanded to the Server: \"thou shalt you split to two branches.\". And the Server did split it's <em>Dafa</em>. One of two branches stopped serving on <em>old and rusty node</em>. Other one is still serving on that, but it will later <em>vanish</em>... \"<em>Mammon</em> will get confused\" - said the Author.</p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 7:16</p>\n </section>\n </body>\n</html>");
} else if (randomValue > 0.57143) {
res.end("<!DOCTYPE html>\n<!-- SVR.JS 2.x już nie otrzymuje aktualizacji zabezpieczeń, a SVR.JS 3.x jest rozwijany w kierunku niezawodności i łatwości. Dwóch z uczestników konkusru CyberSkiller z ZSOiE zostały ukazane w gazecie w artykule o najlepszych uczniach. -->\n<!-- SVR.JS 2.x no longer receives security updates and SVR.JS 3.x is being developed towards reliability and ease. Two of the participants of the CyberSkiller competition from ZSOiE were featured in the newspaper's article about the best students. -->\n<html>\n <head>\n <title>The Book of ZSOiE, 7:2</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">The old Server forces died. The all-powerful new <em>Server</em> rosen from ashes of old Server like phoenix followed the ways of <em>Durability-Ease-Reliability</em> and cultivated his <em>Dafa</em>. Then, the <em>Author</em> and <em>Whyvn</em> appeared on best <em>former Mammon's</em> disciples paper.</p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 7:2</p>\n </section>\n </body>\n</html>");
} else if (randomValue > 0.42857) {
res.end("<!DOCTYPE html>\n<!-- Nastąpił koniec roku szkolnego. Autor wypróbował SVR.JS na platformie Bun. SVR.JS 3.0.0 został wreście wydany. Uczestnicy konkursu CyberSkiller z ZSOiE dostały Nagrodę Patrona. -->\n<!-- The school year has come to an end. The author tried out SVR.JS on the Bun platform. SVR.JS 3.0.0 has finally been released. Participants of the CyberSkiller competition from ZSOiE received the Patron's Award. -->\n<html>\n <head>\n <title>The Book of ZSOiE, 6:24</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">Mammon had enough karmic retribution. The <em>Author</em> tried it's <em>Server</em> on <em>main node's substitute</em>. Then, the Author saw, that Server's <em>Dafa</em> is good, and that main node, it's substitute, and older Mammon are good. Meanwhile the <em>Author</em>, <em>Whyvn</em>, and <em>Snovbyn</em> rejoiced even more from their success over older Mammon.</p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 6:24</p>\n </section>\n </body>\n</html>");
} else if (randomValue > 0.32143) {
res.end("<!DOCTYPE html>\n<!-- Uczestnicy konkursu CyberSkiller uzyskali nagrody od nauczycieli ZSOiE. W tym samym czasie SVR.JS 3.0.0 zostaje niedługo wydany. -->\n<!-- Participants of the CyberSkiller competition received awards from ZSOiE teachers. At the same time, SVR.JS 3.0.0 is about to be released. -->\n<html>\n <head>\n <title>The Book of ZSOiE, 6:6</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">And the <em>Server</em> is about to come. The <em>Author</em> along with <em>Whyvn</em> and <em>Snovbyn</em> passing the Mammon's test rejoiced their success over older Mammon.</p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 6:6</p>\n </section>\n </body>\n</html>");
} else if (randomValue > 0.14286) {
res.end("<!DOCTYPE html>\n<!-- Nastąpił finał konkursu CyberSkiller Challenge Poland. W finale jeden z uczestników ZSOiE w Lubsku użył serwera SVR.JS -->\n<!-- The finals of the CyberSkiller Challenge Poland competition has taken place. In the finals, one of the participants of ZSOiE in Lubsko used the SVR.JS server -->\n<html>\n <head>\n <title>The Book of ZSOiE, 5:25</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">The twins of Mammon quarrelled. The <em>Author</em> with it's <em>Server</em> and it's <em>main node</em> plunged the Mammon's servers into darkness. Meanwhile <em>Whyvn</em> and <em>Snovbyn</em> helped him to break Mammon's servers. </p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 5:25</p>\n </section>\n </body>\n</html>");
} else {
res.end("<!DOCTYPE html>\n<!-- Uczniowie ZSOiE brali udział w konkursie CyberSkiller Challenge Poland i używali poleceń, który ich nauczyciel nie rozumiał. -->\n<!-- ZSOiE students took part in CyberSkiller Challenge Poland and used commands, which their teacher didn't understand. -->\n<html>\n <head>\n <title>The Book of ZSOiE, 3:16</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <style>\n html {\n background: maroon;\n color: white;\n font-style: italic;\n text-rendering: optimizeLegibility;\n min-height: 100%;\n }\n\n .svrtext {\n margin-top: 15%;\n font-size: 1.1em;\n font-family: serif;\n text-align: center;\n line-height: 1.5;\n }\n\n .from {\n font-size: 1.95em;\n font-family: serif;\n text-align: right;\n }\n\n em {\n font-size: 1.3em;\n line-height: 0;\n }\n\n a {\n text-decoration: none;\n color: white;\n }\n </style>\n </head>\n <body>\n <section>\n <p class=\"svrtext\">Mammon slept. Meanwhile, the <em>Author</em>, <em>Whyvn</em> and <em>Snovbyn</em> being in very skill-requiring challenge casted <em>tcpdump</em> and <em>mongodb</em> on him. </p>\n <p class=\"from\">from <b>The Book of ZSOiE</b>, 3:16</p>\n </section>\n </body>\n</html>");
}
return;
} else if (version.indexOf("Nightly-") === 0 && (href == "/crash.svr" || (os.platform() == "win32" && href.toLowerCase() == "/crash.svr"))) {
throw new Error("Intentionally crashed");
}
/////////////////////////////////////////////
////THERE IS NO MORE "THE BOOK OF ZSOIE"!////
//// But it's in easteregg.tar.gz mod... ////
/////////////////////////////////////////////
var pth = decodeURIComponent(href).replace(/\/+/g, "/").substr(1);
var readFrom = "./" + pth;
fs.stat(readFrom, function (err, stats) {