1
0
Fork 0
forked from svrjs/svrjs
Commit graph

246 commits

Author SHA1 Message Date
4d69f6f1a7 Add IP-based virtual hosts alongside hostname-based virtual hosts 2024-02-02 19:08:49 +01:00
ea228114e1 Head and foot inclusion is now returning 500 error in case of server error instead of server crash. 2024-01-24 19:48:50 +00:00
e172c2c005 Fix web root postfix prefix support 2024-01-24 19:06:00 +00:00
e29d1aa3aa Fix syntax error from previous commit. 2024-01-24 18:53:29 +00:00
5fdbc898d0 Add support for web root postfix prefixes. 2024-01-24 18:52:05 +00:00
6abe280ee8 Add support for web root postfixes (for every host) 2024-01-23 07:00:23 +01:00
6a9afcbc26 Add support for useClientCertificate, rejectUnauthorizedClientCertificates, cipherSuite, ecdhCurve, tlsMinVersion, tlsMaxVersion, signatureAlgorithms and http2Settings config.json properties. 2024-01-22 23:21:01 +01:00
1a2019664a Fixed error handling for invalid URL rewrite regexes. Also fixed bug with HTTP proxy not working. 2024-01-18 01:12:09 +01:00
60a84d879d Clean up the code (remove trailing spaces) 2024-01-14 19:01:49 +01:00
db6c4faeaf Mitigate log file injection vulnerability at mod file names. 2024-01-14 19:00:27 +01:00
e1e9338806 SVR.JS no longer crashes, when access to a log file is denied. 2024-01-14 09:00:08 +01:00
e11dd8d5b5 Mitigated log file injection for HTTP authentication 2024-01-14 08:41:11 +01:00
55dfa0ad1e Fixed typo that caused 500 error with 308 code redirects 2024-01-13 10:25:42 +01:00
9569c7b7fd Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method) 2024-01-13 08:36:00 +01:00
03556813ec Reformatted the source code 2024-01-13 08:25:38 +01:00
1123f40961 Cleaned up the code 2024-01-13 08:09:32 +01:00
4179e4020c Dropped support for svrmodpack; SVR.JS LTS versions will still have svrmodpack support. 2024-01-13 08:01:05 +01:00
7e73cb68d3 Added support for skipping URL rewriting, when the URL refers to a file or a directory. 2024-01-13 07:53:16 +01:00
d942342106 Changed rewriteURL method to use callbacks. 2024-01-13 07:34:28 +01:00
7a6661b895 Fix searchHostname function 2023-12-30 23:43:07 +01:00
b0ed92d8ac Removed all remnants of "DorianTech" in SVR.JS 2023-12-24 19:17:34 +01:00
7be1c2a73b Fixed host name rewriting 2023-12-16 08:59:49 +01:00
949e799d45 Improved SNI and host header processing 2023-12-15 23:28:06 +01:00
e68118ecbc Improve on new SNI-related changes 2023-12-15 00:50:33 +01:00
aac6323401 Add Host header processing 2023-12-15 00:15:54 +01:00
63f8e98add SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities. 2023-12-15 00:05:22 +01:00
179ebf6a7f Changed secure context regex generation 2023-12-14 23:45:50 +01:00
355d20a2c1 Optimized some anti-XSS measures 2023-12-12 23:22:06 +01:00
2faf1e9c61 Mitigated even more XSS vulnerabilities. 2023-12-12 23:19:29 +01:00
8bad3f918c Fixed multiple XSS vulnerabilities 2023-12-12 23:09:39 +01:00
5950d326fe Clean up res.writeHead wraooer code 2023-12-12 22:37:23 +01:00
5902dd52fc Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page. 2023-12-12 22:29:27 +01:00
2fb4c52777 Make status page code more readable. 2023-12-12 22:19:51 +01:00
953c95f485 Fixes bug in the sizify function 2023-12-07 09:56:09 +01:00
ab69abf2da Fixed bug with URL rewriting and trailing slash redirection 2023-12-03 16:18:21 +01:00
2cab4349f9 Minor code style corrections 2023-12-03 14:04:38 +01:00
7229661c8e Replace all instances of "ex" with "err" 2023-12-03 14:00:52 +01:00
ebe310eca6 Clean up SVR.JS code 2023-12-03 13:58:35 +01:00
caf2ad685d Fix environment variable support (after testing) 2023-12-03 13:55:56 +01:00
d02c9754c9 Invalid compression exclusion list regexes no longer crash SVR.JS 2023-12-03 13:09:56 +01:00
17def48271 Changed invalid regex error message 2023-12-03 13:07:28 +01:00
0ed74bc55d Change base 1000 size prefixes to base 1024. 2023-12-03 12:51:05 +01:00
ae1738166f Add new config.json option - environmentVariables. 2023-12-03 12:11:15 +01:00
1f42691cbc Correct language errors 2023-12-03 12:05:14 +01:00
024d6cc2d3 SVR.JS now saves configuration files with trailing newlines. 2023-12-03 12:02:49 +01:00
5321f2c6a7 Added trailing slash redirect support 2023-12-03 11:55:19 +01:00
10b7da09ae Corrected language errors in console error messages. 2023-11-12 19:52:59 +01:00
13603adf1b Fix even more language errors in HTTP error message descriptions. 2023-11-12 19:47:32 +01:00
fad9dc61ae Fix multiple language errors in HTTP error message descriptions. 2023-11-12 18:59:24 +01:00
b38e1cea5f Fixed crashes due of destroyed HTTP/2 stream (Node.JS bug: https://github.com/nodejs/node/issues/24470) 2023-11-12 18:41:06 +01:00
ae45c2e132 SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption. 2023-11-12 18:33:29 +01:00
fccc0ef7ca Fixed bug with non-standard code regex replacements 2023-09-17 23:32:42 +02:00
a2ecbe4c5a Optimize mod loader 2023-09-12 23:19:14 +02:00
84b7cac684 Fix bug with mods executing in wrong order (bug was related with access control vulnerability fix; bug was not present in LTS versions) 2023-09-12 23:15:55 +02:00
c8c069aceb Rename properDirectoryListingServe function to properDirectoryListingAndStaticFileServe. 2023-09-12 19:50:39 +02:00
75e987dcf4 Removed undocumented and non-working code. 2023-09-12 19:34:34 +02:00
e84bb426a7 Replace sizify function with new one. 2023-09-12 19:21:13 +02:00
5a567d09d1 Drop dependency on "pretty-bytes" module 2023-09-12 18:27:15 +02:00
e048156e18 Remove "invoke500.svr" and "crash.svr" (only activated in nightly versions, not in stable or LTS) 2023-09-12 18:11:11 +02:00
8050fc766e Partially revert commit 193cede707 2023-09-11 23:21:14 +02:00
193cede707 Optimize responseEnd method 2023-09-11 23:08:02 +02:00
11bc6a32c9 Remove "fd" variable. 2023-09-11 23:01:46 +02:00
1132ed539a Remove unneccesary whitespaces 2023-09-11 21:56:08 +02:00
f4641cd1bb Removed unused SVR.JS code 2023-09-11 21:51:03 +02:00
079ce3d974 Reposition some if conditions 2023-09-11 21:50:42 +02:00
68e7fa9ae6 Globalize HTTP error messages object 2023-09-11 11:06:03 +02:00
91ab1f4a97 Minor changes to status codes 2023-09-11 10:36:10 +02:00
e828bb9173 Add warning about worker count limited to one when using Bun 1.0 and newer with shimmed (not native) clustering module. 2023-09-10 19:30:29 +02:00
24783fc1f9 Disable bug workaround for Bun 1.0 and newer (it's not needed anymore for these Bun versions) 2023-09-10 19:03:28 +02:00
b39471e8b8 Improve Bun shim 2023-09-10 18:58:05 +02:00
2ec6b564f5 Improve web root error handling 2023-09-10 18:37:09 +02:00
15ca36cf16 Fixed security vulnerability with information leakage from "temp" directory 2023-09-10 10:50:18 +02:00
d0064ee083 Log certificate loading errors 2023-09-10 10:35:07 +02:00
c7c381d8c9 Fix log files only partially saving on failed master startup 2023-09-10 10:14:24 +02:00
f475aa8651 Remove one obsolete process.cwd() == __dirname check 2023-09-09 00:53:24 +02:00
53560a7bcd Mitigiate source-code leakage through hidden files in temp folder. Also change default enableRemoteLogBrowsing to false. 2023-09-09 00:36:24 +02:00
6066f77fae Fix svrmodpack deprecation warning 2023-09-08 20:17:38 +02:00
1e2d61ff64 Improved Bun workaround 2023-09-08 20:08:46 +02:00
3edbc80e7d Added TypeError workaround for Bun 1.0.0. Bun 1.0.0 now supports IPC 2023-09-08 20:00:02 +02:00
bc6268e2c0 Change no HTTP/2 warning 2023-09-08 19:39:18 +02:00
b5ac862f5e Add "svrmodpack" deprecation warning 2023-09-08 19:26:40 +02:00
2d733b70bf Fix access control bypass vulnerability for non-proxy SVR.JS mods 2023-09-07 18:00:58 +02:00
2c93e0fc24 Complete out previous fix 2023-09-06 20:22:51 +02:00
08816fe4f3 Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url could be vulnerable to path traversal. 2023-09-06 19:22:03 +02:00
dc23125ce4 Fix an error in previous commit 2023-09-05 00:15:00 +02:00
2ab7fab9cf Added new property in config.json - exposeModsInErrorPages 2023-09-05 00:05:20 +02:00
Dorian Niemiec
5ba3d8f2b3 Moved invalid X-Forwader-For header handler 2023-09-03 22:40:10 +02:00
Dorian Niemiec
61b0d6ad9c Added missing semicolon 2023-09-03 22:31:07 +02:00
Dorian Niemiec
b1ab6e3e4a Added validation of X-Forwarded-For header 2023-09-03 14:40:41 +02:00
Dorian Niemiec
d8cf7913be Change listening notice 2023-09-03 11:10:01 +02:00
Dorian Niemiec
bd7098c2c6 Cleaned up SVR.JS code even more... 2023-09-03 11:08:16 +02:00
Dorian Niemiec
8dd707c44d Add notice about user being logged in. 2023-09-03 10:27:30 +02:00
Dorian Niemiec
9946c301e4 Cleaned up SVR.JS code 2023-09-03 10:18:52 +02:00
a663b4f142 Improved error handling of SVR.JS configuration, mods and server-side JavaScript. 2023-09-02 20:27:27 +02:00
817db0fff9 Replaced HTTPS redirect handler 2023-09-02 19:56:45 +02:00
b21b8dc84c Moved and fixed bug with "wwwredirect" 2023-09-02 19:35:01 +02:00
fdac578678 Dropped support for HTTP to HTTPS redirect bypass headers 2023-09-02 19:12:46 +02:00
1637e87550 Dropped support for unused SVR.JS-specific X-SVR-JS-Client header (use X-Forwarded-For header instead) 2023-09-02 18:33:09 +02:00
9b27bacf25 Add support for listening to specific IP address. 2023-09-02 18:15:00 +02:00
08692a2ff5 Added new config.json property - useWebRootServerSideScript 2023-09-02 12:57:19 +02:00
a7185d6c94 Disable server-side script exposure by default. 2023-09-02 09:01:25 +02:00
03b54f94d4 Fix callServerError 2023-09-01 11:04:04 +02:00
bf3b002190 Optimize filterHeaders and add checkHostname and checkHref 2023-09-01 01:13:15 +02:00
bbb8a6f899 Replace "request" with "req" and "response" with "res" 2023-08-31 23:03:02 +02:00
4a138f73d8 Add virtual host support 2023-08-31 22:47:07 +02:00
e490f8341b Fix modFunction 2023-08-29 15:44:01 +02:00
71d1970571 Cleaned up SVR.JS code 2023-08-29 15:03:13 +02:00
1ebf19d768 Fixed non-working blacklist 2023-08-29 14:56:39 +02:00
10f9e1b5f2 Add reverse DNS lookup support 2023-08-28 03:44:04 +02:00
94a7b319f6 Fixed server crashes while one of two ports are in use 2023-08-25 00:26:51 +02:00
2d266bf1b3 Map ENAMETOOLONG to 414 code 2023-08-21 19:38:38 +02:00
54ba71212b Pull from SVR.JS 3.7.1 2023-08-21 19:32:31 +02:00
e6c1194086 Fixed checkEXT again 2023-08-19 23:18:52 +02:00
bfcc88a4dd Fixed checkEXT function 2023-08-19 23:16:27 +02:00
d31d47bbcd Rewritten some of for loops to use forEach instead. 2023-08-19 22:38:58 +02:00
e7e232f6e7 Restored easter eggs to easteregg.tar.gz mod, which can be deleted. Also change unused worker kill interval. 2023-08-19 21:19:18 +02:00
fba0012690 Removed some easter eggs, to prevent SVR.JS version fingerprinting... 2023-08-19 21:03:05 +02:00
aedbd134f8 Add option to rewrite "dirty" URLs 2023-08-18 23:29:18 +02:00
bd475a2e8e Fixed redirect loops related to URL sanitizer 2023-08-18 21:54:58 +02:00
47a793b958 Added scrypt support for HTTP authentication 2023-08-18 21:35:09 +02:00
d93511e97b Enable use of PBKDF2-hashed passwords 2023-08-15 19:05:44 +02:00
f8cc7e45cd Optimize credential match checking 2023-08-15 14:04:29 +02:00
cbbf8ab79b EMFILE errors now correspond to 503 Service Unavailable error code. 2023-08-13 00:43:21 +02:00
028606fb15 Fix redirect loop with "[" and "]". 2023-08-12 17:40:42 +02:00
86d424f906 Add config.json option to disable termination of unused workers 2023-08-12 13:37:06 +02:00
e4332e858c Improved error handling for Bun even more. 2023-08-12 13:23:59 +02:00
f0193b5933 Improve server error handling for Bun. 2023-08-12 12:47:48 +02:00
61dead9b4a Improved extension checking function and corrected 503 error description 2023-08-12 12:35:46 +02:00
f37a565ca1 Changed descriptions of 501 and 503 errors. 2023-08-12 12:07:33 +02:00
Dorian Niemiec
986c883327 Improve Bun fake IPC connections error handling. 2023-08-10 04:20:30 +02:00
Dorian Niemiec
7820c5aade Fix Bun cluster shim and mitigate Bun segmentation faults 2023-08-10 04:01:50 +02:00
Dorian Niemiec
8ca945cdbd Fixed master spawning other masters while SVR.JS is run in Bun 0.7.x. 2023-08-10 03:16:52 +02:00
Dorian Niemiec
7cc4dbf4d2 Fix cluster NotImplementedError when running SVR.JS on newer versions of Bun. 2023-08-10 02:03:23 +02:00
Dorian Niemiec
3d4acae311 Make SVR.JS gracefully exit on "stop" command. 2023-08-10 01:14:10 +02:00
Dorian Niemiec
08cc0ac042 Improved minimum thread count calculation algorithm even further. Also disabled x-svr-js-from-main-thread requests from non-localhost clients. 2023-08-09 23:03:16 +02:00
Dorian Niemiec
889207e6a2 Disabled checking for hung up server processes, while SVR.JS is not listening yet. Also improved minimum thread count calculation algorithm. 2023-08-09 22:37:53 +02:00
Dorian Niemiec
6515a54471 Disabled killing workers, when server is closed. 2023-08-09 21:58:21 +02:00
Dorian Niemiec
68a42ccde8 Fixed bug with Can't execute command "KILLREQ". 2023-08-09 21:23:50 +02:00
Dorian Niemiec
e6a25d931c Add termination of unused workers. 2023-08-09 21:09:23 +02:00
Dorian Niemiec
1138b6bdf6 Replace "isMaster" with "isPrimary", and shim "isPrimary" when it's not available. 2023-08-09 18:01:36 +02:00
Dorian Niemiec
aa630cbd0d Changed all references for stable version to git master branch 2023-08-06 04:07:04 +02:00
Dorian Niemiec
d15373aa8e Improved reliability while loading server-side JavaScript. 2023-08-04 21:19:23 +02:00
svrjs
d4e230fda1 Fixed bug with directory listing generating invalid HTML with custom head containing <i>&lt;html&gt;</i> tag with attributes. 2023-08-03 14:33:56 +02:00
svrjs
97519d6cd4 Fixed bug with ENOTDIR error (was 500, now it's 404) and with forbidden path checker. 2023-08-02 23:54:07 +02:00
sysadmin
1162acad9f Update with SVR.JS 3.6.1 2023-07-29 20:44:13 +02:00
sysadmin
e122e7a6ae Initial commit 2023-07-29 20:32:17 +02:00