1
0
Fork 0
forked from svrjs/svrjs
Commit graph

248 commits

Author SHA1 Message Date
e3c1dcea0e Bun's crypto.scrypt doesn't block the event loop that much compared to crypto.pbkdf2 2024-04-01 21:48:19 +02:00
9eff118962 Change all of the internal calls to "callServerError" 2024-03-31 19:15:10 +02:00
51544f5732 Sort out the server error description list 2024-03-31 19:02:43 +02:00
36e57cfbef Collapse even more errno exit code 2024-03-31 18:58:19 +02:00
5638a45e6e Change code for Node.JS builds without crypto library 2024-03-31 18:55:27 +02:00
3b7271386c Make server listening error description list an object in the global scope 2024-03-31 18:51:39 +02:00
36b989f2ba Optimize server error handlers 2024-03-31 18:44:00 +02:00
428444a3a6 Fix bug with res.writeHead method 2024-03-29 10:58:50 +01:00
03a485c04a Fix bug with request domain names not showing in server logs 2024-03-19 17:12:28 +01:00
be8cfe942e Make server message types bold 2024-03-17 21:32:39 +01:00
98de0a31dc Make "SVR.JS - a web server running on Node.JS" bold 2024-03-17 21:23:25 +01:00
9a8f83bad9 Fix language error in the comment 2024-03-17 15:17:41 +01:00
cb81658318 Add "localhost" entry to the block list, when "block localhost" is typed into SVR.JS rather than "::ffff:localhost". 2024-03-17 15:13:07 +01:00
c85df7cd26 Make the improvement consistent with password verification function 2024-03-17 10:20:00 +01:00
32a92804fa Improve protection against user enumeration 2024-03-17 10:17:53 +01:00
184060fb79 Modified HTTP authentication functionality 2024-03-17 10:00:01 +01:00
7857e0e2fa Optimize non-standard code functionality 2024-03-17 09:30:26 +01:00
3493aa4d2d Remove <nocode> (non-standard) tags for bad (broken) directory listing entries 2024-03-17 00:59:53 +01:00
f1c74cb036 Optimized bad (broken) entry generation in directory listing 2024-03-17 00:57:47 +01:00
c44c796253 Optimized some request parameter logging 2024-03-17 00:54:47 +01:00
db621d9a88 Add more use of status code names in http.STATUS_CODES 2024-03-17 00:51:34 +01:00
4a09b14ff2 Change log message for client being in block list 2024-03-17 00:48:21 +01:00
ba21f655a4 Replaced client in the block list error message with generic 403 Forbidden error message 2024-03-17 00:46:32 +01:00
28244bf2c5 Replace some instances of "blacklist" (racist?) with "block list" 2024-03-17 00:39:21 +01:00
37f3d1d2af Changed CVE-2024-22019 warning text 2024-03-17 00:35:44 +01:00
e638c5dc1a Added CVE-2024-22019 Node.JS vulnerability warning. 2024-03-13 03:00:56 +01:00
1e165dcc58 Fix wwwredirect function 2024-03-09 16:32:01 +01:00
52e729f51d Optimize HTTP/1.x compatiblity res.writeHead function 2024-03-09 16:10:41 +01:00
0e44109776 Change error handler for missing HTTP/2 pseudoheaders 2024-03-09 16:08:46 +01:00
7b0038754e Optimize HTTP/1.x compatibility header setting 2024-03-09 16:00:19 +01:00
6c8873ce3f Fix comparison optimized in the previous commit 2024-03-09 15:57:56 +01:00
4a24b9d892 Be case insensitive in header name exclusion in shimmed HTTP/1.x res.writeHead method 2024-03-09 15:57:30 +01:00
70444f3b48 Optimize missing header check 2024-03-09 15:50:36 +01:00
9f8b0f4fe3 Remove try/catch block in HTTP/1.x compatibility shim; errors there are non-existent 2024-03-09 15:48:23 +01:00
8ac546ff67 Be case insensitive in header name exclusion in shimmed HTTP/1.x res.setHeader method 2024-03-09 15:45:31 +01:00
9017b732cc Clean up the code. 2024-03-03 02:05:14 +01:00
c20aa3d7bc Completely rewrite HTTP to HTTPS redirect functionality 2024-03-03 00:01:17 +01:00
067d177321 Optimized some regular expressions 2024-03-02 22:57:27 +01:00
3a966d342a Added option to allow URLs with double slashes 2024-03-02 22:54:03 +01:00
47803c217b Fix URL rewriter always remove double slashes 2024-03-02 22:45:27 +01:00
cbbe4c9bc5 Fix errors with web root postfix adding functionality 2024-03-02 22:41:26 +01:00
0f0c1b22ab Prepare web root postfix adding functionality for double slash URL support 2024-03-02 22:21:49 +01:00
d633707ea5 Prevent redirect loops with fallback replacement 2024-03-02 22:11:50 +01:00
2f232614a2 Fix URL rewriting on URLs with double slashes 2024-03-02 22:02:24 +01:00
28d633884e Prepare for double slash URL support 2024-03-02 21:54:07 +01:00
bd5ab63954 Change lookahead token order in two URL sanitation regular expressions 2024-02-28 21:45:47 +01:00
ae630a1625 URL sanitizer function now uses less regular expression replacements. 2024-02-28 21:43:43 +01:00
b829414f4c Fixed bug with URLs beginning with multiple slashes being rewritten incorrectly. 2024-02-11 21:26:26 +01:00
2589eff15f Added new SVR.JS mod and server-side JavaScript variable: authUser. 2024-02-07 00:35:00 +01:00
9f15a08378 Add some code comments 2024-02-02 19:49:30 +01:00
d85dedea65 Clean up the code. 2024-02-02 19:32:40 +01:00
88e923ffbc Fixed SVR.JS crashes with X-SVR-JS-From-Main-Thread header and unspecified client request IPs 2024-02-02 19:23:45 +01:00
4d69f6f1a7 Add IP-based virtual hosts alongside hostname-based virtual hosts 2024-02-02 19:08:49 +01:00
ea228114e1 Head and foot inclusion is now returning 500 error in case of server error instead of server crash. 2024-01-24 19:48:50 +00:00
e172c2c005 Fix web root postfix prefix support 2024-01-24 19:06:00 +00:00
e29d1aa3aa Fix syntax error from previous commit. 2024-01-24 18:53:29 +00:00
5fdbc898d0 Add support for web root postfix prefixes. 2024-01-24 18:52:05 +00:00
6abe280ee8 Add support for web root postfixes (for every host) 2024-01-23 07:00:23 +01:00
6a9afcbc26 Add support for useClientCertificate, rejectUnauthorizedClientCertificates, cipherSuite, ecdhCurve, tlsMinVersion, tlsMaxVersion, signatureAlgorithms and http2Settings config.json properties. 2024-01-22 23:21:01 +01:00
1a2019664a Fixed error handling for invalid URL rewrite regexes. Also fixed bug with HTTP proxy not working. 2024-01-18 01:12:09 +01:00
60a84d879d Clean up the code (remove trailing spaces) 2024-01-14 19:01:49 +01:00
db6c4faeaf Mitigate log file injection vulnerability at mod file names. 2024-01-14 19:00:27 +01:00
e1e9338806 SVR.JS no longer crashes, when access to a log file is denied. 2024-01-14 09:00:08 +01:00
e11dd8d5b5 Mitigated log file injection for HTTP authentication 2024-01-14 08:41:11 +01:00
55dfa0ad1e Fixed typo that caused 500 error with 308 code redirects 2024-01-13 10:25:42 +01:00
9569c7b7fd Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method) 2024-01-13 08:36:00 +01:00
03556813ec Reformatted the source code 2024-01-13 08:25:38 +01:00
1123f40961 Cleaned up the code 2024-01-13 08:09:32 +01:00
4179e4020c Dropped support for svrmodpack; SVR.JS LTS versions will still have svrmodpack support. 2024-01-13 08:01:05 +01:00
7e73cb68d3 Added support for skipping URL rewriting, when the URL refers to a file or a directory. 2024-01-13 07:53:16 +01:00
d942342106 Changed rewriteURL method to use callbacks. 2024-01-13 07:34:28 +01:00
7a6661b895 Fix searchHostname function 2023-12-30 23:43:07 +01:00
b0ed92d8ac Removed all remnants of "DorianTech" in SVR.JS 2023-12-24 19:17:34 +01:00
7be1c2a73b Fixed host name rewriting 2023-12-16 08:59:49 +01:00
949e799d45 Improved SNI and host header processing 2023-12-15 23:28:06 +01:00
e68118ecbc Improve on new SNI-related changes 2023-12-15 00:50:33 +01:00
aac6323401 Add Host header processing 2023-12-15 00:15:54 +01:00
63f8e98add SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities. 2023-12-15 00:05:22 +01:00
179ebf6a7f Changed secure context regex generation 2023-12-14 23:45:50 +01:00
355d20a2c1 Optimized some anti-XSS measures 2023-12-12 23:22:06 +01:00
2faf1e9c61 Mitigated even more XSS vulnerabilities. 2023-12-12 23:19:29 +01:00
8bad3f918c Fixed multiple XSS vulnerabilities 2023-12-12 23:09:39 +01:00
5950d326fe Clean up res.writeHead wraooer code 2023-12-12 22:37:23 +01:00
5902dd52fc Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page. 2023-12-12 22:29:27 +01:00
2fb4c52777 Make status page code more readable. 2023-12-12 22:19:51 +01:00
953c95f485 Fixes bug in the sizify function 2023-12-07 09:56:09 +01:00
ab69abf2da Fixed bug with URL rewriting and trailing slash redirection 2023-12-03 16:18:21 +01:00
2cab4349f9 Minor code style corrections 2023-12-03 14:04:38 +01:00
7229661c8e Replace all instances of "ex" with "err" 2023-12-03 14:00:52 +01:00
ebe310eca6 Clean up SVR.JS code 2023-12-03 13:58:35 +01:00
caf2ad685d Fix environment variable support (after testing) 2023-12-03 13:55:56 +01:00
d02c9754c9 Invalid compression exclusion list regexes no longer crash SVR.JS 2023-12-03 13:09:56 +01:00
17def48271 Changed invalid regex error message 2023-12-03 13:07:28 +01:00
0ed74bc55d Change base 1000 size prefixes to base 1024. 2023-12-03 12:51:05 +01:00
ae1738166f Add new config.json option - environmentVariables. 2023-12-03 12:11:15 +01:00
1f42691cbc Correct language errors 2023-12-03 12:05:14 +01:00
024d6cc2d3 SVR.JS now saves configuration files with trailing newlines. 2023-12-03 12:02:49 +01:00
5321f2c6a7 Added trailing slash redirect support 2023-12-03 11:55:19 +01:00
10b7da09ae Corrected language errors in console error messages. 2023-11-12 19:52:59 +01:00
13603adf1b Fix even more language errors in HTTP error message descriptions. 2023-11-12 19:47:32 +01:00