SVR.JS
1 // SVR.JS - a web server running on Node.JS
3 /*
4 * MIT License
5 *
6 * Copyright (c) 2018-2024 SVR.JS
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
9 *
10 * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
13 */
15 // Check if SVR.JS is running on Node.JS-compatible runtime. If not, just error it out.
18 // If it runs on Windows Script Host, display an error message.
20 shell.Popup("SVR.JS doesn't work on Windows Script Host. SVR.JS requires use of Node.JS (or compatible JS runtime).", undefined, "Can't start SVR.JS", 16);
24 // If it runs on web browser, display an alert.
25 alert("SVR.JS doesn't work on a web browser. SVR.JS requires use of Node.JS (or compatible JS runtime).");
26 }
27 // If it's not, throw an error.
29 throw new Error("SVR.JS doesn't work on a web browser. SVR.JS requires use of Node.JS (or compatible JS runtime).");
31 throw new Error("SVR.JS doesn't work on Deno/QuickJS. SVR.JS requires use of Node.JS (or compatible JS runtime).");
32 }
33 }
34 }
39 // ASCII art SVR.JS logo ;)
40 var logo = ["", "", "", " \x1b[38;5;002m&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " &&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&\x1b[38;5;243m((((((\x1b[38;5;241m###########\x1b[38;5;243m(((((((((((((((((((((((\x1b[38;5;011m***\x1b[38;5;243m(\x1b[38;5;011m***\x1b[38;5;243m(\x1b[38;5;011m***\x1b[38;5;243m((\x1b[38;5;002m&&", " \x1b[38;5;002m&&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&\x1b[38;5;243m((((((\x1b[38;5;241m###########\x1b[38;5;243m(((((((((((((((((((((((\x1b[38;5;011m***\x1b[38;5;243m(\x1b[38;5;015m \x1b[38;5;243m(\x1b[38;5;011m***\x1b[38;5;243m((\x1b[38;5;002m&&", " \x1b[38;5;002m&&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&\x1b[38;5;243m((((((\x1b[38;5;241m###########\x1b[38;5;243m(((((((((((((((((((((((\x1b[38;5;015m \x1b[38;5;243m(\x1b[38;5;015m \x1b[38;5;243m(\x1b[38;5;015m \x1b[38;5;243m((\x1b[38;5;002m&&", " \x1b[38;5;002m&&&\x1b[38;5;243m(((((((((((((((((((((((((((((((((((((((((((((((((((\x1b[38;5;002m&&&", " \x1b[38;5;002m&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " \x1b[38;5;002m&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " \x1b[38;5;002m&&&&&&&&\x1b[38;5;010m#########################################\x1b[38;5;002m&&&&&&&&", " \x1b[38;5;002m&&&&&\x1b[38;5;010m###############################################\x1b[38;5;002m&&&&&", " \x1b[38;5;002m&&&\x1b[38;5;010m###################################################\x1b[38;5;002m&&&", " \x1b[38;5;002m&&\x1b[38;5;010m####\x1b[38;5;016m@@@@@@\x1b[38;5;010m#\x1b[38;5;016m@@@\x1b[38;5;010m###\x1b[38;5;016m@@@\x1b[38;5;010m#\x1b[38;5;016m@@@@@@@\x1b[38;5;010m###########\x1b[38;5;016m@@\x1b[38;5;010m##\x1b[38;5;016m@@@@@@\x1b[38;5;010m####\x1b[38;5;002m&&", " \x1b[38;5;002m&&\x1b[38;5;010m###\x1b[38;5;016m@@\x1b[38;5;010m#######\x1b[38;5;016m@@\x1b[38;5;010m###\x1b[38;5;016m@@\x1b[38;5;010m##\x1b[38;5;016m@@\x1b[38;5;010m####\x1b[38;5;016m@@\x1b[38;5;010m##########\x1b[38;5;016m@@\x1b[38;5;010m#\x1b[38;5;016m@@\x1b[38;5;010m#########\x1b[38;5;002m&&", " \x1b[38;5;002m&&\x1b[38;5;010m######\x1b[38;5;040m#\x1b[38;5;016m@@@@\x1b[38;5;010m##\x1b[38;5;016m@@\x1b[38;5;010m#\x1b[38;5;016m@@\x1b[38;5;010m###\x1b[38;5;016m@@@@@@@\x1b[38;5;010m#######\x1b[38;5;016m@@\x1b[38;5;010m##\x1b[38;5;016m@@\x1b[38;5;010m####\x1b[38;5;040m#\x1b[38;5;016m@@@@\x1b[38;5;010m###\x1b[38;5;002m&&", " \x1b[38;5;002m&&\x1b[38;5;010m###\x1b[38;5;016m@@\x1b[38;5;034m%\x1b[38;5;010m###\x1b[38;5;016m@@\x1b[38;5;010m###\x1b[38;5;016m@@@\x1b[38;5;010m####\x1b[38;5;016m@@\x1b[38;5;010m####\x1b[38;5;016m@@\x1b[38;5;010m##\x1b[38;5;016m@@\x1b[38;5;010m###\x1b[38;5;016m@@@@\x1b[38;5;010m##\x1b[38;5;016m@@\x1b[38;5;034m%\x1b[38;5;010m###\x1b[38;5;016m@@\x1b[38;5;010m###\x1b[38;5;002m&&", " \x1b[38;5;002m&&\x1b[38;5;010m#####################################################\x1b[38;5;002m&&", " \x1b[38;5;002m&&&\x1b[38;5;010m###################################################\x1b[38;5;002m&&&", " \x1b[38;5;002m&&&&&\x1b[38;5;010m###############################################\x1b[38;5;002m&&&&&", " \x1b[38;5;002m&&&&&&&&\x1b[38;5;010m#########################################\x1b[38;5;002m&&&&&&&&", " \x1b[38;5;002m&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&", " \x1b[38;5;246m///////", " ///////", " \x1b[38;5;208m((((/))))", " \x1b[38;5;208m(((((/)))))", " \x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m/\x1b[38;5;208m(((((/)))))\x1b[38;5;246m//\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m///\x1b[38;5;247m*\x1b[38;5;246m/", " //\x1b[38;5;247m*\x1b[38;5;246m///////\x1b[38;5;247m*\x1b[38;5;246m///////\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m/\x1b[38;5;208m(((((/)))))\x1b[38;5;246m//\x1b[38;5;247m*\x1b[38;5;246m///////\x1b[38;5;247m*\x1b[38;5;246m///////\x1b[38;5;247m*\x1b[38;5;246m//", " *\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;208m(((((/)))))\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*\x1b[38;5;246m/\x1b[38;5;247m*", " \x1b[38;5;208m((((/))))", "", "", "", "\x1b[0m"];
55 }
65 }
66 });
68 }
69 }
78 for (var i = (process.argv[0].indexOf("node") > -1 || process.argv[0].indexOf("bun") > -1 ? 2 : 1); i < args.length; i++) {
79 if (args[i] == "-h" || args[i] == "--help" || args[i] == "-?" || args[i] == "/h" || args[i] == "/?") {
81 console.log("node svr.js [-h] [--help] [-?] [/h] [/?] [--secure] [--reset] [--clean] [--disable-mods] [--single-threaded] [-v] [--version]");
93 console.log("SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")");
113 console.log("node svr.js [-h] [--help] [-?] [/h] [/?] [--secure] [--reset] [--clean] [--disable-mods] [--single-threaded] [-v] [--version]");
122 }
123 }
130 // Import cluster module
133 // Clustering is not supported!
134 }
136 // Cluster & IPC shim for Bun
145 // Shim the cluster.worker object for worker processes
151 },
154 }
155 };
158 // Shim the process.send function for worker processes
163 // Create a fake IPC server to receive messages
169 });
173 });
174 });
175 fakeIPCServer.listen(os.platform() === "win32" ? path.join("\\\\?\\pipe", __dirname, "temp/.W" + process.pid + ".ipc") : (__dirname + "/temp/.W" + process.pid + ".ipc"));
178 // Create a fake IPC connection to send messages
179 var fakeIPCConnection = net.createConnection(os.platform() === "win32" ? path.join("\\\\?\\pipe", __dirname, "temp/.P" + process.pid + ".ipc") : (__dirname + "/temp/.P" + process.pid + ".ipc"), function () {
181 });
182 };
185 // Close IPC server
188 };
189 }
190 }
192 // Custom implementation for cluster.fork()
204 });
209 };
218 }
226 }
227 };
234 }
236 }
239 }
242 }
248 // Create a fake IPC server for worker process to receive messages
254 });
258 });
259 });
260 fakeWorkerIPCServer.listen(os.platform() === "win32" ? path.join("\\\\?\\pipe", __dirname, "temp/.P" + newWorker.process.pid + ".ipc") : (__dirname + "/temp/.P" + newWorker.process.pid + ".ipc"));
262 // Cleanup when worker process exits
266 });
272 // Create a fake IPC connection to send messages to worker process
273 var fakeWorkerIPCConnection = net.createConnection(os.platform() === "win32" ? path.join("\\\\?\\pipe", __dirname, "temp/.W" + newWorker.process.pid + ".ipc") : (__dirname + "/temp/.W" + newWorker.process.pid + ".ipc"), function () {
275 });
279 }
280 };
284 });
285 }
290 };
291 };
293 if (process.isBun && (cluster.isMaster === undefined || (cluster.isMaster && process.env.NODE_UNIQUE_ID))) {
295 }
297 // Shim cluster.isPrimary field
298 if (cluster.isPrimary === undefined && cluster.isMaster !== undefined) cluster.isPrimary = cluster.isMaster;
299 }
301 // ETag-related
305 if (!ETagDB[filePath + "-" + stat.size + "-" + stat.mtime]) ETagDB[filePath + "-" + stat.size + "-" + stat.mtime] = sha256(filePath + "-" + stat.size + "-" + stat.mtime);
307 }
309 // Brute force protection-related
312 // PBKDF2/scrypt cache
317 // SVR.JS worker spawn-related
324 // SVR.JS worker forking function
326 // Log
327 if (SVRJSInitialized) serverconsole.locmessage("Starting next thread, because previous one hung up/crashed...");
328 // Fork new worker
331 if (!threadLimitWarned && cluster.__shimmed__ && process.isBun && process.versions.bun && process.versions.bun[0] != "0") {
333 serverconsole.locwarnmessage("SVR.JS limited the number of workers to one, because of startup problems in Bun 1.0 and newer with shimmed (not native) clustering module. Reliability may suffer.");
334 }
335 if (!(cluster.__shimmed__ && process.isBun && process.versions.bun && process.versions.bun[0] != "0" && Object.keys(cluster.workers) > 0)) {
338 if (SVRJSInitialized) serverconsole.locwarnmessage("SVR.JS limited the number of workers to one, because of startup problems in Bun 1.0 and newer with shimmed (not native) clustering module. Reliability may suffer.");
339 }
342 // If cluster.fork throws a NotImplementedError, shim cluster module
344 if (!threadLimitWarned && cluster.__shimmed__ && process.isBun && process.versions.bun && process.versions.bun[0] != "0") {
346 serverconsole.locwarnmessage("SVR.JS limited the number of workers to one, because of startup problems in Bun 1.0 and newer with shimmed (not native) clustering module. Reliability may suffer.");
347 }
348 if (!(cluster.__shimmed__ && process.isBun && process.versions.bun && process.versions.bun[0] != "0" && Object.keys(cluster.workers) > 0)) {
351 if (SVRJSInitialized) serverconsole.locwarnmessage("SVR.JS limited the number of workers to one, because of startup problems in Bun 1.0 and newer with shimmed (not native) clustering module. Reliability may suffer.");
352 }
355 }
356 }
358 // Add event listeners
361 if (!reallyExiting) serverconsole.locwarnmessage("There was a problem when handling SVR.JS worker! (from master process side) Reason: " + err.message);
362 });
367 }
368 });
371 }
372 }
382 if (!process.isBun) gracefulFs.gracefulify(fs); // Bun + graceful-fs + SVR.JS + requests about static content = 500 Internal Server Error!
384 // Don't use graceful-fs
385 }
391 // Don't use hexstrbase64
392 }
397 // Don't use inspector
398 }
404 tar = {
405 _errored: err
406 };
407 }
412 formidable = {
413 _errored: err
414 };
415 }
422 ocsp = {
423 _errored: err
424 };
425 }
434 }
435 }
440 };
443 };
446 };
449 };
450 }
457 crypto = {
459 };
460 https = {
463 },
466 },
469 }
470 };
473 };
474 }
497 var prefixIndex = Math.floor(Math.log2 ? Math.log2(bytes) / 10 : (Math.log(bytes) / (Math.log(2) * 10)));
500 var decimalPoints = 2 - Math.floor(Math.log10 ? Math.log10(bytes / prefixIndexTranslated) : (Math.log(bytes / prefixIndexTranslated) / Math.log(10)));
502 return (Math.ceil((bytes / prefixIndexTranslated) * Math.pow(10, decimalPoints)) / Math.pow(10, decimalPoints)) + prefixes[prefixIndex] + ((prefixIndex > 0 && addI) ? "i" : "");
503 }
518 }
531 }
532 }
541 }
543 // Function to check if IPs are equal
548 // Function to normalize IPv4 address (remove leading zeros)
551 }
553 // Function to expand IPv6 address to full format
562 var validateIpv4 = /((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})/;
568 }
570 }
579 });
583 }
585 }
590 }
592 }
594 }
596 // Normalize or expand IP addresses
604 }
613 }
615 // Check if processed IPs are equal
618 }
626 if (hostname == hostnamesRoot || (hostname.length > hostnamesRoot.length && hostname.indexOf("." + hostnamesRoot) == hostname.length - hostnamesRoot.length - 1)) {
628 }
631 }
633 }
635 var main = (configJSON.enableDirectoryListing || configJSON.enableDirectoryListing === undefined);
644 }
645 });
648 }
650 // IP Block list object
653 // Initialize the instance with empty arrays
656 raw: [],
657 rawtoPreparedMap: [],
658 prepared: [],
659 cidrs: []
660 };
662 // Function to normalize IPv4 address (remove leading zeros)
665 }
667 // Function to expand IPv6 address to full format
676 var validateIpv4 = /((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})/;
682 }
684 }
693 });
697 }
699 }
704 }
706 }
708 }
710 // Convert IPv4 address to an integer representation
713 return parseInt(ips[0]) * 16777216 + parseInt(ips[1]) * 65536 + parseInt(ips[2]) * 256 + parseInt(ips[3]);
714 }
716 // Get IPv4 CIDR block limits (min and max)
724 max: ipMax
725 };
726 }
728 // Convert IPv6 address to an array of blocks
734 });
736 }
738 // Get IPv6 CIDR block limits (min and max)
746 ipBlockMin.push((i < 8 - fieldsToDelete) ? ((i < 7 - fieldsToDelete) ? ipBlocks[i] : (ipBlocks[i] >> fieldMaskModify << fieldMaskModify)) : 0);
747 }
749 ipBlockMax.push((i < 8 - fieldsToDelete) ? ((i < 7 - fieldsToDelete) ? ipBlocks[i] : ((ipBlocks[i] >> fieldMaskModify << fieldMaskModify) + Math.pow(2, fieldMaskModify) - 1)) : 65535);
750 }
753 max: ipBlockMax
754 };
755 }
757 // Check if the IPv4 address matches the given CIDR block
761 }
763 // Check if the IPv6 address matches the given CIDR block
768 }
770 }
772 // Function to add an IP or CIDR block to the block list
774 // Add to raw block list
777 // Initialize variables
783 // Check if the input contains CIDR notation
788 }
790 // Normalize the IP address or expand the IPv6 address
798 }
800 // Add the IP or CIDR block to the appropriate list
809 }
813 index: cidrIndex
814 });
819 index: beginIndex
820 });
821 }
822 };
824 // Function to remove an IP or CIDR block from the block list
835 }
837 };
839 // Function to check if an IP is blocked by the block list
844 // Normalize or expand the IP address
853 }
855 // Check if the IP is in the prepared list
858 // Check if the IP is within any CIDR block in the block list
865 });
866 };
868 // Add initial raw block list values to the instance
871 });
874 }
876 // Generate V8-style error stack from Error object.
878 // Split the error stack by newlines.
881 // If the error stack starts with the error name, return the original stack (it is V8-style then).
884 })) {
886 }
888 // Create a new error stack with the error name and code (if available).
889 var newErrorStack = [errorObject.name + (errorObject.code ? ": " + errorObject.code : "") + (errorObject.message == "" ? "" : ": " + errorObject.message)];
891 // Process each line of the original error stack.
894 // Split the line into function and location parts (if available).
900 // Build the new error stack entry with function and location information.
901 newErrorStack.push(" at " + (func == "" ? (!location || location == "" ? "<anonymous>" : location) : (func + (!location || location == "" ? "" : " (" + location + ")"))));
902 }
903 });
905 // Join the new error stack entries with newlines and return the final stack.
907 }
910 // Check if CIDR notation is valid, if it's not, return null
915 // Extract IP and mask (numberic format)
920 // Calculate resulting 8-bit
922 return ((parseInt(num) & ((Math.pow(2, power) - 1) << (8 - power))) | Math.pow(2, 8 - power) - 1).toString();
924 }
927 // Check if CIDR notation is valid, if it's not, return null
932 // Extract IP and mask (numberic format)
937 // Calculate resulting 8-bit
941 }
947 }
949 // Failed to get inspector URL
950 }
953 // When stdout is not a terminal and not attached to an Node.JS inspector, disable it to improve performance of SVR.JS
958 }
960 // IP and network inteface-related
967 }
977 }
982 }
985 alias++;
986 });
987 });
995 }
1000 }
1001 alias++;
1002 });
1003 });
1004 }
1006 // Server startup attempt counter
1010 // Some variables...
1014 // Server IP address
1018 // Public IP address-related
1026 headers: {
1027 "User-Agent": (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS")
1028 },
1037 }
1058 });
1064 }
1065 }
1066 });
1067 });
1074 }
1075 });
1082 }
1083 });
1090 headers: {
1091 "User-Agent": (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS")
1092 },
1101 }
1122 });
1128 }
1129 }
1130 });
1131 });
1138 }
1139 });
1146 }
1147 });
1148 }
1151 }
1158 }
1159 }
1172 }
1175 }
1176 }
1178 // Default server configuration properties
1188 var dontCompress = ["/.*\\.ipxe$/", "/.*\\.(?:jpe?g|png|bmp|tiff|jfif|gif|webp)$/", "/.*\\.(?:[id]mg|iso|flp)$/", "/.*\\.(?:zip|rar|bz2|[gb7x]z|lzma|tar)$/", "/.*\\.(?:mp[34]|mov|wm[av]|avi|webm|og[gv]|mk[va])$/"];
1206 // Get properties from config.json
1219 }
1220 }
1221 }
1233 }
1234 }
1235 }
1238 if (configJSON.serverAdministratorEmail != undefined) serverAdmin = configJSON.serverAdministratorEmail;
1239 if (configJSON.nonStandardCodes != undefined) nonStandardCodesRaw = configJSON.nonStandardCodes;
1242 if (configJSON.exposeServerVersion != undefined) exposeServerVersion = configJSON.exposeServerVersion;
1249 if (configJSON.disableNonEncryptedServer != undefined) disableNonEncryptedServer = configJSON.disableNonEncryptedServer;
1250 if (configJSON.disableToHTTPSRedirect != undefined) disableToHTTPSRedirect = configJSON.disableToHTTPSRedirect;
1251 if (configJSON.disableUnusedWorkerTermination != undefined) disableUnusedWorkerTermination = configJSON.disableUnusedWorkerTermination;
1254 if (configJSON.useWebRootServerSideScript != undefined) useWebRootServerSideScript = configJSON.useWebRootServerSideScript;
1255 if (configJSON.exposeModsInErrorPages != undefined) exposeModsInErrorPages = configJSON.exposeModsInErrorPages;
1256 if (configJSON.disableTrailingSlashRedirects != undefined) disableTrailingSlashRedirects = configJSON.disableTrailingSlashRedirects;
1257 if (configJSON.environmentVariables != undefined) environmentVariables = configJSON.environmentVariables;
1258 if (configJSON.wwwrootPostfixesVHost != undefined) wwwrootPostfixesVHost = configJSON.wwwrootPostfixesVHost;
1259 if (configJSON.wwwrootPostfixPrefixesVHost != undefined) wwwrootPostfixPrefixesVHost = configJSON.wwwrootPostfixPrefixesVHost;
1260 if (configJSON.allowDoubleSlashes != undefined) allowDoubleSlashes = configJSON.allowDoubleSlashes;
1261 if (configJSON.allowPostfixDoubleSlashes != undefined) allowPostfixDoubleSlashes = configJSON.allowPostfixDoubleSlashes;
1265 if (cluster.isPrimary || cluster.isPrimary === undefined) process.chdir(configJSON.wwwroot != undefined ? configJSON.wwwroot : __dirname);
1268 }
1273 });
1275 // Failed to set environment variables.
1276 }
1278 // Compability for older mods
1292 }
1293 });
1295 });
1297 var customHeaders = (configJSON.customHeaders == undefined ? {} : JSON.parse(JSON.stringify(configJSON.customHeaders)));
1299 customHeaders["Server"] = "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")";
1302 }
1306 }
1312 // Version number not retrieved
1313 }
1318 // SVR.JS path sanitizer function
1321 // Remove null characters
1323 // Check if URL is malformed (e.g. %c0%af or %u002f or simply %as)
1324 if (resource.match(/%(?:c[01]|f[ef]|(?![0-9a-f]{2}).{2}|.{0,1}$)/i)) throw new URIError("URI malformed");
1325 // Decode URL-encoded characters while preserving certain characters
1329 });
1330 // Encode certain characters
1334 });
1336 // Ensure the resource starts with a slash
1338 // Convert backslashes to slashes and handle duplicate slashes
1339 sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(allowDoubleSlashes ? /\/{3,}/g : /\/+/g, "/");
1340 // Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
1341 sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "").replace(/([^.\/])\.+(?=\/|$)/g, "$1");
1342 while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/)) {
1344 }
1347 else return sanitizedResource;
1348 }
1350 // SVR.JS URL parser function
1351 function parseURL(uri, prepend) {
1352 // Replace newline characters with its respective URL encodings
1355 // If URL begins with a slash, prepend a string if available
1358 // Determine if URL has slashes
1361 // Parse the URL using regular expression
1362 var parsedURI = uri.match(/^(?:([^:]+:)(\/\/)?)?(?:([^@]+)@)?([^:\/?#\*]+|\[[^\*]\/]\])?(?::([0-9]+))?(\*|\/[^?#]*)?(\?[^#]*)?(#[\S\s]*)?/);
1363 // Match 1: protocol
1364 // Match 2: slashes after protocol
1365 // Match 3: authentication credentials
1366 // Match 4: host name
1367 // Match 5: port
1368 // Match 6: path name
1369 // Match 7: query string
1370 // Match 8: hash
1372 // If regular expression didn't match the entire URL, throw an error
1375 // If match 1 is not empty, set the slash variable based on state of match 2
1378 // If match 6 is empty and URL has slashes, set it to a slash.
1381 // If match 4 contains Unicode characters, convert it to Punycode. If the result is an empty string, throw an error
1385 }
1387 // Create a new URL object
1390 // Populate a URL object
1396 if (parsedURI[4][0] == "[") uobject.hostname = parsedURI[4].substring(1, parsedURI[4].length-1);
1398 }
1403 // Parse query strings
1411 }
1412 }
1413 });
1417 }
1419 if (uobject.pathname) uobject.path = uobject.pathname + (uobject.search ? uobject.search : "");
1420 uobject.href = (uobject.protocol ? (uobject.protocol + (uobject.slashes ? "//" : "")) : "") + (uobject.auth ? (uobject.auth + "@") : "") + (uobject.hostname ? uobject.hostname : "") + (uobject.path ? uobject.path : "") + (uobject.hash ? uobject.hash : "");
1423 }
1425 // Node.JS mojibake URL fixing function
1429 //Encode URLs
1435 }
1436 });
1438 //Upper case the URL encodings
1441 });
1442 }
1444 // SSL-related
1456 }
1460 }
1465 // Load SNI
1468 key = fs.readFileSync((configJSON.key[0] != "/" && !configJSON.key.match(/^[A-Z0-9]:\\/)) ? __dirname + "/" + configJSON.key : configJSON.key).toString();
1469 cert = fs.readFileSync((configJSON.cert[0] != "/" && !configJSON.cert.match(/^[A-Z0-9]:\\/)) ? __dirname + "/" + configJSON.cert : configJSON.cert).toString();
1470 var sniNames = Object.keys(sni);
1471 var sniCredentials = [];
1472 sniNames.forEach(function (sniName) {
1474 sniReDos = true;
1475 }
1476 sniCredentials.push({
1477 name: sniName,
1478 cert: fs.readFileSync((sni[sniName].cert[0] != "/" && !sni[sniName].cert.match(/^[A-Z0-9]:\\/)) ? __dirname + "/" + sni[sniName].cert : sni[sniName].cert).toString(),
1479 key: fs.readFileSync((sni[sniName].key[0] != "/" && !sni[sniName].key.match(/^[A-Z0-9]:\\/)) ? __dirname + "/" + sni[sniName].key : sni[sniName].key).toString()
1480 });
1481 });
1482 } catch (err) {
1483 certificateError = err;
1484 }
1485 }
1487 var logFile = undefined;
1488 var logSync = false;
1490 // Logging function
1491 function LOG(s) {
1492 try {
1493 if (configJSON.enableLogging || configJSON.enableLogging == undefined) {
1494 if (logSync) {
1495 fs.appendFileSync(__dirname + "/log/" + (cluster.isPrimary ? "master" : (cluster.isPrimary === undefined ? "singlethread" : "worker")) + "-" + timestamp + ".log", "[" + new Date().toISOString() + "] " + s + "\r\n");
1496 } else {
1497 if (!logFile) {
1498 logFile = fs.createWriteStream(__dirname + "/log/" + (cluster.isPrimary ? "master" : (cluster.isPrimary === undefined ? "singlethread" : "worker")) + "-" + timestamp + ".log", {
1500 autoClose: false
1501 });
1503 if (!s.match(/^SERVER WARNING MESSAGE(?: \[Request Id: [0-9a-f]{6}\])?: There was a problem while saving logs! Logs will not be kept in log file\. Reason: /) && !reallyExiting) serverconsole.locwarnmessage("There was a problem while saving logs! Logs will not be kept in log file. Reason: " + err.message);
1504 });
1505 }
1506 if (logFile.writable) {
1508 } else {
1510 }
1511 }
1512 }
1513 } catch (err) {
1514 if (!s.match(/^SERVER WARNING MESSAGE(?: \[Request Id: [0-9a-f]{6}\])?: There was a problem while saving logs! Logs will not be kept in log file\. Reason: /) && !reallyExiting) serverconsole.locwarnmessage("There was a problem while saving logs! Logs will not be kept in log file. Reason: " + err.message);
1515 }
1516 }
1518 // Server console function
1519 var serverconsole = {
1520 climessage: function (msg) {
1523 serverconsole.climessage(nmsg);
1524 });
1525 return;
1526 }
1529 return;
1530 },
1531 reqmessage: function (msg) {
1534 serverconsole.reqmessage(nmsg);
1535 });
1536 return;
1537 }
1540 return;
1541 },
1542 resmessage: function (msg) {
1545 serverconsole.resmessage(nmsg);
1546 });
1547 return;
1548 }
1551 return;
1552 },
1553 errmessage: function (msg) {
1556 serverconsole.errmessage(nmsg);
1557 });
1558 return;
1559 }
1560 console.log("\x1b[31m\x1b[1mSERVER RESPONSE ERROR MESSAGE\x1b[22m: " + msg + "\x1b[37m\x1b[0m");
1562 return;
1563 },
1564 locerrmessage: function (msg) {
1567 serverconsole.locerrmessage(nmsg);
1568 });
1569 return;
1570 }
1573 return;
1574 },
1575 locwarnmessage: function (msg) {
1578 serverconsole.locwarnmessage(nmsg);
1579 });
1580 return;
1581 }
1584 return;
1585 },
1586 locmessage: function (msg) {
1589 serverconsole.locmessage(nmsg);
1590 });
1591 return;
1592 }
1595 return;
1596 }
1597 };
1599 // Wrap around process.exit, so that log contents can be flushed.
1600 process.unsafeExit = process.exit;
1601 process.exit = function (code) {
1602 if (logFile && logFile.writable && !logFile.pending) {
1603 try {
1604 logFile.close(function () {
1605 logFile = undefined;
1606 logSync = true;
1607 process.unsafeExit(code);
1608 });
1609 if (process.isBun) {
1610 setInterval(function () {
1611 if (!logFile.writable) {
1612 logFile = undefined;
1613 logSync = true;
1614 process.unsafeExit(code);
1615 }
1616 }, 50); // Interval
1617 }
1618 setTimeout(function () {
1619 logFile = undefined;
1620 logSync = true;
1621 process.unsafeExit(code);
1622 }, 10000); // timeout
1623 } catch (err) {
1624 logFile = undefined;
1625 logSync = true;
1626 process.unsafeExit(code);
1627 }
1628 } else {
1629 logSync = true;
1630 process.unsafeExit(code);
1631 }
1632 };
1634 // SVR.JS mod loader
1635 var modLoadingErrors = [];
1636 var SSJSError = undefined;
1638 // Load mods if the `disableMods` flag is not set
1639 if (!disableMods) {
1640 // Define the modloader folder name
1642 if (cluster.isPrimary === false) {
1643 // If not the master process, create a unique modloader folder name for each worker
1645 }
1647 // Define the temporary server-side JavaScript file name
1649 if (!(process.isBun && process.versions.bun && process.versions.bun[0] == "0") && cluster.isPrimary === false) {
1650 // If not the master process and it's not Bun, create a unique temporary server-side JavaScript file name for each worker
1652 }
1654 // Iterate through the list of mod files
1655 modFiles.forEach(function (modFileRaw) {
1656 // Build the path to the current mod file
1659 try {
1660 // Try creating the modloader folder (if not already exists)
1661 try {
1663 } catch (err) {
1664 // If the folder already exists, continue to the next step
1666 // If there was another error, try creating the temp folder and then the modloader folder again
1668 try {
1670 } catch (err) {
1671 // If there was another error, throw it
1673 }
1674 }
1675 }
1677 // Create a subfolder for the current mod within the modloader folder
1679 } catch (err) {
1680 // If there was an error creating the folder, ignore it if it's a known error
1682 // Some other SVR.JS process may have created the files.
1683 }
1685 // Check if the current mod file is a regular file
1686 if (fs.statSync(modFile).isFile()) {
1687 try {
1691 if (tar._errored) throw tar._errored;
1692 tar.x({
1693 file: modFile,
1694 sync: true,
1696 });
1697 } else {
1699 throw new Error("This version of SVR.JS no longer supports \"svrmodpack\" library for SVR.JS mods. Please consider using newer mods with .tar.gz format.");
1700 }
1702 // Initialize variables for mod loading
1703 var Mod = undefined;
1704 var mod = undefined;
1706 // Attempt to require the mod's index.js file, retrying up to 3 times in case of syntax errors
1707 for (var j = 0; j < 3; j++) {
1708 try {
1710 mod = new Mod();
1711 break;
1712 } catch (err) {
1714 // Wait for a short time before retrying
1715 var now = Date.now();
1716 while (Date.now() - now < 2);
1717 // Try reloading mod
1718 }
1719 }
1721 // Add the loaded mod to the mods list
1722 mods.push(mod);
1724 // Attempt to read the mod's info file, retrying up to 3 times
1725 for (var j = 0; j < 3; j++) {
1726 try {
1727 modInfos.push(JSON.parse(fs.readFileSync(__dirname + "/temp/" + modloaderFolderName + "/" + modFileRaw + "/mod.info")));
1728 break;
1729 } catch (err) {
1730 if (j >= 2) {
1731 // If failed to read info file, add a placeholder entry to modInfos with an error message
1732 modInfos.push({
1735 });
1736 }
1737 // Wait for a short time before retrying
1738 var now = Date.now();
1739 while (Date.now() - now < 2);
1740 // Try reloading mod info
1741 }
1742 }
1743 } catch (err) {
1744 modLoadingErrors.push({
1745 error: err,
1746 modName: modFileRaw
1747 });
1748 }
1749 }
1750 });
1752 // Determine path of server-side script file
1756 // Check if a custom server side script file exists
1757 if (fs.existsSync(SSJSPath) && fs.statSync(SSJSPath).isFile()) {
1758 try {
1759 // Prepend necessary modules and variables to the custom server side script
1760 var modhead = "var readline = require('readline');\r\nvar os = require('os');\r\nvar http = require('http');\r\nvar url = require('url');\r\nvar fs = require('fs');\r\nvar path = require('path');\r\n" + (hexstrbase64 === undefined ? "" : "var hexstrbase64 = require('../hexstrbase64/index.js');\r\n") + (crypto.__disabled__ === undefined ? "var crypto = require('crypto');\r\nvar https = require('https');\r\n" : "") + "var stream = require('stream');\r\nvar customvar1;\r\nvar customvar2;\r\nvar customvar3;\r\nvar customvar4;\r\n\r\nfunction Mod() {}\r\nMod.prototype.callback = function callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData, authUser) {\r\nreturn function () {\r\nvar disableEndElseCallbackExecute = false;\r\nfunction filterHeaders(e){var r={};return Object.keys(e).forEach((function(t){null!==e[t]&&void 0!==e[t]&&(\"object\"==typeof e[t]?r[t]=JSON.parse(JSON.stringify(e[t])):r[t]=e[t])})),r}\r\nfunction checkHostname(e){if(void 0===e||\"*\"==e)return!0;if(req.headers.host&&0==e.indexOf(\"*.\")&&\"*.\"!=e){var r=e.substring(2);if(req.headers.host==r||req.headers.host.indexOf(\".\"+r)==req.headers.host.length-r.length-1)return!0}else if(req.headers.host&&req.headers.host==e)return!0;return!1}\r\nfunction checkHref(e){return href==e||\"win32\"==os.platform()&&href.toLowerCase()==e.toLowerCase()}\r\n";
1761 var modfoot = "\r\nif(!disableEndElseCallbackExecute) {\r\ntry{\r\nelseCallback();\r\n} catch(err) {\r\n}\r\n}\r\n}\r\n}\r\nmodule.exports = Mod;";
1762 // Write the modified server side script to the temp folder
1763 fs.writeFileSync(__dirname + "/temp/" + tempServerSideScriptName, modhead + fs.readFileSync(SSJSPath) + modfoot);
1765 // Initialize variables for server side script loading
1766 var aMod = undefined;
1767 var amod = undefined;
1769 // Attempt to require the custom server side script, retrying up to 5 times
1770 for (var i = 0; i < 5; i++) {
1771 try {
1773 amod = new aMod();
1774 break;
1775 } catch (err) {
1777 // Wait for a short time before retrying
1778 var now = Date.now();
1779 while (Date.now() - now < 2);
1780 // Try reloading mod
1781 }
1782 }
1784 // Add the loaded server side script to the mods list
1785 mods.push(amod);
1786 } catch (err) {
1787 SSJSError = err;
1788 }
1789 }
1790 }
1793 // SHA256 function
1794 function sha256(s) {
1795 if (crypto.__disabled__ === undefined) {
1797 hash.update(s);
1799 } else {
1800 var chrsz = 8;
1801 var hexcase = 0;
1803 function safeAdd(x, y) {
1804 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
1805 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
1806 return (msw << 16) | (lsw & 0xFFFF);
1807 }
1809 function S(X, n) {
1810 return (X >>> n) | (X << (32 - n));
1811 }
1813 function R(X, n) {
1814 return (X >>> n);
1815 }
1817 function Ch(x, y, z) {
1818 return ((x & y) ^ ((~x) & z));
1819 }
1821 function Maj(x, y, z) {
1822 return ((x & y) ^ (x & z) ^ (y & z));
1823 }
1825 function Sigma0256(x) {
1826 return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
1827 }
1829 function Sigma1256(x) {
1830 return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
1831 }
1833 function Gamma0256(x) {
1834 return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
1835 }
1837 function Gamma1256(x) {
1838 return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
1839 }
1841 function coreSha256(m, l) {
1842 var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);
1843 var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
1844 var W = new Array(64);
1845 var a, b, c, d, e, f, g, h, i, j;
1846 var T1, T2;
1848 m[l >> 5] |= 0x80 << (24 - l % 32);
1849 m[((l + 64 >> 9) << 4) + 15] = l;
1851 for (var i = 0; i < m.length; i += 16) {
1852 a = HASH[0];
1853 b = HASH[1];
1854 c = HASH[2];
1855 d = HASH[3];
1856 e = HASH[4];
1857 f = HASH[5];
1858 g = HASH[6];
1859 h = HASH[7];
1861 for (var j = 0; j < 64; j++) {
1862 if (j < 16) W[j] = m[j + i];
1863 else W[j] = safeAdd(safeAdd(safeAdd(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
1865 T1 = safeAdd(safeAdd(safeAdd(safeAdd(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
1866 T2 = safeAdd(Sigma0256(a), Maj(a, b, c));
1868 h = g;
1869 g = f;
1870 f = e;
1871 e = safeAdd(d, T1);
1872 d = c;
1873 c = b;
1874 b = a;
1875 a = safeAdd(T1, T2);
1876 }
1878 HASH[0] = safeAdd(a, HASH[0]);
1879 HASH[1] = safeAdd(b, HASH[1]);
1880 HASH[2] = safeAdd(c, HASH[2]);
1881 HASH[3] = safeAdd(d, HASH[3]);
1882 HASH[4] = safeAdd(e, HASH[4]);
1883 HASH[5] = safeAdd(f, HASH[5]);
1884 HASH[6] = safeAdd(g, HASH[6]);
1885 HASH[7] = safeAdd(h, HASH[7]);
1886 }
1887 return HASH;
1888 }
1890 function str2binb(str) {
1891 var bin = Array();
1892 var mask = (1 << chrsz) - 1;
1893 for (var i = 0; i < str.length * chrsz; i += chrsz) {
1894 bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i % 32);
1895 }
1896 return bin;
1897 }
1899 function Utf8Encode(string) {
1903 for (var n = 0; n < string.length; n++) {
1905 var c = string.charCodeAt(n);
1907 if (c < 128) {
1908 utftext += String.fromCharCode(c);
1909 } else if ((c > 127) && (c < 2048)) {
1910 utftext += String.fromCharCode((c >> 6) | 192);
1911 utftext += String.fromCharCode((c & 63) | 128);
1912 } else {
1913 utftext += String.fromCharCode((c >> 12) | 224);
1914 utftext += String.fromCharCode(((c >> 6) & 63) | 128);
1915 utftext += String.fromCharCode((c & 63) | 128);
1916 }
1918 }
1920 return utftext;
1921 }
1923 function binb2hex(binarray) {
1926 for (var i = 0; i < binarray.length * 4; i++) {
1927 str += hexTab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8 + 4)) & 0xF) +
1928 hexTab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8)) & 0xF);
1929 }
1930 return str;
1931 }
1933 s = Utf8Encode(s);
1934 return binb2hex(coreSha256(str2binb(s), s.length * chrsz));
1935 }
1936 }
1938 // Function to get URL path for use in forbidden path adding.
1939 function getInitializePath(to) {
1940 var cwd = process.cwd();
1944 }
1945 var absoluteTo = path.isAbsolute(to) ? to : (__dirname + (os.platform() == "win32" ? "\\" : "/") + to);
1947 var relative = path.relative(cwd, absoluteTo);
1950 } else {
1952 }
1953 }
1955 // Function to check if URL path name is a forbidden path.
1956 function isForbiddenPath(decodedHref, match) {
1957 var forbiddenPath = forbiddenPaths[match];
1958 if (!forbiddenPath) return false;
1960 return decodedHref === forbiddenPath || (os.platform() === "win32" && decodedHref.toLowerCase() === forbiddenPath.toLowerCase());
1961 }
1963 return forbiddenPath.some(function (forbiddenPathSingle) {
1964 return (decodedHref === forbiddenPathSingle || (os.platform() === "win32" && decodedHref.toLowerCase() === forbiddenPathSingle.toLowerCase()));
1965 });
1966 }
1967 return false;
1968 }
1970 // Function to check if URL path name is index of one of defined forbidden paths.
1971 function isIndexOfForbiddenPath(decodedHref, match) {
1972 var forbiddenPath = forbiddenPaths[match];
1973 if (!forbiddenPath) return false;
1975 return decodedHref === forbiddenPath || decodedHref.indexOf(forbiddenPath + "/") === 0 || (os.platform() === "win32" && (decodedHref.toLowerCase() === forbiddenPath.toLowerCase() || decodedHref.toLowerCase().indexOf(forbiddenPath.toLowerCase() + "/") === 0));
1976 }
1978 return forbiddenPath.some(function (forbiddenPathSingle) {
1979 return (decodedHref === forbiddenPathSingle || decodedHref.indexOf(forbiddenPathSingle + "/") === 0 || (os.platform() === "win32" && (decodedHref.toLowerCase() === forbiddenPathSingle.toLowerCase() || decodedHref.toLowerCase().indexOf(forbiddenPathSingle.toLowerCase() + "/") === 0)));
1980 });
1981 }
1982 return false;
1983 }
1985 // Set up forbidden paths
1986 var forbiddenPaths = {};
1989 forbiddenPaths.certificates = [];
1990 if (secure) {
1991 forbiddenPaths.certificates.push(getInitializePath(configJSON.cert));
1992 forbiddenPaths.certificates.push(getInitializePath(configJSON.key));
1993 Object.keys(sni).forEach(function (sniHostName) {
1994 forbiddenPaths.certificates.push(getInitializePath(sni[sniHostName].cert));
1995 forbiddenPaths.certificates.push(getInitializePath(sni[sniHostName].key));
1996 });
1997 }
1998 forbiddenPaths.svrjs = getInitializePath("./" + ((__dirname[__dirname.length - 1] != "/") ? __filename.replace(__dirname + "/", "") : __filename.replace(__dirname, "")));
1999 forbiddenPaths.serverSideScripts = [];
2000 if (useWebRootServerSideScript) {
2002 } else {
2004 }
2005 forbiddenPaths.serverSideScriptDirectories = [];
2011 // HTTP error descriptions
2012 var serverHTTPErrorDescs = {
2015 202: "The request has been accepted for processing, but the processing has not been completed.",
2020 404: "The requested file doesn't exist. If you have typed the URL manually, then please check the spelling.",
2022 406: "The request is capable of generating only unacceptable content.",
2023 407: "You need to authenticate yourself in order to use the proxy.",
2024 408: "You have timed out.",
2025 409: "The request you sent conflicts with the current state of the server.",
2026 410: "The requested file is permanently deleted.",
2027 411: "Content-Length property is required.",
2032 416: "The requested content range (Content-Range header) you sent is unsatisfiable.",
2037 423: "The requested file is locked.",
2038 424: "The request depends on another failed request.",
2039 425: "The server is unwilling to risk processing a request that might be replayed.",
2040 426: "You need to upgrade the protocols you use to request a file.",
2045 497: "You sent a non-TLS request to the HTTPS server.",
2046 500: "The server had an unexpected error. Below, the error stack is shown: </p><code>{stack}</code><p>You may need to contact the server administrator at <i>{contact}</i>.",
2047 501: "The request requires the use of a function, which isn't currently implemented by the server.",
2048 502: "The server had an error while it was acting as a gateway.</p><p>You may need to contact the server administrator at <i>{contact}</i>.",
2049 503: "The service provided by the server is currently unavailable, possibly due to maintenance downtime or capacity problems. Please try again later.</p><p>You may need to contact the server administrator at <i>{contact}</i>.",
2050 504: "The server couldn't get a response in time while it was acting as a gateway.</p><p>You may need to contact the server administrator at <i>{contact}</i>.",
2052 506: "The Variant header is configured to be engaged in content negotiation.</p><p>You may need to contact the server administrator at <i>{contact}</i>.",
2055 509: "The server has its bandwidth limit exceeded.</p><p>You may need to contact the server administrator at <i>{contact}</i>.",
2056 510: "The server requires an extended HTTP request. The request you made isn't an extended HTTP request.",
2057 511: "You need to authenticate yourself in order to get network access.",
2060 };
2062 // Server error descriptions
2063 var serverErrorDescs = {
2064 "EADDRINUSE": "Address is already in use by another process.",
2065 "EADDRNOTAVAIL": "Address is not available on this machine.",
2066 "EACCES": "Permission denied. You may not have sufficient privileges to access the requested address.",
2067 "EAFNOSUPPORT": "Address family not supported. The address family (IPv4 or IPv6) of the requested address is not supported.",
2068 "EALREADY": "Operation already in progress. The server is already in the process of establishing a connection on the requested address.",
2069 "ECONNABORTED": "Connection aborted. The connection to the server was terminated abruptly.",
2070 "ECONNREFUSED": "Connection refused. The server refused the connection attempt.",
2071 "ECONNRESET": "Connection reset by peer. The connection to the server was reset by the remote host.",
2072 "EDESTADDRREQ": "Destination address required. The destination address must be specified.",
2073 "EINVAL": "Invalid argument (invalid IP address?).",
2074 "ENETDOWN": "Network is down. The network interface used for the connection is not available.",
2075 "ENETUNREACH": "Network is unreachable. The network destination is not reachable from this host.",
2076 "ENOBUFS": "No buffer space available. Insufficient buffer space is available for the server to process the request.",
2081 "ETIMEDOUT": "Connection timed out. The server did not respond within the specified timeout period.",
2083 };
2085 // Create server instances
2086 if (!cluster.isPrimary) {
2087 var reqcounter = 0;
2088 var malformedcounter = 0;
2089 var err4xxcounter = 0;
2090 var err5xxcounter = 0;
2091 var reqcounterKillReq = 0;
2092 var server = {};
2093 var server2 = {};
2094 try {
2095 server2 = http.createServer({
2096 requireHostHeader: false
2097 });
2098 } catch (err) {
2099 server2 = http.createServer();
2100 }
2102 reqhandler(req, res, false);
2103 });
2106 reqerrhandler(err, socket, false);
2107 });
2108 if (!disableToHTTPSRedirect) {
2110 var reqIdInt = Math.floor(Math.random() * 16777216);
2111 if (reqIdInt == 16777216) reqIdInt = 0;
2113 var serverconsole = {
2114 climessage: function (msg) {
2117 serverconsole.climessage(nmsg);
2118 });
2119 return;
2120 }
2123 return;
2124 },
2125 reqmessage: function (msg) {
2128 serverconsole.reqmessage(nmsg);
2129 });
2130 return;
2131 }
2132 console.log("\x1b[34m\x1b[1mSERVER REQUEST MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2134 return;
2135 },
2136 resmessage: function (msg) {
2139 serverconsole.resmessage(nmsg);
2140 });
2141 return;
2142 }
2143 console.log("\x1b[32m\x1b[1mSERVER RESPONSE MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2145 return;
2146 },
2147 errmessage: function (msg) {
2150 serverconsole.errmessage(nmsg);
2151 });
2152 return;
2153 }
2154 console.log("\x1b[31m\x1b[1mSERVER RESPONSE ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2156 return;
2157 },
2158 locerrmessage: function (msg) {
2161 serverconsole.locerrmessage(nmsg);
2162 });
2163 return;
2164 }
2165 console.log("\x1b[41m\x1b[1mSERVER ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2167 return;
2168 },
2169 locwarnmessage: function (msg) {
2172 serverconsole.locwarnmessage(nmsg);
2173 });
2174 return;
2175 }
2176 console.log("\x1b[43m\x1b[1mSERVER WARNING MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2178 return;
2179 },
2180 locmessage: function (msg) {
2183 serverconsole.locmessage(nmsg);
2184 });
2185 return;
2186 }
2189 return;
2190 }
2191 };
2195 });
2197 var reqip = socket.remoteAddress;
2198 var reqport = socket.remotePort;
2199 serverconsole.locmessage("Somebody connected to " + (typeof port == "number" ? "port " : "socket ") + port + "...");
2200 reqcounter++;
2201 serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants to proxy " + request.url + " through this server");
2202 if (request.headers["user-agent"] != undefined) serverconsole.reqmessage("Client uses " + request.headers["user-agent"]);
2205 });
2206 } else {
2208 }
2210 serverErrorHandler(err, true);
2211 });
2213 attmtsRedir = 5;
2214 listeningMessage();
2215 });
2217 if (configJSON.enableHTTP2 == true) {
2218 if (secure) {
2219 server = http2.createSecureServer({
2220 allowHTTP1: true,
2221 requireHostHeader: false,
2222 key: key,
2223 cert: cert,
2224 requestCert: configJSON.useClientCertificate,
2225 rejectUnauthorized: configJSON.rejectUnauthorizedClientCertificates,
2226 ciphers: configJSON.cipherSuite,
2227 ecdhCurve: configJSON.ecdhCurve,
2228 minVersion: configJSON.tlsMinVersion,
2229 maxVersion: configJSON.tlsMaxVersion,
2230 sigalgs: configJSON.signatureAlgorithms,
2231 settings: configJSON.http2Settings
2232 });
2233 } else {
2234 server = http2.createServer({
2235 allowHTTP1: true,
2236 requireHostHeader: false,
2237 settings: configJSON.http2Settings
2238 });
2239 }
2240 } else {
2241 if (secure) {
2242 server = https.createServer({
2243 key: key,
2244 cert: cert,
2245 requireHostHeader: false,
2246 requestCert: configJSON.useClientCertificate,
2247 rejectUnauthorized: configJSON.rejectUnauthorizedClientCertificates,
2248 ciphers: configJSON.cipherSuite,
2249 ecdhCurve: configJSON.ecdhCurve,
2250 minVersion: configJSON.tlsMinVersion,
2251 maxVersion: configJSON.tlsMaxVersion,
2252 sigalgs: configJSON.signatureAlgorithms
2253 });
2254 } else {
2255 try {
2256 server = http.createServer({
2257 requireHostHeader: false
2258 });
2259 } catch (err) {
2260 server = http.createServer();
2261 }
2262 }
2263 }
2264 if (secure) {
2265 try {
2266 sniCredentials.forEach(function (sniCredentialsSingle) {
2267 server.addContext(sniCredentialsSingle.name, {
2268 cert: sniCredentialsSingle.cert,
2269 key: sniCredentialsSingle.key
2270 });
2271 try {
2272 var snMatches = sniCredentialsSingle.name.match(/^([^:[]*|\[[^]]*\]?)((?::.*)?)$/);
2274 server._contexts[server._contexts.length - 1][0] = new RegExp("^" + snMatches[1].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.:]*") + ((snMatches[1][0] == "[" || snMatches[1].match(/^(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$/)) ? "" : "\.?") + snMatches[2].replace(/([.^$+?\-\\[\]{}])/g, "\\$1").replace(/\*/g, "[^.]*") + "$", "i");
2275 } catch (ex) {
2276 // Can't replace regex, ignoring...
2277 }
2278 });
2279 } catch (err) {
2280 // SNI error
2281 }
2282 }
2288 if (secure) {
2290 sock.reallyDestroy = sock.destroy;
2291 sock.destroy = function () {
2292 sock.toDestroy = true;
2293 };
2294 });
2298 sock._parent.destroy = sock._parent.reallyDestroy;
2299 sock._readableState = sock._parent._readableState;
2300 sock._writableState = sock._parent._writableState;
2301 sock._parent.toDestroy = false;
2302 sock.pipe = function (a, b, c) {
2303 sock._parent.pipe(a, b, c);
2304 };
2305 sock.write = function (a, b, c) {
2306 sock._parent.write(a, b, c);
2307 };
2308 sock.end = function (a, b, c) {
2309 sock._parent.end(a, b, c);
2310 };
2311 sock.destroyed = sock._parent.destroyed;
2312 sock.readable = sock._parent.readable;
2313 sock.writable = sock._parent.writable;
2314 sock.remoteAddress = sock._parent.remoteAddress;
2315 sock.remotePort = sock._parent.remoteAddress;
2316 sock.destroy = function (a, b, c) {
2317 try {
2318 sock._parent.destroy(a, b, c);
2319 sock.destroyed = sock._parent.destroyed;
2320 } catch (err) {
2321 // Socket is probably already destroyed.
2322 }
2323 };
2324 } else {
2325 sock._parent.destroy = sock._parent.reallyDestroy;
2326 try {
2327 if (sock._parent.toDestroy) sock._parent.destroy();
2328 } catch (err) {
2329 // Socket is probably already destroyed.
2330 }
2331 }
2332 });
2335 sock._parent.destroy = sock._parent.reallyDestroy;
2336 delete sock._parent.reallyDestroy;
2337 });
2339 if (configJSON.enableOCSPStapling && !ocsp._errored) {
2341 ocsp.getOCSPURI(cert, function (err, uri) {
2342 if (err) return callback(err);
2344 var req = ocsp.request.generate(cert, issuer);
2345 var options = {
2346 url: uri,
2347 ocsp: req.data
2348 };
2350 ocspCache.request(req.id, options, callback);
2351 });
2352 });
2353 }
2354 }
2356 // Patches from Node.JS v18.0.0
2357 if (server.requestTimeout !== undefined && server.requestTimeout === 0) server.requestTimeout = 300000;
2358 if (server2.requestTimeout !== undefined && server2.requestTimeout === 0) server2.requestTimeout = 300000;
2360 function reqerrhandler(err, socket, fromMain) {
2361 if (fromMain === undefined) fromMain = true;
2362 // Define response object similar to Node.JS native one
2363 var res = {};
2364 res.socket = socket;
2365 res.write = function (x) {
2367 return;
2368 }
2369 socket.write(x);
2370 };
2371 res.end = function (x) {
2373 return;
2374 }
2375 socket.end(x, function () {
2376 try {
2377 socket.destroy();
2378 } catch (err) {
2379 // Socket is probably already destroyed
2380 }
2381 });
2382 };
2383 res.writeHead = function (code, name, headers) {
2384 if (code >= 400 && code <= 499) err4xxcounter++;
2385 if (code >= 500 && code <= 599) err5xxcounter++;
2387 var headers = JSON.parse(JSON.stringify(headers));
2390 Object.keys(headers).forEach(function (headername) {
2392 headers[headername].forEach(function (headerValueS) {
2393 if (headername.match(/[^\x09\x20-\x7e\x80-\xff]|.:/) || headerValueS.match(/[^\x09\x20-\x7e\x80-\xff]/)) throw new Error("Invalid header!!! (" + headername + ")");
2395 });
2396 } else {
2397 if (headername.match(/[^\x09\x20-\x7e\x80-\xff]|.:/) || headers[headername].match(/[^\x09\x20-\x7e\x80-\xff]/)) throw new Error("Invalid header!!! (" + headername + ")");
2399 }
2401 });
2403 res.write(head);
2404 };
2406 var reqIdInt = Math.floor(Math.random() * 16777216);
2407 if (reqIdInt == 16777216) reqIdInt = 0;
2409 var serverconsole = {
2410 climessage: function (msg) {
2413 serverconsole.climessage(nmsg);
2414 });
2415 return;
2416 }
2419 return;
2420 },
2421 reqmessage: function (msg) {
2424 serverconsole.reqmessage(nmsg);
2425 });
2426 return;
2427 }
2428 console.log("\x1b[34m\x1b[1mSERVER REQUEST MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2430 return;
2431 },
2432 resmessage: function (msg) {
2435 serverconsole.resmessage(nmsg);
2436 });
2437 return;
2438 }
2439 console.log("\x1b[32m\x1b[1mSERVER RESPONSE MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2441 return;
2442 },
2443 errmessage: function (msg) {
2446 serverconsole.errmessage(nmsg);
2447 });
2448 return;
2449 }
2450 console.log("\x1b[31m\x1b[1mSERVER RESPONSE ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2452 return;
2453 },
2454 locerrmessage: function (msg) {
2457 serverconsole.locerrmessage(nmsg);
2458 });
2459 return;
2460 }
2461 console.log("\x1b[41m\x1b[1mSERVER ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2463 return;
2464 },
2465 locwarnmessage: function (msg) {
2468 serverconsole.locwarnmessage(nmsg);
2469 });
2470 return;
2471 }
2472 console.log("\x1b[43m\x1b[1mSERVER WARNING MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2474 return;
2475 },
2476 locmessage: function (msg) {
2479 serverconsole.locmessage(nmsg);
2480 });
2481 return;
2482 }
2485 return;
2486 }
2487 };
2489 if (!hasError || err.code == "ERR_SSL_HTTP_REQUEST" || err.message.indexOf("http request") != -1) serverconsole.locmessage("Client disconnected.");
2491 });
2494 // Header and footer placeholders
2498 function responseEnd(body) {
2499 // If body is Buffer, then it is converted to String anyway.
2500 res.write(head + body + foot);
2501 res.end();
2502 }
2504 // Server error calling method
2505 function callServerError(errorCode, extName, stack, ch) {
2508 }
2510 // Handle optional parameters
2512 ch = stack;
2513 stack = extName;
2514 extName = undefined;
2517 }
2519 if (stack && typeof stack === "object" && Object.prototype.toString.call(stack) !== "[object Error]") {
2520 ch = stack;
2521 stack = undefined;
2523 throw new TypeError("Error stack parameter needs to be either a string or an instance of Error object.");
2524 }
2526 // Determine error file
2527 function getErrorFileName(list, callback, _i) {
2528 if (err.code == "ERR_SSL_HTTP_REQUEST" && process.version && parseInt(process.version.split(".")[0].substring(1)) >= 16) {
2529 // Disable custom error page for HTTP SSL error
2531 return;
2532 }
2534 function medCallback(p) {
2535 if (p) callback(p);
2536 else {
2537 if (errorCode == 404) {
2538 fs.access(page404, fs.constants.F_OK, function (err) {
2539 if (err) {
2541 try {
2542 if (err) {
2544 } else {
2546 }
2547 } catch (err2) {
2548 callServerError(500, err2);
2549 }
2550 });
2551 } else {
2552 try {
2553 callback(page404);
2554 } catch (err2) {
2555 callServerError(500, err2);
2556 }
2557 }
2558 });
2559 } else {
2561 try {
2562 if (err) {
2564 } else {
2566 }
2567 } catch (err2) {
2568 callServerError(500, err2);
2569 }
2570 });
2571 }
2572 }
2573 }
2575 if (!_i) _i = 0;
2576 if (_i >= list.length) {
2577 medCallback(false);
2578 return;
2579 }
2581 if (list[_i].scode != errorCode) {
2582 getErrorFileName(list, callback, _i + 1);
2583 return;
2584 } else {
2585 fs.access(list[_i].path, fs.constants.F_OK, function (err) {
2586 if (err) {
2587 getErrorFileName(list, callback, _i + 1);
2588 } else {
2589 medCallback(list[_i].path);
2590 }
2591 });
2592 }
2593 }
2595 getErrorFileName(errorPages, function (errorFile) {
2596 if (Object.prototype.toString.call(stack) === "[object Error]") stack = generateErrorStack(stack);
2598 if (errorCode == 500 || errorCode == 502) {
2601 serverconsole.errmessage(stack);
2602 }
2604 if (serverHTTPErrorDescs[errorCode] === undefined) {
2605 callServerError(501, extName, stack);
2606 } else {
2607 var cheaders = getCustomHeaders();
2608 if (ch) {
2609 var chon = Object.keys(cheaders);
2610 Object.keys(ch).forEach(function (chnS) {
2611 var nhn = chnS;
2612 for (var j = 0; j < chon.length; j++) {
2613 if (chon[j].toLowerCase() == chnS.toLowerCase()) {
2614 nhn = chon[j];
2615 break;
2616 }
2617 }
2618 if (ch[chnS]) cheaders[nhn] = ch[chnS];
2619 });
2620 }
2623 if (err.code == "ERR_SSL_HTTP_REQUEST" && process.version && parseInt(process.version.split(".")[0].substring(1)) >= 16) {
2624 // Disable custom error page for HTTP SSL error
2625 res.writeHead(errorCode, http.STATUS_CODES[errorCode], cheaders);
2626 res.write(("<!DOCTYPE html><html><head><title>{errorMessage}</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body><h1>{errorMessage}</h1><p>{errorDesc}</p><p><i>{server}</i></p></body></html>").replace(/{errorMessage}/g, errorCode.toString() + " " + http.STATUS_CODES[errorCode].replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{errorDesc}/g, serverHTTPErrorDescs[errorCode]).replace(/{stack}/g, stack.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r\n/g, "<br/>").replace(/\n/g, "<br/>").replace(/\r/g, "<br/>").replace(/ {2}/g, " ")).replace(/{server}/g, "" + ((exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + ((!exposeModsInErrorPages || extName == undefined) ? "" : " " + extName)).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{contact}/g, serverAdmin.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\./g, "[dot]").replace(/@/g, "[at]")));
2633 responseEnd(data.toString().replace(/{errorMessage}/g, errorCode.toString() + " " + http.STATUS_CODES[errorCode].replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{errorDesc}/g, serverHTTPErrorDescs[errorCode]).replace(/{stack}/g, stack.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r\n/g, "<br/>").replace(/\n/g, "<br/>").replace(/\r/g, "<br/>").replace(/ {2}/g, " ")).replace(/{server}/g, "" + ((exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + ((!exposeModsInErrorPages || extName == undefined) ? "" : " " + extName)).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{contact}/g, serverAdmin.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\./g, "[dot]").replace(/@/g, "[at]")));
2648 }
2650 res.write(("<!DOCTYPE html><html><head><title>{errorMessage}</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body><h1>{errorMessage}</h1><p>{errorDesc}</p>" + ((additionalError == 404) ? "" : "<p>Additionally, a {additionalError} error occurred while loading an error page.</p>") + "<p><i>{server}</i></p></body></html>").replace(/{errorMessage}/g, errorCode.toString() + " " + http.STATUS_CODES[errorCode].replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{errorDesc}/g, serverHTTPErrorDescs[errorCode]).replace(/{stack}/g, stack.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r\n/g, "<br/>").replace(/\n/g, "<br/>").replace(/\r/g, "<br/>").replace(/ {2}/g, " ")).replace(/{server}/g, "" + ((exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + ((!exposeModsInErrorPages || extName == undefined) ? "" : " " + extName)).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{contact}/g, serverAdmin.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\./g, "[dot]").replace(/@/g, "[at]")).replace(/{additionalError}/g, additionalError.toString()));
2652 }
2653 });
2654 }
2655 }
2656 });
2657 }
2660 reqcounter++;
2661 malformedcounter++;
2662 serverconsole.locmessage("Somebody connected to " + (secure && fromMain ? ((typeof sport == "number" ? "port " : "socket ") + sport) : ((typeof port == "number" ? "port " : "socket ") + port)) + "...");
2663 serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " sent invalid request.");
2665 head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
2666 foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
2668 if ((err.code && (err.code.indexOf("ERR_SSL_") == 0 || err.code.indexOf("ERR_TLS_") == 0)) || (!err.code && err.message.indexOf("SSL routines") != -1)) {
2677 }
2678 }
2684 }
2690 }
2696 }
2703 }
2717 }
2718 }
2720 }
2726 serverconsole.errmessage("The request is invalid (it may be a part of larger invalid request).");
2729 }
2730 }
2750 }
2751 }
2755 }
2756 }
2767 });
2769 }
2773 },
2778 });
2780 }
2781 console.log("\x1b[34m\x1b[1mSERVER REQUEST MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2784 },
2789 });
2791 }
2792 console.log("\x1b[32m\x1b[1mSERVER RESPONSE MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2795 },
2800 });
2802 }
2803 console.log("\x1b[31m\x1b[1mSERVER RESPONSE ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2806 },
2811 });
2813 }
2814 console.log("\x1b[41m\x1b[1mSERVER ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2817 },
2822 });
2824 }
2825 console.log("\x1b[43m\x1b[1mSERVER WARNING MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2828 },
2833 });
2835 }
2839 }
2840 };
2845 });
2850 reqcounter++;
2851 serverconsole.locmessage("Somebody connected to " + (secure ? ((typeof sport == "number" ? "port " : "socket ") + sport) : ((typeof port == "number" ? "port " : "socket ") + port)) + "...");
2852 serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants to proxy " + request.url + " through this server");
2853 if (request.headers["user-agent"] != undefined) serverconsole.reqmessage("Client uses " + request.headers["user-agent"]);
2859 });
2863 modFunction = proxyMod.proxyCallback(req, socket, head, configJSON, serverconsole, modFunction);
2864 });
2866 }
2871 }
2873 }
2885 });
2887 }
2891 },
2896 });
2898 }
2899 console.log("\x1b[34m\x1b[1mSERVER REQUEST MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2902 },
2907 });
2909 }
2910 console.log("\x1b[32m\x1b[1mSERVER RESPONSE MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2913 },
2918 });
2920 }
2921 console.log("\x1b[31m\x1b[1mSERVER RESPONSE ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[37m\x1b[0m");
2924 },
2929 });
2931 }
2932 console.log("\x1b[41m\x1b[1mSERVER ERROR MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2935 },
2940 });
2942 }
2943 console.log("\x1b[43m\x1b[1mSERVER WARNING MESSAGE\x1b[22m [Request Id: " + reqId + "]: " + msg + "\x1b[40m\x1b[0m");
2946 },
2951 });
2953 }
2957 }
2958 };
2965 if (req.headers.host == hostnamesRoot || (req.headers.host.length > hostnamesRoot.length && req.headers.host.indexOf("." + hostnamesRoot) == req.headers.host.length - hostnamesRoot.length - 1)) {
2967 }
2970 }
2972 }
2979 if (matchHostname(vhost.host) && ipMatch(vhost.ip, req.socket ? req.socket.localAddress : undefined)) {
2984 }
2985 });
2990 });
2991 }
2992 }
2995 });
2997 }
2999 // Make HTTP/1.x API-based scripts compatible with HTTP/2.0 API
3001 // Set HTTP/1.x methods (to prevent process warnings)
3013 if (al == "transfer-encoding" || al == "connection" || al == "keep-alive" || al == "upgrade") delete table[key];
3014 });
3019 }
3020 };
3023 if (al != "transfer-encoding" && al != "connection" && al != "keep-alive" && al != "upgrade") return res.setHeaderNodeApi(headerName, headerValue);
3025 };
3027 // Set HTTP/1.x headers
3036 }
3037 }
3039 if (req.headers["x-svr-js-from-main-thread"] == "true" && req.socket && (!req.socket.remoteAddress || req.socket.remoteAddress == "::1" || req.socket.remoteAddress == "::ffff:127.0.0.1" || req.socket.remoteAddress == "127.0.0.1" || req.socket.remoteAddress == "localhost" || req.socket.remoteAddress == host || req.socket.remoteAddress == "::ffff:" + host)) {
3044 }
3052 if (!(headWritten && process.isBun && code === lastStatusCode && codeDescription === undefined && codeDescription === undefined)) {
3056 });
3060 }
3067 }
3071 }
3073 }
3075 };
3082 }
3083 });
3088 }
3089 });
3092 serverconsole.locmessage("Somebody connected to " + (secure && fromMain ? ((typeof sport == "number" ? "port " : "socket ") + sport) : ((typeof port == "number" ? "port " : "socket ") + port)) + "...");
3097 }
3099 // Set up X-Forwarded-For
3110 if (preparedReqIPvalid == 4 && req.socket.remoteAddress && req.socket.remoteAddress.indexOf(":") > -1) preparedReqIP = "::ffff:" + preparedReqIP;
3125 // Address setting failed
3126 }
3129 }
3130 }
3131 }
3133 reqcounter++;
3135 // Process the Host header
3140 }
3142 serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " wants " + (req.method == "GET" ? "content in " : (req.method == "POST" ? "to post content in " : (req.method == "PUT" ? "to add content in " : (req.method == "DELETE" ? "to delete content in " : (req.method == "PATCH" ? "to patch content in " : "to access content using " + req.method + " method in "))))) + ((req.headers.host == undefined || isProxy) ? "" : req.headers.host) + req.url);
3143 if (req.headers["user-agent"] != undefined) serverconsole.reqmessage("Client uses " + req.headers["user-agent"]);
3144 if (oldHostHeader && oldHostHeader != req.headers.host) serverconsole.resmessage("Host name rewritten: " + oldHostHeader + " => " + req.headers.host);
3149 // Header and footer placeholders
3154 // If body is Buffer, then it is converted to String anyway.
3157 }
3159 // Server error calling method
3163 }
3165 // Handle optional parameters
3172 }
3174 if (stack && typeof stack === "object" && Object.prototype.toString.call(stack) !== "[object Error]") {
3178 throw new TypeError("Error stack parameter needs to be either a string or an instance of Error object.");
3179 }
3181 // Determine error file
3195 }
3198 }
3199 });
3205 }
3206 }
3207 });
3215 }
3218 }
3219 });
3220 }
3221 }
3222 }
3228 }
3230 if (list[_i].scode != errorCode || !(matchHostname(list[_i].host) && ipMatch(list[_i].ip, req.socket ? req.socket.localAddress : undefined))) {
3239 }
3240 });
3241 }
3242 }
3245 // Generate error stack if not provided
3246 if (Object.prototype.toString.call(stack) === "[object Error]") stack = generateErrorStack(stack);
3253 }
3255 // Hide the error stack if specified
3258 // Validate the error code and handle unknown codes
3264 // Process custom headers if provided
3273 }
3274 }
3276 });
3277 }
3281 // Set default Allow header for 405 error if not provided
3284 // Read the error file and replace placeholders with error information
3289 responseEnd(data.toString().replace(/{errorMessage}/g, errorCode.toString() + " " + http.STATUS_CODES[errorCode].replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{errorDesc}/g, serverHTTPErrorDescs[errorCode]).replace(/{stack}/g, stack.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r\n/g, "<br/>").replace(/\n/g, "<br/>").replace(/\r/g, "<br/>").replace(/ {2}/g, " ")).replace(/{path}/g, req.url.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{server}/g, "" + ((exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + ((!exposeModsInErrorPages || extName == undefined) ? "" : " " + extName)).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + ((req.headers.host == undefined || isProxy) ? "" : " on " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">"))).replace(/{contact}/g, serverAdmin.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\./g, "[dot]").replace(/@/g, "[at]"))); // Replace placeholders in error response
3292 // Handle additional error cases
3305 }
3308 res.write(("<!DOCTYPE html><html><head><title>{errorMessage}</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body><h1>{errorMessage}</h1><p>{errorDesc}</p>" + ((additionalError == 404) ? "" : "<p>Additionally, a {additionalError} error occurred while loading an error page.</p>") + "<p><i>{server}</i></p></body></html>").replace(/{errorMessage}/g, errorCode.toString() + " " + http.STATUS_CODES[errorCode].replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{errorDesc}/g, serverHTTPErrorDescs[errorCode]).replace(/{stack}/g, stack.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r\n/g, "<br/>").replace(/\n/g, "<br/>").replace(/\r/g, "<br/>").replace(/ {2}/g, " ")).replace(/{path}/g, req.url.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")).replace(/{server}/g, "" + ((exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS") + ((!exposeModsInErrorPages || extName == undefined) ? "" : " " + extName)).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + ((req.headers.host == undefined || isProxy) ? "" : " on " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">"))).replace(/{contact}/g, serverAdmin.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\./g, "[dot]").replace(/@/g, "[at]")).replace(/{additionalError}/g, additionalError.toString())); // Replace placeholders in error response
3310 }
3311 });
3312 }
3313 });
3314 }
3317 head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
3318 foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
3321 }
3324 // Function to perform HTTP redirection to a specified destination URL
3326 // If keepMethod is a object, then save it to customHeaders
3329 // If isTemporary is a object, then save it to customHeaders
3332 // If customHeaders are not provided, get the default custom headers
3335 // Set the "Location" header to the destination URL
3338 // Determine the status code for redirection based on the isTemporary and keepMethod flags
3341 // Write the response header with the appropriate status code and message
3344 // Log the redirection message
3347 // End the response
3350 // Return from the function
3352 }
3354 // Function to parse incoming POST data from the request
3356 // If the request method is not POST, return a 405 Method Not Allowed error
3358 // Get the default custom headers and add "Allow" header with value "POST"
3362 // Call the server error function with 405 status code and custom headers
3365 }
3367 // Set formidableOptions to options, if provided; otherwise, set it to an empty object
3370 // If no callback is provided, set the callback to options and reset formidableOptions
3373 formidableOptions = {};
3374 }
3376 // If the formidable module had an error, call the server error function with 500 status code and error stack
3379 // Create a new formidable form
3382 // Parse the request and process the fields and files
3384 // If there was an error, call the server error function with status code determined by error
3389 }
3390 // Otherwise, call the provided callback function with the parsed fields and files
3392 });
3393 }
3395 // Authenticated user variable
3398 // URL-related objects.
3401 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
3403 // Return an 400 error
3407 }
3417 // Return an 400 error
3421 }
3425 // Expectations not met.
3428 }
3430 // Mod execution function
3432 // Prepare modFunction
3437 // Get list of forward proxy mods
3438 useMods = [];
3441 });
3442 }
3445 modFunction = modO.callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, "", modFunction, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData, authUser);
3446 });
3448 // Execute modFunction
3450 }
3458 });
3462 }
3464 // Function to check the level of a path relative to the web root
3466 // Split the path into an array of components based on "/"
3469 // Initialize counters for level up (..) and level down (.)
3473 // Loop through the path components
3475 // If the component is "..", decrement the levelUpCount
3477 levelUpCount--;
3478 }
3479 // If the component is not "." or an empty string, increment the levelDownCount
3481 levelDownCount++;
3482 }
3483 }
3485 // Calculate the overall level by subtracting levelUpCount from levelDownCount
3488 // Return the overall level
3490 }
3497 res.write("<!DOCTYPE html><html><head><title>Proxy not implemented</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body><h1>Proxy not implemented</h1><p>SVR.JS doesn't support proxy without proxy mod. If you're administator of this server, then install this mod in order to use SVR.JS as a proxy.</p><p><i>" + (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS").replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</i></p></body></html>");
3498 res.end();
3500 return;
3501 }
3503 if (req.method == "OPTIONS") {
3504 var hdss = getCustomHeaders();
3505 hdss["Allow"] = "GET, POST, HEAD, OPTIONS";
3506 res.writeHead(204, http.STATUS_CODES[204], hdss);
3507 res.end();
3508 return;
3509 } else if (req.method != "GET" && req.method != "POST" && req.method != "HEAD") {
3510 callServerError(405);
3511 serverconsole.errmessage("Invaild method: " + req.method);
3512 return;
3513 }
3515 if (allowStatus && (href == "/svrjsstatus.svr" || (os.platform() == "win32" && href.toLowerCase() == "/svrjsstatus.svr"))) {
3516 function formatRelativeTime(relativeTime) {
3517 var days = Math.floor(relativeTime / 60 / (60 * 24));
3518 var dateDiff = new Date(relativeTime * 1000);
3519 return days + " days, " + dateDiff.getUTCHours() + " hours, " + dateDiff.getUTCMinutes() + " minutes, " + dateDiff.getUTCSeconds() + " seconds";
3520 }
3521 var statusBody = "";
3522 statusBody += "Server version: " + (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS").replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "<br/><hr/>";
3524 //Those entries are just dates and numbers converted/formatted to strings, so no escaping is needed.
3525 statusBody += "Current time: " + new Date().toString() + "<br/>Thread start time: " + new Date(new Date() - (process.uptime() * 1000)).toString() + "<br/>Thread uptime: " + formatRelativeTime(Math.floor(process.uptime())) + "<br/>";
3526 statusBody += "OS uptime: " + formatRelativeTime(os.uptime()) + "<br/>";
3527 statusBody += "Total request count: " + reqcounter + "<br/>";
3528 statusBody += "Average request rate: " + (Math.round((reqcounter / process.uptime()) * 100) / 100) + " requests/s<br/>";
3529 statusBody += "Client errors (4xx): " + err4xxcounter + "<br/>";
3530 statusBody += "Server errors (5xx): " + err5xxcounter + "<br/>";
3531 statusBody += "Average error rate: " + (Math.round(((err4xxcounter + err5xxcounter) / reqcounter) * 10000) / 100) + "%<br/>";
3532 statusBody += "Malformed HTTP requests: " + malformedcounter;
3533 if (process.memoryUsage) statusBody += "<br/>Memory usage of thread: " + sizify(process.memoryUsage().rss, true) + "B";
3534 if (process.cpuUsage) statusBody += "<br/>Total CPU usage by thread: u" + (process.cpuUsage().user / 1000) + "ms s" + (process.cpuUsage().system / 1000) + "ms - " + (Math.round((((process.cpuUsage().user + process.cpuUsage().system) / 1000000) / process.uptime()) * 1000) / 1000) + "%";
3535 statusBody += "<br/>Thread PID: " + process.pid + "<br/>";
3537 res.writeHead(200, http.STATUS_CODES[200], {
3538 "Content-Type": "text/html; charset=utf-8"
3539 });
3540 res.end((head == "" ? "<!DOCTYPE html><html><head><title>SVR.JS status" + (req.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")) + "</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body>" : head.replace(/<head>/i, "<head><title>SVR.JS status" + (req.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")) + "</title>")) + "<h1>SVR.JS status" + (req.headers.host == undefined ? "" : " for " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")) + "</h1>" + statusBody + (foot == "" ? "</body></html>" : foot));
3541 return;
3542 }
3544 var dHref = decodeURIComponent(href);
3545 var readFrom = "." + dHref;
3546 var dirImagesMissing = false;
3547 fs.stat(readFrom, function (err, stats) {
3548 if (err) {
3549 if (err.code == "ENOENT") {
3550 if (__dirname != process.cwd() && dHref.match(/^\/\.dirimages\/(?:(?!\.png$).)+\.png$/)) {
3551 dirImagesMissing = true;
3552 readFrom = __dirname + dHref;
3553 } else {
3554 callServerError(404);
3555 serverconsole.errmessage("Resource not found.");
3556 return;
3557 }
3558 } else if (err.code == "ENOTDIR") {
3579 }
3580 }
3582 // Check if index file exists
3585 if (e || !s.isFile()) {
3587 if (e || !s.isFile()) {
3589 if (e || !s.isFile()) {
3590 properDirectoryListingAndStaticFileServe();
3591 } else {
3592 stats = s;
3595 properDirectoryListingAndStaticFileServe();
3596 }
3597 });
3598 } else {
3599 stats = s;
3602 properDirectoryListingAndStaticFileServe();
3603 }
3604 });
3605 } else {
3606 stats = s;
3609 properDirectoryListingAndStaticFileServe();
3610 }
3611 });
3612 } else if (dirImagesMissing) {
3613 fs.stat(readFrom, function (e, s) {
3614 if (e || !s.isFile()) {
3615 properDirectoryListingAndStaticFileServe();
3616 } else {
3617 stats = s;
3618 properDirectoryListingAndStaticFileServe();
3619 }
3620 });
3621 } else {
3622 properDirectoryListingAndStaticFileServe();
3623 }
3625 function properDirectoryListingAndStaticFileServe() {
3626 if (stats.isFile()) {
3630 var filelen = stats.size;
3632 // ETag code
3633 var fileETag = undefined;
3634 if (configJSON.enableETag == undefined || configJSON.enableETag) {
3635 fileETag = generateETag(href, stats);
3636 // Check if the client's request matches the ETag value (If-None-Match)
3638 if (clientETag === fileETag) {
3639 res.writeHead(304, http.STATUS_CODES[304], {
3641 });
3642 res.end();
3643 return;
3644 }
3646 // Check if the client's request doesn't match the ETag value (If-Match)
3649 callServerError(412, {
3651 });
3652 return;
3653 }
3654 }
3656 // Handle partial content request
3658 try {
3659 var rhd = getCustomHeaders();
3663 if (!regexmatch) {
3664 callServerError(416, rhd);
3665 } else {
3666 // Process the partial content request
3667 var beginOrig = regexmatch[1];
3668 var endOrig = regexmatch[2];
3670 var begin = 0;
3671 var end = maxEnd;
3673 callServerError(416, rhd);
3674 return;
3676 begin = end - parseInt(endOrig) + 1;
3677 } else {
3678 begin = parseInt(beginOrig);
3680 }
3681 if (begin > end || begin < 0 || begin > maxEnd) {
3682 callServerError(416, rhd);
3683 return;
3684 }
3685 if (end > maxEnd) end = maxEnd;
3689 var mtype = mime.contentType(ext);
3695 res.writeHead(206, http.STATUS_CODES[206], hdhds);
3696 res.end(head.substring(begin, end + 1));
3697 return;
3699 res.writeHead(206, http.STATUS_CODES[206], hdhds);
3700 res.end(foot.substring(begin - head.length - filelen, end - head.length - filelen + 1));
3701 return;
3702 }
3703 var readStream = fs.createReadStream(readFrom, {
3706 });
3709 callServerError(404);
3712 callServerError(404); // Assume that file doesn't exist.
3715 callServerError(403);
3718 callServerError(414);
3720 callServerError(503);
3722 callServerError(508); // The symbolic link loop is detected during file system operations.
3724 } else {
3725 callServerError(500, err);
3726 }
3728 try {
3730 function afterWriteCallback() {
3731 if(foot.length > 0 && end > head.length + filelen) {
3733 res.end(foot.substring(0, end - head.length - filelen + 1));
3734 });
3735 }
3736 readStream.pipe(res, {
3737 end: !(foot.length > 0 && end > head.length + filelen)
3738 });
3739 }
3740 res.writeHead(206, http.STATUS_CODES[206], hdhds);
3741 if (head.length == 0 || begin > head.length) {
3742 afterWriteCallback();
3743 } else if (!res.write(head.substring(begin, head.length - begin))) {
3745 } else {
3746 process.nextTick(afterWriteCallback);
3747 }
3748 } else {
3749 res.writeHead(206, http.STATUS_CODES[206], rhd);
3750 readStream.pipe(res);
3751 }
3753 } catch (err) {
3754 callServerError(500, err);
3755 }
3756 });
3757 } else {
3758 res.writeHead(206, http.STATUS_CODES[206], rhd);
3759 res.end();
3760 }
3761 }
3762 } catch (err) {
3763 callServerError(500, err);
3764 }
3765 } else {
3766 // Helper function to check if compression is allowed for the file
3767 function canCompress(path, list) {
3768 var canCompress = true;
3769 for (var i = 0; i < list.length; i++) {
3770 if (createRegex(list[i], true).test(path)) {
3771 canCompress = false;
3772 break;
3773 }
3774 }
3775 return canCompress;
3776 }
3778 var useBrotli = (ext != "br" && filelen > 256 && zlib.createBrotliCompress && acceptEncoding.match(/\bbr\b/));
3782 var isCompressable = true;
3783 try {
3784 // Check for files not to compressed and compression enabling setting. Also check for browser quirks and adjust compression accordingly
3785 if((!useBrotli && !useDeflate && !useGzip) || configJSON.enableCompression !== true || !canCompress(href, dontCompress)) {
3786 isCompressable = false; // Compression is disabled
3787 } else if (ext != "html" && ext != "htm" && ext != "xhtml" && ext != "xht" && ext != "shtml") {
3788 if (/^Mozilla\/4\.[0-9]+(( *\[[^)]*\] *| *)\([^)\]]*\))? *$/.test(req.headers["user-agent"]) && !(/https?:\/\/|[bB][oO][tT]|[sS][pP][iI][dD][eE][rR]|[sS][uU][rR][vV][eE][yY]|MSIE/.test(req.headers["user-agent"]))) {
3789 isCompressable = false; // Netscape 4.x doesn't handle compressed data properly outside of HTML documents.
3791 isCompressable = false; // w3m doesn't handle compressed data properly outside of HTML documents.
3792 }
3793 } else {
3794 if (/^Mozilla\/4\.0[6-8](( *\[[^)]*\] *| *)\([^)\]]*\))? *$/.test(req.headers["user-agent"]) && !(/https?:\/\/|[bB][oO][tT]|[sS][pP][iI][dD][eE][rR]|[sS][uU][rR][vV][eE][yY]|MSIE/.test(req.headers["user-agent"]))) {
3795 isCompressable = false; // Netscape 4.06-4.08 doesn't handle compressed data properly.
3796 }
3797 }
3798 } catch (err) {
3799 callServerError(500, err);
3800 return;
3801 }
3803 // Bun 1.1 has definition for zlib.createBrotliCompress, but throws an error while invoking the function.
3804 if (process.isBun && useBrotli && isCompressable) {
3805 try {
3806 zlib.createBrotliCompress();
3807 } catch (err) {
3808 useBrotli = false;
3809 }
3810 }
3812 try {
3813 var hdhds = {};
3814 if (useBrotli && isCompressable) {
3816 } else if (useDeflate && isCompressable) {
3818 } else if (useGzip && isCompressable) {
3820 } else {
3823 } else {
3825 }
3826 }
3829 var mtype = mime.contentType(ext);
3834 var readStream = fs.createReadStream(readFrom);
3837 callServerError(404);
3840 callServerError(404); // Assume that file doesn't exist.
3843 callServerError(403);
3846 callServerError(414);
3848 callServerError(503);
3850 callServerError(508); // The symbolic link loop is detected during file system operations.
3852 } else {
3853 callServerError(500, err);
3854 }
3856 try {
3857 var resStream = {};
3858 if (useBrotli && isCompressable) {
3859 resStream = zlib.createBrotliCompress();
3860 resStream.pipe(res);
3861 } else if (useDeflate && isCompressable) {
3862 resStream = zlib.createDeflateRaw();
3863 resStream.pipe(res);
3864 } else if (useGzip && isCompressable) {
3865 resStream = zlib.createGzip();
3866 resStream.pipe(res);
3867 } else {
3868 resStream = res;
3869 }
3871 function afterWriteCallback() {
3872 if (foot.length > 0) {
3874 resStream.end(foot);
3875 });
3876 }
3877 readStream.pipe(resStream, {
3878 end: (foot.length == 0)
3879 });
3880 }
3881 res.writeHead(200, http.STATUS_CODES[200], hdhds);
3882 if (head.length == 0) {
3883 afterWriteCallback();
3884 } else if (!resStream.write(head)) {
3886 } else {
3887 process.nextTick(afterWriteCallback);
3888 }
3889 } else {
3890 res.writeHead(200, http.STATUS_CODES[200], hdhds);
3891 readStream.pipe(resStream);
3892 }
3894 } catch (err) {
3895 callServerError(500, err);
3896 }
3897 });
3898 } else {
3899 res.writeHead(200, http.STATUS_CODES[200], hdhds);
3900 res.end();
3902 }
3903 } catch (err) {
3904 callServerError(500, err);
3905 }
3906 }
3907 } else if (stats.isDirectory()) {
3908 // Check if directory listing is enabled in the configuration
3909 if (checkForEnabledDirectoryListing(req.headers.host, req.socket ? req.socket.localAddress : undefined)) {
3913 function getCustomDirListingHeader(callback) {
3915 if (err) {
3919 if (err) {
3921 callback();
3922 } else {
3923 callServerError(500, err);
3924 }
3925 } else {
3926 customDirListingHeader = data.toString();
3927 callback();
3928 }
3929 });
3930 } else {
3931 callback();
3932 }
3933 } else {
3934 callServerError(500, err);
3935 }
3936 } else {
3937 customDirListingHeader = data.toString();
3938 callback();
3939 }
3940 });
3941 }
3943 function getCustomDirListingFooter(callback) {
3945 if (err) {
3949 if (err) {
3951 callback();
3952 } else {
3953 callServerError(500, err);
3954 }
3955 } else {
3956 customDirListingFooter = data.toString();
3957 callback();
3958 }
3959 });
3960 } else {
3961 callback();
3962 }
3963 } else {
3964 callServerError(500, err);
3965 }
3966 } else {
3967 customDirListingFooter = data.toString();
3968 callback();
3969 }
3970 });
3971 }
3973 // Read custom header and footer content (if available)
3974 getCustomDirListingHeader(function () {
3975 getCustomDirListingFooter(function () {
3976 // Check if custom header has HTML tag
3977 var headerHasHTMLTag = customDirListingHeader.replace(/<!--(?:(?:(?!--\>)[\s\S])*|)(?:-->|$)/g, "").match(/<html(?![a-zA-Z0-9])(?:"(?:\\(?:[\s\S]|$)|[^\\"])*(?:"|$)|'(?:\\(?:[\s\S]|$)|[^\\'])*(?:'|$)|[^'">])*(?:>|$)/i);
3979 // Generate HTML head and footer based on configuration and custom content
3981 (!headerHasHTMLTag ?
3982 "<!DOCTYPE html><html><head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title><meta charset=\"UTF-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" /><style>html{background-color:#dfffdf;color:#000000;font-family:FreeSans, Helvetica, Tahoma, Verdana, Arial, sans-serif;margin:0.75em}body{background-color:#ffffff;padding:0.5em 0.5em 0.1em;margin:0.5em auto;width:90%;max-width:800px;-webkit-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15);box-shadow:0 5px 10px 0 rgba(0, 0, 0, 0.15)}h1{text-align:center;font-size:2.25em;margin:0.3em 0 0.5em}code{background-color:#dfffdf;-webkit-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);box-shadow:0 2px 4px 0 rgba(0, 0, 0, 0.1);display:block;padding:0.2em;font-family:\"DejaVu Sans Mono\", \"Bitstream Vera Sans Mono\", Hack, Menlo, Consolas, Monaco, monospace;font-size:0.85em;margin:auto;width:95%;max-width:600px}table{width:95%;border-collapse:collapse;margin:auto;overflow-wrap:break-word;word-wrap:break-word;word-break:break-all;word-break:break-word;position:relative;z-index:0}table tbody{background-color:#ffffff;color:#000000}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);box-shadow:0 4px 8px 0 rgba(0, 0, 0, 0.175);content:' ';position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1}table img{margin:0;display:inline}th,tr{padding:0.15em;text-align:center}th{background-color:#007000;color:#ffffff}th a{color:#ffffff}td,th{padding:0.225em}td{text-align:left}tr:nth-child(odd){background-color:#dfffdf}hr{color:#ffffff}@media screen and (prefers-color-scheme: dark){html{background-color:#002000;color:#ffffff}body{background-color:#000f00;-webkit-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);-moz-box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15);box-shadow:0 5px 10px 0 rgba(127, 127, 127, 0.15)}code{background-color:#002000;-webkit-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);-moz-box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1);box-shadow:0 2px 4px 0 rgba(127, 127, 127, 0.1)}a{color:#ffffff}a:hover{color:#00ff00}table tbody{background-color:#000f00;color:#ffffff}table tbody:after{-webkit-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);-moz-box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175);box-shadow:0 4px 8px 0 rgba(127, 127, 127, 0.175)}tr:nth-child(odd){background-color:#002000}}</style></head><body>" :
3983 customDirListingHeader.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) :
3984 head.replace(/<head>/i, "<head><title>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</title>")) +
3986 "<h1>Directory: " + decodeURIComponent(origHref).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + "</h1><table id=\"directoryListing\"> <tr> <th></th> <th>Filename</th> <th>Size</th> <th>Date</th> </tr>" + (checkPathLevel(decodeURIComponent(origHref)) < 1 ? "" : "<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/return.png\" width=\"24px\" height=\"24px\" alt=\"[RET]\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" + (origHref).replace(/\/+/g, "/").replace(/\/[^\/]*\/?$/, "/") + "\">Return</a></td><td></td><td></td></tr>");
3988 var htmlFoot = "</table><p><i>" + (exposeServerVersion ? "SVR.JS/" + version + " (" + getOS() + "; " + (process.isBun ? ("Bun/v" + process.versions.bun + "; like Node.JS/" + process.version) : ("Node.JS/" + process.version)) + ")" : "SVR.JS").replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + (req.headers.host == undefined ? "" : " on " + String(req.headers.host).replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")) + "</i></p>" + customDirListingFooter + (!configJSON.enableDirectoryListingWithDefaultHead || foot == "" ? "</body></html>" : foot);
3991 htmlFoot = "</table><hr/>" + fs.readFileSync("." + decodeURIComponent(href) + "/.maindesc".replace(/\/+/g, "/")) + htmlFoot;
3992 }
3994 fs.readdir(readFrom, function (err, list) {
3995 try {
3996 if (err) throw err;
3997 list = list.sort();
3999 // Function to get stats for all files in the directory
4000 function getStatsForAllFilesI(fileList, callback, prefix, pushArray, index) {
4001 if (fileList.length == 0) {
4002 callback(pushArray);
4003 return;
4004 }
4007 if (err) {
4009 pushArray.push({
4010 name: fileList[index],
4011 stats: err ? null : stats,
4012 errored: true
4013 });
4014 if (index < fileList.length - 1) {
4015 getStatsForAllFilesI(fileList, callback, prefix, pushArray, index + 1);
4016 } else {
4017 callback(pushArray);
4018 }
4019 });
4020 } else {
4021 pushArray.push({
4022 name: fileList[index],
4023 stats: stats,
4024 errored: false
4025 });
4026 if (index < fileList.length - 1) {
4027 getStatsForAllFilesI(fileList, callback, prefix, pushArray, index + 1);
4028 } else {
4029 callback(pushArray);
4030 }
4031 }
4032 });
4033 }
4035 // Wrapper function to get stats for all files
4036 function getStatsForAllFiles(fileList, prefix, callback) {
4038 getStatsForAllFilesI(fileList, callback, prefix, [], 0);
4039 }
4041 // Get stats for all files in the directory and generate the listing
4042 getStatsForAllFiles(list, readFrom, function (filelist) {
4043 var directoryListingRows = [];
4044 for (var i = 0; i < filelist.length; i++) {
4046 var estats = filelist[i].stats;
4047 var ename = filelist[i].name;
4048 var eext = ename.match(/\.([^.]+)$/);
4050 var emime = eext ? mime.contentType(eext) : false;
4051 if (filelist[i].errored) {
4052 directoryListingRows.push(
4053 "<tr><td style=\"width: 24px;\"><img src=\"/.dirimages/bad.png\" alt=\"[BAD]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" +
4060 );
4061 } else {
4062 var entry = "<tr><td style=\"width: 24px;\"><img src=\"[img]\" alt=\"[alt]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" +
4070 estats.mtime.toDateString() +
4073 // Determine the file type and set the appropriate image and alt text
4074 if (estats.isDirectory()) {
4076 } else if (!estats.isFile()) {
4077 entry = "<tr><td style=\"width: 24px;\"><img src=\"[img]\" alt=\"[alt]\" width=\"24px\" height=\"24px\" /></td><td style=\"word-wrap: break-word; word-break: break-word; overflow-wrap: break-word;\"><a href=\"" +
4082 estats.mtime.toDateString() +
4085 // Determine the special file types (block device, character device, etc.)
4086 if (estats.isBlockDevice()) {
4088 } else if (estats.isCharacterDevice()) {
4090 } else if (estats.isFIFO()) {
4092 } else if (estats.isSocket()) {
4094 }
4095 } else if (ename.match(/README|LICEN[SC]E/i)) {
4097 } else if (eext.match(/^(?:[xs]?html?|xml)$/i)) {
4098 entry = entry.replace("[img]", "/.dirimages/html.png").replace("[alt]", (eext == "xml" ? "[XML]" : "[HTM]"));
4106 entry = entry.replace("[img]", "/.dirimages/image.png").replace("[alt]", (eext == "ico" ? "[ICO]" : "[IMG]"));
4112 entry = entry.replace("[img]", "/.dirimages/text.png").replace("[alt]", (eext == "json" ? "[JSO]" : "[TXT]"));
4115 } else if (eext.match(/^(?:zip|rar|bz2|[gb7x]z|lzma|tar)$/i)) {
4117 } else if (eext.match(/^(?:[id]mg|iso|flp)$/i)) {
4119 } else {
4121 }
4122 directoryListingRows.push(entry);
4123 }
4124 }
4125 }
4127 // Push the information about empty directory
4128 if (directoryListingRows.length == 0) {
4130 }
4132 // Send the directory listing response
4133 res.writeHead(200, http.STATUS_CODES[200], {
4135 });
4138 });
4140 } catch (err) {
4142 callServerError(404);
4145 callServerError(404); // Assume that file doesn't exist.
4148 callServerError(403);
4151 callServerError(414);
4153 callServerError(503);
4155 callServerError(508); // The symbolic link loop is detected during file system operations.
4157 } else {
4158 callServerError(500, err);
4159 }
4160 }
4161 });
4162 });
4163 });
4164 } else {
4165 // Directory listing is disabled, call 403 Forbidden error
4166 callServerError(403);
4168 }
4169 } else {
4170 callServerError(501);
4171 serverconsole.errmessage("SVR.JS doesn't support block devices, character devices, FIFOs nor sockets.");
4172 return;
4173 }
4174 }
4175 });
4176 }
4178 try {
4179 // Scan the block list
4180 if (blocklist.check(reqip)) {
4181 // Invoke 403 Forbidden error
4182 callServerError(403);
4183 serverconsole.errmessage("Client is in the block list.");
4184 return;
4185 }
4187 if (req.url == "*") {
4188 // Handle "*" URL
4189 if (req.method == "OPTIONS") {
4190 // Respond with list of methods
4191 var hdss = getCustomHeaders();
4192 hdss["Allow"] = "GET, POST, HEAD, OPTIONS";
4193 res.writeHead(204, http.STATUS_CODES[204], hdss);
4194 res.end();
4195 return;
4196 } else {
4200 }
4201 }
4204 // CONNECT requests should be handled in "connect" event.
4206 serverconsole.errmessage("CONNECT requests aren't supported. Your JS runtime probably doesn't support 'connect' handler for HTTP library.");
4208 }
4210 // Check for invalid X-Forwarded-For header
4215 }
4217 // Sanitize URL
4219 var preparedReqUrl = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
4221 // Check if URL is "dirty"
4237 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
4239 // Return an 400 error
4243 }
4252 // Return 400 error
4256 }
4260 }
4268 }
4269 }
4271 // Handle redirects to HTTPS
4278 }
4284 }
4286 var isPublicServer = !(req.socket.realRemoteAddress ? req.socket.realRemoteAddress : req.socket.remoteAddress).match(/^(?:localhost$|::1$|f[c-d][0-9a-f]{2}:|(?:::ffff:)?(?:(?:127|10)\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|192\.168\.[0-9]{1,3}\.[0-9]{1,3}|172\.(?:1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.[0-9]{1,3})$)/i);
4299 }
4301 redirect("https://" + hostname + (destinationPort == 443 ? "" : (":" + destinationPort)) + req.url);
4303 }
4305 // Handle redirects to addresses with "www." prefix
4309 if (hostname.length > 1 && (hostname[0] != "[" || hostname[hostname.length - 1] != "]")) hostport = hostname.pop();
4312 redirect((req.socket.encrypted ? "https" : "http") + "://www." + hostname + (hostport ? ":" + hostport : "") + req.url.replace(/\/+/g, "/"));
4313 return;
4314 }
4315 }
4317 // Handle URL rewriting
4318 function rewriteURL(address, map, callback, _fileState, _mapBegIndex) {
4319 var rewrittenURL = address;
4320 var doCallback = true;
4321 if (!isProxy) {
4322 for (var i = (_mapBegIndex ? _mapBegIndex : 0); i < map.length; i++) {
4323 var mapEntry = map[i];
4326 var _fileState = 3;
4327 if (err) {
4328 _fileState = 3;
4329 } else if (stats.isDirectory()) {
4330 _fileState = 2;
4331 } else if (stats.isFile()) {
4332 _fileState = 1;
4333 } else {
4334 _fileState = 3;
4335 }
4336 rewriteURL(address, map, callback, _fileState, i);
4337 });
4338 doCallback = false;
4339 break;
4340 }
4341 var tempRewrittenURL = rewrittenURL;
4342 if (!mapEntry.allowDoubleSlashes) {
4344 tempRewrittenURL = address;
4345 }
4346 if (matchHostname(mapEntry.host) && ipMatch(mapEntry.ip, req.socket ? req.socket.localAddress : undefined) && address.match(createRegex(mapEntry.definingRegex)) && !(mapEntry.isNotDirectory && _fileState == 2) && !(mapEntry.isNotFile && _fileState == 1)) {
4347 rewrittenURL = tempRewrittenURL;
4348 try {
4349 mapEntry.replacements.forEach(function (replacement) {
4350 rewrittenURL = rewrittenURL.replace(createRegex(replacement.regex), replacement.replacement);
4351 });
4352 if (mapEntry.append) rewrittenURL += mapEntry.append;
4353 } catch (err) {
4354 doCallback = false;
4355 callback(err, null);
4356 }
4357 break;
4358 }
4359 }
4360 }
4361 if (doCallback) callback(null, rewrittenURL);
4362 }
4364 // Trailing slash redirection
4365 function redirectTrailingSlashes(callback) {
4366 if (!isProxy && !disableTrailingSlashRedirects && href[href.length - 1] != "/" && origHref[origHref.length - 1] != "/") {
4368 if (err || !stats.isDirectory()) {
4369 try {
4370 callback();
4371 } catch (err) {
4372 callServerError(500, err);
4373 }
4374 } else {
4375 var destinationURL = uobject;
4376 destinationURL.path = null;
4377 destinationURL.href = null;
4379 destinationURL.hostname = null;
4380 destinationURL.host = null;
4381 destinationURL.port = null;
4382 destinationURL.protocol = null;
4383 destinationURL.slashes = null;
4384 destinationURL = url.format(destinationURL);
4385 redirect(destinationURL);
4386 }
4387 });
4388 } else {
4389 callback();
4390 }
4391 }
4393 origHref = href;
4395 // Add web root postfixes
4396 if (!isProxy) {
4397 var preparedReqUrl3 = (allowPostfixDoubleSlashes ? (href.replace(/\/+/,"/") + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "")) : req.url);
4398 var urlWithPostfix = preparedReqUrl3;
4400 wwwrootPostfixPrefixesVHost.every(function (currentPostfixPrefix) {
4401 if (preparedReqUrl3.indexOf(currentPostfixPrefix) == 0) {
4402 if (currentPostfixPrefix.match(/\/+$/)) postfixPrefix = currentPostfixPrefix.replace(/\/+$/, "");
4403 else if (urlWithPostfix.length == currentPostfixPrefix.length || urlWithPostfix[currentPostfixPrefix.length] == "?" || urlWithPostfix[currentPostfixPrefix.length] == "/" || urlWithPostfix[currentPostfixPrefix.length] == "#") postfixPrefix = currentPostfixPrefix;
4404 else return true;
4405 urlWithPostfix = urlWithPostfix.substring(postfixPrefix.length);
4406 return false;
4407 } else {
4408 return true;
4409 }
4410 });
4411 wwwrootPostfixesVHost.every(function (postfixEntry) {
4412 if (matchHostname(postfixEntry.host) && ipMatch(postfixEntry.ip, req.socket ? req.socket.localAddress : undefined) && !(postfixEntry.skipRegex && preparedReqUrl3.match(createRegex(postfixEntry.skipRegex)))) {
4414 return false;
4415 } else {
4416 return true;
4417 }
4418 });
4419 if (urlWithPostfix != preparedReqUrl3) {
4421 req.url = urlWithPostfix;
4422 try {
4423 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
4425 // Return an 400 error
4429 }
4439 // Return 400 error
4443 }
4446 var preparedReqUrl2 = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
4448 if (req.url != preparedReqUrl2 || sHref != href.replace(/\/\.(?=\/|$)/g, "/").replace(/\/+/g, "/")) {
4449 callServerError(403);
4451 return;
4452 } else if (sHref != href) {
4453 var rewrittenAgainURL = uobject;
4454 rewrittenAgainURL.path = null;
4455 rewrittenAgainURL.href = null;
4456 rewrittenAgainURL.pathname = sHref;
4457 rewrittenAgainURL.hostname = null;
4458 rewrittenAgainURL.host = null;
4459 rewrittenAgainURL.port = null;
4460 rewrittenAgainURL.protocol = null;
4461 rewrittenAgainURL.slashes = null;
4462 rewrittenAgainURL = url.format(rewrittenAgainURL);
4464 req.url = rewrittenAgainURL;
4465 try {
4466 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
4468 // Return an 400 error
4472 }
4481 // Return 400 error
4485 }
4486 }
4487 }
4488 }
4490 // Rewrite URLs
4495 }
4500 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
4502 // Return an 400 error
4506 }
4515 // Return 400 error
4519 }
4522 var preparedReqUrl2 = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
4524 if (req.url != preparedReqUrl2 || sHref != href.replace(/\/\.(?=\/|$)/g, "/").replace(/\/+/g, "/")) {
4525 callServerError(403);
4527 return;
4528 } else if (sHref != href) {
4529 var rewrittenAgainURL = uobject;
4530 rewrittenAgainURL.path = null;
4531 rewrittenAgainURL.href = null;
4532 rewrittenAgainURL.pathname = sHref;
4533 rewrittenAgainURL.hostname = null;
4534 rewrittenAgainURL.host = null;
4535 rewrittenAgainURL.port = null;
4536 rewrittenAgainURL.protocol = null;
4537 rewrittenAgainURL.slashes = null;
4538 rewrittenAgainURL = url.format(rewrittenAgainURL);
4540 req.url = rewrittenAgainURL;
4541 try {
4542 uobject = parseURL(req.url, "http" + (req.socket.encrypted ? "s" : "") + "://" + (req.headers.host ? req.headers.host : (domain ? domain : "unknown.invalid")));
4544 // Return an 400 error
4548 }
4557 // Return 400 error
4561 }
4562 }
4563 }
4564 // Set response headers
4571 // Headers will not be set.
4572 }
4573 });
4574 }
4576 // Prepare the path (remove multiple slashes)
4579 // Check if path is forbidden
4580 if ((isForbiddenPath(decodedHrefWithoutDuplicateSlashes, "config") || isForbiddenPath(decodedHrefWithoutDuplicateSlashes, "certificates")) && !isProxy) {
4588 } else if (isIndexOfForbiddenPath(decodedHrefWithoutDuplicateSlashes, "log") && !isProxy && (configJSON.enableLogging || configJSON.enableLogging == undefined) && !configJSON.enableRemoteLogBrowsing) {
4592 } else if (isForbiddenPath(decodedHrefWithoutDuplicateSlashes, "svrjs") && !isProxy && !exposeServerVersion) {
4596 } else if ((isForbiddenPath(decodedHrefWithoutDuplicateSlashes, "svrjs") || isForbiddenPath(decodedHrefWithoutDuplicateSlashes, "serverSideScripts") || isIndexOfForbiddenPath(decodedHrefWithoutDuplicateSlashes, "serverSideScriptDirectories")) && !isProxy && (configJSON.disableServerSideScriptExpose || configJSON.disableServerSideScriptExpose === undefined)) {
4605 // Scan for non-standard codes
4608 if (matchHostname(nonStandardCodes[i].host) && ipMatch(nonStandardCodes[i].ip, req.socket ? req.socket.localAddress : undefined)) {
4612 // Regex match
4617 // Non-regex match
4618 isMatch = nonStandardCodes[i].url == hrefWithoutDuplicateSlashes || (os.platform() == "win32" && nonStandardCodes[i].url.toLowerCase() == hrefWithoutDuplicateSlashes.toLowerCase());
4619 }
4622 // HTTP authentication
4625 }
4628 if ((nonStandardCodes[i].scode == 403 || nonStandardCodes[i].scode == 451) && nonStandardCodes[i].users !== undefined) {
4632 }
4633 }
4634 }
4635 }
4636 }
4637 }
4638 }
4640 // Handle non-standard codes
4643 if (nonscode.scode == 301 || nonscode.scode == 302 || nonscode.scode == 307 || nonscode.scode == 308) {
4648 // Fallback replacement
4650 }
4651 } else if (req.url.split("?")[1] == undefined || req.url.split("?")[1] == null || req.url.split("?")[1] == "" || req.url.split("?")[1] == " ") {
4655 }
4656 redirect(location, nonscode.scode == 302 || nonscode.scode == 307, nonscode.scode == 307 || nonscode.scode == 308);
4668 }
4670 }
4671 }
4673 // Handle HTTP authentication
4677 // Function to check if passwords match
4687 }
4688 };
4693 callServerError(500, new Error("SVR.JS doesn't support scrypt-hashed passwords on Node.JS versions without scrypt hash support."));
4698 });
4712 });
4714 }
4715 });
4716 }
4717 }
4720 callServerError(500, new Error("SVR.JS doesn't support PBKDF2-hashed passwords on Node.JS versions without crypto support."));
4725 });
4739 });
4741 }
4742 });
4743 }
4744 }
4747 }
4748 }
4753 ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
4759 }
4765 }
4772 }
4782 scryptCount++;
4784 pbkdf2Count++;
4786 sha256Count++;
4787 }
4789 });
4790 }
4792 // Pushing false user match to prevent time-based user enumeration
4797 };
4803 }
4804 }
4806 }
4816 };
4820 }
4821 }
4822 }
4824 serverconsole.errmessage("User \"" + String(username).replace(/[\r\n]/g, "") + "\" failed to log in.");
4832 };
4833 }
4834 }
4835 serverconsole.reqmessage("Client is logged in as \"" + String(username).replace(/[\r\n]/g, "") + "\".");
4839 });
4840 }
4844 }
4845 });
4849 }
4850 }
4852 // Don't brute-force protect it, just do HTTP authentication
4855 // Query data from JS object database
4856 if (!bruteForceDb[reqip] || !bruteForceDb[reqip].lastAttemptDate || (new Date() - 300000 >= bruteForceDb[reqip].lastAttemptDate)) {
4859 };
4864 }
4868 // Listen for brute-force protection response
4874 }
4880 }
4881 }
4884 }
4888 });
4889 }
4890 }
4892 });
4895 }
4896 }
4902 serverconsole.locerrmessage(serverErrorDescs[err.code] ? serverErrorDescs[err.code] : serverErrorDescs["UNKNOWN"]);
4908 // Probably main process exited
4909 }
4910 }
4918 // Probably main process exited
4919 }
4924 }
4925 }
4929 });
4933 });
4934 }
4938 // IPC listener for server listening signalization
4942 }
4943 }
4945 // IPC listener for brue force protection
4951 if (!bruteForceDb[ip] || !bruteForceDb[ip].lastAttemptDate || (new Date() - 300000 >= bruteForceDb[ip].lastAttemptDate)) {
4954 };
4958 }
4963 };
4968 };
4972 }
4973 }
4974 };
4975 }
4980 // General IPC message listener
4985 cluster.workers[Object.keys(cluster.workers)[i]].on("message", bruteForceListenerWrapper(cluster.workers[Object.keys(cluster.workers)[i]]));
4987 }
4988 }
4992 // Do nothing!
5002 serverconsole.locwarnmessage("There was a problem while saving configuration file. Reason: " + msg.substring(8));
5008 serverconsole.locerrmessage(serverErrorDescs[errCode] ? serverErrorDescs[errCode] : serverErrorDescs["UNKNOWN"]);
5010 }
5014 }
5015 });
5018 }
5019 }
5028 }
5029 var listenToLocalhost = (listenAddress && (listenAddress == "localhost" || listenAddress.match(/^127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) || listenAddress.match(/^(?:0{0,4}:)+0{0,3}1$/)));
5030 var listenToAny = (!listenAddress || listenAddress.match(/^0{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) || listenAddress.match(/^(?:0{0,4}:)+0{0,4}$/));
5031 var sListenToLocalhost = (sListenAddress && (sListenAddress == "localhost" || sListenAddress.match(/^127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) || sListenAddress.match(/^(?:0{0,4}:)+0{0,3}1$/)));
5032 var sListenToAny = (!sListenAddress || sListenAddress.match(/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) || sListenAddress.match(/^(?:0{0,4}:)+0{0,4}$/));
5045 }
5046 }
5052 }
5053 }
5054 if (secure && typeof sport === "number" && !sListenToLocalhost && (!sListenToAny || (host != "" && host != "[offline]"))) serverconsole.locmessage("* https://" + (sAccHost.indexOf(":") > -1 ? "[" + sAccHost + "]" : sAccHost) + (sport == 443 ? "" : (":" + sport)));
5055 if (!(secure && disableNonEncryptedServer) && !listenToLocalhost && (!listenToAny || (host != "" && host != "[offline]")) && typeof port === "number") serverconsole.locmessage("* http://" + (accHost.indexOf(":") > -1 ? "[" + accHost + "]" : accHost) + (port == 80 ? "" : (":" + port)));
5058 if (secure && !sListenToLocalhost) serverconsole.locmessage("* https://" + (pubip.indexOf(":") > -1 ? "[" + pubip + "]" : pubip) + (spubport == 443 ? "" : (":" + spubport)));
5059 if (!(secure && disableNonEncryptedServer) && !listenToLocalhost) serverconsole.locmessage("* http://" + (pubip.indexOf(":") > -1 ? "[" + pubip + "]" : pubip) + (pubport == 80 ? "" : (":" + pubport)));
5060 }
5062 if (secure && !sListenToLocalhost) serverconsole.locmessage("* https://" + domain + (spubport == 443 ? "" : (":" + spubport)));
5063 if (!(secure && disableNonEncryptedServer) && !listenToLocalhost) serverconsole.locmessage("* http://" + domain + (pubport == 80 ? "" : (":" + pubport)));
5064 }
5066 });
5067 }
5077 // Print warnings
5078 if (version.indexOf("Nightly-") === 0) serverconsole.locwarnmessage("This version is only for test purposes and may be unstable.");
5079 if (configJSON.enableHTTP2 && !secure) serverconsole.locwarnmessage("HTTP/2 without HTTPS may not work in web browsers. Web browsers only support HTTP/2 with HTTPS!");
5081 serverconsole.locwarnmessage("Bun support is experimental. Some features of SVR.JS, SVR.JS mods and SVR.JS server-side JavaScript may not work as expected.");
5084 })) serverconsole.locwarnmessage("PBKDF2 password hashing function in Bun blocks the event loop, which may result in denial of service.");
5085 }
5086 if (cluster.isPrimary === undefined) serverconsole.locwarnmessage("You're running SVR.JS on single thread. Reliability may suffer, as the server is stopped after crash.");
5087 if (crypto.__disabled__ !== undefined) serverconsole.locwarnmessage("Your Node.JS version doesn't have crypto support! The 'crypto' module is essential for providing cryptographic functionality in Node.JS. Without crypto support, certain security features may be unavailable, and some functionality may not work as expected. It's recommended to use a Node.JS version that includes crypto support to ensure the security and proper functioning of your server.");
5088 if (crypto.__disabled__ === undefined && !crypto.scrypt) serverconsole.locwarnmessage("Your JavaScript runtime doesn't have native scrypt support. HTTP authentication involving scrypt hashes will not work.");
5089 if (!process.isBun && /^v(?:[0-9]\.|1[0-7]\.|18\.(?:[0-9]|1[0-8])\.|18\.19\.0|20\.(?:[0-9]|10)\.|20\.11\.0|21\.[0-5]\.|21\.6\.0|21\.6\.1(?![0-9]))/.test(process.version)) serverconsole.locwarnmessage("Your Node.JS version is vulnerable to HTTP server DoS (CVE-2024-22019).");
5090 if (!process.isBun && /^v(?:[0-9]\.|1[0-7]\.|18\.(?:1?[0-9])\.|18\.20\.0|20\.(?:[0-9]|1[01])\.|20\.12\.0|21\.[0-6]\.|21\.7\.0|21\.7\.1(?![0-9]))/.test(process.version)) serverconsole.locwarnmessage("Your Node.JS version is vulnerable to HTTP server request smuggling (CVE-2024-27982).");
5091 if (process.getuid && process.getuid() == 0) serverconsole.locwarnmessage("You're running SVR.JS as root. It's recommended to run SVR.JS as an non-root user. Running SVR.JS as root may increase the risks of OS command execution vulnerabilities.");
5092 if (!process.isBun && secure && process.versions && process.versions.openssl && process.versions.openssl.substring(0, 2) == "1.") {
5094 serverconsole.locwarnmessage("OpenSSL 1.x is no longer receiving security updates after 11th September 2023. Your HTTPS communication might be vulnerable. It is recommended to update to a newer version of Node.JS that includes OpenSSL 3.0 or higher to ensure the security of your server and data.");
5096 serverconsole.locwarnmessage("OpenSSL 1.x will no longer receive security updates after 11th September 2023. Your HTTPS communication might be vulnerable in future. It is recommended to update to a newer version of Node.JS that includes OpenSSL 3.0 or higher to ensure the security of your server and data.");
5097 }
5098 }
5099 if (secure && configJSON.enableOCSPStapling && ocsp._errored) serverconsole.locwarnmessage("Can't load OCSP module. OCSP stapling will be disabled. OCSP stapling is a security feature that improves the performance and security of HTTPS connections by caching the certificate status response. If you require this feature, consider updating your Node.JS version or checking for any issues with the 'ocsp' module.");
5100 if (disableMods) serverconsole.locwarnmessage("SVR.JS is running without mods and server-side JavaScript enabled. Web applications may not work as expected");
5103 // Display mod and server-side JavaScript errors
5106 serverconsole.locwarnmessage("There was a problem while loading a \"" + String(modLoadingError.modName).replace(/[\r\n]/g, "") + "\" mod.");
5109 });
5114 }
5116 }
5118 // Print server information
5123 if (CPUs.length > 0) serverconsole.locmessage("CPU: " + (CPUs.length > 1 ? CPUs.length + "x " : "") + CPUs[0].model);
5125 // Throw errors
5126 if (vnum < 64) throw new Error("SVR.JS requires Node.JS 10.0.0 and newer, but your Node.JS version isn't supported by SVR.JS.");
5127 if (configJSONRErr) throw new Error("Can't read SVR.JS configuration file: " + configJSONRErr.message);
5128 if (configJSONPErr) throw new Error("SVR.JS configuration parse error: " + configJSONPErr.message);
5129 if (configJSON.enableHTTP2 && !secure && (typeof port != "number")) throw new Error("HTTP/2 without HTTPS, along with Unix sockets/Windows named pipes aren't supported by SVR.JS.");
5130 if (configJSON.enableHTTP2 && http2.__disabled__ !== undefined) throw new Error("HTTP/2 isn't supported by your Node.JS version! You may not be able to use HTTP/2 with SVR.JS");
5132 if (listenAddress.match(/^[0-9]+$/)) throw new Error("Listening network address can't be numeric (it need to be either valid IP address, or valid domain name).");
5133 if (listenAddress.match(/^(?:2(?:2[4-9]|3[0-9])\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$|ff[0-9a-f][0-9a-f]:[0-9a-f:])/i)) throw new Error("SVR.JS can't listen on multicast address.");
5134 if (brdIPs.indexOf(listenAddress) > -1) throw new Error("SVR.JS can't listen on broadcast address.");
5135 if (netIPs.indexOf(listenAddress) > -1) throw new Error("SVR.JS can't listen on subnet address.");
5136 }
5137 if (certificateError) throw new Error("There was a problem with SSL certificate/private key: " + certificateError.message);
5138 if (wwwrootError) throw new Error("There was a problem with your web root: " + wwwrootError.message);
5139 if (sniReDos) throw new Error("Refusing to start, because the current SNI configuration would make the server vulnerable to ReDoS.");
5140 }
5142 // Print server startup information
5143 if (!(secure && disableNonEncryptedServer)) serverconsole.locmessage("Starting HTTP server at " + (typeof port == "number" ? (listenAddress ? ((listenAddress.indexOf(":") > -1 ? "[" + listenAddress + "]" : listenAddress)) + ":" : "port ") : "") + port.toString() + "...");
5144 if (secure) serverconsole.locmessage("Starting HTTPS server at " + (typeof sport == "number" ? (sListenAddress ? ((sListenAddress.indexOf(":") > -1 ? "[" + sListenAddress + "]" : sListenAddress)) + ":" : "port ") : "") + sport.toString() + "...");
5145 }
5154 }
5157 }
5164 }
5167 }
5168 }
5169 }
5171 // SVR.JS commmands
5178 }
5183 }
5185 if (cluster.isPrimary === undefined) serverconsole.climessage("Cannot close server! Reason: " + err.message);
5187 }
5188 },
5195 }