add protection against requesting direct service files
This commit is contained in:
zefie
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (request_headers.query.url) {
|
if (request_headers.query.url) {
|
||||||
if (request_headers.query.url.indexOf(":/") > 0) {
|
if (request_headers.query.url.indexOf(":/") > 0) {
|
||||||
var service_request = request_headers.query.url.split(":/")[0];
|
var service_request = request_headers.query.url.split(":/")[0];
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`
|
Content-Type: text/html`
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (socket.ssid != null && !ssid_sessions[socket.ssid].get("wtvsec_login")) {
|
if (socket.ssid != null && !ssid_sessions[socket.ssid].get("wtvsec_login")) {
|
||||||
var wtvsec_login = new WTVSec(minisrv_config);
|
var wtvsec_login = new WTVSec(minisrv_config);
|
||||||
wtvsec_login.IssueChallenge();
|
wtvsec_login.IssueChallenge();
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var gourl = "wtv-1800:/finish-prereg?";
|
var gourl = "wtv-1800:/finish-prereg?";
|
||||||
if (request_headers.query.relogin) gourl += "relogin=true";
|
if (request_headers.query.relogin) gourl += "relogin=true";
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,8 @@
|
|||||||
var gourl = "wtv-head-waiter:/login?";
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (socket.ssid) {
|
var gourl = "wtv-head-waiter:/login?";
|
||||||
|
|
||||||
|
if (socket.ssid) {
|
||||||
if (ssid_sessions[socket.ssid].loadSessionData() == true) {
|
if (ssid_sessions[socket.ssid].loadSessionData() == true) {
|
||||||
console.log(" * Loaded session data from disk for", wtvshared.filterSSID(socket.ssid))
|
console.log(" * Loaded session data from disk for", wtvshared.filterSSID(socket.ssid))
|
||||||
ssid_sessions[socket.ssid].setSessionData("registered", (ssid_sessions[socket.ssid].getSessionData("registered") == true) ? true : false);
|
ssid_sessions[socket.ssid].setSessionData("registered", (ssid_sessions[socket.ssid].getSessionData("registered") == true) ? true : false);
|
||||||
@@ -31,15 +33,15 @@
|
|||||||
ssid_sessions[socket.ssid].data_store.wtvsec_login = new WTVSec(minisrv_config);
|
ssid_sessions[socket.ssid].data_store.wtvsec_login = new WTVSec(minisrv_config);
|
||||||
ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
|
ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
|
||||||
ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(request_headers["wtv-incarnation"] || 1);
|
ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(request_headers["wtv-incarnation"] || 1);
|
||||||
} else {
|
} else {
|
||||||
console.log(" * Something bad happened (we don't know the client ssid???)");
|
console.log(" * Something bad happened (we don't know the client ssid???)");
|
||||||
var errpage = doErrorPage(400)
|
var errpage = doErrorPage(400)
|
||||||
headers = errpage[0];
|
headers = errpage[0];
|
||||||
data = errpage[1];
|
data = errpage[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (request_headers.query.relogin && ssid_sessions[socket.ssid].getSessionData("registered")) gourl += "relogin=true";
|
if (request_headers.query.relogin && ssid_sessions[socket.ssid].getSessionData("registered")) gourl += "relogin=true";
|
||||||
if (request_headers.query.reconnect && ssid_sessions[socket.ssid].getSessionData("registered")) gourl += "reconnect=true";
|
if (request_headers.query.reconnect && ssid_sessions[socket.ssid].getSessionData("registered")) gourl += "reconnect=true";
|
||||||
|
|
||||||
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
|
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
|
||||||
var prereg_contype = "text/html";
|
var prereg_contype = "text/html";
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = "200 OK";
|
headers = "200 OK";
|
||||||
if (request_headers.query.nick) headers += "\n" + ssid_sessions[socket.ssid].setIRCNick(request_headers.query.nick);
|
if (request_headers.query.nick) headers += "\n" + ssid_sessions[socket.ssid].setIRCNick(request_headers.query.nick);
|
||||||
headers += "\nContent-Type: text/html";
|
headers += "\nContent-Type: text/html";
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var irc_nick = "";
|
var irc_nick = "";
|
||||||
headers = "200 OK";
|
headers = "200 OK";
|
||||||
if (request_headers.query.nick) headers += "\n" + ssid_sessions[socket.ssid].setIRCNick(request_headers.query.nick);
|
if (request_headers.query.nick) headers += "\n" + ssid_sessions[socket.ssid].setIRCNick(request_headers.query.nick);
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (socket.ssid) {
|
if (socket.ssid) {
|
||||||
if (request_headers.post_data) {
|
if (request_headers.post_data) {
|
||||||
if (ssid_sessions[socket.ssid]) {
|
if (ssid_sessions[socket.ssid]) {
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (request_headers.post_data) {
|
if (request_headers.post_data) {
|
||||||
if (request_headers.query.domain && request_headers.query.path) {
|
if (request_headers.query.domain && request_headers.query.path) {
|
||||||
if (socket.ssid) {
|
if (socket.ssid) {
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (socket.ssid) {
|
if (socket.ssid) {
|
||||||
if (ssid_sessions[socket.ssid]) {
|
if (ssid_sessions[socket.ssid]) {
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (socket.ssid) {
|
if (socket.ssid) {
|
||||||
if (ssid_sessions[socket.ssid]) {
|
if (ssid_sessions[socket.ssid]) {
|
||||||
ssid_sessions[socket.ssid].resetCookies();
|
ssid_sessions[socket.ssid].resetCookies();
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (request_headers.query.group) {
|
if (request_headers.query.group) {
|
||||||
const WTVDownloadList = require("./WTVDownloadList.js");
|
const WTVDownloadList = require("./WTVDownloadList.js");
|
||||||
var wtvdl = new WTVDownloadList(minisrv_config, service_name);
|
var wtvdl = new WTVDownloadList(minisrv_config, service_name);
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
const WTVDownloadList = require("./WTVDownloadList.js");
|
const WTVDownloadList = require("./WTVDownloadList.js");
|
||||||
var wtvdl = new WTVDownloadList(minisrv_config, service_name);
|
var wtvdl = new WTVDownloadList(minisrv_config, service_name);
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (request_headers.post_data) {
|
if (request_headers.post_data) {
|
||||||
if (request_headers.query.partialPath || request_headers.query.path) {
|
if (request_headers.query.partialPath || request_headers.query.path) {
|
||||||
if (socket.ssid) {
|
if (socket.ssid) {
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
const WTVFlashrom = require("./WTVFlashrom.js");
|
const WTVFlashrom = require("./WTVFlashrom.js");
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
const WTVFlashrom = require("./WTVFlashrom.js");
|
const WTVFlashrom = require("./WTVFlashrom.js");
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
const WTVFlashrom = require("./WTVFlashrom.js");
|
const WTVFlashrom = require("./WTVFlashrom.js");
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
|
|
||||||
|
|||||||
@@ -93,7 +93,9 @@ data += `
|
|||||||
nexturl="${flashrom_info.next_rompath}"
|
nexturl="${flashrom_info.next_rompath}"
|
||||||
errorurl="${service_name}:/lc2-download-failed?"
|
errorurl="${service_name}:/lc2-download-failed?"
|
||||||
`
|
`
|
||||||
if (!flashrom_info.is_last_part) data += `blockurl = "${flashrom_info.rompath}"`;
|
if (!var minisrv_service_file = true;
|
||||||
|
|
||||||
|
flashrom_info.is_last_part) data += `blockurl = "${flashrom_info.rompath}"`;
|
||||||
|
|
||||||
data += `
|
data += `
|
||||||
lastblock="${flashrom_info.is_last_part}"
|
lastblock="${flashrom_info.is_last_part}"
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (request_headers.query.path) {
|
if (request_headers.query.path) {
|
||||||
var url = service_name + ":/get-lc2-page?path=" + request_headers.query.path;
|
var url = service_name + ":/get-lc2-page?path=" + request_headers.query.path;
|
||||||
var romtype = ssid_sessions[socket.ssid].get("wtv-client-rom-type");
|
var romtype = ssid_sessions[socket.ssid].get("wtv-client-rom-type");
|
||||||
|
|||||||
@@ -42,7 +42,9 @@ Updating complete
|
|||||||
<td colspan=12 width=560 height=10 valign=top align=left>
|
<td colspan=12 width=560 height=10 valign=top align=left>
|
||||||
<img src="${service_name}:/ROMCache/S40H1.gif" width=560 height=6>
|
<img src="${service_name}:/ROMCache/S40H1.gif" width=560 height=6>
|
||||||
<tr>
|
<tr>
|
||||||
<td width=104 height=10 valign=top align=left>
|
<td width=104 height=10 valign=top align=left>var minisrv_service_file = true;
|
||||||
|
|
||||||
|
|
||||||
<td width=20 valign=top align=left>
|
<td width=20 valign=top align=left>
|
||||||
<td width=67 valign=top align=left>
|
<td width=67 valign=top align=left>
|
||||||
<td width=20 valign=top align=left>
|
<td width=20 valign=top align=left>
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var error = '';
|
var error = '';
|
||||||
if (request_headers.query.error) {
|
if (request_headers.query.error) {
|
||||||
switch (request_headers.query.error) {
|
switch (request_headers.query.error) {
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
const WTVFlashrom = require("./WTVFlashrom.js");
|
const WTVFlashrom = require("./WTVFlashrom.js");
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
// willie is just a graphical frontend to a list of ROMs
|
// willie is just a graphical frontend to a list of ROMs
|
||||||
// the rest of the scripts should work if you manually link to a ROM, and actually have it.
|
// the rest of the scripts should work if you manually link to a ROM, and actually have it.
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var challenge_response, challenge_header = '';
|
var challenge_response, challenge_header = '';
|
||||||
var gourl;
|
var gourl;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var challenge_response, challenge_header = '';
|
var challenge_response, challenge_header = '';
|
||||||
var gourl;
|
var gourl;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var challenge_response, challenge_header = "";
|
var challenge_response, challenge_header = "";
|
||||||
|
|
||||||
var gourl = "wtv-head-waiter:/login-stage-two?";
|
var gourl = "wtv-head-waiter:/login-stage-two?";
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var gourl = "wtv-1800:/preregister?";
|
var gourl = "wtv-1800:/preregister?";
|
||||||
if (request_headers.query.relogin) gourl += "relogin=true";
|
if (request_headers.query.relogin) gourl += "relogin=true";
|
||||||
else if (request_headers.query.reconnect) gourl += "reconnect=true";
|
else if (request_headers.query.reconnect) gourl += "reconnect=true";
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers =`200 OK
|
headers =`200 OK
|
||||||
Connection: Keep-Alive
|
Connection: Keep-Alive
|
||||||
wtv-expire-all: wtv-home:/splash
|
wtv-expire-all: wtv-home:/splash
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Connection: Keep-Alive
|
Connection: Keep-Alive
|
||||||
wtv-expire-all: wtv-
|
wtv-expire-all: wtv-
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
// write posted log data to disk. should be decrypted by this point (if it was encrypted) if the crypto stream didn't break
|
// write posted log data to disk. should be decrypted by this point (if it was encrypted) if the crypto stream didn't break
|
||||||
|
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`;
|
Content-Type: text/html`;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (minisrv_config.config.allow_guests) {
|
if (minisrv_config.config.allow_guests) {
|
||||||
headers = `300 Moved
|
headers = `300 Moved
|
||||||
Connection: Close
|
Connection: Close
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `300 Moved
|
headers = `300 Moved
|
||||||
Connection: Close
|
Connection: Close
|
||||||
wtv-noback-all: wtv-register:
|
wtv-noback-all: wtv-register:
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (!request_headers.query.registering) {
|
if (!request_headers.query.registering) {
|
||||||
var errpage = doErrorPage(400);
|
var errpage = doErrorPage(400);
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (!request_headers.query.registering) {
|
if (!request_headers.query.registering) {
|
||||||
var errpage = doErrorPage(400);
|
var errpage = doErrorPage(400);
|
||||||
headers = errpage[0];
|
headers = errpage[0];
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
if (!request_headers.query.registering ||
|
if (!request_headers.query.registering ||
|
||||||
!request_headers.query.subscriber_name ||
|
!request_headers.query.subscriber_name ||
|
||||||
!request_headers.query.subscriber_username ||
|
!request_headers.query.subscriber_username ||
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`;
|
Content-Type: text/html`;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Connection: Keep-Alive
|
Connection: Keep-Alive
|
||||||
wtv-expire-all: wtv-
|
wtv-expire-all: wtv-
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
wtv-backgroundmusic-load-playlist: wtv-music:/get-playlist
|
wtv-backgroundmusic-load-playlist: wtv-music:/get-playlist
|
||||||
wtv-printer-model: -1,-1
|
wtv-printer-model: -1,-1
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
// Allow URL access outside our trusted minisrv
|
// Allow URL access outside our trusted minisrv
|
||||||
|
|
||||||
if (request_headers.query.url) var url = request_headers.query.url;
|
if (request_headers.query.url) var url = request_headers.query.url;
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
wtv-expire-all: wtv-
|
wtv-expire-all: wtv-
|
||||||
wtv-expire-all: http
|
wtv-expire-all: http
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
wtv-noback-all: wtv-
|
wtv-noback-all: wtv-
|
||||||
wtv-expire-all: wtv-
|
wtv-expire-all: wtv-
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
var client_caps = null;
|
var client_caps = null;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`;
|
Content-Type: text/html`;
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`
|
Content-Type: text/html`
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
var minisrv_service_file = true;
|
||||||
|
|
||||||
headers = `200 OK
|
headers = `200 OK
|
||||||
Content-Type: text/html`;
|
Content-Type: text/html`;
|
||||||
|
|
||||||
|
|||||||
@@ -199,6 +199,37 @@ class WTVShared {
|
|||||||
return path.reverse().split(".")[0].reverse();
|
return path.reverse().split(".")[0].reverse();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getLineFromFile(filename, line_no, callback) {
|
||||||
|
var stream = this.fs.createReadStream(filename, {
|
||||||
|
flags: 'r',
|
||||||
|
encoding: 'utf-8',
|
||||||
|
fd: null,
|
||||||
|
bufferSize: 64 * 1024
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
|
var fileData = '';
|
||||||
|
stream.on('data', function (data) {
|
||||||
|
fileData += data;
|
||||||
|
|
||||||
|
// The next lines should be improved
|
||||||
|
var lines = fileData.split("\n");
|
||||||
|
|
||||||
|
if (lines.length >= +line_no) {
|
||||||
|
stream.destroy();
|
||||||
|
callback(null, lines[+line_no]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
stream.on('error', function () {
|
||||||
|
callback('Error', null);
|
||||||
|
});
|
||||||
|
|
||||||
|
stream.on('end', function () {
|
||||||
|
callback('File end reached without finding line', null);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Strips bad things from paths
|
* Strips bad things from paths
|
||||||
* @param {string} base Base path
|
* @param {string} base Base path
|
||||||
|
|||||||
@@ -102,6 +102,17 @@ function doErrorPage(code, data = null, pc_mode = false) {
|
|||||||
return new Array(headers, data);
|
return new Array(headers, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function sendRawFile(socket, path) {
|
||||||
|
if (!minisrv_config.config.debug_flags.quiet) console.log(" * Found " + path + " to handle request (Direct File Mode) [Socket " + socket.id + "]");
|
||||||
|
var contypes = wtvmime.getContentType(path);
|
||||||
|
var headers = "200 OK\n"
|
||||||
|
headers += "Content-Type: " + contypes[0] + "\n";
|
||||||
|
headers += "wtv-modern-content-type" + contypes[1];
|
||||||
|
fs.readFile(path, null, function (err, data) {
|
||||||
|
sendToClient(socket, headers, data);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
async function processPath(socket, service_vault_file_path, request_headers = new Array(), service_name) {
|
async function processPath(socket, service_vault_file_path, request_headers = new Array(), service_name) {
|
||||||
var headers, data = null;
|
var headers, data = null;
|
||||||
var request_is_async = false;
|
var request_is_async = false;
|
||||||
@@ -120,9 +131,9 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
|
|||||||
else minisrv_catchall = minisrv_config.config.catchall_file_name || null;
|
else minisrv_catchall = minisrv_config.config.catchall_file_name || null;
|
||||||
if (minisrv_catchall) {
|
if (minisrv_catchall) {
|
||||||
if (service_path_request_file == minisrv_catchall) {
|
if (service_path_request_file == minisrv_catchall) {
|
||||||
|
request_is_async = true;
|
||||||
var errpage = doErrorPage(401, "Access Denied");
|
var errpage = doErrorPage(401, "Access Denied");
|
||||||
headers = errpage[0];
|
sendToClient(socket, errpage[0], errpage[1]);
|
||||||
data = errpage[1];
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -139,15 +150,47 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
|
|||||||
// file exists, read it and return it
|
// file exists, read it and return it
|
||||||
service_vault_found = true;
|
service_vault_found = true;
|
||||||
request_is_async = true;
|
request_is_async = true;
|
||||||
if (!minisrv_config.config.debug_flags.quiet) console.log(" * Found " + service_vault_file_path + " to handle request (Direct File Mode) [Socket " + socket.id + "]");
|
|
||||||
request_headers.service_file_path = service_vault_file_path;
|
request_headers.service_file_path = service_vault_file_path;
|
||||||
var contypes = wtvmime.getContentType(service_vault_file_path);
|
request_headers.raw_file = true;
|
||||||
headers = "200 OK\n"
|
|
||||||
headers += "Content-Type: " + contypes[0] + "\n";
|
// service parsed files, we might not want to expose our service source files so we can protect them with a flag on the first line
|
||||||
headers += "wtv-modern-content-type" + contypes[1];
|
if (wtvshared.getFileExt(service_vault_file_path).toLowerCase() == "js" || wtvshared.getFileExt(service_vault_file_path).toLowerCase() == "txt") {
|
||||||
fs.readFile(service_vault_file_path, null, function (err, data) {
|
if (wtvshared.getFileExt(service_vault_file_path).toLowerCase() == "js") {
|
||||||
sendToClient(socket, headers, data);
|
wtvshared.getLineFromFile(service_vault_file_path, 0, function (status, line) {
|
||||||
|
if (!status) {
|
||||||
|
if (line.match(/minisrv\_service\_file.*true/i)) {
|
||||||
|
var errpage = doErrorPage(403, "Access Denied");
|
||||||
|
sendToClient(socket, errpage[0], errpage[1]);
|
||||||
|
} else {
|
||||||
|
sendRawFile(socket, service_vault_file_path);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
var errpage = doErrorPage(400);
|
||||||
|
sendToClient(socket, errpage[0], errpage[1]);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wtvshared.getFileExt(service_vault_file_path).toLowerCase() == "txt") {
|
||||||
|
wtvshared.getLineFromFile(service_vault_file_path, 0, function (status, line) {
|
||||||
|
if (!status) {
|
||||||
|
if (line.match(/^#!minisrv/i)) {
|
||||||
|
var errpage = doErrorPage(403, "Access Denied");
|
||||||
|
sendToClient(socket, errpage[0], errpage[1]);
|
||||||
|
} else {
|
||||||
|
sendRawFile(socket, service_vault_file_path);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
var errpage = doErrorPage(400);
|
||||||
|
sendToClient(socket, errpage[0], errpage[1]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// not a potential service file, so save to send
|
||||||
|
sendRawFile(socket, service_vault_file_path);
|
||||||
|
}
|
||||||
|
|
||||||
} else if (fs.existsSync(service_vault_file_path + ".txt")) {
|
} else if (fs.existsSync(service_vault_file_path + ".txt")) {
|
||||||
// raw text format, entire payload expected (headers and content)
|
// raw text format, entire payload expected (headers and content)
|
||||||
service_vault_found = true;
|
service_vault_found = true;
|
||||||
@@ -595,7 +638,7 @@ async function sendToClient(socket, headers_obj, data) {
|
|||||||
if (socket_sessions[socket.id]) {
|
if (socket_sessions[socket.id]) {
|
||||||
if (socket_sessions[socket.id].request_headers) {
|
if (socket_sessions[socket.id].request_headers) {
|
||||||
if (socket_sessions[socket.id].request_headers.service_file_path) {
|
if (socket_sessions[socket.id].request_headers.service_file_path) {
|
||||||
if (wtvshared.getFileExt(socket_sessions[socket.id].request_headers.service_file_path).toLowerCase() !== "js") {
|
if (wtvshared.getFileExt(socket_sessions[socket.id].request_headers.service_file_path).toLowerCase() !== "js" || socket_sessions[socket.id].request_headers.raw_file === true) {
|
||||||
var last_modified = wtvshared.getFileLastModifiedUTCString(socket_sessions[socket.id].request_headers.service_file_path);
|
var last_modified = wtvshared.getFileLastModifiedUTCString(socket_sessions[socket.id].request_headers.service_file_path);
|
||||||
if (last_modified) headers_obj["Last-Modified"] = last_modified;
|
if (last_modified) headers_obj["Last-Modified"] = last_modified;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user