v0.9.59

- code cleanup and refactoring
- implement max post size on pc services
- add box account transfer system
- create directory indexer for pc services
- fix catchall for pc services
- pc services not respects `disabled: true` if sharing the same port
- new wtv-tricks:/info from WebTV Redialed
- Added missing Pagebuilder themes
- Fixed various PageBuilder bugs, pages should work correctly (republish your page if needed)
- various security and bug fixes

zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/ValidateLogin.js

@@ -4,94 +4,132 @@ var challenge_response, challenge_header = '';
 var gourl;
 var wtvsec_login = null;
 
-if (request_headers.query.hangup) {
-	headers = `300 OK
+
+hasPendingTransfer = session_data.hasPendingTransfer()
+if (hasPendingTransfer) {
+	if (hasPendingTransfer.type == "target") {
+		var xferSession = new WTVClientSessionData(minisrv_config, hasPendingTransfer.ssid);
+		xferSession.user_id = 0
+		var primary_username = xferSession.listPrimaryAccountUsers()['subscriber']['subscriber_username'];
+		var transferPendingDest = new clientShowAlert({
+			'image': minisrv_config.config.service_logo,
+			'message': "There is a pending transfer of the account <b>" + primary_username + "</b>, would you like to complete the transfer, or cancel it?",
+			'buttonlabel1': "Complete Transfer",
+			'buttonaction1': "wtv-head-waiter:/complete-account-transfer",
+			'buttonlabel2': "Cancel Transfer",
+			'buttonaction2': "wtv-head-waiter:/cancel-account-transfer",
+			'noback': true,
+		}).getURL();
+		var errpage = wtvshared.doRedirect(transferPendingDest);
+		var headers = errpage[0];
+		var data = errpage[1];
+	} else if (hasPendingTransfer.type == "source") {
+		var transferPendingSrc = new clientShowAlert({
+			'image': minisrv_config.config.service_logo,
+			'message': "There is a pending transfer of this account to <b>" + hasPendingTransfer.ssid + "</b>. In order to use this box, you need to complete or cancel the transfer.",
+			'buttonlabel1': "Power Off",
+			'buttonaction1': "client:poweroff",
+			'buttonlabel2': "Cancel Transfer",
+			'buttonaction2': "wtv-head-waiter:/cancel-account-transfer",
+			'noback': true,
+		}).getURL();
+		var errpage = wtvshared.doRedirect(transferPendingSrc);
+		var headers = errpage[0];
+		var data = errpage[1];
+	} else {
+		console.log(hasPendingTransfer);
+	}
+} else {
+
+	if (request_headers.query.hangup) {
+		headers = `300 OK
 Location: client:gototvhome
 wtv-visit: client:hangupphone`
-} else {
-	var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : session_data.user_id;
-
-	if (socket.ssid !== null && user_id !== null) session_data.switchUserID(user_id);
-
-	if (socket.ssid !== null && !session_data.get("wtvsec_login")) {
-		wtvsec_login = session_data.createWTVSecSession();
-		wtvsec_login.IssueChallenge();
-		wtvsec_login.set_incarnation(request_headers["wtv-incarnation"]);
-		session_data.set("wtvsec_login", wtvsec_login);
 	} else {
-		wtvsec_login = session_data.get("wtvsec_login");
-	}
+		var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : session_data.user_id;
 
-	if (socket.ssid !== null) {
-		if (wtvsec_login.ticket_b64 == null) {
-			challenge_response = wtvsec_login.challenge_response;
-			var client_challenge_response = request_headers["wtv-challenge-response"] || null;
-			if (challenge_response && client_challenge_response) {
-				if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) {
-					console.log(" * wtv-challenge-response success for " + wtvshared.filterSSID(socket.ssid));
-					wtvsec_login.PrepareTicket();
-					gourl = "wtv-head-waiter:/login-stage-two?";
+		if (socket.ssid !== null && user_id !== null) session_data.switchUserID(user_id);
+
+		if (socket.ssid !== null && !session_data.get("wtvsec_login")) {
+			wtvsec_login = session_data.createWTVSecSession();
+			wtvsec_login.IssueChallenge();
+			wtvsec_login.set_incarnation(request_headers["wtv-incarnation"]);
+			session_data.set("wtvsec_login", wtvsec_login);
+		} else {
+			wtvsec_login = session_data.get("wtvsec_login");
+		}
+
+		if (socket.ssid !== null) {
+			if (wtvsec_login.ticket_b64 == null) {
+				challenge_response = wtvsec_login.challenge_response;
+				var client_challenge_response = request_headers["wtv-challenge-response"] || null;
+				if (challenge_response && client_challenge_response) {
+					if (challenge_response.toString(CryptoJS.enc.Base64) == client_challenge_response) {
+						console.log(" * wtv-challenge-response success for " + wtvshared.filterSSID(socket.ssid));
+						wtvsec_login.PrepareTicket();
+						gourl = "wtv-head-waiter:/login-stage-two?";
+					} else {
+						console.log(" * wtv-challenge-response FAILED for " + wtvshared.filterSSID(socket.ssid));
+						if (minisrv_config.config.debug_flags.debug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64));
+						if (minisrv_config.config.debug_flags.debug) console.log("Response Received:", client_challenge_response)
+						gourl = "wtv-head-waiter:/login?reissue_challenge=true";
+					}
 				} else {
-					console.log(" * wtv-challenge-response FAILED for " + wtvshared.filterSSID(socket.ssid));
-					if (minisrv_config.config.debug_flags.debug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64));
-					if (minisrv_config.config.debug_flags.debug) console.log("Response Received:", client_challenge_response)
-					gourl = "wtv-head-waiter:/login?reissue_challenge=true";
+					gourl = "wtv-head-waiter:/login?no_response=true";
 				}
 			} else {
-				gourl = "wtv-head-waiter:/login?no_response=true";
+				gourl = "wtv-head-waiter:/login-stage-two?";
 			}
-		} else {
-			gourl = "wtv-head-waiter:/login-stage-two?";
 		}
-	}
 
-	if (request_headers.query.guest_login) {
-		if (request_headers.query.relogin || request_headers.query.reconnect) gourl += "&";
-		gourl += "guest_login=true";
-		if (request_headers.query.skip_splash) gourl += "&skip_splash=true";
-	}
+		if (request_headers.query.guest_login) {
+			if (request_headers.query.relogin || request_headers.query.reconnect) gourl += "&";
+			gourl += "guest_login=true";
+			if (request_headers.query.skip_splash) gourl += "&skip_splash=true";
+		}
 
-	if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login && !request_headers.query.relogin && !request_headers.query.reconnect) {
-		if (request_headers.query.password == "") {
-			headers = `403 Please enter your password and try again
+		if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login && !request_headers.query.relogin && !request_headers.query.reconnect) {
+			if (request_headers.query.password == "") {
+				headers = `403 Please enter your password and try again
 minisrv-no-mail-count: true
 `;
-		} else if (session_data.validateUserPassword(request_headers.query.password)) {
-			session_data.setUserLoggedIn(true);
-			headers = `200 OK
+			} else if (session_data.validateUserPassword(request_headers.query.password)) {
+				session_data.setUserLoggedIn(true);
+				headers = `200 OK
 minisrv-no-mail-count: true
 Content-Type: text/html
 wtv-visit: ${gourl}
 `;
-		} else {
-			headers = `403 The password you entered was incorrect. Please retype it and try again.
+			} else {
+				headers = `403 The password you entered was incorrect. Please retype it and try again.
 minisrv-no-mail-count: true
 `;
-		}
-	} else {
-		if (session_data.baddisk === true && !ssid_sessions[socket.ssid].get("bad_disk_shown")) {
-			gourl = "wtv-head-waiter:/bad-disk?"
-		}
-		else if (session_data.getNumberOfUserAccounts() > 1 && user_id === 0 && (!session_data.isUserLoggedIn() || request_headers.query.initial_login || request_headers.query.relogin) ) {
-			gourl = "wtv-head-waiter:/choose-user?"
+			}
 		} else {
-			if (!session_data.getUserPasswordEnabled() && request_headers.query.user_login) session_data.setUserLoggedIn(true);
-			var limitedLogin = (!session_data.lockdown && (!session_data.get('password_valid') && session_data.getUserPasswordEnabled()));
-			var limitedLoginRegistered = (limitedLogin && session_data.isRegistered());
-		}
-		headers = `200 OK
+			if (session_data.baddisk === true && !ssid_sessions[socket.ssid].get("bad_disk_shown")) {
+				gourl = "wtv-head-waiter:/bad-disk?"
+			}
+			else if (session_data.getNumberOfUserAccounts() > 1 && user_id === 0 && (!session_data.isUserLoggedIn() || request_headers.query.initial_login || request_headers.query.relogin)) {
+				gourl = "wtv-head-waiter:/choose-user?"
+			} else {
+				if (!session_data.getUserPasswordEnabled() && request_headers.query.user_login) session_data.setUserLoggedIn(true);
+				var limitedLogin = (!session_data.lockdown && (!session_data.get('password_valid') && session_data.getUserPasswordEnabled()));
+				var limitedLoginRegistered = (limitedLogin && session_data.isRegistered());
+			}
+			headers = `200 OK
 wtv-connection-close: true
 Connection: close
 minisrv-no-mail-count: true
 Content-Type: text/html`;
-		if (client_challenge_response) {
-			headers += `
+			if (client_challenge_response) {
+				headers += `
 wtv-encrypted: ${(request_headers['wtv-encrypted']) ? wtvshared.parseBool(request_headers['wtv-encrypted']) : true}`;
-			if (wtvsec_login) session_data.data_store.wtvsec_login.update_ticket = true;
-		}
-		if (limitedLoginRegistered && session_data.getUserPasswordEnabled()) gourl = "wtv-head-waiter:/password?";
-		headers += `
+				if (wtvsec_login) session_data.data_store.wtvsec_login.update_ticket = true;
+			}
+			if (limitedLoginRegistered && session_data.getUserPasswordEnabled()) gourl = "wtv-head-waiter:/password?";
+			headers += `
 wtv-visit: ${gourl}`;
 
+		}
 	}
 }