zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update: app.js: add really long timeout for closing missed sockets

Browse Source 
- update: app.js: fix for minibrowser connectivity
- update: app.js: enhance security
- update: wtv-home:/home: fix wtv-needs-upgrade -> wtv-need-upgrade
- update: wtv-head-waiter:/login-stage-two: do not send wtv-settings:/get to minibrowser
- update: wtv-1800:/preregister: Disconnect and clean up all previous sockets for the connecting SSID when hitting preregister. Also re-create wtvsec_login.
This commit is contained in:
zefie
2021-07-24 09:41:00 -04:00
parent 6ced1443f0
commit 89f1b896e1
4 changed files with 89 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
zefie_wtvp_minisrv/ServiceVault/wtv-1800/preregister.js
View File

@@ -6,6 +6,27 @@ if (request_headers["wtv-ticket"]) {
gourl = "wtv-head-waiter:/login-stage-two?"; gourl = "wtv-head-waiter:/login-stage-two?";
} }
if (socket.ssid) {
if (ssid_sessions[socket.ssid].data_store) {
if (ssid_sessions[socket.ssid].data_store.sockets) {
var i = 0;
ssid_sessions[socket.ssid].data_store.sockets.forEach(function (k) {
if (typeof k != "undefined") {
if (k != socket) {
k.destroy();
ssid_sessions[socket.ssid].data_store.sockets.delete(k);
i++;
}
}
});
if (i > 0 && zdebug) console.log(" # Closed", i, "previous sockets for", socket.ssid);
}
}
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
delete ssid_sessions[socket.ssid].data_store.wtvsec_login;
}
}
headers = `200 OK headers = `200 OK
Connection: Keep-Alive Connection: Keep-Alive
wtv-expire-all: wtv- wtv-expire-all: wtv-

7
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login-stage-two.js
View File

@@ -96,7 +96,10 @@ wtv-demo-mode: 0
wtv-wink-deferrer-retries: 3 wtv-wink-deferrer-retries: 3
wtv-offline-mail-enable: false wtv-offline-mail-enable: false
wtv-name-server: 8.8.8.8 wtv-name-server: 8.8.8.8
wtv-settings-url: wtv-setup:/get `;
wtv-visit: wtv-home:/splash? if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true') {
headers += "wtv-settings-url: wtv-setup:/get\n";
}
headers += `wtv-visit: wtv-home:/splash?
Content-Type: text/html`; Content-Type: text/html`;
} }

2
zefie_wtvp_minisrv/ServiceVault/wtv-home/home.js
View File

@@ -35,7 +35,7 @@ function go() {
<li><a href="client:diskhax">DiskHax</a> - <a href="client:vfathax">VFatHax</a></li> <li><a href="client:diskhax">DiskHax</a> - <a href="client:vfathax">VFatHax</a></li>
<li>Old MSNTV DealerDemo: <a href="wtv-update:/DealerDemo">Download</a> ~ <a href="file://Disk/Demo/index.html">Access (after Download)</a></li> <li>Old MSNTV DealerDemo: <a href="wtv-update:/DealerDemo">Download</a> ~ <a href="file://Disk/Demo/index.html">Access (after Download)</a></li>
<li><a href="http://duckduckgo.com/lite/">DuckDuckGo Lite</a></li>` <li><a href="http://duckduckgo.com/lite/">DuckDuckGo Lite</a></li>`
if (ssid_sessions[socket.ssid].get('wtv-needs-upgrade') != 'true') { if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true') {
data += `<li><input name=url `; data += `<li><input name=url `;
if (request_headers.query.url) { if (request_headers.query.url) {

94
zefie_wtvp_minisrv/app.js
View File

@@ -1,6 +1,7 @@
'use strict'; 'use strict';
const fs = require('fs'); const fs = require('fs');
const path = require('path');
const http = require('http'); const http = require('http');
const https = require('https'); const https = require('https');
const strftime = require('strftime'); // used externally by service scripts const strftime = require('strftime'); // used externally by service scripts
@@ -89,7 +90,7 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
try { try {
service_vaults.forEach(function (service_vault_dir) { service_vaults.forEach(function (service_vault_dir) {
if (service_vault_found) return; if (service_vault_found) return;
service_vault_file_path = service_vault_dir + "/" + service_path.replace(/\\/g, "/"); service_vault_file_path = makeSafePath(service_vault_dir,service_path);
if (fs.existsSync(service_vault_file_path)) { if (fs.existsSync(service_vault_file_path)) {
@@ -139,7 +140,7 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
service_vault_found = true; service_vault_found = true;
if (!zquiet) console.log(" * Found " + service_vault_file_path + ".js to handle request (JS Interpreter mode) [Socket " + socket.id + "]"); if (!zquiet) console.log(" * Found " + service_vault_file_path + ".js to handle request (JS Interpreter mode) [Socket " + socket.id + "]");
// expose var service_dir for script path to the root of the wtv-service // expose var service_dir for script path to the root of the wtv-service
var service_dir = service_vault_dir.replace(/\\/g, "/") + "/" + service_name; var service_dir = service_vault_dir + path.sep + service_name;
socket_sessions[socket.id].starttime = Math.floor(new Date().getTime() / 1000); socket_sessions[socket.id].starttime = Math.floor(new Date().getTime() / 1000);
var jscript_eval = fs.readFileSync(service_vault_file_path + ".js").toString(); var jscript_eval = fs.readFileSync(service_vault_file_path + ".js").toString();
eval(jscript_eval); eval(jscript_eval);
@@ -166,7 +167,7 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
} }
if (!request_is_async) { if (!request_is_async) {
if (!service_vault_found) { if (!service_vault_found) {
console.log(" * Could not find a Service Vault for", service_path); console.log(" * Could not find a Service Vault for " + service_name + ":/" + service_path.replace(service_name + path.sep, ""));
var errpage = doErrorPage(404); var errpage = doErrorPage(404);
headers = errpage[0]; headers = errpage[0];
data = errpage[1]; data = errpage[1];
@@ -209,6 +210,12 @@ function filterSSID(obj) {
} }
} }
function makeSafePath(base, target) {
target.replace(/[\|\&\;\$\%\@\"\<\>\+\,\\]/g, "");
var targetPath = path.posix.normalize(target)
return base + path.sep + targetPath;
}
async function processURL(socket, request_headers) { async function processURL(socket, request_headers) {
if (request_headers === null) { if (request_headers === null) {
return; return;
@@ -251,7 +258,7 @@ async function processURL(socket, request_headers) {
} }
// assume webtv since there is a :/ in the GET // assume webtv since there is a :/ in the GET
var service_name = shortURL.split(':/')[0]; var service_name = shortURL.split(':/')[0];
var urlToPath = service_name + "/" + shortURL.split(':/')[1]; var urlToPath = service_name + path.sep + shortURL.split(':/')[1];
if (zshowheaders) console.log(" * Incoming headers on socket ID", socket.id, (await filterSSID(request_headers))); if (zshowheaders) console.log(" * Incoming headers on socket ID", socket.id, (await filterSSID(request_headers)));
processPath(socket, urlToPath, request_headers, service_name); processPath(socket, urlToPath, request_headers, service_name);
} else if (shortURL.indexOf('http://') >= 0 || shortURL.indexOf('https://') >= 0) { } else if (shortURL.indexOf('http://') >= 0 || shortURL.indexOf('https://') >= 0) {
@@ -550,9 +557,9 @@ function headersAreStandard(string, verbose = false) {
return /^([A-Za-z0-9\+\/\=\-\.\,\ \"\;\:\?\&\r\n\(\)\%\<\>\_]{8,})$/.test(string); return /^([A-Za-z0-9\+\/\=\-\.\,\ \"\;\:\?\&\r\n\(\)\%\<\>\_]{8,})$/.test(string);
} }
async function processRequest(socket, data_hex, returnHeadersBeforeSecure = false, encryptedRequest = false) { async function processRequest(socket, data_hex, skipSecure = false, encryptedRequest = false) {
// TODO: clean up this function (how much is even used anymore?) // This function sucks and needs to be rewritten
var headers = null; var headers = null;
if (socket_sessions[socket.id]) { if (socket_sessions[socket.id]) {
@@ -579,7 +586,7 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
} else { } else {
headers = headerStringToObj(data); headers = headerStringToObj(data);
} }
} else if (!returnHeadersBeforeSecure) { } else if (!skipSecure) {
// if its a POST request, assume its a binary blob and not encrypted (dangerous) // if its a POST request, assume its a binary blob and not encrypted (dangerous)
if (!encryptedRequest) { if (!encryptedRequest) {
// its not a POST and it failed the headersAreStandard test, so we think this is an encrypted blob // its not a POST and it failed the headersAreStandard test, so we think this is an encrypted blob
@@ -619,8 +626,8 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
if (!ssid_sessions[socket.ssid]) { if (!ssid_sessions[socket.ssid]) {
ssid_sessions[socket.ssid] = new ClientSessionData(); ssid_sessions[socket.ssid] = new ClientSessionData();
} }
if (!ssid_sessions[socket.ssid].data_store.sockets) ssid_sessions[socket.ssid].data_store.sockets = new Array(); if (!ssid_sessions[socket.ssid].data_store.sockets) ssid_sessions[socket.ssid].data_store.sockets = new Set();
ssid_sessions[socket.ssid].data_store.sockets.push(socket.id); ssid_sessions[socket.ssid].data_store.sockets.add(socket);
} }
var ip2long = function (ip) { var ip2long = function (ip) {
@@ -734,11 +741,8 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
} }
} }
if (returnHeadersBeforeSecure) {
return headers;
}
if (headers.secure === true || headers.encrypted === true) { if ((headers.secure === true || headers.encrypted === true) && !skipSecure) {
if (!socket_sessions[socket.id].wtvsec) { if (!socket_sessions[socket.id].wtvsec) {
if (!zquiet) console.log(" * Starting new WTVSec instance on socket", socket.id); if (!zquiet) console.log(" * Starting new WTVSec instance on socket", socket.id);
if (ssid_sessions[socket.ssid].get("wtv-incarnation")) { if (ssid_sessions[socket.ssid].get("wtv-incarnation")) {
@@ -766,7 +770,7 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
} }
var enc_data = CryptoJS.enc.Hex.parse(data_hex.substring(header_length * 2)); var enc_data = CryptoJS.enc.Hex.parse(data_hex.substring(header_length * 2));
if (enc_data.sigBytes > 0) { if (enc_data.sigBytes > 0) {
if (headersAreStandard(enc_data.toString(CryptoJS.enc.Latin1), (!returnHeadersBeforeSecure && !encryptedRequest))) { if (headersAreStandard(enc_data.toString(CryptoJS.enc.Latin1), (!skipSecure && !encryptedRequest))) {
// some builds (like our targeted 3833), send SECURE ON but then unencrypted headers // some builds (like our targeted 3833), send SECURE ON but then unencrypted headers
if (zdebug) console.log(" # Psuedo-encrypted Request (SECURE ON)", "on", socket.id); if (zdebug) console.log(" # Psuedo-encrypted Request (SECURE ON)", "on", socket.id);
// don't actually encrypt output // don't actually encrypt output
@@ -792,11 +796,28 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
} }
} }
// Merge new headers into existing headers object // Merge new headers into existing headers object
Object.keys(secure_headers).forEach(function (k, v) { Object.keys(secure_headers).forEach(function (k) {
headers[k] = secure_headers[k]; headers[k] = secure_headers[k];
}); });
} else {
socket_sessions[socket.id].headers = headers;
return;
} }
} }
} else if (skipSecure) {
if (headers) {
if (headers['request']) {
if (headers['request'].substring(0, 4) == "POST") {
if (socket_sessions[socket.id].secure_buffer) delete socket_sessions[socket.id].secure_buffer;
} else {
return headers;
}
} else {
return headers;
}
} else {
return;
}
} }
// handle POST // handle POST
@@ -870,7 +891,7 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
console.log(" * ", Math.floor(new Date().getTime() / 1000), "Receiving", post_string, "data on", socket.id, "[", socket_sessions[socket.id].post_data.length / 2, "of", socket_sessions[socket.id].post_data_length, "bytes ]"); console.log(" * ", Math.floor(new Date().getTime() / 1000), "Receiving", post_string, "data on", socket.id, "[", socket_sessions[socket.id].post_data.length / 2, "of", socket_sessions[socket.id].post_data_length, "bytes ]");
} else { } else {
// calculate and display percentage of data received // calculate and display percentage of data received
var getPercentage = function(partialValue, totalValue) { var getPercentage = function (partialValue, totalValue) {
return Math.floor((100 * partialValue) / totalValue); return Math.floor((100 * partialValue) / totalValue);
} }
var postPercent = getPercentage(socket_sessions[socket.id].post_data.length, (socket_sessions[socket.id].post_data_length * 2)); var postPercent = getPercentage(socket_sessions[socket.id].post_data.length, (socket_sessions[socket.id].post_data_length * 2));
@@ -909,7 +930,7 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
return; return;
} }
} else if (!returnHeadersBeforeSecure) { } else if (!skipSecure) {
if (!encryptedRequest) { if (!encryptedRequest) {
if (socket_sessions[socket.id].secure != true) { if (socket_sessions[socket.id].secure != true) {
socket_sessions[socket.id].wtvsec = new WTVSec(1, zdebug); socket_sessions[socket.id].wtvsec = new WTVSec(1, zdebug);
@@ -933,19 +954,26 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
} else { } else {
var dec_data = CryptoJS.lib.WordArray.create(socket_sessions[socket.id].wtvsec.Decrypt(0, enc_data)); var dec_data = CryptoJS.lib.WordArray.create(socket_sessions[socket.id].wtvsec.Decrypt(0, enc_data));
} }
var secure_headers = await processRequest(socket, dec_data.toString(CryptoJS.enc.Hex), false, true); if (!socket_sessions[socket.id].secure_buffer) socket_sessions[socket.id].secure_buffer = "";
socket_sessions[socket.id].secure_buffer += dec_data.toString(CryptoJS.enc.Hex);
var secure_headers = await processRequest(socket, socket_sessions[socket.id].secure_buffer, true, true);
if (secure_headers) { if (secure_headers) {
delete socket_sessions[socket.id].secure_buffer;
if (!headers) headers = new Array(); if (!headers) headers = new Array();
headers.encrypted = true; headers.encrypted = true;
Object.keys(secure_headers).forEach(function (k, v) { Object.keys(secure_headers).forEach(function (k, v) {
headers[k] = secure_headers[k]; headers[k] = secure_headers[k];
}); });
if (headers['request']) { if (headers['request']) {
if (headers['request'].substring(0, 4) == "POST" && !socket_sessions[socket.id].post_data) { if (headers['request'].substring(0, 4) == "POST") {
socket_sessions[socket.id].post_data_length = headers['Content-length'] || headers['Content-Length'] || 0; if (!socket_sessions[socket.id].post_data) {
socket_sessions[socket.id].post_data = ""; socket_sessions[socket.id].post_data_length = headers['Content-length'] || headers['Content-Length'] || 0;
socket_sessions[socket.id].post_data = "";
}
processRequest(socket, dec_data.toString(CryptoJS.enc.Hex));
} else {
processURL(socket, headers);
} }
processRequest(socket, dec_data.toString(CryptoJS.enc.Hex));
} }
} }
} }
@@ -962,12 +990,9 @@ async function cleanupSocket(socket) {
delete socket_sessions[socket.id]; delete socket_sessions[socket.id];
} }
if (socket.ssid) { if (socket.ssid) {
var socket_array_index = ssid_sessions[socket.ssid].data_store.sockets.findIndex(element => element == socket.id); ssid_sessions[socket.ssid].data_store.sockets.delete(socket);
if (socket_array_index != -1) {
ssid_sessions[socket.ssid].data_store.sockets.splice(socket_array_index,1);
}
if (ssid_sessions[socket.ssid].data_store.sockets.length === 0 && ssid_sessions[socket.ssid].data_store.wtvsec_login) { if (ssid_sessions[socket.ssid].data_store.sockets.size === 0 && ssid_sessions[socket.ssid].data_store.wtvsec_login) {
// if last socket for SSID disconnected, destroy login session // if last socket for SSID disconnected, destroy login session
if (!zquiet) console.log(" * Last socket from WebTV SSID", filterSSID(socket.ssid),"disconnected, cleaning up primary WTVSec instance for this SSID"); if (!zquiet) console.log(" * Last socket from WebTV SSID", filterSSID(socket.ssid),"disconnected, cleaning up primary WTVSec instance for this SSID");
ssid_sessions[socket.ssid].delete("wtvsec_login"); ssid_sessions[socket.ssid].delete("wtvsec_login");
@@ -989,7 +1014,7 @@ async function handleSocket(socket) {
socket.id = parseInt(crc16('CCITT-FALSE', Buffer.from(String(socket.remoteAddress) + String(socket.remotePort), "utf8")).toString(16), 16); socket.id = parseInt(crc16('CCITT-FALSE', Buffer.from(String(socket.remoteAddress) + String(socket.remotePort), "utf8")).toString(16), 16);
socket_sessions[socket.id] = []; socket_sessions[socket.id] = [];
socket.setEncoding('hex'); //set data encoding (Text: 'ascii', 'utf8' ~ Binary: 'hex', 'base64' (do not trust 'binary' encoding)) socket.setEncoding('hex'); //set data encoding (Text: 'ascii', 'utf8' ~ Binary: 'hex', 'base64' (do not trust 'binary' encoding))
socket.setTimeout(600000);
socket.on('data', function (data_hex) { socket.on('data', function (data_hex) {
if (!socket_sessions[socket.id].secure) { if (!socket_sessions[socket.id].secure) {
// buffer unencrypted data until we see the classic double-newline, or get blank // buffer unencrypted data until we see the classic double-newline, or get blank
@@ -1041,25 +1066,24 @@ function integrateConfig(main, user) {
return main; return main;
} }
function returnAbsolsutePath(path) { function returnAbsolsutePath(check_path) {
if (path.substring(0, 1) != "/" && path.substring(1, 1) != ":") { if (check_path.substring(0, 1) != path.sep && check_path.substring(1, 1) != ":") {
// non-absolute path, so use current directory as base // non-absolute path, so use current directory as base
path = (__dirname + "/" + path).replace(/\\/g, "/"); check_path = (__dirname + path.sep + check_path);
} else { } else {
// already absolute path // already absolute path
path = path.replace(/\\/g, "/");
} }
return path; return check_path;
} }
function getGitRevision() { function getGitRevision() {
try { try {
const rev = fs.readFileSync(__dirname.replace(/\\/g, "/") + '/../.git/HEAD').toString().trim(); const rev = fs.readFileSync(__dirname + path.sep + ".." + path.sep + ".git" + path.sep + "HEAD").toString().trim();
if (rev.indexOf(':') === -1) { if (rev.indexOf(':') === -1) {
return rev; return rev;
} else { } else {
return fs.readFileSync(__dirname.replace(/\\/g, "/") + '/../.git/' + rev.substring(5)).toString().trim(); return fs.readFileSync(__dirname + path.sep + ".." + path.sep + ".git" + path.sep + rev.substring(5)).toString().trim();
} }
} catch (e) { } catch (e) {
return null; return null;