From bac031bd4e55da5f268523f1aaf872461e785de8 Mon Sep 17 00:00:00 2001 From: zefie Date: Sat, 1 Oct 2022 23:29:59 -0400 Subject: [PATCH] fix http_pc pc services --- .../ServiceVault/http_pc/get.js | 39 -------- .../ServiceVault/http_pc/index.js | 24 +---- zefie_wtvp_minisrv/app.js | 90 ++++++++++--------- zefie_wtvp_minisrv/package-lock.json | 16 ++-- zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj | 1 - 5 files changed, 61 insertions(+), 109 deletions(-) delete mode 100644 zefie_wtvp_minisrv/ServiceVault/http_pc/get.js diff --git a/zefie_wtvp_minisrv/ServiceVault/http_pc/get.js b/zefie_wtvp_minisrv/ServiceVault/http_pc/get.js deleted file mode 100644 index 844beae0..00000000 --- a/zefie_wtvp_minisrv/ServiceVault/http_pc/get.js +++ /dev/null @@ -1,39 +0,0 @@ -var minisrv_service_file = true; - -if (request_headers.query.url) { - if (request_headers.query.url.indexOf(":/") > 0) { - var service_request = request_headers.query.url.split(":/")[0]; - var service_port = 0; - Object.keys(minisrv_config.services).forEach(function (k) { - if (minisrv_config.services[k].disabled) return; - if (k == service_request) service_port = minisrv_config.services[k].port; - }); - if (service_port > 0) { - request_is_async = true; - var request_headers_out = new Array() - request_headers_out.request = "GET " + request_headers.query.url; - request_headers_out.request_url = request_headers.query.url; - request_headers_out['wtv-client-serial-number'] = socket.id + "HTTPPCReq"; - processURL(socket, request_headers_out); -/* - var s = require('net').Socket(); - var outdata = ""; - s.connect(service_port); - s.setTimeout(1, function () { - outdata = outdata.split() - sendToClient(socket,outdata); - }); - s.on('data', function (data) { - outdata += data; - }); - s.write() -*/ - } - } -} - -if (!headers) { - var errpage = wtvshared.doErrorPage(500) - headers = errpage[0]; - data = errpage[1]; -} \ No newline at end of file diff --git a/zefie_wtvp_minisrv/ServiceVault/http_pc/index.js b/zefie_wtvp_minisrv/ServiceVault/http_pc/index.js index 30c83bfe..cbd27858 100644 --- a/zefie_wtvp_minisrv/ServiceVault/http_pc/index.js +++ b/zefie_wtvp_minisrv/ServiceVault/http_pc/index.js @@ -3,31 +3,13 @@ var minisrv_service_file = true; headers = `200 OK Content-Type: text/html` -var splash_logo = minisrv_config.config.service_splash_logo; -if (splash_logo.substring(0, 4) == "file") splash_logo = "wtv-star:/ROMCache/splash_logo_hacktv.gif"; - data = ` - zefie minisrv ${minisrv_config.version} - -
- -
- -


-


-


- -
-Mini service -
-zefie minisrv v${minisrv_config.version}`; -if (minisrv_config.config.git_commit) data += " (git " + minisrv_config.config.git_commit + ")"; -data += ` -
-

+

+Welcome to the zefie minisrv ${minisrv_config.version} PC Services +

`; \ No newline at end of file diff --git a/zefie_wtvp_minisrv/app.js b/zefie_wtvp_minisrv/app.js index 379f5daa..5e4ca72f 100644 --- a/zefie_wtvp_minisrv/app.js +++ b/zefie_wtvp_minisrv/app.js @@ -432,8 +432,10 @@ async function processPath(socket, service_vault_file_path, request_headers = ne } async function processURL(socket, request_headers) { + console.log(request_headers) var shortURL, headers, data = ""; var enable_multi_query = false; + socket.minisrv_pc_mode = false; request_headers.query = new Array(); if (request_headers.request_url) { if (request_headers.request_url.indexOf('?') >= 0) { @@ -517,7 +519,6 @@ async function processURL(socket, request_headers) { console.log("error:",e) } } - if ((shortURL.indexOf("http") != 0 && shortURL.indexOf("ftp") != 0 && shortURL.indexOf(":") > 0 && shortURL.indexOf(":/") == -1)) { // Apparently it is within WTVP spec to accept urls without a slash (eg wtv-home:home) // Here, we just reassemble the request URL as if it was a proper URL (eg wtv-home:/home) @@ -549,48 +550,52 @@ async function processURL(socket, request_headers) { } } } - // check security - if (!ssid_sessions[socket.ssid].isAuthorized(shortURL)) { - // lockdown mode and URL not authorized - headers = "300 Unauthorized\n"; - headers += "Location: " + minisrv_config.config.unauthorized_url + "\n"; - headers += "minisrv-no-mail-count: true\n"; - data = ""; - sendToClient(socket, headers, data); - console.log(" * Lockdown rejected request for " + shortURL + " on socket ID", socket.id); - return; - } - - if (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].isUserLoggedIn()) { - if (!ssid_sessions[socket.ssid].isAuthorized(shortURL,'login')) { - // user is not fully logged in, and URL not authorized - headers = "300 Unauthorized\n"; - headers += "Location: client:relogin\n"; - headers += "minisrv-no-mail-count: true\n"; - data = ""; - sendToClient(socket, headers, data); - console.log(" * Incomplete login rejected request for " + shortURL + " on socket ID", socket.id); - return; - } - } + if (!socket.minisrv_pc_mode) { + // skip box auth tests for pc mode - if (ssid_sessions[socket.ssid].get("wtv-my-disk-sucks-sucks-sucks")) { - if (!ssid_sessions[socket.ssid].baddisk) { - // psuedo lockdown, will unlock on the disk warning page, but prevents minisrv access until they read the error - ssid_sessions[socket.ssid].lockdown = true; - ssid_sessions[socket.ssid].baddisk = true; + // check security + if (!ssid_sessions[socket.ssid].isAuthorized(shortURL)) { + // lockdown mode and URL not authorized + headers = "300 Unauthorized\n"; + headers += "Location: " + minisrv_config.config.unauthorized_url + "\n"; + headers += "minisrv-no-mail-count: true\n"; + data = ""; + sendToClient(socket, headers, data); + console.log(" * Lockdown rejected request for " + shortURL + " on socket ID", socket.id); + return; } - } - if (!ssid_sessions[socket.ssid].isUserLoggedIn() && !ssid_sessions[socket.ssid].isAuthorized(shortURL, 'login')) { - // lockdown mode and URL not authorized - headers = `300 Unauthorized + if (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].isUserLoggedIn()) { + if (!ssid_sessions[socket.ssid].isAuthorized(shortURL, 'login')) { + // user is not fully logged in, and URL not authorized + headers = "300 Unauthorized\n"; + headers += "Location: client:relogin\n"; + headers += "minisrv-no-mail-count: true\n"; + data = ""; + sendToClient(socket, headers, data); + console.log(" * Incomplete login rejected request for " + shortURL + " on socket ID", socket.id); + return; + } + } + + if (ssid_sessions[socket.ssid].get("wtv-my-disk-sucks-sucks-sucks")) { + if (!ssid_sessions[socket.ssid].baddisk) { + // psuedo lockdown, will unlock on the disk warning page, but prevents minisrv access until they read the error + ssid_sessions[socket.ssid].lockdown = true; + ssid_sessions[socket.ssid].baddisk = true; + } + } + + if (!ssid_sessions[socket.ssid].isUserLoggedIn() && !ssid_sessions[socket.ssid].isAuthorized(shortURL, 'login')) { + // lockdown mode and URL not authorized + headers = `300 Unauthorized Location: ${minisrv_config.config.unauthorized_url} minisrv-no-mail-count: true`; - data = ""; - sendToClient(socket, headers, data); - console.log(" * Rejected login bypass request for " + shortURL + " on socket ID", socket.id); - return; + data = ""; + sendToClient(socket, headers, data); + console.log(" * Rejected login bypass request for " + shortURL + " on socket ID", socket.id); + return; + } } // Check URL for :/, but not :// (to differentiate wtv urls) @@ -1225,7 +1230,13 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq } if (!ssid_sessions[socket.ssid].data_store.sockets) ssid_sessions[socket.ssid].data_store.sockets = new Set(); ssid_sessions[socket.ssid].data_store.sockets.add(socket); - } + } + } + + if (!socket.ssid) { + // process as pc service + processURL(socket, headers); + return; } if (!ssid_sessions[socket.ssid] || !socket.ssid) return headers; @@ -1366,7 +1377,6 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq return; } } - // handle POST if (headers['request'] && !socket_sessions[socket.id].expecting_post_data) { if (headers['request'].substring(0, 4) == "POST") { diff --git a/zefie_wtvp_minisrv/package-lock.json b/zefie_wtvp_minisrv/package-lock.json index c121f243..d5097350 100644 --- a/zefie_wtvp_minisrv/package-lock.json +++ b/zefie_wtvp_minisrv/package-lock.json @@ -1,12 +1,12 @@ { "name": "zefie_wtvp_minisrv", - "version": "0.9.26", + "version": "0.9.30", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "zefie_wtvp_minisrv", - "version": "0.9.26", + "version": "0.9.30", "license": "GPL3", "dependencies": { "crypto-js": "^4.1.1", @@ -592,9 +592,9 @@ "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" }, "node_modules/postcss": { - "version": "8.4.16", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz", - "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==", + "version": "8.4.17", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.17.tgz", + "integrity": "sha512-UNxNOLQydcOFi41yHNMcKRZ39NeXlr8AxGuZJsdub8vIb12fHzcq37DTU/QtbI6WLxNg2gF9Z+8qtRwTj1UI1Q==", "funding": [ { "type": "opencollective", @@ -1288,9 +1288,9 @@ "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" }, "postcss": { - "version": "8.4.16", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz", - "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==", + "version": "8.4.17", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.17.tgz", + "integrity": "sha512-UNxNOLQydcOFi41yHNMcKRZ39NeXlr8AxGuZJsdub8vIb12fHzcq37DTU/QtbI6WLxNg2gF9Z+8qtRwTj1UI1Q==", "requires": { "nanoid": "^3.3.4", "picocolors": "^1.0.0", diff --git a/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj b/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj index 902c9f1c..68a91854 100644 --- a/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj +++ b/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj @@ -38,7 +38,6 @@ -