v0.9.41

zefie_wtvp_minisrv/app.js

@@ -331,7 +331,8 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
     var request_is_async = false;
     var service_vault_found = false;
     var service_path = unescape(service_vault_file_path);
-     var usingSharedROMCache = false;
+	var vaults_to_scan = service_vaults;
+    var usingSharedROMCache = false;
     var contextObj = {
         "privileged": false,
         "socket": socket,
@@ -352,19 +353,17 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
         ["request_is_async", "request_is_async"]   // we need to know if the script is async or not
     ]
 
-    if (!pc_services) {
+    if (pc_services) {
+        var pc_service_name = getServiceByVaultDir(service_name)
+        if (minisrv_config.services[pc_service_name].service_vaults) {
+            vaults_to_scan = minisrv_config.services[pc_service_name].service_vaults;
+        }
+    } else {
         updateFromVM.push([`ssid_sessions['${socket.ssid}']`, "session_data"]); // user-specific session data from unprivileged scripts
     }
-
     var privileged = false;
-    if (minisrv_config.services[service_name]) {
-        privileged = (minisrv_config.services[service_name].privileged) ? true : false;
-    } else if (pc_services) {
-        var real_service_name = getServiceByVaultDir(service_name);
-        if (real_service_name) {
-            privileged = (minisrv_config.services[real_service_name].privileged) ? true : false;
-        }
-    }
+    if (minisrv_config.services[service_name]) privileged = (minisrv_config.services[service_name].privileged) ? true : false;
+    else if (pc_services) privileged = (minisrv_config.services['pc_services'].privileged) ? true : false;
 
     if (privileged) {
         updateFromVM.push(["ssid_sessions", "ssid_sessions"]);             // global ssid_sessions object for privileged service scripts, such as wtv-setup, wtv-head-waiter, etc
@@ -372,7 +371,7 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
     }
 
     try {
-        service_vaults.forEach(function (service_vault_dir) {
+        vaults_to_scan.forEach(function (service_vault_dir) {
             if (service_vault_found) return;
             if (!usingSharedROMCache) {
                 if (minisrv_config.config.SharedROMCache && shared_romcache) {
@@ -443,7 +442,7 @@ async function processPath(socket, service_vault_file_path, request_headers = ne
                         }
 
                         if (!ssid_sessions[socket.ssid].data_store.WTVFlashrom) {
-                            ssid_sessions[socket.ssid].data_store.WTVFlashrom = new WTVFlashrom(minisrv_config, service_vaults, service_name, minisrv_config.services[service_name].use_zefie_server, bf0app_update);
+                            ssid_sessions[socket.ssid].data_store.WTVFlashrom = new WTVFlashrom(minisrv_config, search_service_vaults, service_name, minisrv_config.services[service_name].use_zefie_server, bf0app_update);
                         }
 
                         ssid_sessions[socket.ssid].data_store.WTVFlashrom.getFlashRom(request_path, function (data, headers) {
@@ -2011,11 +2010,11 @@ if (minisrv_config.config.error_log_file) {
 
 // sanity
 if (minisrv_config.config.user_accounts.max_users_per_account < 1) {
-    console.log(" * WARNING: user_accounts.max_users_per_account should be at least 1, we have set it to 1.");
+    console.log(" * WARNING: user_accounts.max_users_per_account should be >= 1, we have set it to 1.");
     minisrv_config.config.user_accounts.max_users_per_account = 1;
 }
 if (minisrv_config.config.user_accounts.max_users_per_account > 99) {
-    console.log(" * WARNING: user_accounts.max_users_per_account should be less than 99, we have set it to 99.");
+    console.log(" * WARNING: user_accounts.max_users_per_account should be <= 99, we have set it to 99.");
     minisrv_config.config.user_accounts.max_users_per_account = 99;
 }
 

zefie_wtvp_minisrv/includes/ServiceVault/wtv-mail/readmail.js

@@ -295,8 +295,6 @@ ${(message.subject) ? wtvshared.htmlEntitize(message.subject) : '(No subject)'}
                 }
                 data += `<p>
 `;
-                console.log(message.body);
-                console.log(message.allow_html)
                 if (Array.isArray(message.attachments)) {
                     message.attachments.forEach((v, k) => {
                         if (v) {

zefie_wtvp_minisrv/includes/ServiceVault/wtv-mail/sendmail.js

@@ -210,6 +210,8 @@ Content-Type: audio/wav`;
                         }
                     }
 
+                    if (!msg_body) msg_body = "";
+
                     if (attachments.length > 0 || msg_body.indexOf('<html>') >= 0) {
                         // usenet attachments
                         var tuples = [];

zefie_wtvp_minisrv/includes/classes/WTVAuthor.js

@@ -857,7 +857,7 @@ html += `">next page</a>
 		}
 		for (let i = 0; i < this.stylemedia.length; i++) {
 			this.fs.mkdirSync(destDir + this.wtvclient.session_store.subscriber_username + '/' + publishname + this.stylemedia[i].substr(0, this.stylemedia[i].lastIndexOf("/")), { recursive: true })
-			this.fs.copyFile('ServiceVault/wtv-author' + this.stylemedia[i], destDir + this.wtvclient.session_store.subscriber_username + '/' + publishname + this.stylemedia[i], (err) => {
+			this.fs.copyFile('includes/ServiceVault/wtv-author' + this.stylemedia[i], destDir + this.wtvclient.session_store.subscriber_username + '/' + publishname + this.stylemedia[i], (err) => {
 				if (err) throw err;
 			});
 		}

zefie_wtvp_minisrv/includes/classes/WTVNewsServer.js

@@ -145,7 +145,7 @@ class WTVNewsServer {
                 cert: this.wtvshared.getServiceDep('wtv-news/localserver_cert.pem'),
             }
             this.local_server = new nntp_server({ requireAuth: using_auth, tls: tls_options, secure: true, allow_posting: true });
-            this.local_server.listen('nntps://localhost:' + local_server_port);
+            this.local_server.listen('nntps://127.0.0.1:' + local_server_port);
         }
     }
 

zefie_wtvp_minisrv/includes/classes/WTVSec.js

@@ -1,5 +1,6 @@
 const CryptoJS = require('crypto-js');
 const endianness = require('endianness');
+var RC4 = require('rc4-crypto');
 var crypto = require('crypto');
 
 /**
@@ -296,7 +297,7 @@ class WTVSec {
 
     /**
      * Starts an encryption session
-     * @param {Number} rc4session Session Type (0 = enc k1, 1 = dec k1, 3 = enc k2, 4 = dec k2, default: all)
+     * @param {Number} rc4session Session Type (0 = enc k1, 1 = dec k1, 2 = enc k2, 3 = dec k2, default: all)
      * 
      */
     SecureOn(rc4session = null) {
@@ -310,22 +311,22 @@ class WTVSec {
         var key2 = this.wordArrayToBuffer(this.hRC4_Key2);
         switch (rc4session) {
             case 0:
-                this.RC4Session[0] = crypto.createCipheriv('rc4', key1,'');
+                this.RC4Session[0] = new RC4.RC4(key1);
                 break;
             case 1:
-                this.RC4Session[1] = crypto.createDecipheriv('rc4', key1,'');
+                this.RC4Session[1] = new RC4.RC4(key1);
                 break;
             case 2:
-                this.RC4Session[2] = crypto.createCipheriv('rc4', key2,'');
+                this.RC4Session[2] = new RC4.RC4(key2);
                 break;
             case 3:
-                this.RC4Session[3] = crypto.createDecipheriv('rc4', key2,'');
+                this.RC4Session[3] = new RC4.RC4(key2);
                 break;
             default:
-                this.RC4Session[0] = crypto.createCipheriv('rc4', key1, '');
-                this.RC4Session[1] = crypto.createDecipheriv('rc4', key1, '');
-                this.RC4Session[2] = crypto.createCipheriv('rc4', key2, '');
-                this.RC4Session[3] = crypto.createDecipheriv('rc4', key2, '');
+                this.RC4Session[0] = new RC4.RC4(key1);
+                this.RC4Session[1] = new RC4.RC4(key1);
+                this.RC4Session[2] = new RC4.RC4(key2);
+                this.RC4Session[3] = new RC4.RC4(key2);
                 break;
         }
     }
@@ -355,10 +356,10 @@ class WTVSec {
         }
         if (data.words) {
             data = this.wordArrayToBuffer(data);
-        } else if (data.constructor === ArrayBuffer) {
+        } else if (data.constructor === ArrayBuffer || typeof data == 'string') {
             data = new Buffer.from(data);
         }
-        return this.RC4Session[session_id].update(data);
+        return this.RC4Session[session_id].updateFromBuffer(data);
     }
 
     /**
@@ -386,10 +387,10 @@ class WTVSec {
         }
         if (data.words) {
             data = this.wordArrayToBuffer(data);
-        } else if (data.constructor === ArrayBuffer) {
+        } else if (data.constructor === ArrayBuffer || typeof data == 'string') {
             data = new Buffer.from(data);
         }
-        return this.RC4Session[session_id].update(data);
+        return this.RC4Session[session_id].updateFromBuffer(data);
     }
 }
 

zefie_wtvp_minisrv/includes/config.json

@@ -305,6 +305,18 @@
       "external_proxy_host": "127.0.0.1", // IP address or hostname of proxy
       "external_proxy_port": 1080, // Port of proxy
       "flags": "0x00000001"
+    },
+	"pb_services": {
+      // PC Services for PageBuilder
+      "port": 1697,
+      "pc_services": true, // defines service as a PC service
+      "hide_minisrv_version": true, // hide or show the minisrv version (eg like Apache version, can be hidden to hide known exploits for older version)
+      "servicevault_dir": "http_pb", // The service vault dir for the PC Services for PageBuilder
+      "service_vaults": ["PageBuilderVault"], // override service vaults for this service
+      "drop_connection_on_wrong_port": true, // If true, resets connection if the PC browser connects to a port that is not PC Services enabled
+      "show_verbose_errors": false, // extra debugging
+      "allow_https": false, // for future use with LetsEncrypt
+      "force_https": false // for future use with LetsEncrypt
     },
     "pc_services": {
       // PC Services

zefie_wtvp_minisrv/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "zefie_wtvp_minisrv",
-  "version": "0.9.39",
+  "version": "0.9.41",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "zefie_wtvp_minisrv",
-      "version": "0.9.39",
+      "version": "0.9.41",
       "license": "GPL3",
       "dependencies": {
         "@mafintosh/vm2": "^3.9.2",
@@ -22,6 +22,7 @@
         "newsie": "^1.2.1",
         "nntp-server-zefie": "^3.1.0",
         "proxy-agent": "^6.3.0",
+        "rc4-crypto": "^1.5.0",
         "sanitize-html": "^2.11.0",
         "socks-proxy-agent": "^8.0.1",
         "strftime": "^0.10.2",
@@ -1155,6 +1156,11 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/rc4-crypto": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/rc4-crypto/-/rc4-crypto-1.5.0.tgz",
+      "integrity": "sha512-0auP5EfZ21/RP437NgmH+eCTgwDGA611KYCU/2ywk1aIUhR1rHToI4z3ZtQ9BRZYw44M9htklIZK5khkBJerAw=="
+    },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",

zefie_wtvp_minisrv/package.json

@@ -1,13 +1,12 @@
 {
   "name": "zefie_wtvp_minisrv",
-  "version": "0.9.40",
+  "version": "0.9.41",
   "description": "WebTV Service (WTVP) Emulation Server",
   "main": "app.js",
   "homepage": "https://github.com/zefie/zefie_wtvp_minisrv",
   "license": "GPL3",
   "scripts": {
     "start": "node app.js",
-    "start17": "node --openssl-legacy-provider app.js",
     "test": "node test.js"
   },
   "author": {
@@ -40,6 +39,7 @@
     "newsie": "^1.2.1",
     "nntp-server-zefie": "^3.1.0",
     "proxy-agent": "^6.3.0",
+    "rc4-crypto": "^1.5.0",
     "sanitize-html": "^2.11.0",
     "socks-proxy-agent": "^8.0.1",
     "strftime": "^0.10.2",