node-http-server

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 31  →  ?path2? @ 30
/server.js
@@ -16,7 +16,7 @@
const dns = require('dns');
 
// Local imports.
const Handler = require(
const handler = require(
path
.resolve(
path.dirname(require.main.filename),
@@ -94,19 +94,23 @@
http.createServer(
// authentication,
(request, response) =>
new Handler().process(config, request, response, root)
.on('log', (data) => {
log.log(data.severity, data.message);
})
.on('data', (result) => {
// Set the response status.
response.status = result.status;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('readable', () => result.data.pipe(response))
.on('end', () => response.end());
})
handler.process(config, request, response, root, (logging, result) => {
 
// Log the message by severity.
log.log(logging.severity, logging.message);
 
// If no result is to be processed, then terminate the request.
if (typeof result === 'undefined' || result === null)
return;
 
// Set the response status.
response.status = result.status;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('readable', () => result.data.pipe(response))
.on('end', () => response.end());
})
).listen(config.net.port, config.net.address, () => {
log.info('HTTP Server accessible at: http://' +
config.net.address +
@@ -132,19 +136,22 @@
cert: certificates.certificate,
},
(request, response) =>
new Handler().process(config, request, response, root)
.on('log', (data) => {
log.log(data.severity, data.message);
})
.on('data', (result) => {
// Set the response status.
response.status = result.status;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('readable', () => result.data.pipe(response))
.on('end', () => response.end());
})
handler.process(config, request, response, root, (result) => {
// Log the message by severity.
log.log(logging.severity, logging.message);
 
// If no result is to be processed, then terminate the request.
if (typeof result === 'undefined' || result === null)
return;
 
// Set the response status.
response.status = result.status;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('readable', () => result.data.pipe(response))
.on('end', () => response.end());
})
).listen(config.ssl.port, config.ssl.address, () => {
log.info('HTTPs Server accessible at: https://' +
config.ssl.address +
/src/handler.js
@@ -10,8 +10,6 @@
const mime = require('mime');
const auth = require("http-auth");
const stream = require('stream');
const util = require('util');
const EventEmitter = require('events').EventEmitter;
 
// Checks whether userPath is a child of rootPath.
function isRooted(userPath, rootPath, separator, callback) {
@@ -22,11 +20,11 @@
}
 
// Serves files.
function files(self, config, file, client) {
function files(config, file, client, callback) {
// Check if the file is accessible.
fs.access(file, fs.constants.R_OK, (error) => {
if (error) {
self.emit('log', {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -33,8 +31,7 @@
' requesting inaccessible path: ' +
file,
severity: 'warning'
});
self.emit('data', {
}, {
status: 403,
data: new stream.Readable({
read(size) {
@@ -45,7 +42,7 @@
});
return;
}
self.emit('log', {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -52,8 +49,7 @@
' sent file: ' +
file,
severity: 'info'
});
self.emit('data', {
}, {
status: 200,
data: fs
.createReadStream(file),
@@ -64,7 +60,7 @@
}
 
// Serves a directory listing or the document index in case it exists.
function index(self, config, directory, href, client) {
function index(config, directory, href, client, callback) {
const root = path.resolve(directory, config.site.index);
fs.stat(root, (error, stats) => {
if (error) {
@@ -73,7 +69,8 @@
directory.toUpperCase() === href.toUpperCase())) {
fs.readdir(directory, (error, paths) => {
if (error) {
self.emit('log', {
console.log("listing forbidden...");
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -80,8 +77,7 @@
' could not access directory: ' +
directory,
severity: 'warning'
});
self.emit('data', {
}, {
status: 500,
data: new stream.Readable({
read(size) {
@@ -92,7 +88,8 @@
});
return;
}
self.emit('log', {
console.log("sending listing...");
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -99,8 +96,7 @@
' accessed directory listing: ' +
directory,
severity: 'info'
});
self.emit('data', {
}, {
status: 200,
data: new stream.Readable({
read(size) {
@@ -114,7 +110,8 @@
return;
}
// Could not access directory index file and directory listing not allowed.
self.emit('log', {
console.log("no dirindex...");
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -121,8 +118,7 @@
' no index file found and accessing forbiden index: ' +
href,
severity: 'warning'
});
self.emit('data', {
}, {
status: 403,
data: new stream.Readable({
read(size) {
@@ -137,7 +133,7 @@
// Serve the document index.
fs.access(root, fs.constants.R_OK, (error) => {
if (error) {
self.emit('log', {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -144,8 +140,7 @@
' unable to access path: ' +
directory,
severity: 'warning'
});
self.emit('data', {
}, {
status: 403,
data: new stream.Readable({
read(size) {
@@ -156,7 +151,7 @@
});
return;
}
self.emit('log', {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
@@ -163,8 +158,7 @@
' sent file: ' +
root,
severity: 'info'
});
self.emit('data', {
}, {
status: 200,
data: fs.createReadStream(root),
type: mime.lookup(root)
@@ -174,11 +168,11 @@
}
 
// Determines whether the requested filesystem request path is a directory or a file.
function serve(self, config, local, href, address) {
function serve(config, local, href, address, callback) {
fs.stat(local, (error, stats) => {
// Document does not exist.
if (error) {
self.emit('log', {
callback({
message: 'Client: ' +
address.address + ':' +
address.port +
@@ -185,8 +179,7 @@
' accessing non-existent document: ' +
local,
severity: 'warning'
});
self.emit('data', {
}, {
status: 404,
data: new stream.Readable({
read(size) {
@@ -200,7 +193,7 @@
 
if (stats.isDirectory()) {
// Directory is requested so provide directory indexes.
index(self, config, local, href, address);
index(config, local, href, address, callback);
return;
}
if (stats.isFile()) {
@@ -210,7 +203,7 @@
// then there is no file to serve.
if (config.site.reject.some((expression) => expression.test(file)) ||
!config.site.accept.some((expression) => expression.test(file))) {
self.emit('log', {
callback({
message: 'Client: ' +
address.address + ':' +
address.port +
@@ -217,8 +210,7 @@
' requested disallowed file: ' +
file,
severity: 'warning'
});
self.emit('data', {
}, {
status: 404,
data: new stream.Readable({
read(size) {
@@ -231,101 +223,66 @@
}
 
// A file was requested so provide the file.
files(self, config, local, address);
files(config, local, address, callback);
}
});
}
 
// Constructor.
function Handler() {
// Create events emitters for logging and data.
EventEmitter.call(this);
};
module.exports = {
process: (config, request, response, root, callback) => {
const requestAddress = request.socket.address();
const requestURL = url.parse(
request.url, true
);
 
// Process a request.
Handler.prototype.process = function(config, request, response, root) {
EventEmitter.call(this);
var self = this;
 
// Get client details.
const requestAddress = request.socket.address();
// Get requested URL.
const requestURL = url.parse(
request.url, true
);
 
// Perform URL re-writes.
Object.keys(config.site.rewrite).forEach((key, index) => {
if (config.site.rewrite[key].test(requestURL.path)) {
const originalPath = requestURL.path;
requestURL.path = requestURL
.path
.replace(
config.site.rewrite[key], key
);
requestURL.pathname = url.parse(
requestURL
.pathname
// Perform URL re-writes.
Object.keys(config.site.rewrite).forEach((key, index) => {
if (config.site.rewrite[key].test(requestURL.path)) {
const originalPath = requestURL.path;
requestURL.path = requestURL
.path
.replace(
config.site.rewrite[key], key
),
true
)
.pathname;
self.emit('log', {
message: 'Rewrite path: ' +
originalPath +
' to: ' +
requestURL.path,
severity: 'info'
});
}
});
);
requestURL.pathname = url.parse(
requestURL
.pathname
.replace(
config.site.rewrite[key], key
),
true
)
.pathname;
callback({
message: 'Rewrite path: ' +
originalPath +
' to: ' +
requestURL.path,
severity: 'info'
});
}
});
 
const trimmedPath = requestURL
.pathname
.split('/')
.filter(Boolean)
.join('/');
const requestPath = trimmedPath === '/' ?
path.join(root, trimmedPath) :
path.resolve(root, trimmedPath);
const trimmedPath = requestURL
.pathname
.split('/')
.filter(Boolean)
.join('/');
const requestPath = trimmedPath === '/' ?
path.join(root, trimmedPath) :
path.resolve(root, trimmedPath);
 
fs.realpath(requestPath, (error, resolvedPath) => {
// If the path does not exist, then return early.
if (error) {
self.emit('log', {
message: 'Unknown path requested: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning'
});
self.emit('done', {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
return;
}
// Check for path traversals early on and bail if the requested path does not
// lie within the specified document root.
isRooted(resolvedPath, root, path.sep, (rooted) => {
if (!rooted) {
self.emit('log', {
message: 'Attempted path traversal: ' +
fs.realpath(requestPath, (error, resolvedPath) => {
// If the path does not exist, then return early.
if (error) {
callback({
message: 'Unknown path requested: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning'
});
self.emit('done', {
}, {
status: 404,
data: new stream.Readable({
read(size) {
@@ -336,62 +293,76 @@
});
return;
}
 
// If authentication is required for this path then perform authentication.
if (config.auth.locations.some(
(authPath) => authPath.toUpperCase() === requestURL.pathname.toUpperCase())) {
// Create digest authentication.
const authentication = auth.digest({
realm: config.auth.realm,
file: path.resolve(
path.dirname(require.main.filename),
config.auth.digest
)
});
// Requested location requires authentication.
authentication.check(request, response, (request, response) => {
self.emit('log', {
message: 'Authenticated client: ' +
// Check for path traversals early on and bail if the requested path does not
// lie within the specified document root.
isRooted(resolvedPath, root, path.sep, (rooted) => {
if (!rooted) {
callback({
message: 'Attempted path traversal: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
' requesting: ' +
requestURL.pathname,
severity: 'info'
severity: 'warning'
}, {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
process.nextTick(() =>
serve(self,
config,
return;
}
 
// If authentication is required for this path then perform authentication.
if (config.auth.locations.some(
(authPath) => authPath.toUpperCase() === requestURL.pathname.toUpperCase())) {
// Create digest authentication.
const authentication = auth.digest({
realm: config.auth.realm,
file: path.resolve(
path.dirname(require.main.filename),
config.auth.digest
)
});
// Requested location requires authentication.
authentication.check(request, response, (request, response) => {
callback({
message: 'Authenticated client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
severity: 'info'
});
serve(config,
requestPath,
requestURL.pathname,
requestAddress
)
);
requestAddress,
callback
);
});
return;
}
 
// If no authentication is required then serve the request.
callback({
message: 'Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
severity: 'info'
});
return;
}
 
// If no authentication is required then serve the request.
self.emit('log', {
message: 'Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
serve(config,
requestPath,
requestURL.pathname,
severity: 'info'
requestAddress,
callback
);
});
process.nextTick(() =>
serve(self,
config,
requestPath,
requestURL.pathname,
requestAddress
)
);
});
});
return this;
}
};
 
util.inherits(Handler, EventEmitter);
module.exports = Handler;