node-http-server – Blame information for rev 38
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
8 | office | 1 | #!/usr/bin/env node |
2 | |||
9 | office | 3 | /*************************************************************************/ |
4 | /* Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3 */ |
||
5 | /*************************************************************************/ |
||
6 | |||
38 | office | 7 | const url = require('url') |
8 | const path = require('path') |
||
9 | const fs = require('fs') |
||
10 | const mime = require('mime') |
||
11 | const auth = require("http-auth") |
||
12 | const stream = require('stream') |
||
13 | const util = require('util') |
||
14 | const EventEmitter = require('events').EventEmitter |
||
8 | office | 15 | |
35 | office | 16 | // Local imports. |
17 | const Cache = require( |
||
18 | path |
||
38 | office | 19 | .resolve( |
20 | path.dirname(require.main.filename), |
||
21 | 'src', |
||
22 | 'cache' |
||
23 | ) |
||
24 | ) |
||
35 | office | 25 | const was = require( |
26 | path |
||
38 | office | 27 | .resolve( |
28 | path.dirname(require.main.filename), |
||
29 | 'src', |
||
30 | 'was' |
||
31 | ) |
||
32 | ) |
||
8 | office | 33 | |
14 | office | 34 | // Serves files. |
35 | office | 35 | function files(self, config, file, client, cache) { |
36 | // Check if the file is accessible. |
||
37 | fs.access(file, fs.constants.R_OK, (error) => { |
||
38 | if (error) { |
||
39 | self.emit('log', { |
||
40 | message: 'Client: ' + |
||
41 | client.address + ':' + |
||
42 | client.port + |
||
43 | ' requesting inaccessible path: ' + |
||
44 | file, |
||
45 | severity: 'warning' |
||
38 | office | 46 | }) |
35 | office | 47 | self.emit('data', { |
48 | status: 403, |
||
49 | data: new stream.Readable({ |
||
50 | read(size) { |
||
38 | office | 51 | this.push(null) |
35 | office | 52 | } |
53 | }), |
||
54 | type: 'text/plain' |
||
38 | office | 55 | }) |
56 | return |
||
35 | office | 57 | } |
58 | |||
59 | cache.process(file, fs.createReadStream(file), mime.lookup(file)) |
||
60 | .on('data', (result) => self.emit('data', result)) |
||
38 | office | 61 | .on('log', (data) => self.emit('log', data)) |
62 | }) |
||
15 | office | 63 | } |
64 | |||
65 | // Serves a directory listing or the document index in case it exists. |
||
35 | office | 66 | function index(self, config, directory, href, client, cache) { |
38 | office | 67 | const root = path.resolve(directory, config.site.index) |
35 | office | 68 | fs.stat(root, (error, stats) => { |
69 | if (error) { |
||
70 | if (config.site.indexing |
||
71 | .some((directory) => |
||
72 | directory.toUpperCase() === href.toUpperCase())) { |
||
73 | fs.readdir(directory, (error, paths) => { |
||
74 | if (error) { |
||
75 | self.emit('log', { |
||
76 | message: 'Client: ' + |
||
77 | client.address + ':' + |
||
78 | client.port + |
||
79 | ' could not access directory: ' + |
||
80 | directory, |
||
81 | severity: 'warning' |
||
38 | office | 82 | }) |
35 | office | 83 | self.emit('data', { |
84 | status: 500, |
||
85 | data: new stream.Readable({ |
||
86 | read(size) { |
||
38 | office | 87 | this.push(null) |
35 | office | 88 | } |
89 | }), |
||
90 | type: 'text/plain' |
||
38 | office | 91 | }) |
92 | return |
||
35 | office | 93 | } |
94 | cache.process(directory, new stream.Readable({ |
||
38 | office | 95 | read(size) { |
96 | this.push(JSON.stringify(paths)) |
||
97 | this.push(null) |
||
98 | } |
||
99 | }), 'application/json') |
||
35 | office | 100 | .on('data', (result) => self.emit('data', result)) |
38 | office | 101 | .on('log', (data) => self.emit('log', data)) |
102 | }) |
||
103 | return |
||
35 | office | 104 | } |
105 | // Could not access directory index file and directory listing not allowed. |
||
106 | self.emit('log', { |
||
107 | message: 'Client: ' + |
||
108 | client.address + ':' + |
||
109 | client.port + |
||
110 | ' no index file found and accessing forbiden index: ' + |
||
111 | href, |
||
112 | severity: 'warning' |
||
38 | office | 113 | }) |
35 | office | 114 | self.emit('data', { |
115 | status: 403, |
||
116 | data: new stream.Readable({ |
||
117 | read(size) { |
||
38 | office | 118 | this.push(null) |
35 | office | 119 | } |
120 | }), |
||
121 | type: 'text/plain' |
||
38 | office | 122 | }) |
123 | return |
||
35 | office | 124 | } |
15 | office | 125 | |
35 | office | 126 | // Serve the document index. |
127 | fs.access(root, fs.constants.R_OK, (error) => { |
||
128 | if (error) { |
||
129 | self.emit('log', { |
||
130 | message: 'Client: ' + |
||
131 | client.address + ':' + |
||
132 | client.port + |
||
133 | ' unable to access path: ' + |
||
134 | directory, |
||
135 | severity: 'warning' |
||
38 | office | 136 | }) |
35 | office | 137 | self.emit('data', { |
138 | status: 403, |
||
139 | data: new stream.Readable({ |
||
140 | read(size) { |
||
38 | office | 141 | this.push(null) |
35 | office | 142 | } |
143 | }), |
||
144 | type: 'text/plain' |
||
38 | office | 145 | }) |
146 | return |
||
35 | office | 147 | } |
148 | cache.process(root, fs.createReadStream(root), mime.lookup(root)) |
||
149 | .on('data', (result) => self.emit('data', result)) |
||
38 | office | 150 | .on('log', (data) => self.emit('log', data)) |
151 | }) |
||
152 | }) |
||
14 | office | 153 | } |
154 | |||
17 | office | 155 | // Determines whether the requested filesystem request path is a directory or a file. |
35 | office | 156 | function serve(self, config, local, href, address, cache) { |
157 | fs.stat(local, (error, stats) => { |
||
158 | // Document does not exist. |
||
159 | if (error) { |
||
160 | self.emit('log', { |
||
161 | message: 'Client: ' + |
||
162 | address.address + ':' + |
||
163 | address.port + |
||
164 | ' accessing non-existent document: ' + |
||
165 | local, |
||
166 | severity: 'warning' |
||
38 | office | 167 | }) |
35 | office | 168 | self.emit('data', { |
169 | status: 404, |
||
170 | data: new stream.Readable({ |
||
171 | read(size) { |
||
38 | office | 172 | this.push(null) |
35 | office | 173 | } |
174 | }), |
||
175 | type: 'text/plain' |
||
38 | office | 176 | }) |
177 | return |
||
35 | office | 178 | } |
14 | office | 179 | |
35 | office | 180 | if (stats.isDirectory()) { |
181 | // Directory is requested so provide directory indexes. |
||
38 | office | 182 | index(self, config, local, href, address, cache) |
183 | return |
||
35 | office | 184 | } |
185 | if (stats.isFile()) { |
||
38 | office | 186 | const file = path.parse(local).base |
23 | office | 187 | |
35 | office | 188 | // If the file matches the reject list or is not in the accept list, |
189 | // then there is no file to serve. |
||
190 | if (config.site.reject.some((expression) => expression.test(file)) || |
||
191 | !config.site.accept.some((expression) => expression.test(file))) { |
||
192 | self.emit('log', { |
||
193 | message: 'Client: ' + |
||
194 | address.address + ':' + |
||
195 | address.port + |
||
196 | ' requested disallowed file: ' + |
||
197 | file, |
||
198 | severity: 'warning' |
||
38 | office | 199 | }) |
35 | office | 200 | self.emit('data', { |
201 | status: 404, |
||
202 | data: new stream.Readable({ |
||
203 | read(size) { |
||
38 | office | 204 | this.push(null) |
35 | office | 205 | } |
206 | }), |
||
207 | type: 'text/plain' |
||
38 | office | 208 | }) |
209 | return |
||
35 | office | 210 | } |
20 | office | 211 | |
35 | office | 212 | // A file was requested so provide the file. |
38 | office | 213 | files(self, config, local, address, cache) |
35 | office | 214 | } |
38 | office | 215 | }) |
14 | office | 216 | } |
217 | |||
31 | office | 218 | // Constructor. |
219 | function Handler() { |
||
35 | office | 220 | // Create events emitters for logging and data. |
38 | office | 221 | EventEmitter.call(this) |
222 | } |
||
30 | office | 223 | |
31 | office | 224 | // Process a request. |
38 | office | 225 | Handler.prototype.process = function (config, request, response, root) { |
226 | EventEmitter.call(this) |
||
227 | var self = this |
||
31 | office | 228 | |
35 | office | 229 | // Get client details. |
38 | office | 230 | const address = request.socket.address() |
35 | office | 231 | // Get requested URL. |
232 | const requestURL = url.parse( |
||
233 | request.url, true |
||
38 | office | 234 | ) |
31 | office | 235 | |
35 | office | 236 | // Perform URL re-writes. |
237 | Object.keys(config.site.rewrite).forEach((key, index) => { |
||
238 | if (config.site.rewrite[key].test(requestURL.path)) { |
||
38 | office | 239 | const originalPath = requestURL.path |
35 | office | 240 | requestURL.path = requestURL |
241 | .path |
||
242 | .replace( |
||
243 | config.site.rewrite[key], key |
||
38 | office | 244 | ) |
35 | office | 245 | requestURL.pathname = url.parse( |
38 | office | 246 | requestURL |
35 | office | 247 | .pathname |
248 | .replace( |
||
249 | config.site.rewrite[key], key |
||
250 | ), |
||
38 | office | 251 | true |
252 | ) |
||
253 | .pathname |
||
35 | office | 254 | self.emit('log', { |
255 | message: 'Rewrite path: ' + |
||
256 | originalPath + |
||
257 | ' to: ' + |
||
258 | requestURL.path, |
||
259 | severity: 'info' |
||
38 | office | 260 | }) |
35 | office | 261 | } |
38 | office | 262 | }) |
8 | office | 263 | |
35 | office | 264 | const trimmedPath = requestURL |
265 | .pathname |
||
266 | .split('/') |
||
267 | .filter(Boolean) |
||
38 | office | 268 | .join('/') |
35 | office | 269 | const requestPath = trimmedPath === '/' ? |
270 | path.join(root, trimmedPath) : |
||
38 | office | 271 | path.resolve(root, trimmedPath) |
8 | office | 272 | |
35 | office | 273 | fs.realpath(requestPath, (error, resolvedPath) => { |
274 | // If the path does not exist, then return early. |
||
275 | if (error) { |
||
276 | self.emit('log', { |
||
277 | message: 'Unknown path requested: ' + |
||
278 | address.address + ':' + |
||
279 | address.port + |
||
280 | ' requesting: ' + |
||
281 | requestURL.pathname, |
||
282 | severity: 'warning' |
||
38 | office | 283 | }) |
35 | office | 284 | self.emit('data', { |
285 | status: 404, |
||
286 | data: new stream.Readable({ |
||
287 | read(size) { |
||
38 | office | 288 | this.push(null) |
35 | office | 289 | } |
290 | }), |
||
291 | type: 'text/plain' |
||
38 | office | 292 | }) |
293 | return |
||
35 | office | 294 | } |
31 | office | 295 | |
35 | office | 296 | // Check for path traversals early on and bail if the requested path does not |
297 | // lie within the specified document root. |
||
298 | was.isRooted(resolvedPath, root, path.sep, (rooted) => { |
||
299 | if (!rooted) { |
||
300 | self.emit('log', { |
||
301 | message: 'Attempted path traversal: ' + |
||
302 | address.address + ':' + |
||
303 | address.port + |
||
304 | ' requesting: ' + |
||
305 | requestURL.pathname, |
||
306 | severity: 'warning' |
||
38 | office | 307 | }) |
35 | office | 308 | self.emit('done', { |
309 | status: 404, |
||
310 | data: new stream.Readable({ |
||
311 | read(size) { |
||
38 | office | 312 | this.push(null) |
35 | office | 313 | } |
314 | }), |
||
315 | type: 'text/plain' |
||
38 | office | 316 | }) |
317 | return |
||
35 | office | 318 | } |
30 | office | 319 | |
35 | office | 320 | // If authentication is required for this path then perform authentication. |
321 | if (config.auth.locations.some( |
||
38 | office | 322 | (authPath) => authPath.toUpperCase() === requestURL.pathname.toUpperCase())) { |
35 | office | 323 | // Create digest authentication. |
324 | const authentication = auth.digest({ |
||
325 | realm: config.auth.realm, |
||
326 | file: path.resolve( |
||
327 | path.dirname(require.main.filename), |
||
328 | config.auth.digest |
||
329 | ) |
||
38 | office | 330 | }) |
35 | office | 331 | // Requested location requires authentication. |
332 | authentication.check(request, response, (request, response) => { |
||
333 | self.emit('log', { |
||
334 | message: 'Authenticated client: ' + |
||
335 | address.address + ':' + |
||
336 | address.port + |
||
337 | ' accessing: ' + |
||
338 | requestURL.pathname, |
||
339 | severity: 'info' |
||
38 | office | 340 | }) |
35 | office | 341 | process.nextTick(() => |
342 | serve(self, |
||
343 | config, |
||
344 | requestPath, |
||
345 | requestURL.pathname, |
||
346 | address, |
||
347 | new Cache(config, address, request, response) |
||
348 | ) |
||
38 | office | 349 | ) |
350 | }) |
||
351 | return |
||
35 | office | 352 | } |
353 | |||
354 | // If no authentication is required then serve the request. |
||
355 | self.emit('log', { |
||
356 | message: 'Client: ' + |
||
357 | address.address + ':' + |
||
358 | address.port + |
||
359 | ' accessing: ' + |
||
360 | requestURL.pathname, |
||
361 | severity: 'info' |
||
38 | office | 362 | }) |
35 | office | 363 | process.nextTick(() => |
364 | serve(self, |
||
365 | config, |
||
366 | requestPath, |
||
367 | requestURL.pathname, |
||
368 | address, |
||
369 | new Cache(config, address, request, response) |
||
370 | ) |
||
38 | office | 371 | ) |
372 | }) |
||
373 | }) |
||
35 | office | 374 | |
38 | office | 375 | return this |
376 | } |
||
31 | office | 377 | |
38 | office | 378 | util.inherits(Handler, EventEmitter) |
379 | util.inherits(Cache, EventEmitter) |
||
380 | module.exports = Handler |