node-http-server

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 28  →  ?path2? @ 29
/package.json
@@ -10,6 +10,7 @@
"url": "http://svn.grimore.org/node-http-server"
},
"dependencies": {
"JSONStream": "^1.3.1",
"http-auth": "^3.1.3",
"mime": "^1.3.4",
"moment": "^2.17.1",
/server.js
@@ -54,6 +54,8 @@
.argv
 
// Create various logging mechanisms.
// RFC5424 - { emerg: 0, alert: 1, crit: 2, error: 3, warning: 4, notice: 5, info: 6, debug: 7 }
winston.setLevels(winston.config.syslog.levels);
const log = new winston.Logger({
transports: [
new winston.transports.File({
@@ -92,18 +94,24 @@
http.createServer(
// authentication,
(request, response) =>
handler.process(config, request, response, root, (error, level) => {
switch (level) {
case handler.error.level.INFO:
log.info(error);
break;
case handler.error.level.WARN:
log.warn(error);
break;
case handler.error.level.ERROR:
log.error(error);
break;
}
handler.process(config, request, response, root, (result) => {
// Log the message by severity.
log.log(result.severity, result.message);
if(result.status)
response.status = result.status;
// If no data stream is made available or the content type is not
// set then there is no further reason to bother with the request.
if(typeof result.data === 'undefined' || result.data === null ||
typeof result.type === 'undefined' || result.type === null)
return;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('open', () => result.data.pipe(response));
})
).listen(config.net.port, config.net.address, () => {
log.info('HTTP Server accessible at: http://' +
@@ -130,18 +138,22 @@
cert: certificates.certificate,
},
(request, response) =>
handler.process(config, request, response, root, (error, level) => {
switch (level) {
case handler.error.level.INFO:
log.info(error);
break;
case handler.error.level.WARN:
log.warn(error);
break;
case handler.error.level.ERROR:
log.error(error);
break;
}
handler.process(config, request, response, root, (result) => {
// Log the message by severity.
log.log(result.severity, result.message);
if(result.status)
response.status = result.status;
// If no data stream is made available or the content type is not
// set then there is no further reason to bother with the request.
if(typeof result.data === 'undefined' || result.data === null ||
typeof result.type === 'undefined' || result.type === null)
return;
// Set the content type and send the data.
response.setHeader('Content-Type', result.type);
result.data
.on('open', () => result.data.pipe(response));
})
).listen(config.ssl.port, config.ssl.address, () => {
log.info('HTTPs Server accessible at: https://' +
/src/handler.js
@@ -9,6 +9,7 @@
const fs = require('fs');
const mime = require('mime');
const auth = require("http-auth");
const JSONStream = require('JSONStream');
 
// Checks whether userPath is a child of rootPath.
function isRooted(userPath, rootPath, separator, callback) {
@@ -19,97 +20,93 @@
}
 
// Serves files.
function files(config, request, response, requestPath, callback) {
function files(config, file, client, callback) {
// Check if the file is accessible.
fs.access(requestPath, fs.constants.R_OK, (error) => {
fs.access(file, fs.constants.R_OK, (error) => {
if (error) {
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting inaccessible path: ' +
requestPath,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' requesting inaccessible path: ' +
file,
severity: 'warning',
status: 403
});
});
response.statusCode = 403;
response.end();
return;
}
 
response.setHeader(
'Content-Type',
mime.lookup(requestPath)
);
 
var readStream = fs.createReadStream(requestPath)
.on('open', () => {
response.statusCode = 200;
readStream.pipe(response);
})
.on('error', () => {
response.statusCode = 500;
response.end();
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' sent file: ' +
file,
severity: 'info',
status: 200,
data: fs
.createReadStream(file),
type: mime
.lookup(file)
});
});
 
});
}
 
// Serves a directory listing or the document index in case it exists.
function index(config, request, response, requestPath, requestURL, callback) {
const root = path.resolve(requestPath, config.site.index);
function index(config, directory, href, client, callback) {
const root = path.resolve(directory, config.site.index);
fs.stat(root, (error, stats) => {
if (error) {
if (config.site.indexing
.some((directory) =>
directory.toUpperCase() === requestURL.toUpperCase())) {
fs.readdir(requestPath, (error, paths) => {
directory.toUpperCase() === href.toUpperCase())) {
fs.readdir(directory, (error, paths) => {
if (error) {
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' could not access directory: ' +
requestPath,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' could not access directory: ' +
directory,
severity: 'warning',
status: 500
});
});
response.statusCode = 500;
response.end();
return;
}
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessed directory listing: ' +
requestPath,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' accessed directory listing: ' +
directory,
severity: 'warning',
status: 200,
data: JSONStream.parse(paths)
});
});
response.statusCode = 200;
response.write(JSON.stringify(paths));
response.end();
});
 
return;
}
// Could not access directory index file and directory listing not allowed.
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing forbiden index: ' +
requestURL,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' no index file found and accessing forbiden index: ' +
href,
severity: 'warning',
status: 400
});
});
// Could not access directory index file and directory listing not allowed.
response.statusCode = 404;
response.end();
return;
 
}
@@ -118,57 +115,59 @@
fs.access(root, fs.constants.R_OK, (error) => {
if (error) {
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' unable to access path: ' +
requestPath,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' unable to access path: ' +
directory,
severity: 'warning',
status: 403
});
});
response.statusCode = 403;
response.end();
return;
}
 
// Set MIME content type.
response.setHeader(
'Content-Type',
mime.lookup(root)
);
 
var readStream = fs.createReadStream(root)
.on('open', () => {
response.statusCode = 200;
readStream.pipe(response);
})
.on('error', () => {
response.statusCode = 500;
response.end();
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
client.port +
' sent file: ' +
root,
severity: 'info',
status: 200,
data: fs.createReadStream(root),
type: mime.lookup(root)
});
 
});
});
});
}
 
// Determines whether the requested filesystem request path is a directory or a file.
function serve(config, request, response, requestPath, requestURL, callback) {
fs.stat(requestPath, (error, stats) => {
function serve(config, local, href, address, callback) {
fs.stat(local, (error, stats) => {
// Document does not exist.
if (error) {
response.statusCode = 404;
response.end();
callback({
message: 'Client: ' +
address.address + ':' +
address.port +
' accessing non-existent document: ' +
local,
severity: 'warning',
status: 404
});
return;
}
 
if (stats.isDirectory()) {
// Directory is requested so provide directory indexes.
index(config, request, response, requestPath, requestURL, callback);
index(config, local, href, address, callback);
return;
}
if (stats.isFile()) {
const file = path.parse(requestPath).base;
const file = path.parse(local).base;
 
// If the file matches the reject list or is not in the accept list,
// then there is no file to serve.
@@ -175,34 +174,26 @@
if (config.site.reject.some((expression) => expression.test(file)) ||
!config.site.accept.some((expression) => expression.test(file))) {
process.nextTick(() => {
const requestAddress = request.socket.address();
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' requested disallowed file: ' +
file,
module.exports.error.level.WARN
);
callback({
message: 'Client: ' +
address.address + ':' +
address.port +
' requested disallowed file: ' +
file,
severity: 'warning',
status: 404
});
});
response.statusCode = 404;
response.end();
return;
}
 
// A file was requested so provide the file.
files(config, request, response, requestPath, callback);
files(config, local, address, callback);
}
});
}
 
module.exports = {
error: {
level: {
INFO: 1,
WARN: 2,
ERROR: 3
}
},
process: (config, request, response, root, callback) => {
process.nextTick(() => {
const requestAddress = request.socket.address();
@@ -228,12 +219,13 @@
true
)
.pathname;
callback('Rewrite path: ' +
originalPath +
' to: ' +
requestURL.path,
module.exports.error.level.INFO
);
callback({
message: 'Rewrite path: ' +
originalPath +
' to: ' +
requestURL.path,
severity: 'info'
});
}
});
 
@@ -249,15 +241,17 @@
fs.realpath(requestPath, (error, resolvedPath) => {
// If the path does not exist, then return early.
if (error) {
callback('Unknown path requested: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
module.exports.error.level.WARN
);
response.statusCode = 404;
response.end();
process.nextTick(() => {
callback({
message: 'Unknown path requested: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning',
status: 404
});
});
return;
}
// Check for path traversals early on and bail if the requested path does not
@@ -265,16 +259,16 @@
isRooted(resolvedPath, root, path.sep, (rooted) => {
if (!rooted) {
process.nextTick(() => {
callback('Attempted path traversal: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
module.exports.error.level.WARN
);
callback({
message: 'Attempted path traversal: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning',
status: 404
});
});
response.statusCode = 404;
response.end();
return;
}
 
@@ -292,19 +286,19 @@
// Requested location requires authentication.
authentication.check(request, response, (request, response) => {
process.nextTick(() => {
callback('Authenticated client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
module.exports.error.level.INFO
);
callback({
message: 'Authenticated client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
severity: 'info'
});
});
serve(config,
request,
response,
requestPath,
requestURL.pathname,
requestAddress,
callback
);
});
@@ -313,19 +307,19 @@
 
// If no authentication is required then serve the request.
process.nextTick(() => {
callback('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
module.exports.error.level.INFO
);
callback({
message: 'Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestURL.pathname,
severity: 'info'
});
});
serve(config,
request,
response,
requestPath,
requestURL.pathname,
requestAddress,
callback
);
});