node-http-server

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 7  →  ?path2? @ 8
/server.js
@@ -1,6 +1,5 @@
#!/usr/bin/env node
 
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
// Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3 //
///////////////////////////////////////////////////////////////////////////
 
@@ -10,14 +9,28 @@
const http = require('http');
const path = require('path');
const fs = require('fs');
const mime = require('mime');
const url = require('url');
const moment = require('moment');
const winston = require('winston');
const yargs = require('yargs');
const forge = require('node-forge');
const dns = require('dns');
 
// Local imports.
const handler = require(
path
.resolve(__dirname, 'src', 'handler')
);
const certs = require(
path
.resolve(__dirname, 'src', 'certs')
);
 
// Configuration file.
const config = require(
path
.resolve(__dirname, 'config')
);
 
// Get command-line arguments.
const argv = yargs
.version()
@@ -29,89 +42,6 @@
.help()
.argv
 
// Configuration file.
const config = require(
path
.resolve(__dirname, 'config')
);
 
// Check for path traversal.
function isRooted(userPath, rootPath, separator) {
userPath = userPath.split(separator).filter(Boolean);
rootPath = rootPath.split(separator).filter(Boolean);
return userPath.length >= rootPath.length &&
rootPath.every((e, i) => e === userPath[i]);
}
 
// Generate certificates on the fly using incremental serials.
function generateCertificates(name, domain, size) {
// Generate 1024-bit key-pair.
const keys = forge
.pki
.rsa
.generateKeyPair(size);
// Create self-signed certificate.
const cert = forge
.pki
.createCertificate();
cert.serialNumber = moment().format('x');
cert.publicKey = keys.publicKey;
cert
.validity
.notBefore = moment().toDate();
cert
.validity
.notAfter
.setFullYear(
cert
.validity
.notBefore
.getFullYear() + 1
);
cert.setSubject([{
name: 'commonName',
value: domain
}, {
name: 'organizationName',
value: name
}]);
cert.setIssuer([{
name: 'commonName',
value: domain
}, {
name: 'organizationName',
value: name
}]);
 
// Self-sign certificate.
cert.sign(
keys.privateKey,
forge
.md
.sha256
.create()
);
 
// Return PEM-format keys and certificates.
return {
privateKey: forge
.pki
.privateKeyToPem(
keys
.privateKey
),
publicKey: forge
.pki
.publicKeyToPem(
keys
.publicKey
),
certificate: forge
.pki
.certificateToPem(cert)
};
}
 
// Create various logging mechanisms.
const log = new winston.Logger({
transports: [
@@ -136,120 +66,7 @@
exitOnError: false
});
 
function handleClient(request, response, documentRoot) {
const requestAddress = request.socket.address();
const requestedURL = url.parse(request.url, true);
 
log.info('Client: ' +
requestAddress.address + ':' +
requestAddress.port +
' accessing: ' +
requestedURL.pathname
);
 
const trimmedPath = requestedURL
.pathname
.split('/')
.filter(Boolean)
.join('/');
const filesystemPath = trimmedPath === '/' ?
path.join(documentRoot, trimmedPath) :
path.resolve(documentRoot, trimmedPath);
 
if (!isRooted(filesystemPath, documentRoot, path.sep)) {
log.warn('Attempted path traversal: ' +
requestAddress.address + ':' +
requestAddress.port +
' requesting: ' +
requestedURL.pathname
);
response.statusCode = 403;
response.end();
return;
}
 
fs.stat(filesystemPath, (error, stats) => {
// Document does not exist.
if (error) {
response.statusCode = 404;
response.end();
return;
}
 
switch (stats.isDirectory()) {
case true: // Directory is requested so provide directory indexes.
const documentRoot = path.resolve(filesystemPath, config.site.index);
fs.stat(documentRoot, (error, stats) => {
if (error) {
fs.readdir(filesystemPath, (error, paths) => {
if (error) {
log.warn('Could not list directory: ' + filesystemPath);
response.statusCode = 500;
response.end();
return;
}
log.info('Directory listing requested for: ' + filesystemPath);
response.statusCode = 200;
response.write(JSON.stringify(paths));
response.end();
});
 
return;
}
 
fs.access(filesystemPath, fs.constants.R_OK, (error) => {
if (error) {
log.warn('The server was unable to access the filesystem path: ' + filesystemPath);
response.statusCode = 403;
response.end();
return;
}
 
// Set MIME content type.
response.setHeader('Content-Type', mime.lookup(documentRoot));
 
var readStream = fs.createReadStream(documentRoot)
.on('open', () => {
response.statusCode = 200;
readStream.pipe(response);
})
.on('error', () => {
response.statusCode = 500;
response.end();
});
 
});
 
});
break;
default: // Browser requesting file.
// Check if the file is accessible.
fs.access(filesystemPath, fs.constants.R_OK, (error) => {
if (error) {
response.statusCode = 403;
response.end();
return;
}
 
response.setHeader('Content-Type', mime.lookup(filesystemPath));
 
var readStream = fs.createReadStream(filesystemPath)
.on('open', () => {
response.statusCode = 200;
readStream.pipe(response);
})
.on('error', () => {
response.statusCode = 500;
response.end();
});
 
});
break;
}
});
}
 
fs.realpath(argv.root, (error, documentRoot) => {
fs.realpath(argv.root, (error, root) => {
if (error) {
log.error('Could not find document root: ' + argv.root);
process.exit(1);
@@ -265,7 +82,19 @@
http.createServer(
// authentication,
(request, response) =>
handleClient(request, response, documentRoot)
handler.handleClient(config, request, response, root, (error, level) => {
switch (level) {
case handler.error.level.INFO:
log.info(error);
break;
case handler.error.level.WARN:
log.warn(error);
break;
case handler.error.level.ERROR:
log.error(error);
break;
}
})
).listen(config.net.port, config.net.address, () => {
log.info('HTTP Server is listening on: ' +
config.net.address +
@@ -272,37 +101,49 @@
' and port: ' +
config.net.port +
' whilst serving files from: ' +
documentRoot
root
);
});
 
// Start HTTPs server if enabled.
config.ssl.enable && (() => {
if (config.ssl.enable) {
// Generate certificates for HTTPs.
const certs = generateCertificates(
certs.generateCertificates(
config.site.name,
config.net.address,
config.ssl.privateKeySize
config.ssl.privateKeySize,
(certificates) => {
https.createServer(
// authentication,
{
key: certificates.privateKey,
cert: certificates.certificate,
},
(request, response) =>
handler.handleClient(config, request, response, root, (error, level) => {
switch (level) {
case handler.error.level.INFO:
log.info(error);
break;
case handler.error.level.WARN:
log.warn(error);
break;
case handler.error.level.ERROR:
log.error(error);
break;
}
})
).listen(config.ssl.port, config.ssl.address, () => {
// Print information on server startup.
log.info('HTTPs Server is listening on: ' +
config.net.address +
' and port: ' +
config.net.port +
' whilst serving files from: ' +
root
);
})
}
);
 
https.createServer(
// authentication,
{
key: certs.privateKey,
cert: certs.certificate,
},
(request, response) =>
handleClient(request, response, documentRoot)
).listen(config.ssl.port, config.ssl.address, () => {
// Print information on server startup.
log.info('HTTPs Server is listening on: ' +
config.net.address +
' and port: ' +
config.net.port +
' whilst serving files from: ' +
documentRoot
);
});
})();
 
}
});