| /src/certs.js |
|---|
| @@ -0,0 +1,80 @@ |
|---|
| #!/usr/bin/env node |
| /////////////////////////////////////////////////////////////////////////// |
| // Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3 // |
| /////////////////////////////////////////////////////////////////////////// |
| |
| const forge = require('node-forge'); |
| const moment = require('moment'); |
| |
| module.exports = { |
| // Generate certificates on the fly using incremental serials. |
| generateCertificates: (name, domain, keySize, callback) => { |
| process.nextTick(() => { |
| // Generate 1024-bit key-pair. |
| const keys = forge |
| .pki |
| .rsa |
| .generateKeyPair(keySize); |
| // Create self-signed certificate. |
| const cert = forge |
| .pki |
| .createCertificate(); |
| cert.serialNumber = moment().format('x'); |
| cert.publicKey = keys.publicKey; |
| cert |
| .validity |
| .notBefore = moment().toDate(); |
| cert |
| .validity |
| .notAfter |
| .setFullYear( |
| cert |
| .validity |
| .notBefore |
| .getFullYear() + 1 |
| ); |
| cert.setSubject([{ |
| name: 'commonName', |
| value: domain |
| }, { |
| name: 'organizationName', |
| value: name |
| }]); |
| cert.setIssuer([{ |
| name: 'commonName', |
| value: domain |
| }, { |
| name: 'organizationName', |
| value: name |
| }]); |
| |
| // Self-sign certificate. |
| cert.sign( |
| keys.privateKey, |
| forge |
| .md |
| .sha256 |
| .create() |
| ); |
| |
| // Summon the callback with the certificate block. |
| callback({ |
| privateKey: forge |
| .pki |
| .privateKeyToPem( |
| keys |
| .privateKey |
| ), |
| publicKey: forge |
| .pki |
| .publicKeyToPem( |
| keys |
| .publicKey |
| ), |
| certificate: forge |
| .pki |
| .certificateToPem(cert) |
| }); |
| }); |
| } |
| }; |
| /src/handler.js |
|---|
| @@ -0,0 +1,152 @@ |
|---|
| #!/usr/bin/env node |
| /////////////////////////////////////////////////////////////////////////// |
| // Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3 // |
| /////////////////////////////////////////////////////////////////////////// |
| |
| const url = require('url'); |
| const path = require('path'); |
| const fs = require('fs'); |
| const mime = require('mime'); |
| |
| // Check for path traversal. |
| function isRooted(userPath, rootPath, separator) { |
| userPath = userPath.split(separator).filter(Boolean); |
| rootPath = rootPath.split(separator).filter(Boolean); |
| return userPath.length >= rootPath.length && |
| rootPath.every((e, i) => e === userPath[i]); |
| } |
| |
| module.exports = { |
| error: { |
| level: { |
| INFO: 1, |
| WARN: 2, |
| ERROR: 3 |
| } |
| }, |
| handleClient: (config, request, response, root, callback) => { |
| process.nextTick(() => { |
| const requestAddress = request.socket.address(); |
| const requestedURL = url.parse(request.url, true); |
| |
| callback('Client: ' + |
| requestAddress.address + ':' + |
| requestAddress.port + |
| ' accessing: ' + |
| requestedURL.pathname, |
| module.exports.error.level.INFO |
| ); |
| |
| const trimmedPath = requestedURL |
| .pathname |
| .split('/') |
| .filter(Boolean) |
| .join('/'); |
| const filesystemPath = trimmedPath === '/' ? |
| path.join(root, trimmedPath) : |
| path.resolve(root, trimmedPath); |
| |
| if (!isRooted(filesystemPath, root, path.sep)) { |
| callback('Attempted path traversal: ' + |
| requestAddress.address + ':' + |
| requestAddress.port + |
| ' requesting: ' + |
| requestedURL.pathname, |
| module.exports.error.level.WARN |
| ); |
| response.statusCode = 403; |
| response.end(); |
| return; |
| } |
| |
| fs.stat(filesystemPath, (error, stats) => { |
| // Document does not exist. |
| if (error) { |
| response.statusCode = 404; |
| response.end(); |
| return; |
| } |
| |
| switch (stats.isDirectory()) { |
| case true: // Directory is requested so provide directory indexes. |
| const root = path.resolve(filesystemPath, config.site.index); |
| fs.stat(root, (error, stats) => { |
| if (error) { |
| fs.readdir(filesystemPath, (error, paths) => { |
| if (error) { |
| callback('Could not list directory: ' + |
| filesystemPath, |
| module.exports.error.level.ERROR |
| ); |
| response.statusCode = 500; |
| response.end(); |
| return; |
| } |
| callback('Directory listing requested for: ' + |
| filesystemPath, |
| module.exports.error.level.INFO |
| ); |
| response.statusCode = 200; |
| response.write(JSON.stringify(paths)); |
| response.end(); |
| }); |
| |
| return; |
| } |
| |
| fs.access(filesystemPath, fs.constants.R_OK, (error) => { |
| if (error) { |
| callback('The server was unable to access the filesystem path: ' + |
| filesystemPath, |
| module.exports.error.level.WARN |
| ); |
| response.statusCode = 403; |
| response.end(); |
| return; |
| } |
| |
| // Set MIME content type. |
| response.setHeader('Content-Type', mime.lookup(root)); |
| |
| var readStream = fs.createReadStream(root) |
| .on('open', () => { |
| response.statusCode = 200; |
| readStream.pipe(response); |
| }) |
| .on('error', () => { |
| response.statusCode = 500; |
| response.end(); |
| }); |
| |
| }); |
| |
| }); |
| break; |
| default: // Browser requesting file. |
| // Check if the file is accessible. |
| fs.access(filesystemPath, fs.constants.R_OK, (error) => { |
| if (error) { |
| response.statusCode = 403; |
| response.end(); |
| return; |
| } |
| |
| response.setHeader('Content-Type', mime.lookup(filesystemPath)); |
| |
| var readStream = fs.createReadStream(filesystemPath) |
| .on('open', () => { |
| response.statusCode = 200; |
| readStream.pipe(response); |
| }) |
| .on('error', () => { |
| response.statusCode = 500; |
| response.end(); |
| }); |
| |
| }); |
| break; |
| } |
| }) |
| }); |
| } |
| }; |
