node-http-server – Diff between revs 1 and 6

Subversion Repositories:

?pathlinks?

Rev 1 – Rev 7 – Go to most recent revision – Details – Blame – Last modification – View Log

Only display areas with differences – Ignore whitespace

 #!/usr/bin/env node
-///////////////////////////////////////////////////////////////////////////
+ ///////////////////////////////////////////////////////////////////////////
 //    Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3    //
 ///////////////////////////////////////////////////////////////////////////
 // Import packages.
 const auth = require("http-auth");
 const https = require('https');
 const path = require('path');
 const fs = require('fs');
 const mime = require('mime');
 const url = require('url');
 const moment = require('moment');
 const winston = require('winston');
 const yargs = require('yargs');
+const forge = require('node-forge');
 // Get command-line arguments.
 const argv = yargs
     .version()
     .option('root', {
         alias: 'd',
         describe: 'Path to the document root',
         demandOption: true
     })
     .help()
     .argv
 // Configuration file.
 const config = require(path.resolve(__dirname, 'config'));
 // Check for path traversal.
 function isRooted(userPath, rootPath, separator) {
     userPath = userPath.split(separator).filter(Boolean);
     rootPath = rootPath.split(separator).filter(Boolean);
     return userPath.length >= rootPath.length &&
         rootPath.every((e, i) => e === userPath[i]);
+}
+function generateCertificates(name, domain) {
+    // Generate 1024-bit key-pair.
+    var keys = forge.pki.rsa.generateKeyPair(1024);
+    // Create self-signed certificate.
+    var cert = forge.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
+    cert.setSubject([
+        {
+            name: 'commonName',
+            value: domain
+        },
+        {
+            name: 'organizationName',
+            value: name
+        }
+    ]);
+    cert.setIssuer([
+        {
+            name: 'commonName',
+            value: name
+        },
+        {
+            name: 'organizationName',
+            value: name
+        }
+    ]);
+    // Self-sign certificate.
+    cert.sign(keys.privateKey);
+    // Return PEM-format keys and certificates.
+    return {
+        privateKey: forge.pki.privateKeyToPem(keys.privateKey),
+        publicKey: forge.pki.publicKeyToPem(keys.publicKey),
+        certificate: forge.pki.certificateToPem(cert)
+    };
+}
 // Create various logging mechanisms.
 const log = new winston.Logger({
     transports: [
         new winston.transports.File({
             level: 'info',
             filename: path.resolve(__dirname, config.server_log),
             handleExceptions: true,
             json: false,
             maxsize: 1048576, // 1MiB.
             maxFiles: 10, // Ten rotations.
             colorize: false,
             timestamp: () => moment().format('YYYYMMDDTHHmmss')
         }),
         new winston.transports.Console({
             level: 'info',
             handleExceptions: true,
             json: false,
             colorize: true,
             timestamp: () => moment().format('YYYYMMDDTHHmmss')
         })
     ],
     exitOnError: false
 });
 fs.realpath(argv.root, (error, documentRoot) => {
     if (error) {
         log.error('Could not find document root: ' + argv.root);
         process.exit(1);
+    }
     var authentication = auth.digest({
         realm: "was",
         file: path.resolve(__dirname, config.password_file)
     });
+    const certs = generateCertificates("was", 'localhost');
     // HTTPs server using digest authentication.
     https.createServer(authentication, {
-        key: fs.readFileSync(path.resolve(__dirname, config.key)),
+        key: certs.privateKey,
-        cert: fs.readFileSync(path.resolve(__dirname, config.certificate)),
+        cert: certs.certificate,
-        ca: fs.readFileSync(path.resolve(__dirname, config.ca)),
     }, (request, response) => {
         const requestAddress = request.socket.address();
         const requestedURL = url.parse(request.url, true);
         log.info('Client: ' + requestAddress.address + ':' + requestAddress.port + ' accessing: ' + requestedURL.pathname);
         const trimmedPath = requestedURL.pathname.split('/').filter(Boolean).join('/');
         const filesystemPath = trimmedPath === '/' ?
             path.join(documentRoot, trimmedPath) :
             path.resolve(documentRoot, trimmedPath);
         if (!isRooted(filesystemPath, documentRoot, path.sep)) {
             log.warn('Attempted path traversal: ' + requestAddress.address + ':' + requestAddress.port + ' requesting: ' + requestedURL.pathname);
             response.statusCode = 403;
             response.end();
             return;
+        }
         fs.stat(filesystemPath, (error, stats) => {
             // Document does not exist.
             if (error) {
                 response.statusCode = 404;
                 response.end();
                 return;
+            }
             switch (stats.isDirectory()) {
                 case true: // Browser requesting directory.
                     const documentRoot = path.resolve(filesystemPath, config.default_document);
                     fs.stat(documentRoot, (error, stats) => {
                         if (error) {
                             fs.readdir(filesystemPath, (error, paths) => {
                                 if (error) {
                                     log.warn('Could not list directory: ' + filesystemPath);
                                     response.statusCode = 500;
                                     response.end();
                                     return;
+                                }
                                 log.info('Directory listing requested for: ' + filesystemPath);
                                 response.statusCode = 200;
                                 response.write(JSON.stringify(paths));
                                 response.end();
                             });
                             return;
+                        }
                         fs.access(filesystemPath, fs.constants.R_OK, (error) => {
                             if (error) {
                                 log.warn('The server was unable to access the filesystem path: ' + filesystemPath);
                                 response.statusCode = 403;
                                 response.end();
                                 return;
+                            }
                             // Set MIME content type.
                             response.setHeader('Content-Type', mime.lookup(documentRoot));
                             var readStream = fs.createReadStream(documentRoot)
                                 .on('open', () => {
                                     response.statusCode = 200;
                                     readStream.pipe(response);
                                 })
                                 .on('error', () => {
                                     response.statusCode = 500;
                                     response.end();
                                 });
                         });
                     });
                     break;
                 default: // Browser requesting file.
                     // Check if the file is accessible.
                     fs.access(filesystemPath, fs.constants.R_OK, (error) => {
                         if (error) {
                             response.statusCode = 403;
                             response.end();
                             return;
+                        }
                         response.setHeader('Content-Type', mime.lookup(filesystemPath));
                         var readStream = fs.createReadStream(filesystemPath)
                             .on('open', () => {
                                 response.statusCode = 200;
                                 readStream.pipe(response);
                             })
                             .on('error', () => {
                                 response.statusCode = 500;
                                 response.end();
                             });
                     });
                     break;
+            }
         });
     }).listen(config.port, config.address, () => {
         log.info('Server is listening on: ' + config.address + ' and port: ' + config.port + ' whilst serving files from: ' + documentRoot);
     });
 });