node-http-server – Diff between revs 6 and 7

Subversion Repositories:

?pathlinks?

Rev 6 – Rev 8 – Go to most recent revision – Details – Blame – Last modification – View Log

Only display areas with differences – Ignore whitespace

 #!/usr/bin/env node
- ///////////////////////////////////////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////
 //    Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3    //
 ///////////////////////////////////////////////////////////////////////////
 // Import packages.
 const auth = require("http-auth");
 const https = require('https');
+const http = require('http');
 const path = require('path');
 const fs = require('fs');
 const mime = require('mime');
 const url = require('url');
 const moment = require('moment');
 const winston = require('winston');
 const yargs = require('yargs');
 const forge = require('node-forge');
+const dns = require('dns');
 // Get command-line arguments.
 const argv = yargs
     .version()
     .option('root', {
         alias: 'd',
         describe: 'Path to the document root',
         demandOption: true
     })
     .help()
     .argv
 // Configuration file.
+const config = require(
+    path
-const config = require(path.resolve(__dirname, 'config'));
+    .resolve(__dirname, 'config')
+);
 // Check for path traversal.
 function isRooted(userPath, rootPath, separator) {
     userPath = userPath.split(separator).filter(Boolean);
     rootPath = rootPath.split(separator).filter(Boolean);
     return userPath.length >= rootPath.length &&
         rootPath.every((e, i) => e === userPath[i]);
+}
+// Generate certificates on the fly using incremental serials.
-function generateCertificates(name, domain) {
+function generateCertificates(name, domain, size) {
+    // Generate 1024-bit key-pair.
+    const keys = forge
+        .pki
-    // Generate 1024-bit key-pair.
+        .rsa
-    var keys = forge.pki.rsa.generateKeyPair(1024);
+        .generateKeyPair(size);
+    // Create self-signed certificate.
+    const cert = forge
-    // Create self-signed certificate.
+        .pki
+        .createCertificate();
-    var cert = forge.pki.createCertificate();
+    cert.serialNumber = moment().format('x');
+    cert.publicKey = keys.publicKey;
+    cert
-    cert.publicKey = keys.publicKey;
+        .validity
+        .notBefore = moment().toDate();
+    cert
-    cert.validity.notBefore = new Date();
+        .validity
-    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
+        .notAfter
-    cert.setSubject([
+        .setFullYear(
+            cert
-        {
+            .validity
-            name: 'commonName',
+            .notBefore
-            value: domain
+            .getFullYear() + 1
-        },
+        );
-        {
+    cert.setSubject([{
-            name: 'organizationName',
+        name: 'commonName',
-            value: name
+        value: domain
+    }, {
+        name: 'organizationName',
-        }
+        value: name
-    ]);
+    }]);
-    cert.setIssuer([
-        {
+    cert.setIssuer([{
-            name: 'commonName',
+        name: 'commonName',
-            value: name
-        },
+        value: domain
-        {
+    }, {
-            name: 'organizationName',
+        name: 'organizationName',
-            value: name
-        }
+        value: name
-    ]);
+    }]);
+    // Self-sign certificate.
+    cert.sign(
+        keys.privateKey,
+        forge
+        .md
+        .sha256
-    // Self-sign certificate.
+        .create()
-    cert.sign(keys.privateKey);
+    );
     // Return PEM-format keys and certificates.
     return {
+        privateKey: forge
+            .pki
-        privateKey: forge.pki.privateKeyToPem(keys.privateKey),
+            .privateKeyToPem(
+                keys
+                .privateKey
+            ),
+        publicKey: forge
+            .pki
-        publicKey: forge.pki.publicKeyToPem(keys.publicKey),
+            .publicKeyToPem(
+                keys
+                .publicKey
+            ),
+        certificate: forge
+            .pki
-        certificate: forge.pki.certificateToPem(cert)
+            .certificateToPem(cert)
     };
+}
 // Create various logging mechanisms.
 const log = new winston.Logger({
     transports: [
         new winston.transports.File({
             level: 'info',
-            filename: path.resolve(__dirname, config.server_log),
+            filename: path.resolve(__dirname, config.log.file),
             handleExceptions: true,
             json: false,
             maxsize: 1048576, // 1MiB.
             maxFiles: 10, // Ten rotations.
             colorize: false,
             timestamp: () => moment().format('YYYYMMDDTHHmmss')
         }),
         new winston.transports.Console({
             level: 'info',
             handleExceptions: true,
             json: false,
             colorize: true,
             timestamp: () => moment().format('YYYYMMDDTHHmmss')
         })
     ],
     exitOnError: false
 });
+function handleClient(request, response, documentRoot) {
+    const requestAddress = request.socket.address();
+    const requestedURL = url.parse(request.url, true);
+    log.info('Client: ' +
+        requestAddress.address + ':' +
+        requestAddress.port +
+        ' accessing: ' +
+        requestedURL.pathname
+    );
-fs.realpath(argv.root, (error, documentRoot) => {
+    const trimmedPath = requestedURL
+        .pathname
+        .split('/')
+        .filter(Boolean)
+        .join('/');
+    const filesystemPath = trimmedPath === '/' ?
+        path.join(documentRoot, trimmedPath) :
+        path.resolve(documentRoot, trimmedPath);
-    if (error) {
+    if (!isRooted(filesystemPath, documentRoot, path.sep)) {
+        log.warn('Attempted path traversal: ' +
+            requestAddress.address + ':' +
+            requestAddress.port +
+            ' requesting: ' +
+            requestedURL.pathname
+        );
-        log.error('Could not find document root: ' + argv.root);
+        response.statusCode = 403;
+        response.end();
-        process.exit(1);
+        return;
-    }
-    var authentication = auth.digest({
-        realm: "was",
-        file: path.resolve(__dirname, config.password_file)
-    });
-    const certs = generateCertificates("was", 'localhost');
+    }
-    // HTTPs server using digest authentication.
-    https.createServer(authentication, {
+    fs.stat(filesystemPath, (error, stats) => {
-        key: certs.privateKey,
-        cert: certs.certificate,
-    }, (request, response) => {
-        const requestAddress = request.socket.address();
-        const requestedURL = url.parse(request.url, true);
-        log.info('Client: ' + requestAddress.address + ':' + requestAddress.port + ' accessing: ' + requestedURL.pathname);
-        const trimmedPath = requestedURL.pathname.split('/').filter(Boolean).join('/');
-        const filesystemPath = trimmedPath === '/' ?
-            path.join(documentRoot, trimmedPath) :
-            path.resolve(documentRoot, trimmedPath);
-        if (!isRooted(filesystemPath, documentRoot, path.sep)) {
+        // Document does not exist.
-            log.warn('Attempted path traversal: ' + requestAddress.address + ':' + requestAddress.port + ' requesting: ' + requestedURL.pathname);
+        if (error) {
-            response.statusCode = 403;
+            response.statusCode = 404;
             response.end();
             return;
+        }
-        fs.stat(filesystemPath, (error, stats) => {
-            // Document does not exist.
-            if (error) {
-                response.statusCode = 404;
-                response.end();
-                return;
-            }
-            switch (stats.isDirectory()) {
+        switch (stats.isDirectory()) {
-                case true: // Browser requesting directory.
+            case true: // Directory is requested so provide directory indexes.
-                    const documentRoot = path.resolve(filesystemPath, config.default_document);
+                const documentRoot = path.resolve(filesystemPath, config.site.index);
-                    fs.stat(documentRoot, (error, stats) => {
+                fs.stat(documentRoot, (error, stats) => {
-                        if (error) {
+                    if (error) {
-                            fs.readdir(filesystemPath, (error, paths) => {
-                                if (error) {
-                                    log.warn('Could not list directory: ' + filesystemPath);
-                                    response.statusCode = 500;
-                                    response.end();
-                                    return;
-                                }
-                                log.info('Directory listing requested for: ' + filesystemPath);
-                                response.statusCode = 200;
-                                response.write(JSON.stringify(paths));
-                                response.end();
-                            });
-                            return;
-                        }
-                        fs.access(filesystemPath, fs.constants.R_OK, (error) => {
+                        fs.readdir(filesystemPath, (error, paths) => {
                             if (error) {
-                                log.warn('The server was unable to access the filesystem path: ' + filesystemPath);
+                                log.warn('Could not list directory: ' + filesystemPath);
-                                response.statusCode = 403;
+                                response.statusCode = 500;
                                 response.end();
                                 return;
+                            }
-                            // Set MIME content type.
-                            response.setHeader('Content-Type', mime.lookup(documentRoot));
+                            log.info('Directory listing requested for: ' + filesystemPath);
-                            var readStream = fs.createReadStream(documentRoot)
-                                .on('open', () => {
-                                    response.statusCode = 200;
+                            response.statusCode = 200;
-                                    readStream.pipe(response);
+                            response.write(JSON.stringify(paths));
-                                })
-                                .on('error', () => {
-                                    response.statusCode = 500;
-                                    response.end();
+                            response.end();
-                                });
                         });
-                    });
+                        return;
-                    break;
-                default: // Browser requesting file.
+                    }
                     // Check if the file is accessible.
                     fs.access(filesystemPath, fs.constants.R_OK, (error) => {
+                        if (error) {
-                        if (error) {
+                            log.warn('The server was unable to access the filesystem path: ' + filesystemPath);
                             response.statusCode = 403;
                             response.end();
                             return;
+                        }
+                        // Set MIME content type.
-                        response.setHeader('Content-Type', mime.lookup(filesystemPath));
+                        response.setHeader('Content-Type', mime.lookup(documentRoot));
-                        var readStream = fs.createReadStream(filesystemPath)
+                        var readStream = fs.createReadStream(documentRoot)
                             .on('open', () => {
                                 response.statusCode = 200;
                                 readStream.pipe(response);
                             })
                             .on('error', () => {
                                 response.statusCode = 500;
                                 response.end();
                             });
                     });
-                    break;
-            }
-        });
+                });
+                break;
+            default: // Browser requesting file.
+                // Check if the file is accessible.
+                fs.access(filesystemPath, fs.constants.R_OK, (error) => {
+                    if (error) {
+                        response.statusCode = 403;
+                        response.end();
+                        return;
+                    }
+                    response.setHeader('Content-Type', mime.lookup(filesystemPath));
+                    var readStream = fs.createReadStream(filesystemPath)
+                        .on('open', () => {
+                            response.statusCode = 200;
+                            readStream.pipe(response);
+                        })
+                        .on('error', () => {
+                            response.statusCode = 500;
+                            response.end();
+                        });
+                });
+                break;
+        }
+    });
+}
+fs.realpath(argv.root, (error, documentRoot) => {
-    }).listen(config.port, config.address, () => {
+    if (error) {
+        log.error('Could not find document root: ' + argv.root);
+        process.exit(1);
+    }
+    // Create digest authentication.
+    const authentication = auth.digest({
+        realm: config.auth.realm,
-        log.info('Server is listening on: ' + config.address + ' and port: ' + config.port + ' whilst serving files from: ' + documentRoot);
+        file: path.resolve(__dirname, config.auth.digest)
+    });
+    // Start HTTP server.
+    http.createServer(
+        // authentication,
+        (request, response) =>
+        handleClient(request, response, documentRoot)
+    ).listen(config.net.port, config.net.address, () => {
+        log.info('HTTP Server is listening on: ' +
+            config.net.address +
+            ' and port: ' +
+            config.net.port +
+            ' whilst serving files from: ' +
+            documentRoot
+        );
+    });
+    // Start HTTPs server if enabled.
+    config.ssl.enable && (() => {
+        // Generate certificates for HTTPs.
+        const certs = generateCertificates(
+            config.site.name,
+            config.net.address,
+            config.ssl.privateKeySize
+        );
+        https.createServer(
+            // authentication,
+            {
+                key: certs.privateKey,
+                cert: certs.certificate,
+            },
+            (request, response) =>
+            handleClient(request, response, documentRoot)
+        ).listen(config.ssl.port, config.ssl.address, () => {
+            // Print information on server startup.
+            log.info('HTTPs Server is listening on: ' +
+                config.net.address +
+                ' and port: ' +
+                config.net.port +
+                ' whilst serving files from: ' +
+                documentRoot
+            );
+        });
+    })();
     });
 });