diff --git a/meshcentral.js b/meshcentral.js index 22aa70bbdf..9c57d040c9 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -618,7 +618,7 @@ function CreateMeshCentralServer(config, args) { obj.performServerUpdate = function (version) { if (obj.serverSelfWriteAllowed != true) return false; if ((version == null) || (version == '') || (typeof version != 'string')) { console.log('Starting self upgrade...'); } else { console.log('Starting self upgrade to: ' + version); } - process.exit(200); + process.exit(200); return true; }; @@ -648,7 +648,7 @@ function CreateMeshCentralServer(config, args) { // Get new instance of the client const vault = require("node-vault")({ endpoint: obj.args.vault.endpoint, token: obj.args.vault.token }); vault.unseal({ key: obj.args.vault.unsealkey }) - .then(function() { + .then(function () { if (obj.args.vaultdeleteconfigfiles) { vault.delete('secret/data/' + obj.args.vault.name) .then(function (r) { console.log('Done.'); process.exit(); }) @@ -764,7 +764,7 @@ function CreateMeshCentralServer(config, args) { } // Check top level configuration for any unrecognized values - if (config) { for (var i in config) { if ((typeof i == 'string') && (i.length > 0) && (i[0] != '_') && (['settings', 'domaindefaults', 'domains', 'configfiles', 'smtp', 'letsencrypt', 'peers', 'sms', 'messaging', 'sendgrid', 'sendmail', 'firebase', 'firebaserelay', '$schema'].indexOf(i) == -1)) { addServerWarning('Unrecognized configuration option \"' + i + '\".', 3, [ i ]); } } } + if (config) { for (var i in config) { if ((typeof i == 'string') && (i.length > 0) && (i[0] != '_') && (['settings', 'domaindefaults', 'domains', 'configfiles', 'smtp', 'letsencrypt', 'peers', 'sms', 'messaging', 'sendgrid', 'sendmail', 'firebase', 'firebaserelay', '$schema'].indexOf(i) == -1)) { addServerWarning('Unrecognized configuration option \"' + i + '\".', 3, [i]); } } } // Read IP lists from files if applicable config.settings.userallowedip = obj.args.userallowedip = readIpListFromFile(obj.args.userallowedip); @@ -867,10 +867,10 @@ function CreateMeshCentralServer(config, args) { delete user.phone; delete user.otpekey; delete user.otpsecret; delete user.otpkeys; delete user.otphkeys; delete user.otpdev; delete user.otpsms; delete user.otpmsg; // Disable 2FA delete user.msghandle; // Disable users 2fa messaging too var config = getConfig(false); - if(config.domains[user.domain].auth || config.domains[user.domain].authstrategies){ + if (config.domains[user.domain].auth || config.domains[user.domain].authstrategies) { console.log('This users domain has external authentication methods enabled so the password will not be changed if you set one') obj.db.Set(user, function () { console.log("Done."); process.exit(); return; }); - }else{ + } else { if (obj.args.hashpass && (typeof obj.args.hashpass == 'string')) { // Reset an account using a pre-hashed password. Use --hashpassword to pre-hash a password. var hashpasssplit = obj.args.hashpass.split(','); @@ -878,14 +878,14 @@ function CreateMeshCentralServer(config, args) { user.salt = hashpasssplit[0]; user.hash = hashpasssplit[1]; obj.db.Set(user, function () { console.log("Done. This command will only work if MeshCentral is stopped."); process.exit(); return; }); - } else if(obj.args.pass && (typeof obj.args.pass == 'string')) { + } else if (obj.args.pass && (typeof obj.args.pass == 'string')) { // Hash the password and reset the account. require('./pass').hash(String(obj.args.pass), user.salt, function (err, hash, tag) { if (err) { console.log("Unable to reset password: " + err); process.exit(); return; } user.hash = hash; obj.db.Set(user, function () { console.log("Done."); process.exit(); return; }); }, 0); - }else{ + } else { console.log('Not setting a users password'); obj.db.Set(user, function () { console.log("Done."); process.exit(); return; }); } @@ -1107,7 +1107,7 @@ function CreateMeshCentralServer(config, args) { for (var j in doc) { if (j.indexOf('.') >= 0) { console.log("Invalid field name (" + j + ") in document: " + json[i]); return; } } //if ((json[i].type == 'ifinfo') && (json[i].netif2 != null)) { for (var j in json[i].netif2) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].netif2[esc] = json[i].netif2[j]; delete json[i].netif2[j]; } } } //if ((json[i].type == 'mesh') && (json[i].links != null)) { for (var j in json[i].links) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].links[esc] = json[i].links[j]; delete json[i].links[j]; } } } - } + } //for (i in json) { if ((json[i].type == "node") && (json[i].host != null)) { json[i].rname = json[i].host; delete json[i].host; } } // DEBUG: Change host to rname setTimeout(function () { // If the Mongo database is being created for the first time, there is a race condition here. This will get around it. obj.db.RemoveAll(function () { @@ -1386,7 +1386,7 @@ function CreateMeshCentralServer(config, args) { if (i == '') { addServerWarning("Unable to load Intel AMT TLS root certificate for default domain.", 5); } else { - addServerWarning("Unable to load Intel AMT TLS root certificate for domain " + i + ".", 6, [ i ]); + addServerWarning("Unable to load Intel AMT TLS root certificate for domain " + i + ".", 6, [i]); } } } @@ -2156,7 +2156,7 @@ function CreateMeshCentralServer(config, args) { // Update the server state obj.updateServerState('state', "stopped"); }; - + // Event Dispatch obj.AddEventDispatch = function (ids, target) { obj.debug('dispatch', 'AddEventDispatch', ids); @@ -2478,7 +2478,7 @@ function CreateMeshCentralServer(config, args) { if (connectType == 1) { state.agentPower = powerState; } else if (connectType == 2) { state.ciraPower = powerState; } else if (connectType == 4) { state.amtPower = powerState; } var powerState = 0, oldPowerState = state.powerState; if ((state.connectivity & 1) != 0) { powerState = state.agentPower; } else if ((state.connectivity & 2) != 0) { powerState = state.ciraPower; } else if ((state.connectivity & 4) != 0) { powerState = state.amtPower; } - if ((state.powerState == null)|| (state.powerState == undefined) || (state.powerState != powerState)) { + if ((state.powerState == null) || (state.powerState == undefined) || (state.powerState != powerState)) { state.powerState = powerState; eventConnectChange = 1; @@ -2522,7 +2522,7 @@ function CreateMeshCentralServer(config, args) { if (connectType == 1) { state.agentPower = powerState; } else if (connectType == 2) { state.ciraPower = powerState; } else if (connectType == 4) { state.amtPower = powerState; } var powerState = 0, oldPowerState = state.powerState; if ((state.connectivity & 1) != 0) { powerState = state.agentPower; } else if ((state.connectivity & 2) != 0) { powerState = state.ciraPower; } else if ((state.connectivity & 4) != 0) { powerState = state.amtPower; } - if ((state.powerState == null)|| (state.powerState == undefined) || (state.powerState != powerState)) { + if ((state.powerState == null) || (state.powerState == undefined) || (state.powerState != powerState)) { state.powerState = powerState; eventConnectChange = 1; @@ -2664,7 +2664,7 @@ function CreateMeshCentralServer(config, args) { if (obj.fs.existsSync(obj.path.join(meshcorePath, 'meshcore.js')) == false) { meshcorePath = obj.path.join(__dirname, 'agents'); if (obj.fs.existsSync(obj.path.join(meshcorePath, 'meshcore.js')) == false) { - obj.defaultMeshCores = obj.defaultMeshCoresHash = { }; if (func != null) { func(false); } // meshcore.js not found + obj.defaultMeshCores = obj.defaultMeshCoresHash = {}; if (func != null) { func(false); } // meshcore.js not found } } @@ -2730,7 +2730,7 @@ function CreateMeshCentralServer(config, args) { // We are adding a JS file to the meshcores var moduleName = modulesDir[i].substring(0, modulesDir[i].length - 3); if (moduleName.endsWith('.min')) { moduleName = moduleName.substring(0, moduleName.length - 4); } // Remove the ".min" for ".min.js" files. - const moduleData = [ 'try { addModule("', moduleName, '", "', obj.escapeCodeString(obj.fs.readFileSync(obj.path.join(moduleDirPath, modulesDir[i])).toString('binary')), '"); addedModules.push("', moduleName, '"); } catch (ex) { }\r\n' ]; + const moduleData = ['try { addModule("', moduleName, '", "', obj.escapeCodeString(obj.fs.readFileSync(obj.path.join(moduleDirPath, modulesDir[i])).toString('binary')), '"); addedModules.push("', moduleName, '"); } catch (ex) { }\r\n']; // Merge this module // NOTE: "smbios" module makes some non-AI Linux segfault, only include for IA platforms. @@ -2959,7 +2959,7 @@ function CreateMeshCentralServer(config, args) { } catch (ex) { } } }; - + // List of possible mesh agents obj.meshAgentsArchitectureNumbers = { 0: { id: 0, localname: 'Unknown', rname: 'meshconsole.exe', desc: 'Unknown agent', update: false, amt: true, platform: 'unknown', core: 'linux-noamt', rcore: 'linux-recovery', arcore: 'linux-agentrecovery', tcore: 'linux-tiny' }, @@ -3205,7 +3205,7 @@ function CreateMeshCentralServer(config, args) { console.log(obj.common.format('Code signed {0}.', agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname)); } else { // Failed to sign agent - addServerWarning('Failed to sign \"' + agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname + '\": ' + err, 22, [ agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname, err ]); + addServerWarning('Failed to sign \"' + agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname + '\": ' + err, 22, [agentSignedFunc.objx.meshAgentsArchitectureNumbers[agentSignedFunc.archid].localname, err]); } if (--pendingOperations === 0) { agentSignedFunc.func(); } } @@ -3759,7 +3759,7 @@ function CreateMeshCentralServer(config, args) { try { const d = new Date(), month = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'][d.getMonth()]; str = month + ' ' + d.getDate() + ' ' + obj.common.zeroPad(d.getHours(), 2) + ':' + obj.common.zeroPad(d.getMinutes(), 2) + ':' + d.getSeconds() + ' meshcentral ' + server + '[' + process.pid + ']: ' + msg + ((obj.platform == 'win32') ? '\r\n' : '\n'); - obj.fs.write(obj.authlogfile, str, function (err, written, string) { if (err) {console.error(err); } }); + obj.fs.write(obj.authlogfile, str, function (err, written, string) { if (err) { console.error(err); } }); } catch (ex) { console.error(ex); } } } @@ -3858,7 +3858,7 @@ function InstallModules(modules, args, func) { missingModules.push(moduleNameAndVersion); } } - + if (missingModules.length > 0) { if (args.debug) { console.log('Missing Modules: ' + missingModules.join(', ')); } InstallModuleEx(missingModules, args, func); } else { func(); } } } @@ -4007,11 +4007,11 @@ function mainStart() { if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); } if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); } if ((typeof config.domains[i].authstrategies.oidc == 'object') && (passport.indexOf('openid-client') == -1)) { - if ((nodeVersion >= 17) - || ((Math.floor(nodeVersion) == 16) && (nodeVersion >= 16.13)) - || ((Math.floor(nodeVersion) == 14) && (nodeVersion >= 14.15)) - || ((Math.floor(nodeVersion) == 12) && (nodeVersion >= 12.19))) { - passport.push('openid-client'); + if ((nodeVersion >= 17) + || ((Math.floor(nodeVersion) == 16) && (nodeVersion >= 16.13)) + || ((Math.floor(nodeVersion) == 14) && (nodeVersion >= 14.15)) + || ((Math.floor(nodeVersion) == 12) && (nodeVersion >= 12.19))) { + passport.push('openid-client'); } else { addServerWarning('This NodeJS version does not support OpenID Connect on MeshCentral.', 25); delete config.domains[i].authstrategies.oidc; @@ -4026,7 +4026,7 @@ function mainStart() { // Build the list of required modules // NOTE: ALL MODULES MUST HAVE A VERSION NUMBER AND THE VERSION MUST MATCH THAT USED IN Dockerfile - var modules = ['archiver@7.0.0','body-parser@1.20.2','cbor@5.2.0','compression@1.7.4','cookie-session@2.0.0','express@4.18.2','express-handlebars@5.3.5','express-ws@4.0.0','ipcheck@0.1.0','minimist@1.2.8','multiparty@4.2.3','@yetzt/nedb','node-forge@1.3.1','ua-parser-js@1.0.37','ws@8.14.2','yauzl@2.10.0']; + var modules = ['archiver@7.0.0', 'body-parser@1.20.2', 'cbor@5.2.0', 'compression@1.7.4', 'cookie-session@2.0.0', 'express@4.18.2', 'express-handlebars@5.3.5', 'express-ws@4.0.0', 'ipcheck@0.1.0', 'minimist@1.2.8', 'multiparty@4.2.3', '@yetzt/nedb', 'node-forge@1.3.1', 'ua-parser-js@1.0.37', 'ws@8.14.2', 'yauzl@2.10.0']; if (require('os').platform() == 'win32') { modules.push('node-windows@0.1.14'); modules.push('loadavg-windows@1.1.1'); if (sspi == true) { modules.push('node-sspi@0.2.10'); } } // Add Windows modules if (ldap == true) { modules.push('ldapauth-fork@5.0.5'); } if (ssh == true) { modules.push('ssh2@1.15.0'); } diff --git a/webserver.js b/webserver.js index f2531d41b3..85cb735c6d 100644 --- a/webserver.js +++ b/webserver.js @@ -2841,7 +2841,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF // User credentials are being passed in the URL. WARNING: Putting credentials in a URL is bad security... but people are requesting this option. obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) { // 2FA is not supported in URL authentication method. If user has 2FA enabled, this login method fails. - var user = obj.users[userid]; + var user = obj.users[userid]; if ((err == null) && checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) { handleRootRequestEx(req, res, domain, direct); } else if ((userid != null) && (err == null)) { @@ -5899,11 +5899,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF zipfile.readEntry(); }); }); - } else if (entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/meshagent_osx64_LaunchAgent.plist' || + } else if (entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/meshagent_osx64_LaunchAgent.plist' || entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/meshagent_osx64_LaunchDaemon.plist' || entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/Info.plist' || entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/Resources/postflight' || - entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/Resources/Postflight.sh' || + entry.fileName == 'MeshAgent.mpkg/Contents/Packages/internal.pkg/Contents/Resources/Postflight.sh' || entry.fileName == 'MeshAgent.mpkg/Uninstall.command') { // This is a special file entry, we need to fix it. zipfile.openReadStream(entry, function (err, readStream) { @@ -5915,7 +5915,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF zipfile.readEntry(); }); }); - + }); + } else { // Normal file entry zipfile.openReadStream(entry, function (err, readStream) { @@ -6600,18 +6601,18 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF obj.app.post(url + 'pluginadmin.ashx', obj.bodyParser.urlencoded({ extended: false }), obj.handlePluginAdminPostReq); obj.app.get(url + 'pluginHandler.js', obj.handlePluginJS); } - + // New account CAPTCHA request if ((domain.newaccountscaptcha != null) && (domain.newaccountscaptcha !== false)) { obj.app.get(url + 'newAccountCaptcha.ashx', handleNewAccountCaptchaRequest); } - + // Check CrowdSec Bounser if configured if (parent.crowdSecBounser != null) { obj.app.get(url + 'captcha.ashx', handleCaptchaGetRequest); obj.app.post(url + 'captcha.ashx', obj.bodyParser.urlencoded({ extended: false }), handleCaptchaPostRequest); } - + // Setup IP-KVM relay if supported if (domain.ipkvm) { obj.app.ws(url + 'ipkvm.ashx/*', function (ws, req) { @@ -6625,7 +6626,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF parent.ipKvmManager.handleIpKvmGet(domain, req, res, next); }); } - + // Setup RDP unless indicated as disabled if (domain.mstsc !== false) { obj.app.get(url + 'mstsc.html', function (req, res) { handleMSTSCRequest(req, res, 'mstsc'); }); @@ -6637,7 +6638,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF try { require('./apprelays.js').CreateMstscRelay(obj, obj.db, ws, req, obj.args, domain); } catch (ex) { console.log(ex); } }); } - + // Setup SSH if needed if (domain.ssh === true) { obj.app.get(url + 'ssh.html', function (req, res) { handleMSTSCRequest(req, res, 'ssh'); }); @@ -6659,7 +6660,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF }); }); } - + // Setup firebase push only server if ((obj.parent.firebase != null) && (obj.parent.config.firebase)) { if (obj.parent.config.firebase.pushrelayserver) { parent.debug('email', 'Firebase-pushrelay-handler'); obj.app.post(url + 'firebaserelay.aspx', obj.bodyParser.urlencoded({ extended: false }), handleFirebasePushOnlyRelayRequest); } @@ -6812,10 +6813,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF }, handleStrategyLogin); } } - + // Server redirects if (parent.config.domains[i].redirects) { for (var j in parent.config.domains[i].redirects) { if (j[0] != '_') { obj.app.get(url + j, obj.handleDomainRedirect); } } } - + // Server picture obj.app.get(url + 'serverpic.ashx', function (req, res) { // Check if we have "server.jpg" in the data folder, if so, use that. @@ -6843,7 +6844,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } } }); - + // Receive mesh agent connections obj.app.ws(url + 'agent.ashx', function (ws, req) { var domain = checkAgentIpAddress(ws, req); @@ -6852,7 +6853,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF //console.log('Agent connect: ' + req.clientIp); try { obj.meshAgentHandler.CreateMeshAgent(obj, obj.db, ws, req, obj.args, domain); } catch (e) { console.log(e); } }); - + // Setup MQTT broker over websocket if (obj.parent.mqttbroker != null) { obj.app.ws(url + 'mqtt.ashx', function (ws, req) { @@ -6868,11 +6869,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF obj.parent.mqttbroker.handle(serialtunnel); // Pass socket wrapper to MQTT broker }); } - + // Setup any .well-known folders var p = obj.parent.path.join(obj.parent.datapath, '.well-known' + ((parent.config.domains[i].id == '') ? '' : ('-' + parent.config.domains[i].id))); if (obj.parent.fs.existsSync(p)) { obj.app.use(url + '.well-known', obj.express.static(p)); } - + // Setup the alternative agent-only port if (obj.agentapp) { // Receive mesh agent connections on alternate port @@ -6882,7 +6883,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF if (domain.agentkey && ((req.query.key == null) || (domain.agentkey.indexOf(req.query.key) == -1))) { return; } // If agent key is required and not provided or not valid, just hold the websocket and do nothing. try { obj.meshAgentHandler.CreateMeshAgent(obj, obj.db, ws, req, obj.args, domain); } catch (e) { console.log(e); } }); - + // Setup mesh relay on alternative agent-only port obj.agentapp.ws(url + 'meshrelay.ashx', function (ws, req) { PerformWSSessionAuth(ws, req, true, function (ws1, req1, domain, user, cookie, authData) { @@ -6893,41 +6894,41 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } }); }); - + // Allows agents to transfer files obj.agentapp.ws(url + 'devicefile.ashx', function (ws, req) { obj.meshDeviceFileHandler.CreateMeshDeviceFile(obj, ws, null, req, domain); }); - + // Setup agent to/from server file transfer handler obj.agentapp.ws(url + 'agenttransfer.ashx', handleAgentFileTransfer); // Setup agent to/from server file transfer handler - + // Setup agent downloads for meshcore updates obj.agentapp.get(url + 'meshagents', obj.handleMeshAgentRequest); } - + // Setup web relay on this web server if needed // We set this up when a DNS name is used as a web relay instead of a port if (obj.args.relaydns != null) { obj.webRelayRouter = require('express').Router(); - + // This is the magic URL that will setup the relay session obj.webRelayRouter.get('/control-redirect.ashx', function (req, res, next) { if (obj.args.relaydns.indexOf(req.hostname) == -1) { res.sendStatus(404); return; } if ((req.session.userid == null) && obj.args.user && obj.users['user//' + obj.args.user.toLowerCase()]) { req.session.userid = 'user//' + obj.args.user.toLowerCase(); } // Use a default user if needed res.set({ 'Cache-Control': 'no-store' }); parent.debug('web', 'webRelaySetup'); - + // Decode the relay cookie if (req.query.c == null) { res.sendStatus(404); return; } - + // Decode and check if this relay cookie is valid var userid, domainid, domain, nodeid, addr, port, appid, webSessionId, expire, publicid; const urlCookie = obj.parent.decodeCookie(req.query.c, parent.loginCookieEncryptionKey, 32); // Allow cookies up to 32 minutes old. The web page will renew this cookie every 30 minutes. if (urlCookie == null) { res.sendStatus(404); return; } - + // Decode the incoming cookie if ((urlCookie.ruserid != null) && (urlCookie.x != null)) { if (parent.webserver.destroyedSessions[urlCookie.ruserid + '/' + urlCookie.x] != null) { res.sendStatus(404); return; } - + // This is a standard user, figure out what our web relay will be. if (req.session.x != urlCookie.x) { req.session.x = urlCookie.x; } // Set the sessionid if missing if (req.session.userid != urlCookie.ruserid) { req.session.userid = urlCookie.ruserid; } // Set the session userid if missing @@ -6940,7 +6941,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF port = parseInt(req.query.p); appid = parseInt(req.query.appid); webSessionId = req.session.userid + '/' + req.session.x; - + // Check that all the required arguments are present if ((req.session.userid == null) || (req.session.x == null) || (req.query.n == null) || (req.query.p == null) || (parent.webserver.destroyedSessions[webSessionId] != null) || ((req.query.appid != 1) && (req.query.appid != 2))) { res.redirect('/'); return; } } else if (urlCookie.r == 8) { @@ -6960,10 +6961,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF expire = urlCookie.expire; if ((expire != null) && (expire <= Date.now())) { parent.debug('webrelay', 'expired link'); res.sendStatus(404); return; } } - + // No session identifier was setup, exit now if (webSessionId == null) { res.sendStatus(404); return; } - + // Check that we have an exact session on any of the relay DNS names var xrelaySessionId, xrelaySession, freeRelayHost, oldestRelayTime, oldestRelayHost; for (var hostIndex in obj.args.relaydns) { @@ -6987,7 +6988,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } return; } - + // Keep a record of the oldest web relay session, this could be useful. if (oldestRelayHost == null) { // Oldest host not set yet, set it @@ -7002,12 +7003,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } } } - + // Check that the user has rights to access this device parent.webserver.GetNodeWithRights(domain, userid, nodeid, function (node, rights, visible) { // If there is no remote control or relay rights, reject this web relay if ((rights & 0x00200008) == 0) { res.sendStatus(404); return; } // MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY - + // Check if there is a free relay DNS name we can use var selectedHost = null; if (freeRelayHost != null) { @@ -7018,12 +7019,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF selectedHost = oldestRelayHost; } xrelaySessionId = webSessionId + '/' + selectedHost; - + if (selectedHost == req.hostname) { // If this web relay session id is not free, close it now xrelaySession = webRelaySessions[xrelaySessionId]; if (xrelaySession != null) { xrelaySession.close(); delete webRelaySessions[xrelaySessionId]; } - + // Create a web relay session const relaySession = require('./apprelays.js').CreateWebRelaySession(obj, db, req, args, domain, userid, nodeid, addr, port, appid, xrelaySessionId, expire, node.mtype); relaySession.xpublicid = publicid; @@ -7033,13 +7034,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF // If there are not more relay sessions, clear the cleanup timer if ((Object.keys(webRelaySessions).length == 0) && (obj.cleanupTimer != null)) { clearInterval(webRelayCleanupTimer); obj.cleanupTimer = null; } } - + // Set the multi-tunnel session webRelaySessions[xrelaySessionId] = relaySession; - + // Setup the cleanup timer if needed if (obj.cleanupTimer == null) { webRelayCleanupTimer = setInterval(checkWebRelaySessionsTimeout, 10000); } - + // Redirect to root. res.redirect('/'); } else { @@ -7054,26 +7055,26 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } }); }); - + // Handle all incoming requests as web relays obj.webRelayRouter.get('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) - + // Handle all incoming requests as web relays obj.webRelayRouter.post('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) - + // Handle all incoming requests as web relays obj.webRelayRouter.put('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) - + // Handle all incoming requests as web relays obj.webRelayRouter.delete('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) - + // Handle all incoming requests as web relays obj.webRelayRouter.options('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) - + // Handle all incoming requests as web relays obj.webRelayRouter.head('/*', function (req, res) { try { handleWebRelayRequest(req, res); } catch (ex) { console.log(ex); } }) } - + // Indicates to ExpressJS that the override public folder should be used to serve static files. if (parent.config.domains[i].webpublicpath != null) { // Use domain public path @@ -7082,10 +7083,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF // Use override path obj.app.use(url, obj.express.static(obj.parent.webPublicOverridePath)); } - + // Indicates to ExpressJS that the default public folder should be used to serve static files. obj.app.use(url, obj.express.static(obj.parent.webPublicPath)); - + // Start regular disconnection list flush every 2 minutes. obj.wsagentsDisconnectionsTimer = setInterval(function () { obj.wsagentsDisconnections = {}; }, 120000); } @@ -7329,7 +7330,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF if (typeof strategy.custom.tenant_id == 'string') { strategy.custom.preset = preset = 'azure' } if (strategy.custom.customer_id || strategy.custom.identitysource || strategy.client.client_id.split('.')[2] == 'googleusercontent') { strategy.custom.preset = preset = 'google' } } - + // Check issuer url let presetIssuer if (preset == 'azure') { presetIssuer = 'https://login.microsoftonline.com/' + strategy.custom.tenant_id + '/v2.0'; }