mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 22:25:52 -05:00
Added first support for running state-less.
This commit is contained in:
parent
6cc21f5709
commit
0ed26d55cf
@ -14,9 +14,10 @@
|
||||
/*jshint esversion: 6 */
|
||||
"use strict";
|
||||
|
||||
module.exports.CertificateOperations = function () {
|
||||
module.exports.CertificateOperations = function (parent) {
|
||||
var obj = {};
|
||||
|
||||
obj.parent = parent;
|
||||
obj.fs = require("fs");
|
||||
obj.forge = require("node-forge");
|
||||
obj.crypto = require("crypto");
|
||||
@ -24,7 +25,6 @@ module.exports.CertificateOperations = function () {
|
||||
obj.pki = obj.forge.pki;
|
||||
obj.dirExists = function (filePath) { try { return obj.fs.statSync(filePath).isDirectory(); } catch (err) { return false; } };
|
||||
obj.getFilesizeInBytes = function (filename) { try { return obj.fs.statSync(filename).size; } catch (err) { return -1; } };
|
||||
obj.fileExists = function (filePath) { try { return obj.fs.statSync(filePath).isFile(); } catch (err) { return false; } };
|
||||
|
||||
// Return the certificate of the remote HTTPS server
|
||||
obj.loadCertificate = function (url, tag, func) {
|
||||
@ -51,6 +51,22 @@ module.exports.CertificateOperations = function () {
|
||||
} else { func(url, null, tag); }
|
||||
};
|
||||
|
||||
// Check if a configuration file exists
|
||||
obj.fileExists = function (filename) {
|
||||
if ((parent.configurationFiles != null) && (parent.configurationFiles[filename] != null)) { return true; }
|
||||
var filePath = parent.getConfigFilePath(filename);
|
||||
try { return obj.fs.statSync(filePath).isFile(); } catch (err) { return false; }
|
||||
};
|
||||
|
||||
// Load a configuration file
|
||||
obj.fileLoad = function (filename, encoding) {
|
||||
if ((parent.configurationFiles != null) && (parent.configurationFiles[filename] != null)) {
|
||||
return fixEndOfLines(parent.configurationFiles[filename].toString());
|
||||
} else {
|
||||
return fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath(filename), encoding));
|
||||
}
|
||||
}
|
||||
|
||||
// Return the SHA384 hash of the certificate public key
|
||||
obj.getPublicKeyHash = function (cert) {
|
||||
var publickey = obj.pki.certificateFromPem(cert).publicKey;
|
||||
@ -156,7 +172,7 @@ module.exports.CertificateOperations = function () {
|
||||
}
|
||||
|
||||
// Returns the web server TLS certificate and private key, if not present, create demonstration ones.
|
||||
obj.GetMeshServerCertificate = function (parent, args, config, func) {
|
||||
obj.GetMeshServerCertificate = function (args, config, func) {
|
||||
var i = 0;
|
||||
var certargs = args.cert;
|
||||
var mpscertargs = args.mpscert;
|
||||
@ -174,54 +190,54 @@ module.exports.CertificateOperations = function () {
|
||||
var rcount = 0;
|
||||
|
||||
// If the root certificate already exist, load it
|
||||
if (obj.fileExists(parent.getConfigFilePath("root-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("root-cert-private.key"))) {
|
||||
var rootCertificate = fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("root-cert-public.crt"), "utf8"));
|
||||
var rootPrivateKey = fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("root-cert-private.key"), "utf8"));
|
||||
if (obj.fileExists("root-cert-public.crt") && obj.fileExists("root-cert-private.key")) {
|
||||
var rootCertificate = obj.fileLoad("root-cert-public.crt", "utf8");
|
||||
var rootPrivateKey = obj.fileLoad("root-cert-private.key", "utf8");
|
||||
r.root = { cert: rootCertificate, key: rootPrivateKey };
|
||||
rcount++;
|
||||
}
|
||||
|
||||
if (args.tlsoffload) {
|
||||
// If the web certificate already exist, load it. Load just the certificate since we are in TLS offload situation
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-cert-public.crt"))) {
|
||||
r.web = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8")) };
|
||||
if (obj.fileExists("webserver-cert-public.crt")) {
|
||||
r.web = { cert: obj.fileLoad("webserver-cert-public.crt", "utf8") };
|
||||
rcount++;
|
||||
}
|
||||
} else {
|
||||
// If the web certificate already exist, load it. Load both certificate and private key
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("webserver-cert-private.key"))) {
|
||||
r.web = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-private.key"), "utf8")) };
|
||||
if (obj.fileExists("webserver-cert-public.crt") && obj.fileExists("webserver-cert-private.key")) {
|
||||
r.web = { cert: obj.fileLoad("webserver-cert-public.crt", "utf8"), key: obj.fileLoad("webserver-cert-private.key", "utf8") };
|
||||
rcount++;
|
||||
}
|
||||
}
|
||||
|
||||
// If the mps certificate already exist, load it
|
||||
if (obj.fileExists(parent.getConfigFilePath("mpsserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("mpsserver-cert-private.key"))) {
|
||||
r.mps = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-public.crt")), "utf8"), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("mpsserver-cert-private.key"), "utf8")) };
|
||||
if (obj.fileExists("mpsserver-cert-public.crt") && obj.fileExists("mpsserver-cert-private.key")) {
|
||||
r.mps = { cert: obj.fileLoad("mpsserver-cert-public.crt", "utf8"), key: obj.fileLoad("mpsserver-cert-private.key", "utf8") };
|
||||
rcount++;
|
||||
}
|
||||
|
||||
// If the agent certificate already exist, load it
|
||||
if (obj.fileExists(parent.getConfigFilePath("agentserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("agentserver-cert-private.key"))) {
|
||||
r.agent = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-public.crt")), "utf8"), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("agentserver-cert-private.key"), "utf8")) };
|
||||
if (obj.fileExists("agentserver-cert-public.crt") && obj.fileExists("agentserver-cert-private.key")) {
|
||||
r.agent = { cert: obj.fileLoad("agentserver-cert-public.crt", "utf8"), key: obj.fileLoad("agentserver-cert-private.key", "utf8") };
|
||||
rcount++;
|
||||
}
|
||||
|
||||
// If the swarm server certificate exist, load it (This is an optional certificate)
|
||||
if (obj.fileExists(parent.getConfigFilePath("swarmserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("swarmserver-cert-private.key"))) {
|
||||
r.swarmserver = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8")) };
|
||||
if (obj.fileExists("swarmserver-cert-public.crt") && obj.fileExists("swarmserver-cert-private.key")) {
|
||||
r.swarmserver = { cert: obj.fileLoad("swarmserver-cert-public.crt", "utf8"), key: obj.fileLoad("swarmserver-cert-private.key", "utf8") };
|
||||
}
|
||||
|
||||
// If the swarm server root certificate exist, load it (This is an optional certificate)
|
||||
if (obj.fileExists(parent.getConfigFilePath("swarmserverroot-cert-public.crt"))) {
|
||||
r.swarmserverroot = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8")) };
|
||||
if (obj.fileExists("swarmserverroot-cert-public.crt")) {
|
||||
r.swarmserverroot = { cert: obj.fileLoad("swarmserverroot-cert-public.crt", "utf8") };
|
||||
}
|
||||
|
||||
// If CA certificates are present, load them
|
||||
do {
|
||||
caok = false;
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"))) {
|
||||
calist.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8")));
|
||||
if (obj.fileExists("webserver-cert-chain" + caindex + ".crt")) {
|
||||
calist.push(obj.fileLoad("webserver-cert-chain" + caindex + ".crt", "utf8"));
|
||||
caok = true;
|
||||
}
|
||||
caindex++;
|
||||
@ -259,24 +275,24 @@ module.exports.CertificateOperations = function () {
|
||||
dnsname = config.domains[i].dns;
|
||||
if (args.tlsoffload) {
|
||||
// If the web certificate already exist, load it. Load just the certificate since we are in TLS offload situation
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"))) {
|
||||
r.dns[i] = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8")) };
|
||||
if (obj.fileExists("webserver-" + i + "-cert-public.crt")) {
|
||||
r.dns[i] = { cert: obj.fileLoad("webserver-" + i + "-cert-public.crt", "utf8") };
|
||||
config.domains[i].certs = r.dns[i];
|
||||
} else {
|
||||
console.log("WARNING: File \"webserver-" + i + "-cert-public.crt\" missing, domain \"" + i + "\" will not work correctly.");
|
||||
}
|
||||
} else {
|
||||
// If the web certificate already exist, load it. Load both certificate and private key
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-private.key"))) {
|
||||
r.dns[i] = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-private.key"), "utf8")) };
|
||||
if (obj.fileExists("webserver-" + i + "-cert-public.crt") && obj.fileExists("webserver-" + i + "-cert-private.key")) {
|
||||
r.dns[i] = { cert: obj.fileLoad("webserver-" + i + "-cert-public.crt", "utf8"), key: obj.fileLoad("webserver-" + i + "-cert-private.key", "utf8") };
|
||||
config.domains[i].certs = r.dns[i];
|
||||
// If CA certificates are present, load them
|
||||
caindex = 1;
|
||||
r.dns[i].ca = [];
|
||||
do {
|
||||
caok = false;
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"))) {
|
||||
r.dns[i].ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8")));
|
||||
if (obj.fileExists("webserver-" + i + "-cert-chain" + caindex + ".crt")) {
|
||||
r.dns[i].ca.push(obj.fileLoad("webserver-" + i + "-cert-chain" + caindex + ".crt", "utf8"));
|
||||
caok = true;
|
||||
}
|
||||
caindex++;
|
||||
@ -319,6 +335,8 @@ module.exports.CertificateOperations = function () {
|
||||
if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; }
|
||||
}
|
||||
}
|
||||
if (parent.configurationFiles != null) { console.log("Error: Database missing some certificates."); process.exit(0); return null; }
|
||||
|
||||
console.log("Generating certificates, may take a few minutes...");
|
||||
parent.updateServerState("state", "generatingcertificates");
|
||||
|
||||
@ -406,7 +424,7 @@ module.exports.CertificateOperations = function () {
|
||||
dnsname = config.domains[i].dns;
|
||||
if (!args.tlsoffload) {
|
||||
// If the web certificate does not exist, create it
|
||||
if ((obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-public.crt")) === false) || (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-private.key")) === false)) {
|
||||
if ((obj.fileExists("webserver-" + i + "-cert-public.crt") === false) || (obj.fileExists("webserver-" + i + "-cert-private.key") === false)) {
|
||||
console.log("Generating HTTPS certificate for " + i + "...");
|
||||
var xwebCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, false, dnsname, country, organization, null, strongCertificate);
|
||||
var xwebCertificate = obj.pki.certificateToPem(xwebCertAndKey.cert);
|
||||
@ -421,7 +439,7 @@ module.exports.CertificateOperations = function () {
|
||||
r.dns[i].ca = [];
|
||||
do {
|
||||
caok = false;
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"))) {
|
||||
if (obj.fileExists("webserver-" + i + "-cert-chain" + caindex + ".crt")) {
|
||||
r.dns[i].ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-" + i + "-cert-chain" + caindex + ".crt"), "utf8")));
|
||||
caok = true;
|
||||
}
|
||||
@ -433,12 +451,12 @@ module.exports.CertificateOperations = function () {
|
||||
}
|
||||
|
||||
// If the swarm server certificate exist, load it (This is an optional certificate)
|
||||
if (obj.fileExists(parent.getConfigFilePath("swarmserver-cert-public.crt")) && obj.fileExists(parent.getConfigFilePath("swarmserver-cert-private.key"))) {
|
||||
if (obj.fileExists("swarmserver-cert-public.crt") && obj.fileExists("swarmserver-cert-private.key")) {
|
||||
r.swarmserver = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-public.crt"), "utf8")), key: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserver-cert-private.key"), "utf8")) };
|
||||
}
|
||||
|
||||
// If the swarm server root certificate exist, load it (This is an optional certificate)
|
||||
if (obj.fileExists(parent.getConfigFilePath("swarmserverroot-cert-public.crt"))) {
|
||||
if (obj.fileExists("swarmserverroot-cert-public.crt")) {
|
||||
r.swarmserverroot = { cert: fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("swarmserverroot-cert-public.crt"), "utf8")) };
|
||||
}
|
||||
|
||||
@ -448,7 +466,7 @@ module.exports.CertificateOperations = function () {
|
||||
r.web.ca = [];
|
||||
do {
|
||||
caok = false;
|
||||
if (obj.fileExists(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"))) {
|
||||
if (obj.fileExists("webserver-cert-chain" + caindex + ".crt")) {
|
||||
r.web.ca.push(fixEndOfLines(obj.fs.readFileSync(parent.getConfigFilePath("webserver-cert-chain" + caindex + ".crt"), "utf8")));
|
||||
caok = true;
|
||||
}
|
||||
|
58
db.js
58
db.js
@ -176,14 +176,60 @@ module.exports.CreateDB = function (parent) {
|
||||
obj.getLocalAmtNodes = function (func) { obj.file.find({ type: 'node', host: { $exists: true, $ne: null }, intelamt: { $exists: true } }, func); };
|
||||
obj.getAmtUuidNode = function (meshid, uuid, func) { obj.file.find({ type: 'node', meshid: meshid, 'intelamt.uuid': uuid }, func); };
|
||||
|
||||
// Read a file from the database
|
||||
obj.getFile = function (path, func) { obj.Get('cfile/' + path, func); }
|
||||
// Read a configuration file from the database
|
||||
obj.getConfigFile = function (path, func) { obj.Get('cfile/' + path, func); }
|
||||
|
||||
// Write a file to the database
|
||||
obj.setFile = function (path, data, func) { obj.Set({ _id: 'cfile/' + path, type: 'cfile', data: data.toString('base64') }, func); }
|
||||
// Write a configuration file to the database
|
||||
obj.setConfigFile = function (path, data, func) { obj.Set({ _id: 'cfile/' + path, type: 'cfile', data: data.toString('base64') }, func); }
|
||||
|
||||
// List all files
|
||||
obj.listFiles = function (func) { obj.file.find({ type: 'cfile' }).sort({ _id: 1 }).exec(func); }
|
||||
// List all configuration files
|
||||
obj.listConfigFiles = function (func) { obj.file.find({ type: 'cfile' }).sort({ _id: 1 }).exec(func); }
|
||||
|
||||
// Get all configuration files
|
||||
obj.getAllConfigFiles = function (password, func) {
|
||||
obj.file.find({ type: 'cfile' }, function (err, docs) {
|
||||
if (err != null) { func(null); return; }
|
||||
var r = null;
|
||||
for (var i = 0; i < docs.length; i++) {
|
||||
var name = docs[i]._id.split('/')[1];
|
||||
var data = obj.decryptData(password, docs[i].data);
|
||||
if (data != null) { if (r == null) { r = {}; } r[name] = data; }
|
||||
}
|
||||
func(r);
|
||||
});
|
||||
}
|
||||
|
||||
// Get encryption key
|
||||
obj.getEncryptDataKey = function (password) {
|
||||
if (typeof password != 'string') return null;
|
||||
return obj.parent.crypto.createHash('sha384').update(password).digest("raw").slice(0, 32);
|
||||
}
|
||||
|
||||
// Encrypt data
|
||||
obj.encryptData = function (password, plaintext) {
|
||||
var key = obj.getEncryptDataKey(password);
|
||||
if (key == null) return null;
|
||||
const iv = obj.parent.crypto.randomBytes(16);
|
||||
const aes = obj.parent.crypto.createCipheriv('aes-256-cbc', key, iv);
|
||||
var ciphertext = aes.update(plaintext);
|
||||
ciphertext = Buffer.concat([iv, ciphertext, aes.final()]);
|
||||
return ciphertext.toString('base64');
|
||||
}
|
||||
|
||||
// Decrypt data
|
||||
obj.decryptData = function (password, ciphertext) {
|
||||
try {
|
||||
var key = obj.getEncryptDataKey(password);
|
||||
if (key == null) return null;
|
||||
const ciphertextBytes = Buffer.from(ciphertext, 'base64');
|
||||
const iv = ciphertextBytes.slice(0, 16);
|
||||
const data = ciphertextBytes.slice(16);
|
||||
const aes = obj.parent.crypto.createDecipheriv('aes-256-cbc', key, iv);
|
||||
var plaintextBytes = Buffer.from(aes.update(data));
|
||||
plaintextBytes = Buffer.concat([plaintextBytes, aes.final()]);
|
||||
return plaintextBytes;
|
||||
} catch (ex) { return null; }
|
||||
}
|
||||
|
||||
// Get the number of records in the database for various types, this is the slow NeDB way. TODO: MongoDB can use group() to do this faster.
|
||||
obj.getStats = function (func) {
|
||||
|
487
meshcentral.js
487
meshcentral.js
@ -40,6 +40,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
obj.platform = require('os').platform();
|
||||
obj.args = args;
|
||||
obj.common = require('./common.js');
|
||||
obj.configurationFiles = null;
|
||||
obj.certificates = null;
|
||||
obj.connectivityByNode = {}; // This object keeps a list of all connected CIRA and agents, by nodeid->value (value: 1 = Agent, 2 = CIRA, 4 = AmtDirect)
|
||||
obj.peerConnectivityByNode = {}; // This object keeps a list of all connected CIRA and agents of peers, by serverid->nodeid->value (value: 1 = Agent, 2 = CIRA, 4 = AmtDirect)
|
||||
@ -95,7 +96,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.
|
||||
|
||||
// Check for invalid arguments
|
||||
var validArguments = ['_', 'notls', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'swarmdebug', 'logintoken', 'logintokenkey', 'logintokengen', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles'];
|
||||
var validArguments = ['_', 'notls', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'swarmdebug', 'logintoken', 'logintokenkey', 'logintokengen', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'configkey', 'loadconfigfromdb'];
|
||||
for (var arg in obj.args) { obj.args[arg.toLocaleLowerCase()] = obj.args[arg]; if (validArguments.indexOf(arg.toLocaleLowerCase()) == -1) { console.log('Invalid argument "' + arg + '", use --help.'); return; } }
|
||||
if (obj.args.mongodb == true) { console.log('Must specify: --mongodb [connectionstring] \r\nSee https://docs.mongodb.com/manual/reference/connection-string/ for MongoDB connection string.'); return; }
|
||||
for (i in obj.config.settings) { obj.args[i] = obj.config.settings[i]; } // Place all settings into arguments, arguments have already been placed into settings so arguments take precedence.
|
||||
@ -217,11 +218,200 @@ function CreateMeshCentralServer(config, args) {
|
||||
// Initiate server self-update
|
||||
obj.performServerCertUpdate = function () { console.log('Updating server certificates...'); process.exit(200); };
|
||||
|
||||
// Look for easy command line instructions and do them here.
|
||||
obj.StartEx = function () {
|
||||
var i;
|
||||
//var wincmd = require('node-windows');
|
||||
//wincmd.list(function (svc) { console.log(svc); }, true);
|
||||
|
||||
if (typeof obj.args.userallowedip == 'string') { if (obj.args.userallowedip == '') { obj.args.userallowedip = null; } else { obj.args.userallowedip = obj.args.userallowedip.split(','); } }
|
||||
if (typeof obj.args.userblockedip == 'string') { if (obj.args.userblockedip == '') { obj.args.userblockedip = null; } else { obj.args.userblockedip = obj.args.userblockedip.split(','); } }
|
||||
if (typeof obj.args.agentallowedip == 'string') { if (obj.args.agentallowedip == '') { obj.args.agentallowedip = null; } else { obj.args.agentallowedip = obj.args.agentallowedip.split(','); } }
|
||||
if (typeof obj.args.agentblockedip == 'string') { if (obj.args.agentblockedip == '') { obj.args.agentblockedip = null; } else { obj.args.agentblockedip = obj.args.agentblockedip.split(','); } }
|
||||
if (typeof obj.args.swarmallowedip == 'string') { if (obj.args.swarmallowedip == '') { obj.args.swarmallowedip = null; } else { obj.args.swarmallowedip = obj.args.swarmallowedip.split(','); } }
|
||||
if (typeof obj.args.debug == 'number') obj.debugLevel = obj.args.debug;
|
||||
if (obj.args.debug == true) obj.debugLevel = 1;
|
||||
obj.db = require('./db.js').CreateDB(obj);
|
||||
obj.db.SetupDatabase(function (dbversion) {
|
||||
// See if any database operations needs to be completed
|
||||
if (obj.args.deletedomain) { obj.db.DeleteDomain(obj.args.deletedomain, function () { console.log('Deleted domain ' + obj.args.deletedomain + '.'); process.exit(); }); return; }
|
||||
if (obj.args.deletedefaultdomain) { obj.db.DeleteDomain('', function () { console.log('Deleted default domain.'); process.exit(); }); return; }
|
||||
if (obj.args.showall) { obj.db.GetAll(function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showusers) { obj.db.GetAllType('user', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.shownodes) { obj.db.GetAllType('node', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showmeshes) { obj.db.GetAllType('mesh', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showevents) { obj.db.GetAllType('event', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showpower) { obj.db.GetAllType('power', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.clearpower) { obj.db.RemoveAllOfType('power', function () { process.exit(); }); return; }
|
||||
if (obj.args.showiplocations) { obj.db.GetAllType('iploc', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.logintoken) { obj.getLoginToken(obj.args.logintoken, function (r) { console.log(r); process.exit(); }); return; }
|
||||
if (obj.args.logintokenkey) { obj.showLoginTokenKey(function (r) { console.log(r); process.exit(); }); return; }
|
||||
|
||||
// Show a list of all configuration files in the database
|
||||
if (obj.args.dblistconfigfiles) {
|
||||
obj.db.GetAllType('cfile', function (err, docs) { if (err == null) { if (docs.length == 0) { console.log('No files found.'); } else { for (var i in docs) { console.log(docs[i]._id.split('/')[1] + ', ' + Buffer.from(docs[i].data, 'base64').length + ' bytes.'); } } } else { console.log('Unable to read from database.'); } process.exit(); }); return;
|
||||
}
|
||||
|
||||
// Display the content of a configuration file in the database
|
||||
if (obj.args.dbshowconfigfile) {
|
||||
if (typeof obj.args.configkey != 'string') { console.log('Error, --configkey is required.'); process.exit(); return; }
|
||||
obj.db.getConfigFile(obj.args.dbshowconfigfile, function (err, docs) {
|
||||
if (err == null) {
|
||||
if (docs.length == 0) { console.log('File not found.'); } else {
|
||||
var data = obj.db.decryptData(obj.args.configkey, docs[0].data);
|
||||
if (data == null) { console.log('Invalid config key.'); } else { console.log(data); }
|
||||
}
|
||||
} else { console.log('Unable to read from database.'); }
|
||||
process.exit();
|
||||
}); return;
|
||||
}
|
||||
|
||||
// Delete all configuration files from database
|
||||
if (obj.args.dbdeleteconfigfiles) {
|
||||
console.log('Deleting all configuration files from the database...'); obj.db.RemoveAllOfType('cfile', function () { console.log('Done.'); process.exit(); });
|
||||
}
|
||||
|
||||
// Push all relevent files from meshcentral-data into the database
|
||||
if (obj.args.dbpushconfigfiles) {
|
||||
if (typeof obj.args.configkey != 'string') { console.log('Error, --configkey is required.'); process.exit(); return; }
|
||||
if (typeof obj.args.dbpushconfigfiles != 'string') {
|
||||
console.log('Usage: --dbpulldatafiles (path) This will import files from folder into the database');
|
||||
console.log(' --dbpulldatafiles * This will import files from meshcentral-data into the db.');
|
||||
process.exit();
|
||||
} else {
|
||||
obj.db.RemoveAllOfType('cfile', function () {
|
||||
if (obj.args.dbpushconfigfiles == '*') { obj.args.dbpushconfigfiles = obj.datapath; }
|
||||
obj.fs.readdir(obj.datapath, (err, files) => {
|
||||
var lockCount = 1
|
||||
for (var i in files) {
|
||||
const file = files[i];
|
||||
if ((file == 'config.json') || file.endsWith('.key') || file.endsWith('.crt') || (file == 'terms.txt') || file.endsWith('.jpg') || file.endsWith('.png')) {
|
||||
const path = obj.path.join(obj.args.dbpushconfigfiles, files[i]), binary = Buffer.from(obj.fs.readFileSync(path, { encoding: 'binary' }), 'binary');
|
||||
console.log('Pushing ' + file + ', ' + binary.length + ' bytes.');
|
||||
lockCount++;
|
||||
obj.db.setConfigFile(file, obj.db.encryptData(obj.args.configkey, binary), function () { if ((--lockCount) == 0) { console.log('Done.'); process.exit(); } });
|
||||
}
|
||||
}
|
||||
if (--lockCount == 0) { process.exit(); }
|
||||
});
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// Pull all database files into meshcentral-data
|
||||
if (obj.args.dbpullconfigfiles) {
|
||||
if (typeof obj.args.configkey != 'string') { console.log('Error, --configkey is required.'); process.exit(); return; }
|
||||
if (typeof obj.args.dbpullconfigfiles != 'string') {
|
||||
console.log('Usage: --dbpulldatafiles (path)');
|
||||
process.exit();
|
||||
} else {
|
||||
obj.db.GetAllType('cfile', function (err, docs) {
|
||||
if (err == null) {
|
||||
if (docs.length == 0) {
|
||||
console.log('File not found.');
|
||||
} else {
|
||||
for (var i in docs) {
|
||||
const file = docs[i]._id.split('/')[1], binary = obj.db.decryptData(obj.args.configkey, docs[i].data);
|
||||
if (binary == null) {
|
||||
console.log('Invalid config key.');
|
||||
} else {
|
||||
obj.fs.writeFileSync(obj.path.join(obj.args.dbpullconfigfiles, file), binary);
|
||||
console.log('Pulling ' + file + ', ' + binary.length + ' bytes.');
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
console.log('Unable to read from database.');
|
||||
}
|
||||
process.exit();
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (obj.args.dbexport) {
|
||||
// Export the entire database to a JSON file
|
||||
if (obj.args.dbexport == true) { obj.args.dbexport = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
obj.db.GetAll(function (err, docs) {
|
||||
obj.fs.writeFileSync(obj.args.dbexport, JSON.stringify(docs));
|
||||
console.log('Exported ' + docs.length + ' objects(s) to ' + obj.args.dbexport + '.'); process.exit();
|
||||
});
|
||||
return;
|
||||
}
|
||||
if (obj.args.dbexportmin) {
|
||||
// Export a minimal database to a JSON file. Export only users, meshes and nodes.
|
||||
// This is a useful command to look at the database.
|
||||
if (obj.args.dbexportmin == true) { obj.args.dbexportmin = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
obj.db.GetAllType({ $in: ['user', 'node', 'mesh'] }, function (err, docs) {
|
||||
obj.fs.writeFileSync(obj.args.dbexportmin, JSON.stringify(docs));
|
||||
console.log('Exported ' + docs.length + ' objects(s) to ' + obj.args.dbexportmin + '.'); process.exit();
|
||||
});
|
||||
return;
|
||||
}
|
||||
if (obj.args.dbimport) {
|
||||
// Import the entire database from a JSON file
|
||||
if (obj.args.dbimport == true) { obj.args.dbimport = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
var json = null, json2 = "", badCharCount = 0;
|
||||
try { json = obj.fs.readFileSync(obj.args.dbimport, { encoding: 'utf8' }); } catch (e) { console.log('Invalid JSON file: ' + obj.args.dbimport + '.'); process.exit(); }
|
||||
for (i = 0; i < json.length; i++) { if (json.charCodeAt(i) >= 32) { json2 += json[i]; } else { var tt = json.charCodeAt(i); if (tt != 10 && tt != 13) { badCharCount++; } } } // Remove all bad chars
|
||||
if (badCharCount > 0) { console.log(badCharCount + ' invalid character(s) where removed.'); }
|
||||
try { json = JSON.parse(json2); } catch (e) { console.log('Invalid JSON format: ' + obj.args.dbimport + ': ' + e); process.exit(); }
|
||||
if ((json == null) || (typeof json.length != 'number') || (json.length < 1)) { console.log('Invalid JSON format: ' + obj.args.dbimport + '.'); }
|
||||
for (i in json) { if ((json[i].type == "mesh") && (json[i].links != null)) { for (var j in json[i].links) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].links[esc] = json[i].links[j]; delete json[i].links[j]; } } } } // Escape MongoDB invalid field chars
|
||||
//for (i in json) { if ((json[i].type == "node") && (json[i].host != null)) { json[i].rname = json[i].host; delete json[i].host; } } // DEBUG: Change host to rname
|
||||
obj.db.RemoveAll(function () { obj.db.InsertMany(json, function (err) { if (err != null) { console.log(err); } else { console.log('Imported ' + json.length + ' objects(s) from ' + obj.args.dbimport + '.'); } process.exit(); }); });
|
||||
return;
|
||||
}
|
||||
|
||||
// Load configuration for database if needed
|
||||
if (obj.args.loadconfigfromdb) {
|
||||
var key = null;
|
||||
if (typeof obj.args.configkey == 'string') { key = obj.args.configkey; }
|
||||
else if (typeof obj.args.loadconfigfromdb == 'string') { key = obj.args.loadconfigfromdb; }
|
||||
if (key == null) { console.log('Error, --configkey is required.'); process.exit(); return; }
|
||||
obj.db.getAllConfigFiles(key, function (configFiles) {
|
||||
if (configFiles == null) { console.log('Error, no configuration files found or invalid configkey.'); process.exit(); return; }
|
||||
if (!configFiles['config.json']) { console.log('Error, could not file config.json from database.'); process.exit(); return; }
|
||||
obj.configurationFiles = configFiles;
|
||||
|
||||
// Parse the new configuration file
|
||||
var config2 = null;
|
||||
try { config2 = JSON.parse(configFiles['config.json']); } catch (ex) { console.log('Error, unable to parse config.json from database.'); process.exit(); return; }
|
||||
|
||||
// Set the command line arguments to the config file if they are not present
|
||||
if (!config2.settings) { config2.settings = {}; }
|
||||
for (i in args) { config2.settings[i] = args[i]; }
|
||||
|
||||
// Lower case all keys in the config file
|
||||
try {
|
||||
require('./common.js').objKeysToLower(config2);
|
||||
} catch (ex) {
|
||||
console.log('CRITICAL ERROR: Unable to access the file \"./common.js\".\r\nCheck folder & file permissions.');
|
||||
process.exit();
|
||||
return;
|
||||
}
|
||||
|
||||
// Grad some of the values from the original config.json file if present.
|
||||
config2['mongodb'] = config['mongodb'];
|
||||
config2['mongodbcol'] = config['mongodbcol'];
|
||||
config2['dbencryptkey'] = config['dbencryptkey'];
|
||||
|
||||
// We got a new config.json from the database, let's use it.
|
||||
config = obj.config = config2;
|
||||
obj.StartEx1b();
|
||||
});
|
||||
} else {
|
||||
config = obj.config = getConfig(true);
|
||||
obj.StartEx1b();
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
// Time to start the serverf or real.
|
||||
obj.StartEx1b = function () {
|
||||
var i;
|
||||
|
||||
// If we are targetting a specific version, update now.
|
||||
if (typeof obj.args.selfupdate == 'string') {
|
||||
obj.args.selfupdate = obj.args.selfupdate.toLowerCase();
|
||||
@ -269,212 +459,101 @@ function CreateMeshCentralServer(config, args) {
|
||||
if (obj.args.mpsaliasport != null && (typeof obj.args.mpsaliasport != 'number')) obj.args.mpsaliasport = null;
|
||||
if (obj.args.notls == null && obj.args.redirport == null) obj.args.redirport = 80;
|
||||
if (obj.args.minifycore === 0) obj.args.minifycore = false;
|
||||
if (typeof obj.args.userallowedip == 'string') { if (obj.args.userallowedip == '') { obj.args.userallowedip = null; } else { obj.args.userallowedip = obj.args.userallowedip.split(','); } }
|
||||
if (typeof obj.args.userblockedip == 'string') { if (obj.args.userblockedip == '') { obj.args.userblockedip = null; } else { obj.args.userblockedip = obj.args.userblockedip.split(','); } }
|
||||
if (typeof obj.args.agentallowedip == 'string') { if (obj.args.agentallowedip == '') { obj.args.agentallowedip = null; } else { obj.args.agentallowedip = obj.args.agentallowedip.split(','); } }
|
||||
if (typeof obj.args.agentblockedip == 'string') { if (obj.args.agentblockedip == '') { obj.args.agentblockedip = null; } else { obj.args.agentblockedip = obj.args.agentblockedip.split(','); } }
|
||||
if (typeof obj.args.swarmallowedip == 'string') { if (obj.args.swarmallowedip == '') { obj.args.swarmallowedip = null; } else { obj.args.swarmallowedip = obj.args.swarmallowedip.split(','); } }
|
||||
if (typeof obj.args.debug == 'number') obj.debugLevel = obj.args.debug;
|
||||
if (obj.args.debug == true) obj.debugLevel = 1;
|
||||
obj.db = require('./db.js').CreateDB(obj);
|
||||
obj.db.SetupDatabase(function (dbversion) {
|
||||
// See if any database operations needs to be completed
|
||||
if (obj.args.deletedomain) { obj.db.DeleteDomain(obj.args.deletedomain, function () { console.log('Deleted domain ' + obj.args.deletedomain + '.'); process.exit(); }); return; }
|
||||
if (obj.args.deletedefaultdomain) { obj.db.DeleteDomain('', function () { console.log('Deleted default domain.'); process.exit(); }); return; }
|
||||
if (obj.args.showall) { obj.db.GetAll(function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showusers) { obj.db.GetAllType('user', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.shownodes) { obj.db.GetAllType('node', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showmeshes) { obj.db.GetAllType('mesh', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showevents) { obj.db.GetAllType('event', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.showpower) { obj.db.GetAllType('power', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.clearpower) { obj.db.RemoveAllOfType('power', function () { process.exit(); }); return; }
|
||||
if (obj.args.showiplocations) { obj.db.GetAllType('iploc', function (err, docs) { console.log(docs); process.exit(); }); return; }
|
||||
if (obj.args.logintoken) { obj.getLoginToken(obj.args.logintoken, function (r) { console.log(r); process.exit(); }); return; }
|
||||
if (obj.args.logintokenkey) { obj.showLoginTokenKey(function (r) { console.log(r); process.exit(); }); return; }
|
||||
if (obj.args.dblistconfigfiles) { obj.db.GetAllType('cfile', function (err, docs) { if (err == null) { if (docs.length == 0) { console.log('No files found.'); } else { for (var i in docs) { console.log(docs[i]._id.split('/')[1] + ', ' + Buffer.from(docs[i].data, 'base64').length + ' bytes.'); } } } else { console.log('Unable to read from database.'); } process.exit(); }); return; }
|
||||
if (obj.args.dbshowconfigfile) { obj.db.getFile(obj.args.dbshowconfigfile, function (err, docs) { if (err == null) { if (docs.length == 0) { console.log('File not found.'); } else { console.log(Buffer.from(docs[0].data, 'base64').toString()); } } else { console.log('Unable to read from database.'); } process.exit(); }); return; }
|
||||
if (obj.args.dbdeleteconfigfiles) { console.log('Delating all configuration files from the database...'); obj.db.RemoveAllOfType('cfile', function () { console.log('Done.'); process.exit(); }); } // Delete all configuration files from database
|
||||
|
||||
// Push all relevent files from meshcentral-data into the database
|
||||
if (obj.args.dbpushconfigfiles) {
|
||||
if (typeof obj.args.dbpushconfigfiles != 'string') {
|
||||
console.log('Usage: --dbpulldatafiles (path) This will import files from folder into the database');
|
||||
console.log(' --dbpulldatafiles * This will import files from meshcentral-data into the db.');
|
||||
// Clear old event entries and power entires
|
||||
obj.db.clearOldEntries('event', 30); // Clear all event entires that are older than 30 days.
|
||||
obj.db.clearOldEntries('power', 10); // Clear all event entires that are older than 10 days. If a node is connected longer than 10 days, current power state will be used for everything.
|
||||
|
||||
// Setup a site administrator
|
||||
if ((obj.args.admin) && (typeof obj.args.admin == 'string')) {
|
||||
var adminname = obj.args.admin.split('/');
|
||||
if (adminname.length == 1) { adminname = 'user//' + adminname[0]; }
|
||||
else if (adminname.length == 2) { adminname = 'user/' + adminname[0] + '/' + adminname[1]; }
|
||||
else { console.log('Invalid administrator name.'); process.exit(); return; }
|
||||
obj.db.Get(adminname, function (err, user) {
|
||||
if (user.length != 1) { console.log('Invalid user name.'); process.exit(); return; }
|
||||
user[0].siteadmin = 0xFFFFFFFF;
|
||||
obj.db.Set(user[0], function () {
|
||||
if (user[0].domain == '') { console.log('User ' + user[0].name + ' set to site administrator.'); } else { console.log('User ' + user[0].name + ' of domain ' + user[0].domain + ' set to site administrator.'); }
|
||||
process.exit();
|
||||
} else {
|
||||
if (obj.args.dbpushconfigfiles == '*') { obj.args.dbpushconfigfiles = obj.datapath; }
|
||||
obj.fs.readdir(obj.datapath, (err, files) => {
|
||||
var lockCount = 1
|
||||
for (var i in files) {
|
||||
const file = files[i];
|
||||
if (file.endsWith('.json') || file.endsWith('.key') || file.endsWith('.crt')) {
|
||||
const path = obj.path.join(obj.args.dbpushconfigfiles, files[i]), binary = Buffer.from(obj.fs.readFileSync(path, { encoding: 'binary' }), 'binary');
|
||||
console.log('Pushing ' + file + ', ' + binary.length + ' bytes.');
|
||||
lockCount++;
|
||||
obj.db.setFile(file, binary, function () { if ((--lockCount) == 0) { console.log('Done.'); process.exit(); } });
|
||||
}
|
||||
}
|
||||
if (--lockCount == 0) { process.exit(); }
|
||||
})
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// Pull all database files into meshcentral-data
|
||||
if (obj.args.dbpullconfigfiles) {
|
||||
if (typeof obj.args.dbpullconfigfiles != 'string') {
|
||||
console.log('Usage: --dbpulldatafiles (path)');
|
||||
process.exit();
|
||||
} else {
|
||||
obj.db.GetAllType('cfile', function (err, docs) {
|
||||
if (err == null) {
|
||||
if (docs.length == 0) {
|
||||
console.log('File not found.');
|
||||
} else {
|
||||
for (var i in docs) {
|
||||
const file = docs[i]._id.split('/')[1], binary = Buffer.from(docs[i].data, 'base64');
|
||||
obj.fs.writeFileSync(obj.path.join(obj.args.dbpullconfigfiles, file), binary);
|
||||
console.log('Pulling ' + file + ', ' + binary.length + ' bytes.');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
console.log('Unable to read from database.');
|
||||
}
|
||||
process.exit();
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (obj.args.dbexport) {
|
||||
// Export the entire database to a JSON file
|
||||
if (obj.args.dbexport == true) { obj.args.dbexport = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
obj.db.GetAll(function (err, docs) {
|
||||
obj.fs.writeFileSync(obj.args.dbexport, JSON.stringify(docs));
|
||||
console.log('Exported ' + docs.length + ' objects(s) to ' + obj.args.dbexport + '.'); process.exit();
|
||||
});
|
||||
return;
|
||||
}
|
||||
if (obj.args.dbexportmin) {
|
||||
// Export a minimal database to a JSON file. Export only users, meshes and nodes.
|
||||
// This is a useful command to look at the database.
|
||||
if (obj.args.dbexportmin == true) { obj.args.dbexportmin = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
obj.db.GetAllType({ $in: ['user', 'node', 'mesh'] }, function (err, docs) {
|
||||
obj.fs.writeFileSync(obj.args.dbexportmin, JSON.stringify(docs));
|
||||
console.log('Exported ' + docs.length + ' objects(s) to ' + obj.args.dbexportmin + '.'); process.exit();
|
||||
});
|
||||
return;
|
||||
}
|
||||
if (obj.args.dbimport) {
|
||||
// Import the entire database from a JSON file
|
||||
if (obj.args.dbimport == true) { obj.args.dbimport = obj.getConfigFilePath('meshcentral.db.json'); }
|
||||
var json = null, json2 = "", badCharCount = 0;
|
||||
try { json = obj.fs.readFileSync(obj.args.dbimport, { encoding: 'utf8' }); } catch (e) { console.log('Invalid JSON file: ' + obj.args.dbimport + '.'); process.exit(); }
|
||||
for (i = 0; i < json.length; i++) { if (json.charCodeAt(i) >= 32) { json2 += json[i]; } else { var tt = json.charCodeAt(i); if (tt != 10 && tt != 13) { badCharCount++; } } } // Remove all bad chars
|
||||
if (badCharCount > 0) { console.log(badCharCount + ' invalid character(s) where removed.'); }
|
||||
try { json = JSON.parse(json2); } catch (e) { console.log('Invalid JSON format: ' + obj.args.dbimport + ': ' + e); process.exit(); }
|
||||
if ((json == null) || (typeof json.length != 'number') || (json.length < 1)) { console.log('Invalid JSON format: ' + obj.args.dbimport + '.'); }
|
||||
for (i in json) { if ((json[i].type == "mesh") && (json[i].links != null)) { for (var j in json[i].links) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].links[esc] = json[i].links[j]; delete json[i].links[j]; } } } } // Escape MongoDB invalid field chars
|
||||
//for (i in json) { if ((json[i].type == "node") && (json[i].host != null)) { json[i].rname = json[i].host; delete json[i].host; } } // DEBUG: Change host to rname
|
||||
obj.db.RemoveAll(function () { obj.db.InsertMany(json, function (err) { if (err != null) { console.log(err); } else { console.log('Imported ' + json.length + ' objects(s) from ' + obj.args.dbimport + '.'); } process.exit(); }); });
|
||||
return;
|
||||
}
|
||||
|
||||
// Clear old event entries and power entires
|
||||
obj.db.clearOldEntries('event', 30); // Clear all event entires that are older than 30 days.
|
||||
obj.db.clearOldEntries('power', 10); // Clear all event entires that are older than 10 days. If a node is connected longer than 10 days, current power state will be used for everything.
|
||||
|
||||
// Setup a site administrator
|
||||
if ((obj.args.admin) && (typeof obj.args.admin == 'string')) {
|
||||
var adminname = obj.args.admin.split('/');
|
||||
if (adminname.length == 1) { adminname = 'user//' + adminname[0]; }
|
||||
else if (adminname.length == 2) { adminname = 'user/' + adminname[0] + '/' + adminname[1]; }
|
||||
else { console.log('Invalid administrator name.'); process.exit(); return; }
|
||||
obj.db.Get(adminname, function (err, user) {
|
||||
if (user.length != 1) { console.log('Invalid user name.'); process.exit(); return; }
|
||||
user[0].siteadmin = 0xFFFFFFFF;
|
||||
obj.db.Set(user[0], function () {
|
||||
if (user[0].domain == '') { console.log('User ' + user[0].name + ' set to site administrator.'); } else { console.log('User ' + user[0].name + ' of domain ' + user[0].domain + ' set to site administrator.'); }
|
||||
process.exit();
|
||||
return;
|
||||
});
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Remove a site administrator
|
||||
if ((obj.args.unadmin) && (typeof obj.args.unadmin == 'string')) {
|
||||
var adminname = obj.args.unadmin.split('/');
|
||||
if (adminname.length == 1) { adminname = 'user//' + adminname[0]; }
|
||||
else if (adminname.length == 2) { adminname = 'user/' + adminname[0] + '/' + adminname[1]; }
|
||||
else { console.log('Invalid administrator name.'); process.exit(); return; }
|
||||
obj.db.Get(adminname, function (err, user) {
|
||||
if (user.length != 1) { console.log('Invalid user name.'); process.exit(); return; }
|
||||
if (user[0].siteadmin) { delete user[0].siteadmin; }
|
||||
obj.db.Set(user[0], function () {
|
||||
if (user[0].domain == '') { console.log('User ' + user[0].name + ' is not a site administrator.'); } else { console.log('User ' + user[0].name + ' of domain ' + user[0].domain + ' is not a site administrator.'); }
|
||||
process.exit();
|
||||
return;
|
||||
});
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Perform other database cleanup
|
||||
obj.db.cleanup();
|
||||
|
||||
// Set all nodes to power state of unknown (0)
|
||||
if (obj.multiServer == null) {
|
||||
obj.db.file.insert({ type: 'power', time: Date.now(), node: '*', power: 0, s: 1 });
|
||||
} else {
|
||||
obj.db.file.insert({ type: 'power', time: Date.now(), node: '*', power: 0, s: 1, server: obj.multiServer.serverid });
|
||||
}
|
||||
|
||||
// Read or setup database configuration values
|
||||
obj.db.Get('dbconfig', function (err, dbconfig) {
|
||||
if (dbconfig.length == 1) { obj.dbconfig = dbconfig[0]; } else { obj.dbconfig = { _id: 'dbconfig', version: 1 }; }
|
||||
if (obj.dbconfig.amtWsEventSecret == null) { obj.crypto.randomBytes(32, function (err, buf) { obj.dbconfig.amtWsEventSecret = buf.toString('hex'); obj.db.Set(obj.dbconfig); }); }
|
||||
|
||||
// This is used by the user to create a username/password for a Intel AMT WSMAN event subscription
|
||||
if (obj.args.getwspass) {
|
||||
if (obj.args.getwspass.length == 64) {
|
||||
obj.crypto.randomBytes(6, function (err, buf) {
|
||||
while (obj.dbconfig.amtWsEventSecret == null) { process.nextTick(); }
|
||||
var username = buf.toString('hex');
|
||||
var nodeid = obj.args.getwspass;
|
||||
var pass = obj.crypto.createHash('sha384').update(username.toLowerCase() + ":" + nodeid + ":" + obj.dbconfig.amtWsEventSecret).digest("base64").substring(0, 12).split("/").join("x").split("\\").join("x");
|
||||
console.log('--- Intel(r) AMT WSMAN eventing credentials ---');
|
||||
console.log('Username: ' + username);
|
||||
console.log('Password: ' + pass);
|
||||
console.log('Argument: ' + nodeid);
|
||||
process.exit();
|
||||
});
|
||||
} else {
|
||||
console.log('Invalid NodeID.');
|
||||
process.exit();
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// Load the default meshcore and meshcmd
|
||||
obj.updateMeshCore();
|
||||
obj.updateMeshCmd();
|
||||
|
||||
// Setup and start the redirection server if needed. We must start the redirection server before Let's Encrypt.
|
||||
if ((obj.args.redirport != null) && (typeof obj.args.redirport == 'number') && (obj.args.redirport != 0)) {
|
||||
obj.redirserver = require('./redirserver.js').CreateRedirServer(obj, obj.db, obj.args, obj.StartEx2);
|
||||
} else {
|
||||
obj.StartEx2(); // If not needed, move on.
|
||||
}
|
||||
});
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Remove a site administrator
|
||||
if ((obj.args.unadmin) && (typeof obj.args.unadmin == 'string')) {
|
||||
var adminname = obj.args.unadmin.split('/');
|
||||
if (adminname.length == 1) { adminname = 'user//' + adminname[0]; }
|
||||
else if (adminname.length == 2) { adminname = 'user/' + adminname[0] + '/' + adminname[1]; }
|
||||
else { console.log('Invalid administrator name.'); process.exit(); return; }
|
||||
obj.db.Get(adminname, function (err, user) {
|
||||
if (user.length != 1) { console.log('Invalid user name.'); process.exit(); return; }
|
||||
if (user[0].siteadmin) { delete user[0].siteadmin; }
|
||||
obj.db.Set(user[0], function () {
|
||||
if (user[0].domain == '') { console.log('User ' + user[0].name + ' is not a site administrator.'); } else { console.log('User ' + user[0].name + ' of domain ' + user[0].domain + ' is not a site administrator.'); }
|
||||
process.exit();
|
||||
return;
|
||||
});
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Perform other database cleanup
|
||||
obj.db.cleanup();
|
||||
|
||||
// Set all nodes to power state of unknown (0)
|
||||
if (obj.multiServer == null) {
|
||||
obj.db.file.insert({ type: 'power', time: Date.now(), node: '*', power: 0, s: 1 });
|
||||
} else {
|
||||
obj.db.file.insert({ type: 'power', time: Date.now(), node: '*', power: 0, s: 1, server: obj.multiServer.serverid });
|
||||
}
|
||||
|
||||
// Read or setup database configuration values
|
||||
obj.db.Get('dbconfig', function (err, dbconfig) {
|
||||
if (dbconfig.length == 1) { obj.dbconfig = dbconfig[0]; } else { obj.dbconfig = { _id: 'dbconfig', version: 1 }; }
|
||||
if (obj.dbconfig.amtWsEventSecret == null) { obj.crypto.randomBytes(32, function (err, buf) { obj.dbconfig.amtWsEventSecret = buf.toString('hex'); obj.db.Set(obj.dbconfig); }); }
|
||||
|
||||
// This is used by the user to create a username/password for a Intel AMT WSMAN event subscription
|
||||
if (obj.args.getwspass) {
|
||||
if (obj.args.getwspass.length == 64) {
|
||||
obj.crypto.randomBytes(6, function (err, buf) {
|
||||
while (obj.dbconfig.amtWsEventSecret == null) { process.nextTick(); }
|
||||
var username = buf.toString('hex');
|
||||
var nodeid = obj.args.getwspass;
|
||||
var pass = obj.crypto.createHash('sha384').update(username.toLowerCase() + ":" + nodeid + ":" + obj.dbconfig.amtWsEventSecret).digest("base64").substring(0, 12).split("/").join("x").split("\\").join("x");
|
||||
console.log('--- Intel(r) AMT WSMAN eventing credentials ---');
|
||||
console.log('Username: ' + username);
|
||||
console.log('Password: ' + pass);
|
||||
console.log('Argument: ' + nodeid);
|
||||
process.exit();
|
||||
});
|
||||
} else {
|
||||
console.log('Invalid NodeID.');
|
||||
process.exit();
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// Load the default meshcore and meshcmd
|
||||
obj.updateMeshCore();
|
||||
obj.updateMeshCmd();
|
||||
|
||||
// Setup and start the redirection server if needed. We must start the redirection server before Let's Encrypt.
|
||||
if ((obj.args.redirport != null) && (typeof obj.args.redirport == 'number') && (obj.args.redirport != 0)) {
|
||||
obj.redirserver = require('./redirserver.js').CreateRedirServer(obj, obj.db, obj.args, obj.StartEx2);
|
||||
} else {
|
||||
obj.StartEx2(); // If not needed, move on.
|
||||
}
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
// Done starting the redirection server, go on to load the server certificates
|
||||
obj.StartEx2 = function () {
|
||||
// Load server certificates
|
||||
obj.certificateOperations = require('./certoperations.js').CertificateOperations();
|
||||
obj.certificateOperations.GetMeshServerCertificate(obj, obj.args, obj.config, function (certs) {
|
||||
obj.certificateOperations = require('./certoperations.js').CertificateOperations(obj);
|
||||
obj.certificateOperations.GetMeshServerCertificate(obj.args, obj.config, function (certs) {
|
||||
if ((obj.config.letsencrypt == null) || (obj.redirserver == null)) {
|
||||
obj.StartEx3(certs); // Just use the configured certificates
|
||||
} else {
|
||||
@ -1355,7 +1434,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
}
|
||||
|
||||
// Return the server configuration
|
||||
function getConfig() {
|
||||
function getConfig(createSampleConfig) {
|
||||
// Figure out the datapath location
|
||||
var i;
|
||||
var fs = require('fs');
|
||||
@ -1378,9 +1457,11 @@ function getConfig() {
|
||||
if (config.domains == null) { config.domains = {}; }
|
||||
for (i in config.domains) { if ((i.split('/').length > 1) || (i.split(' ').length > 1)) { console.log("ERROR: Error in config.json, domain names can't have spaces or /."); return null; } }
|
||||
} else {
|
||||
// Copy the "sample-config.json" to give users a starting point
|
||||
var sampleConfigPath = path.join(__dirname, 'sample-config.json');
|
||||
if (fs.existsSync(sampleConfigPath)) { fs.createReadStream(sampleConfigPath).pipe(fs.createWriteStream(configFilePath)); }
|
||||
if (createSampleConfig === true) {
|
||||
// Copy the "sample-config.json" to give users a starting point
|
||||
var sampleConfigPath = path.join(__dirname, 'sample-config.json');
|
||||
if (fs.existsSync(sampleConfigPath)) { fs.createReadStream(sampleConfigPath).pipe(fs.createWriteStream(configFilePath)); }
|
||||
}
|
||||
}
|
||||
|
||||
// Set the command line arguments to the config file if they are not present
|
||||
@ -1431,7 +1512,7 @@ function mainStart(args) {
|
||||
// Check for any missing modules.
|
||||
InstallModules(['minimist'], function () {
|
||||
// Get the server configuration
|
||||
var config = getConfig();
|
||||
var config = getConfig(false);
|
||||
if (config == null) { process.exit(); }
|
||||
|
||||
// Check is Windows SSPI will be used
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.7-g",
|
||||
"version": "0.2.7-h",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
84
webserver.js
84
webserver.js
@ -873,31 +873,44 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
const domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) return;
|
||||
|
||||
// See if there is a terms.txt file in meshcentral-data
|
||||
var p = obj.path.join(obj.parent.datapath, 'terms.txt');
|
||||
if (obj.fs.existsSync(p)) {
|
||||
obj.fs.readFile(p, 'utf8', function (err, data) {
|
||||
if (err != null) { res.sendStatus(404); return; }
|
||||
|
||||
// Send the terms
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
|
||||
if (req.session && req.session.userid) {
|
||||
if (req.session.domainid != domain.id) { req.session = null; res.redirect(domain.url); return; } // Check is the session is for the correct domain
|
||||
var user = obj.users[req.session.userid];
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(data), logoutControl: 'Welcome ' + user.name + '. <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>' });
|
||||
} else {
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(data) });
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// Send the terms
|
||||
// See if term.txt was loaded from the database
|
||||
if ((parent.configurationFiles != null) && (parent.configurationFiles['terms.txt'] != null)) {
|
||||
// Send the terms from the database
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
|
||||
if (req.session && req.session.userid) {
|
||||
if (req.session.domainid != domain.id) { req.session = null; res.redirect(domain.url); return; } // Check is the session is for the correct domain
|
||||
var user = obj.users[req.session.userid];
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, logoutControl: 'Welcome ' + user.name + '. <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>' });
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(parent.configurationFiles['terms.txt'].toString()), logoutControl: 'Welcome ' + user.name + '. <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>' });
|
||||
} else {
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2 });
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(parent.configurationFiles['terms.txt'].toString()) });
|
||||
}
|
||||
} else {
|
||||
// See if there is a terms.txt file in meshcentral-data
|
||||
var p = obj.path.join(obj.parent.datapath, 'terms.txt');
|
||||
if (obj.fs.existsSync(p)) {
|
||||
obj.fs.readFile(p, 'utf8', function (err, data) {
|
||||
if (err != null) { res.sendStatus(404); return; }
|
||||
|
||||
// Send the terms from terms.txt
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
|
||||
if (req.session && req.session.userid) {
|
||||
if (req.session.domainid != domain.id) { req.session = null; res.redirect(domain.url); return; } // Check is the session is for the correct domain
|
||||
var user = obj.users[req.session.userid];
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(data), logoutControl: 'Welcome ' + user.name + '. <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>' });
|
||||
} else {
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, terms: encodeURIComponent(data) });
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// Send the default terms
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
|
||||
if (req.session && req.session.userid) {
|
||||
if (req.session.domainid != domain.id) { req.session = null; res.redirect(domain.url); return; } // Check is the session is for the correct domain
|
||||
var user = obj.users[req.session.userid];
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2, logoutControl: 'Welcome ' + user.name + '. <a href=' + domain.url + 'logout?' + Math.random() + ' style=color:white>Logout</a>' });
|
||||
} else {
|
||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'terms-mobile' : 'terms'), { title: domain.title, title2: domain.title2 });
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1032,8 +1045,15 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
res.set({ 'Cache-Control': 'max-age=86400' }); // 1 day
|
||||
if ((domain != null) && domain.titlepicture) {
|
||||
try { res.sendFile(obj.path.join(obj.parent.datapath, domain.titlepicture)); } catch (e) {
|
||||
try { res.sendFile(obj.path.join(obj.parent.webPublicPath, 'images/logoback.png')); } catch (e) { res.sendStatus(404); }
|
||||
if ((parent.configurationFiles != null) && (parent.configurationFiles[domain.titlepicture] != null)) {
|
||||
// Use the logo in the database
|
||||
res.set({ 'Content-Type': 'image/jpeg' });
|
||||
res.send(parent.configurationFiles[domain.titlepicture]);
|
||||
} else {
|
||||
// Use the logo on file
|
||||
try { res.sendFile(obj.path.join(obj.parent.datapath, domain.titlepicture)); } catch (e) {
|
||||
try { res.sendFile(obj.path.join(obj.parent.webPublicPath, 'images/logoback.png')); } catch (e) { res.sendStatus(404); }
|
||||
}
|
||||
}
|
||||
} else {
|
||||
try { res.sendFile(obj.path.join(obj.parent.webPublicPath, 'images/logoback.png')); } catch (e) { res.sendStatus(404); }
|
||||
@ -1975,14 +1995,20 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
// Server picture
|
||||
obj.app.get(url + 'serverpic.ashx', function (req, res) {
|
||||
// Check if we have "server.png" in the data folder, if so, use that.
|
||||
var p = obj.path.join(obj.parent.datapath, 'server.jpg');
|
||||
if (obj.fs.existsSync(p)) {
|
||||
// Use the data folder server picture
|
||||
try { res.sendFile(p); } catch (e) { res.sendStatus(404); }
|
||||
// Check if we have "server.jpg" in the data folder, if so, use that.
|
||||
if ((parent.configurationFiles != null) && (parent.configurationFiles['server.jpg'] != null)) {
|
||||
res.set({ 'Content-Type': 'image/jpeg' });
|
||||
res.send(parent.configurationFiles['server.jpg']);
|
||||
} else {
|
||||
// Use the default server picture
|
||||
try { res.sendFile(obj.path.join(obj.parent.webPublicPath, 'images/server-200.jpg')); } catch (e) { res.sendStatus(404); }
|
||||
// Check if we have "server.jpg" in the data folder, if so, use that.
|
||||
var p = obj.path.join(obj.parent.datapath, 'server.jpg');
|
||||
if (obj.fs.existsSync(p)) {
|
||||
// Use the data folder server picture
|
||||
try { res.sendFile(p); } catch (e) { res.sendStatus(404); }
|
||||
} else {
|
||||
// Use the default server picture
|
||||
try { res.sendFile(obj.path.join(obj.parent.webPublicPath, 'images/server-200.jpg')); } catch (e) { res.sendStatus(404); }
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user