Fixed content-disposition headers.

This commit is contained in:
Ylian Saint-Hilaire 2019-04-30 15:40:19 -07:00
parent df02307fec
commit 3a2355b98b
3 changed files with 17 additions and 17 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.3.3-k", "version": "0.3.3-m",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

View File

@ -58,7 +58,7 @@ module.exports.CreateRedirServer = function (parent, db, args, func) {
obj.app.get("/MeshServerRootCert.cer", function (req, res) { obj.app.get("/MeshServerRootCert.cer", function (req, res) {
// The redirection server starts before certificates are loaded, make sure to handle the case where no certificate is loaded now. // The redirection server starts before certificates are loaded, make sure to handle the case where no certificate is loaded now.
if (obj.certificates != null) { if (obj.certificates != null) {
res.set({ "Cache-Control": "no-cache, no-store, must-revalidate", "Pragma": "no-cache", "Expires": "0", "Content-Type": "application/octet-stream", "Content-Disposition": "attachment; filename=" + obj.certificates.RootName + ".cer" }); res.set({ "Cache-Control": "no-cache, no-store, must-revalidate", "Pragma": "no-cache", "Expires": "0", "Content-Type": "application/octet-stream", "Content-Disposition": "attachment; filename=\"" + obj.certificates.RootName + ".cer\"" });
var rootcert = obj.certificates.root.cert; var rootcert = obj.certificates.root.cert;
var i = rootcert.indexOf("-----BEGIN CERTIFICATE-----\r\n"); var i = rootcert.indexOf("-----BEGIN CERTIFICATE-----\r\n");
if (i >= 0) { rootcert = rootcert.substring(i + 29); } if (i >= 0) { rootcert = rootcert.substring(i + 29); }

View File

@ -1475,7 +1475,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns the mesh server root certificate // Returns the mesh server root certificate
function handleRootCertRequest(req, res) { function handleRootCertRequest(req, res) {
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only. if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) === false)) { return; } // Check server-wide IP filter only.
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="' + certificates.RootName + '.cer"' });
res.send(Buffer.from(getRootCertBase64(), 'base64')); res.send(Buffer.from(getRootCertBase64(), 'base64'));
} }
@ -1554,14 +1554,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (req.query.type == 1) { if (req.query.type == 1) {
obj.getCiraConfigurationScript(req.query.meshid, function (script) { obj.getCiraConfigurationScript(req.query.meshid, function (script) {
if (script == null) { res.sendStatus(404); } else { if (script == null) { res.sendStatus(404); } else {
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=cira_setup.mescript' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="cira_setup.mescript"' });
res.send(script); res.send(script);
} }
}); });
} else if (req.query.type == 2) { } else if (req.query.type == 2) {
obj.getCiraCleanupScript(function (script) { obj.getCiraCleanupScript(function (script) {
if (script == null) { res.sendStatus(404); } else { if (script == null) { res.sendStatus(404); } else {
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=cira_cleanup.mescript' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="cira_cleanup.mescript"' });
res.send(script); res.send(script);
} }
}); });
@ -2238,7 +2238,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var argentInfo = obj.parent.meshAgentBinaries[req.query.id]; var argentInfo = obj.parent.meshAgentBinaries[req.query.id];
if (argentInfo == null) { res.sendStatus(404); return; } if (argentInfo == null) { res.sendStatus(404); return; }
if ((req.query.meshid == null) || (argentInfo.platform != 'win32')) { if ((req.query.meshid == null) || (argentInfo.platform != 'win32')) {
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + argentInfo.rname }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="' + argentInfo.rname + '"' });
res.sendFile(argentInfo.path); res.sendFile(argentInfo.path);
} else { } else {
// We are going to embed the .msh file into the Windows executable (signed or not). // We are going to embed the .msh file into the Windows executable (signed or not).
@ -2269,14 +2269,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (obj.args.agentconfig) { for (var i in obj.args.agentconfig) { meshsettings += obj.args.agentconfig[i] + "\r\n"; } } if (obj.args.agentconfig) { for (var i in obj.args.agentconfig) { meshsettings += obj.args.agentconfig[i] + "\r\n"; } }
if (domain.agentconfig) { for (var i in domain.agentconfig) { meshsettings += domain.agentconfig[i] + "\r\n"; } } if (domain.agentconfig) { for (var i in domain.agentconfig) { meshsettings += domain.agentconfig[i] + "\r\n"; } }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + argentInfo.rname }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="' + argentInfo.rname + '"' });
obj.parent.exeHandler.streamExeWithMeshPolicy({ platform: 'win32', sourceFileName: obj.parent.meshAgentBinaries[req.query.id].path, destinationStream: res, msh: meshsettings, peinfo: obj.parent.meshAgentBinaries[req.query.id].pe }); obj.parent.exeHandler.streamExeWithMeshPolicy({ platform: 'win32', sourceFileName: obj.parent.meshAgentBinaries[req.query.id].path, destinationStream: res, msh: meshsettings, peinfo: obj.parent.meshAgentBinaries[req.query.id].pe });
} }
} else if (req.query.script != null) { } else if (req.query.script != null) {
// Send a specific mesh install script back // Send a specific mesh install script back
var scriptInfo = obj.parent.meshAgentInstallScripts[req.query.script]; var scriptInfo = obj.parent.meshAgentInstallScripts[req.query.script];
if (scriptInfo == null) { res.sendStatus(404); return; } if (scriptInfo == null) { res.sendStatus(404); return; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename=' + scriptInfo.rname }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename="' + scriptInfo.rname + '"' });
res.send(scriptInfo.data.split('{{{noproxy}}}').join((domain.agentnoproxy === true)?'--no-proxy ':'')); res.send(scriptInfo.data.split('{{{noproxy}}}').join((domain.agentnoproxy === true)?'--no-proxy ':''));
} else if (req.query.meshcmd != null) { } else if (req.query.meshcmd != null) {
// Send meshcmd for a specific platform back // Send meshcmd for a specific platform back
@ -2285,17 +2285,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((agentid == 3)) { // Signed Windows MeshCmd.exe x86 if ((agentid == 3)) { // Signed Windows MeshCmd.exe x86
var stats = null, meshCmdPath = obj.path.join(__dirname, 'agents', 'MeshCmd-signed.exe'); var stats = null, meshCmdPath = obj.path.join(__dirname, 'agents', 'MeshCmd-signed.exe');
try { stats = obj.fs.statSync(meshCmdPath); } catch (e) { } try { stats = obj.fs.statSync(meshCmdPath); } catch (e) { }
if ((stats != null)) { res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=meshcmd' + ((req.query.meshcmd <= 3) ? '.exe' : '') }); res.sendFile(meshCmdPath); return; } if ((stats != null)) { res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="meshcmd' + ((req.query.meshcmd <= 3) ? '.exe' : '') + '"' }); res.sendFile(meshCmdPath); return; }
} else if ((agentid == 4)) { // Signed Windows MeshCmd64.exe x64 } else if ((agentid == 4)) { // Signed Windows MeshCmd64.exe x64
var stats = null, meshCmd64Path = obj.path.join(__dirname, 'agents', 'MeshCmd64-signed.exe'); var stats = null, meshCmd64Path = obj.path.join(__dirname, 'agents', 'MeshCmd64-signed.exe');
try { stats = obj.fs.statSync(meshCmd64Path); } catch (e) { } try { stats = obj.fs.statSync(meshCmd64Path); } catch (e) { }
if ((stats != null)) { res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=meshcmd' + ((req.query.meshcmd <= 4) ? '.exe' : '') }); res.sendFile(meshCmd64Path); return; } if ((stats != null)) { res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="meshcmd' + ((req.query.meshcmd <= 4) ? '.exe' : '') + '"' }); res.sendFile(meshCmd64Path); return; }
} }
// No signed agents, we are going to merge a new MeshCmd. // No signed agents, we are going to merge a new MeshCmd.
if ((agentid < 10000) && (obj.parent.meshAgentBinaries[agentid + 10000] != null)) { agentid += 10000; } // Avoid merging javascript to a signed mesh agent. if ((agentid < 10000) && (obj.parent.meshAgentBinaries[agentid + 10000] != null)) { agentid += 10000; } // Avoid merging javascript to a signed mesh agent.
var argentInfo = obj.parent.meshAgentBinaries[agentid]; var argentInfo = obj.parent.meshAgentBinaries[agentid];
if ((argentInfo == null) || (obj.parent.defaultMeshCmd == null)) { res.sendStatus(404); return; } if ((argentInfo == null) || (obj.parent.defaultMeshCmd == null)) { res.sendStatus(404); return; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=meshcmd' + ((req.query.meshcmd <= 4) ? '.exe' : '') }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="meshcmd' + ((req.query.meshcmd <= 4) ? '.exe' : '') + '"' });
res.statusCode = 200; res.statusCode = 200;
if (argentInfo.signedMeshCmdPath != null) { if (argentInfo.signedMeshCmdPath != null) {
// If we hav a pre-signed MeshCmd, send that. // If we hav a pre-signed MeshCmd, send that.
@ -2329,7 +2329,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (user != null) { meshaction.username = user.name; } if (user != null) { meshaction.username = user.name; }
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
if (obj.args.lanonly != true) { meshaction.serverUrl = ((obj.args.notls == true) ? 'ws://' : 'wss://') + obj.getWebServerName(domain) + ':' + httpsPort + '/' + ((domain.id == '') ? '' : ('/' + domain.id)) + 'meshrelay.ashx'; } if (obj.args.lanonly != true) { meshaction.serverUrl = ((obj.args.notls == true) ? 'ws://' : 'wss://') + obj.getWebServerName(domain) + ':' + httpsPort + '/' + ((domain.id == '') ? '' : ('/' + domain.id)) + 'meshrelay.ashx'; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename=meshaction.txt' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename="meshaction.txt"' });
res.send(JSON.stringify(meshaction, null, ' ')); res.send(JSON.stringify(meshaction, null, ' '));
}); });
} }
@ -2344,12 +2344,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (user != null) { meshaction.username = user.name; } if (user != null) { meshaction.username = user.name; }
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
if (obj.args.lanonly != true) { meshaction.serverUrl = ((obj.args.notls == true) ? 'ws://' : 'wss://') + obj.getWebServerName(domain) + ':' + httpsPort + '/' + ((domain.id == '') ? '' : ('/' + domain.id)) + 'meshrelay.ashx'; } if (obj.args.lanonly != true) { meshaction.serverUrl = ((obj.args.notls == true) ? 'ws://' : 'wss://') + obj.getWebServerName(domain) + ':' + httpsPort + '/' + ((domain.id == '') ? '' : ('/' + domain.id)) + 'meshrelay.ashx'; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename=meshaction.txt' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename="meshaction.txt"' });
res.send(JSON.stringify(meshaction, null, ' ')); res.send(JSON.stringify(meshaction, null, ' '));
} else if (req.query.meshaction == 'winrouter') { } else if (req.query.meshaction == 'winrouter') {
var p = obj.path.join(__dirname, 'agents', 'MeshCentralRouter.exe'); var p = obj.path.join(__dirname, 'agents', 'MeshCentralRouter.exe');
if (obj.fs.existsSync(p)) { if (obj.fs.existsSync(p)) {
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename=MeshCentralRouter.exe' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/plain', 'Content-Disposition': 'attachment; filename="MeshCentralRouter.exe"' });
try { res.sendFile(p); } catch (e) { res.sendStatus(404); } try { res.sendFile(p); } catch (e) { res.sendStatus(404); }
} else { res.sendStatus(404); } } else { res.sendStatus(404); }
} else { } else {
@ -2420,7 +2420,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Setup the response output // Setup the response output
var archive = require('archiver')('zip', { level: 5 }); // Sets the compression method. var archive = require('archiver')('zip', { level: 5 }); // Sets the compression method.
archive.on('error', function (err) { throw err; }); archive.on('error', function (err) { throw err; });
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/zip', 'Content-Disposition': 'attachment; filename=MeshAgent-' + mesh.name + '.zip' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/zip', 'Content-Disposition': 'attachment; filename="MeshAgent-' + mesh.name + '.zip"' });
archive.pipe(res); archive.pipe(res);
// Opens the "MeshAgentOSXPackager.zip" // Opens the "MeshAgentOSXPackager.zip"
@ -2501,7 +2501,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (obj.args.agentconfig) { for (var i in obj.args.agentconfig) { meshsettings += obj.args.agentconfig[i] + "\r\n"; } } if (obj.args.agentconfig) { for (var i in obj.args.agentconfig) { meshsettings += obj.args.agentconfig[i] + "\r\n"; } }
if (domain.agentconfig) { for (var i in domain.agentconfig) { meshsettings += domain.agentconfig[i] + "\r\n"; } } if (domain.agentconfig) { for (var i in domain.agentconfig) { meshsettings += domain.agentconfig[i] + "\r\n"; } }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=meshagent.msh' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="meshagent.msh"' });
res.send(meshsettings); res.send(meshsettings);
}; };
@ -2526,7 +2526,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (rights == 0) { res.sendStatus(401); return; } if (rights == 0) { res.sendStatus(401); return; }
// Get the list of power events and send them // Get the list of power events and send them
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/csv', 'Content-Disposition': 'attachment; filename=powerevents.csv' }); res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'text/csv', 'Content-Disposition': 'attachment; filename="powerevents.csv"' });
obj.db.getPowerTimeline(node._id, function (err, docs) { obj.db.getPowerTimeline(node._id, function (err, docs) {
var xevents = [ 'Time, State, Previous State' ], prevState = 0; var xevents = [ 'Time, State, Previous State' ], prevState = 0;
for (var i in docs) { for (var i in docs) {