mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Minor security fixes.
This commit is contained in:
parent
66b9e3ddb8
commit
c880007cf2
@ -1226,6 +1226,9 @@ function kvmCtrlData(channel, cmd) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1293,6 +1296,9 @@ function processLmsControlData(data) {
|
||||
{ amtMei.closeUserInitiatedConnection(function (status, socket) { var data = Buffer.alloc(6); data.writeUInt16LE(7, 0); data.writeUInt32LE(status, 2); socket.write(data); }, this); break; }
|
||||
case 8: // Get Intel AMT CIRA State (CMD = 8)
|
||||
{ amtMei.getRemoteAccessConnectionStatus(function (state, socket) { var data = Buffer.alloc(6); data.writeUInt16LE(8, 0); data.writeUInt32LE(state.status, 2); socket.write(Buffer.concat([data, state.raw])); }, this); break; }
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
2
agents/meshcmd.min.js
vendored
2
agents/meshcmd.min.js
vendored
File diff suppressed because one or more lines are too long
@ -462,6 +462,9 @@ function createMeshCore(agent) {
|
||||
if (data.url) { mesh.SendCommand({ "action": "msg", "type":"openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -499,6 +502,9 @@ function createMeshCore(agent) {
|
||||
if (data.url) { mesh.SendCommand({ "action": "openUrl", "url": data.url, "sessionid": data.sessionid, "success": (openUserDesktopUrl(data.url) != null) }); }
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -888,6 +894,9 @@ function createMeshCore(agent) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
}
|
||||
//sendConsoleText("Got tunnel #" + this.httprequest.index + " data: " + data, this.httprequest.sessionid);
|
||||
@ -927,6 +936,9 @@ function createMeshCore(agent) {
|
||||
} catch (e) { }
|
||||
break;
|
||||
}
|
||||
default:
|
||||
// Unknown action, ignore it.
|
||||
break;
|
||||
}
|
||||
return;
|
||||
}
|
||||
@ -1045,6 +1057,9 @@ function createMeshCore(agent) {
|
||||
case 'darwin':
|
||||
child = require('child_process').execFile('/usr/bin/open', ['open', url], { uid: require('user-sessions').consoleUid() });
|
||||
break;
|
||||
default:
|
||||
// Unknown platform, ignore this command.
|
||||
break;
|
||||
}
|
||||
} catch (ex) { }
|
||||
return child;
|
||||
@ -1605,6 +1620,7 @@ function createMeshCore(agent) {
|
||||
switch (amtMessage) {
|
||||
case 'iAMT0050': { if (amtMessageArg == '48') { notify = 'Intel® AMT Serial-over-LAN connected'; } else if (amtMessageArg == '49') { notify = 'Intel® AMT Serial-over-LAN disconnected'; } break; } // SOL
|
||||
case 'iAMT0052': { if (amtMessageArg == '1') { notify = 'Intel® AMT KVM connected'; } else if (amtMessageArg == '2') { notify = 'Intel® AMT KVM disconnected'; } break; } // KVM
|
||||
default: { break; }
|
||||
}
|
||||
|
||||
// Send to the entire mesh, no sessionid or userid specified.
|
||||
@ -1898,6 +1914,11 @@ function createMeshCore(agent) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
console.log('Invalid KVM command', cmd);
|
||||
sendConsoleText('Invalid KVM command: ' + cmd);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
2
agents/meshcore.min.js
vendored
2
agents/meshcore.min.js
vendored
File diff suppressed because one or more lines are too long
@ -301,6 +301,9 @@ function serviceHost(serviceName)
|
||||
}
|
||||
process.exit();
|
||||
break;
|
||||
default:
|
||||
// Unknown arguments, skip it.
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -46,6 +46,9 @@ function parseServiceStatus(token)
|
||||
case 0x00000001:
|
||||
j.state = 'STOPPED';
|
||||
break;
|
||||
default:
|
||||
// Unknown service state
|
||||
break;
|
||||
}
|
||||
var controlsAccepted = token.Deref((2 * 4), 4).toBuffer().readUInt32LE();
|
||||
j.controlsAccepted = [];
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -46,6 +46,9 @@ function parseServiceStatus(token)
|
||||
case 0x00000001:
|
||||
j.state = 'STOPPED';
|
||||
break;
|
||||
default:
|
||||
// Unknown service status.
|
||||
break;
|
||||
}
|
||||
var controlsAccepted = token.Deref((2 * 4), 4).toBuffer().readUInt32LE();
|
||||
j.controlsAccepted = [];
|
||||
@ -316,7 +319,7 @@ function serviceManager()
|
||||
this._update.stdin.write('exit\n');
|
||||
|
||||
break;
|
||||
default: // unknown platform service type
|
||||
default: // Unknown platform service type
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -449,7 +452,7 @@ function serviceManager()
|
||||
this._update.stdin.write('systemctl disable ' + name + '.service\n');
|
||||
this._update.stdin.write('exit\n');
|
||||
break;
|
||||
default: // unknown platform service type
|
||||
default: // Unknown platform service type
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because one or more lines are too long
@ -32,5 +32,9 @@ process.on('message', function (message) {
|
||||
certStore = message.certs;
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
console.log('Unknown accelerator action: ' + message.action + '.');
|
||||
break;
|
||||
}
|
||||
}
|
||||
});
|
@ -636,6 +636,10 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
});
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
console.log('Unknown agent action (' + obj.remoteaddrport + '): ' + command.action + '.');
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
116
meshuser.js
116
meshuser.js
@ -118,8 +118,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
obj.ws.userid = req.session.userid;
|
||||
obj.ws.domainid = domain.id;
|
||||
|
||||
// Create a new session id for this user.
|
||||
require('crypto').randomBytes(20, function (err, randombuf) {
|
||||
obj.ws.sessionId = user._id + '/' + randombuf.toString('hex');
|
||||
|
||||
// Add this web socket session to session list
|
||||
obj.ws.sessionId = user._id + '/' + ('' + Math.random()).substring(2);
|
||||
obj.parent.wssessions2[ws.sessionId] = obj.ws;
|
||||
if (!obj.parent.wssessions[user._id]) { obj.parent.wssessions[user._id] = [ws]; } else { obj.parent.wssessions[user._id].push(obj.ws); }
|
||||
if (obj.parent.parent.multiServer == null) {
|
||||
@ -160,7 +163,61 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
|
||||
// When data is received from the web socket
|
||||
ws.on('message', function (msg) {
|
||||
ws.on('message', processWebSocketData);
|
||||
|
||||
// If error, do nothing
|
||||
ws.on('error', function (err) { console.log(err); });
|
||||
|
||||
// If the web socket is closed
|
||||
ws.on('close', function (req) {
|
||||
obj.parent.parent.RemoveAllEventDispatch(ws);
|
||||
if (obj.serverStatsTimer != null) { clearInterval(obj.serverStatsTimer); obj.serverStatsTimer = null; }
|
||||
if (req.session && req.session.ws && req.session.ws == ws) { delete req.session.ws; }
|
||||
if (obj.parent.wssessions2[ws.sessionId]) { delete obj.parent.wssessions2[ws.sessionId]; }
|
||||
if (obj.parent.wssessions[ws.userid]) {
|
||||
var i = obj.parent.wssessions[ws.userid].indexOf(ws);
|
||||
if (i >= 0) {
|
||||
obj.parent.wssessions[ws.userid].splice(i, 1);
|
||||
var user = obj.parent.users[ws.userid];
|
||||
if (user) {
|
||||
if (obj.parent.parent.multiServer == null) {
|
||||
obj.parent.parent.DispatchEvent(['*'], obj, { action: 'wssessioncount', username: user.name, count: obj.parent.wssessions[ws.userid].length, nolog: 1, domain: obj.domain.id });
|
||||
} else {
|
||||
obj.parent.recountSessions(ws.sessionId); // Recount sessions
|
||||
}
|
||||
}
|
||||
if (obj.parent.wssessions[ws.userid].length == 0) { delete obj.parent.wssessions[ws.userid]; }
|
||||
}
|
||||
}
|
||||
|
||||
// If we have peer servers, inform them of the disconnected session
|
||||
if (obj.parent.parent.multiServer != null) { obj.parent.parent.multiServer.DispatchMessage({ action: 'sessionEnd', sessionid: ws.sessionId }); }
|
||||
});
|
||||
|
||||
// Figure out the MPS port, use the alias if set
|
||||
var mpsport = ((obj.args.mpsaliasport != null) ? obj.args.mpsaliasport : obj.args.mpsport);
|
||||
var httpport = ((obj.args.aliasport != null) ? obj.args.aliasport : obj.args.port);
|
||||
|
||||
// Build server information object
|
||||
var serverinfo = { name: obj.parent.certificates.CommonName, mpsname: obj.parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: obj.args.mpspass, port: httpport, emailcheck: obj.parent.parent.mailserver != null };
|
||||
if (obj.args.notls == true) { serverinfo.https = false; } else { serverinfo.https = true; serverinfo.redirport = obj.args.redirport; }
|
||||
|
||||
// Send server information
|
||||
try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { }
|
||||
|
||||
// Send user information to web socket, this is the first thing we send
|
||||
var userinfo = obj.common.Clone(obj.parent.users[user._id]);
|
||||
delete userinfo.salt;
|
||||
delete userinfo.hash;
|
||||
try { ws.send(JSON.stringify({ action: 'userinfo', userinfo: userinfo })); } catch (ex) { }
|
||||
|
||||
// We are all set, start receiving data
|
||||
ws._socket.resume();
|
||||
});
|
||||
} catch (e) { console.log(e); }
|
||||
|
||||
// Process incoming web socket data from the browser
|
||||
function processWebSocketData(msg) {
|
||||
var command, i = 0, mesh = null, meshid = null, nodeid = null, meshlinks = null, change = 0;
|
||||
try { command = JSON.parse(msg.toString('utf8')); } catch (e) { return; }
|
||||
if (obj.common.validateString(command.action, 3, 32) == false) return; // Action must be a string between 3 and 32 chars
|
||||
@ -660,7 +717,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
{
|
||||
// Load the server error log
|
||||
if ((user.siteadmin & 16) == 0) break;
|
||||
obj.parent.parent.readEntireTextFile(obj.parent.parent.getConfigFilePath('mesherrors.txt'), function (data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } } );
|
||||
obj.parent.parent.readEntireTextFile(obj.parent.parent.getConfigFilePath('mesherrors.txt'), function (data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } });
|
||||
break;
|
||||
}
|
||||
case 'serverclearerrorlog':
|
||||
@ -1332,58 +1389,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// If error, do nothing
|
||||
ws.on('error', function (err) { console.log(err); });
|
||||
|
||||
// If the web socket is closed
|
||||
ws.on('close', function (req) {
|
||||
obj.parent.parent.RemoveAllEventDispatch(ws);
|
||||
if (obj.serverStatsTimer != null) { clearInterval(obj.serverStatsTimer); obj.serverStatsTimer = null; }
|
||||
if (req.session && req.session.ws && req.session.ws == ws) { delete req.session.ws; }
|
||||
if (obj.parent.wssessions2[ws.sessionId]) { delete obj.parent.wssessions2[ws.sessionId]; }
|
||||
if (obj.parent.wssessions[ws.userid]) {
|
||||
var i = obj.parent.wssessions[ws.userid].indexOf(ws);
|
||||
if (i >= 0) {
|
||||
obj.parent.wssessions[ws.userid].splice(i, 1);
|
||||
var user = obj.parent.users[ws.userid];
|
||||
if (user) {
|
||||
if (obj.parent.parent.multiServer == null) {
|
||||
obj.parent.parent.DispatchEvent(['*'], obj, { action: 'wssessioncount', username: user.name, count: obj.parent.wssessions[ws.userid].length, nolog: 1, domain: obj.domain.id });
|
||||
} else {
|
||||
obj.parent.recountSessions(ws.sessionId); // Recount sessions
|
||||
default: {
|
||||
// Unknown user action
|
||||
console.log('Unknown action from user ' + user.name + ': ' + command.action + '.');
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (obj.parent.wssessions[ws.userid].length == 0) { delete obj.parent.wssessions[ws.userid]; }
|
||||
}
|
||||
}
|
||||
|
||||
// If we have peer servers, inform them of the disconnected session
|
||||
if (obj.parent.parent.multiServer != null) { obj.parent.parent.multiServer.DispatchMessage({ action: 'sessionEnd', sessionid: ws.sessionId }); }
|
||||
});
|
||||
|
||||
// Figure out the MPS port, use the alias if set
|
||||
var mpsport = ((obj.args.mpsaliasport != null) ? obj.args.mpsaliasport : obj.args.mpsport);
|
||||
var httpport = ((obj.args.aliasport != null) ? obj.args.aliasport : obj.args.port);
|
||||
|
||||
// Build server information object
|
||||
var serverinfo = { name: obj.parent.certificates.CommonName, mpsname: obj.parent.certificates.AmtMpsName, mpsport: mpsport, mpspass: obj.args.mpspass, port: httpport, emailcheck: obj.parent.parent.mailserver != null };
|
||||
if (obj.args.notls == true) { serverinfo.https = false; } else { serverinfo.https = true; serverinfo.redirport = obj.args.redirport; }
|
||||
|
||||
// Send server information
|
||||
try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { }
|
||||
|
||||
// Send user information to web socket, this is the first thing we send
|
||||
var userinfo = obj.common.Clone(obj.parent.users[user._id]);
|
||||
delete userinfo.salt;
|
||||
delete userinfo.hash;
|
||||
try { ws.send(JSON.stringify({ action: 'userinfo', userinfo: userinfo })); } catch (ex) { }
|
||||
|
||||
// We are all set, start receiving data
|
||||
ws._socket.resume();
|
||||
} catch (e) { console.log(e); }
|
||||
|
||||
// Read entire file and return it in callback function
|
||||
function readEntireTextFile(filepath, func) {
|
||||
|
@ -548,6 +548,11 @@ module.exports.CreateMultiServer = function (parent, args) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
// Unknown peer server command
|
||||
console.log('Unknown action from peer server ' + peerServerId + ': ' + msg.action + '.');
|
||||
break;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
@ -103,7 +103,7 @@ var CreateAmtRemoteIder = function (serverurl) {
|
||||
case 'C': { obj.parent.Start(obj.host, obj.port, obj.user, obj.pass, obj.tls); break; } // Session Start
|
||||
case 'E': { obj.Stop(); break; } // Stop IDER
|
||||
case 'F': { obj.parent.xxSend(data.substring(1)); obj.bytesToAmt += (data.length - 1); break; } // IDER Data
|
||||
case 'H': { if (obj.onDialogPrompt) obj.onDialogPrompt(obj, JSON.parse(data.substring(1))); } // IDER Dialog Prompt
|
||||
case 'H': { if (obj.onDialogPrompt) obj.onDialogPrompt(obj, JSON.parse(data.substring(1))); break; } // IDER Dialog Prompt
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -152,7 +152,7 @@ var AmtSetupBinDecode = function (file) {
|
||||
|
||||
var ptr2 = 0, recbin = file.substring(ptr + 24, ptr + 512);
|
||||
if ((r.flags & 2) != 0) { recbin = AmtSetupBinDescrambleRecordData(recbin); } // De-Scramble the record
|
||||
while (1) {
|
||||
while (true) {
|
||||
|
||||
// Format of a data record entry:
|
||||
// ModuleIdentifier(2) - identifies the target ME module for the entry.
|
||||
|
@ -37,7 +37,11 @@ module.exports.CreateRedirServer = function (parent, db, args, func) {
|
||||
if ((obj.certificates.CommonName == "sample.org") || (obj.certificates.CommonName == "un-configured")) { host = req.headers.host; }
|
||||
}
|
||||
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
|
||||
if (req.headers && req.headers.host && (req.headers.host.split(":")[0].toLowerCase() == "localhost")) { res.redirect("https://localhost:" + httpsPort + req.url); } else { res.redirect("https://" + host + ":" + httpsPort + req.url); }
|
||||
if (req.headers && req.headers.host && (req.headers.host.split(":")[0].toLowerCase() == "localhost")) {
|
||||
res.redirect("https://localhost:" + httpsPort + req.url);
|
||||
} else {
|
||||
res.redirect("https://" + host + ":" + httpsPort + req.url);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -239,6 +239,10 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
// All other state commands from the legacy agent must be ignored.
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -308,6 +312,10 @@ module.exports.CreateSwarmServer = function (parent, db, args, certificates) {
|
||||
if (xx >= 0) { info.agentosdesc = info.agentosdesc.substring(0, xx); }
|
||||
return info;
|
||||
}
|
||||
default: {
|
||||
// All other commands from the legacy agent must be ignored.
|
||||
break;
|
||||
}
|
||||
}
|
||||
ptr += blen;
|
||||
}
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -899,9 +899,15 @@
|
||||
//addNotification(n);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
console.log('Unknown message.event.action', message.event.action);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
console.log('Unknown message.action', message.action);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1192,7 +1198,7 @@
|
||||
var link = shortname;
|
||||
var publiclink = '';
|
||||
if (publicfolder) { publiclink = ' (<a style=cursor:pointer title=\"Display public link\" onclick=\'p5showPublicLink(\"' + publicPath + '/' + f.nx + '\")\'>Link</a>)'; }
|
||||
if (f.s > 0) { link = "<a target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>" + publiclink; }
|
||||
if (f.s > 0) { link = "<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>" + publiclink; }
|
||||
h = "<div class=filelist file=3><input file=3 style=float:left name=fc class=fcb type=checkbox onchange=p5setActions() value='" + f.nx + "'> <span style=float:right;padding-right:4px>" + fsize + "</span><span><div class=fileIcon" + f.t + "></div>" + link + "</span></div>";
|
||||
}
|
||||
|
||||
@ -2020,6 +2026,9 @@
|
||||
break;
|
||||
case 2:
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onDesktopStateChange state', state);
|
||||
break;
|
||||
}
|
||||
updateDesktopButtons();
|
||||
deskAdjust();
|
||||
@ -2260,6 +2269,9 @@
|
||||
p13targetpath = '';
|
||||
files.sendText({ action: 'ls', reqid: 1, path: '' });
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFilesStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2359,7 +2371,7 @@
|
||||
h = "<div class=filelist file=999><input file=999 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value='" + f.nx + "'> <span style=float:right title=\"" + title + "\">" + right + "</span><span><div class=fileIcon" + f.t + "></div><a style=cursor:pointer onclick=p13folderset(\"" + encodeURIComponent(f.nx) + "\")>" + shortname + "</a></span></div>";
|
||||
} else {
|
||||
var link = shortname;
|
||||
if (f.s > 0) { link = "<a target=\"_blank\" style=cursor:pointer onclick=\"p13downloadfile('" + encodeURIComponent(newlinkpath + '/' + name) + "','" + encodeURIComponent(name) + "'," + f.s + ")\">" + shortname + "</a>"; }
|
||||
if (f.s > 0) { link = "<a rel=\"noreferrer noopener\" target=\"_blank\" style=cursor:pointer onclick=\"p13downloadfile('" + encodeURIComponent(newlinkpath + '/' + name) + "','" + encodeURIComponent(name) + "'," + f.s + ")\">" + shortname + "</a>"; }
|
||||
h = "<div class=filelist file=3><input file=3 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value='" + f.nx + "'> <span style=float:right;padding-right:4px>" + fsize + "</span><span><div class=fileIcon" + f.t + "></div>" + link + "</span></div>";
|
||||
}
|
||||
|
||||
@ -2533,6 +2545,9 @@
|
||||
case 3: // Transport as connected, send a command to indicate we want to start a file download
|
||||
downloadFile.send(JSON.stringify({ action: 'download', reqid: 1, path: downloadFile.xpath }));
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFileDownloadStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2579,6 +2594,9 @@
|
||||
case 3:
|
||||
p13uploadNextFile();
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFileUploadStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -345,7 +345,7 @@
|
||||
<h1>My Server</h1>
|
||||
<p id="p2ServerActions"><strong>Server actions</strong></p>
|
||||
<p style="margin-left:40px">
|
||||
<a id="p2ServerActionsBackup" href="/backup.zip" target="_blank" style="cursor:pointer">Download server backup</a><br />
|
||||
<a id="p2ServerActionsBackup" href="/backup.zip" rel="noreferrer noopener" target="_blank" style="cursor:pointer">Download server backup</a><br />
|
||||
<a id="p2ServerActionsRestore" onclick="server_showRestoreDlg()" style="cursor:pointer">Restore server with backup</a><br />
|
||||
<a id="p2ServerActionsVersion" onclick="server_showVersionDlg()" style="cursor:pointer">Check server version</a><br />
|
||||
<a id="p2ServerActionsErrors" onclick="server_showErrorsDlg()" style="cursor:pointer">Show server error log</a><br />
|
||||
@ -1287,7 +1287,8 @@
|
||||
if (message.tag == 'clickonce') {
|
||||
var basicPort = "{{{serverRedirPort}}}" == "" ? "{{{serverPublicPort}}}" : "{{{serverRedirPort}}}";
|
||||
var rdpurl = "http://" + window.location.hostname + ":" + basicPort + "/clickonce/minirouter/MeshMiniRouter.application?WS=wss%3A%2F%2F" + window.location.hostname + "%2Fmeshrelay.ashx%3Fauth=" + message.cookie + "&CH={{{webcerthash}}}&AP=" + message.protocol + ((debugmode == 1) ? "" : "&HOL=1");
|
||||
window.open(rdpurl, '_blank');
|
||||
var newWindow = window.open(rdpurl, '_blank');
|
||||
newWindow.opener = null;
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -1553,9 +1554,15 @@
|
||||
addNotification(n);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
console.log('Unknown message.event.action', message.event.action);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
console.log('Unknown message.action', message.action);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2124,15 +2131,15 @@
|
||||
x += '<hr>';
|
||||
|
||||
// Setup CIRA using a MeshCommander script (Pretty Simple)
|
||||
x += "<div id=dlgAddCira0>To add a new Intel® AMT device to device group \"" + EscapeHtml(mesh.name) + "\" with CIRA, download the following script files and use <a href='http://meshcommander.com' target='_blank'>MeshCommander</a> to run the script to configure computers.<br /><br />";
|
||||
x += addHtmlValue('Setup CIRA', '<a href="mescript.ashx?type=1&meshid=' + meshidx.substring(0, 16) + '" target="_blank">cira_setup.mescript</a>');
|
||||
x += addHtmlValue('Cleanup CIRA', '<a href="mescript.ashx?type=2" target="_blank">cira_clean.mescript</a>');
|
||||
x += "<div id=dlgAddCira0>To add a new Intel® AMT device to device group \"" + EscapeHtml(mesh.name) + "\" with CIRA, download the following script files and use <a href='http://meshcommander.com' rel='noreferrer noopener' target='_blank'>MeshCommander</a> to run the script to configure computers.<br /><br />";
|
||||
x += addHtmlValue('Setup CIRA', '<a href="mescript.ashx?type=1&meshid=' + meshidx.substring(0, 16) + '" rel="noreferrer noopener" target="_blank">cira_setup.mescript</a>');
|
||||
x += addHtmlValue('Cleanup CIRA', '<a href="mescript.ashx?type=2" rel="noreferrer noopener" target="_blank">cira_clean.mescript</a>');
|
||||
x += "</div>";
|
||||
|
||||
// Setup CIRA with user/pass authentication (Somewhat difficult)
|
||||
x += "<div id=dlgAddCira1 style=display:none>To add a new Intel® AMT device to device group \"" + EscapeHtml(mesh.name) + "\" with CIRA, load the following certificate as trusted root within Intel AMT";
|
||||
if (serverinfo.mpspass) { x += " and authenticate to the server using this username and password.<br /><br />"; } else { x += " and authenticate to the server using this username and any password.<br /><br />"; }
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" rel="noreferrer noopener" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Username', '<input style=width:230px readonly value="' + meshidx.substring(0, 16) + '" />');
|
||||
if (serverinfo.mpspass) { x += addHtmlValue('Password', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpspass) + '" />'); }
|
||||
if (serverinfo != null) { x += addHtmlValue('MPS Server', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpsname) + ':' + serverinfo.mpsport + '" />'); }
|
||||
@ -2141,7 +2148,7 @@
|
||||
// Setup CIRA with certificate authentication (Really difficult, only if TLS offload is not used)
|
||||
if ((features & 16) == 0) {
|
||||
x += "<div id=dlgAddCira2 style=display:none>To add a new Intel® AMT device to device group \"" + EscapeHtml(mesh.name) + "\" with CIRA, load the following certificate as trusted root within Intel AMT, authenticate using a client certificate with the following common name and connect to the following server.<br /><br />";
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Root Certificate', '<a href="MeshServerRootCert.cer" rel="noreferrer noopener" target="_blank">Root Certificate File</a>');
|
||||
x += addHtmlValue('Organization', '<input style=width:230px readonly value="' + meshidx + '" />');
|
||||
if (serverinfo != null) { x += addHtmlValue('MPS Server', '<input style=width:230px readonly value="' + EscapeHtml(serverinfo.mpsname) + ':' + serverinfo.mpsport + '" />'); }
|
||||
x += "</div>";
|
||||
@ -2197,9 +2204,9 @@
|
||||
// Windows agent install
|
||||
//x += "<div id=agins_windows>To add a new computer to device group \"" + EscapeHtml(mesh.name) + "\", download the mesh agent and configuration file and install the agent on the computer to manage.<br /><br />";
|
||||
x += "<div id=agins_windows>To add a new computer to device group \"" + EscapeHtml(mesh.name) + "\", download the mesh agent and install it the computer to manage. This agent has server and mesh information embedded within it.<br /><br />";
|
||||
x += addHtmlValue('Mesh Agent', '<a id=aginsw32lnk href="meshagents?id=3&meshid=' + meshid.split('/')[2] + '&installflags=0" target="_blank" title="32bit version of the MeshAgent">Windows (.exe)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a id=aginsw64lnk href="meshagents?id=4&meshid=' + meshid.split('/')[2] + '&installflags=0" target="_blank" title="64bit version of the MeshAgent">Windows x64 (.exe)</a>');
|
||||
if (debugmode > 0) { x += addHtmlValue('Settings File', '<a id=aginswmshlnk href="meshsettings?id=' + meshid.split('/')[2] + '&installflags=0" target="_blank">' + EscapeHtml(mesh.name) + ' settings (.msh)</a>'); }
|
||||
x += addHtmlValue('Mesh Agent', '<a id=aginsw32lnk href="meshagents?id=3&meshid=' + meshid.split('/')[2] + '&installflags=0" rel="noreferrer noopener" target="_blank" title="32bit version of the MeshAgent">Windows (.exe)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a id=aginsw64lnk href="meshagents?id=4&meshid=' + meshid.split('/')[2] + '&installflags=0" rel="noreferrer noopener" target="_blank" title="64bit version of the MeshAgent">Windows x64 (.exe)</a>');
|
||||
if (debugmode > 0) { x += addHtmlValue('Settings File', '<a id=aginswmshlnk href="meshsettings?id=' + meshid.split('/')[2] + '&installflags=0" rel="noreferrer noopener" target="_blank">' + EscapeHtml(mesh.name) + ' settings (.msh)</a>'); }
|
||||
x += "</div>";
|
||||
|
||||
// Linux agent install
|
||||
@ -2209,13 +2216,13 @@
|
||||
|
||||
// OSX agent install
|
||||
x += "<div id=agins_osx style=display:none>To add a new computer to device group \"" + EscapeHtml(mesh.name) + "\", download the mesh agent and install it the computer to manage. This agent installer has server and mesh information embedded within it.<br /><br />";
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshosxagent?id=16&meshid=' + meshid.split('/')[2] + '" target="_blank" title="64bit version of OSX Mesh Agent">OSX Agent (64bit)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshosxagent?id=16&meshid=' + meshid.split('/')[2] + '" rel="noreferrer noopener" target="_blank" title="64bit version of OSX Mesh Agent">OSX Agent (64bit)</a>');
|
||||
x += "</div>";
|
||||
|
||||
// Windows agent uninstall
|
||||
x += "<div id=agins_windows_un style=display:none>To remove a mesh agent, download the file below, run it and click \"uninstall\".<br /><br />";
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshagents?id=3" target="_blank" title="32bit version of the MeshAgent">Windows (.exe)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshagents?id=3" target="_blank" title="64bit version of the MeshAgent">Windows x64 (.exe)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshagents?id=3" rel="noreferrer noopener" target="_blank" title="32bit version of the MeshAgent">Windows (.exe)</a>');
|
||||
x += addHtmlValue('Mesh Agent', '<a href="meshagents?id=3" rel="noreferrer noopener" target="_blank" title="64bit version of the MeshAgent">Windows x64 (.exe)</a>');
|
||||
x += "</div>";
|
||||
|
||||
// Linux agent uninstall
|
||||
@ -3527,7 +3534,7 @@
|
||||
var vectorSource = new ol.source.Vector({ features: markers });
|
||||
var vectorLayer = new ol.layer.Vector({ source: vectorSource });
|
||||
|
||||
//var x = '<div><a href="https://www.google.com/maps/preview/@' + lat + ',' + lng + ',12z" target=_blank>Open in Google maps</a></div>';
|
||||
//var x = '<div><a href="https://www.google.com/maps/preview/@' + lat + ',' + lng + ',12z" rel="noreferrer noopener" target=_blank>Open in Google maps</a></div>';
|
||||
var x = '<div id=d2map style=width:100%;height:300px></div>';
|
||||
setDialogMode(2, "Device Location", 1, null, x, '@xxmap');
|
||||
|
||||
@ -3573,9 +3580,9 @@
|
||||
if (mode == 0) { x += '<div>MeshCmd is a command line tool that performs lots of different operations. The action file can optionally be downloaded and edited to provide server information and credentials.<br /><br />'; }
|
||||
if (mode == 1) { x += '<div>Download "meshcmd" with an action file to route traffic thru this server to this device. Make sure to edit meshaction.txt and add your account password or make any changes needed.<br /><br />'; }
|
||||
x += addHtmlValue('Operating System', y);
|
||||
x += addHtmlValue('MeshCmd', '<a id=meshcmddownloadid href="meshagents?meshcmd=3" target="_blank"></a>');
|
||||
if (mode == 0) { x += addHtmlValue('Action File', '<a href="meshagents?meshaction=generic" target="_blank">MeshAction (.txt)</a>'); }
|
||||
if (mode == 1) { x += addHtmlValue('Action File', '<a href="meshagents?meshaction=route&nodeid=' + nodeid + '" target="_blank">MeshAction (.txt)</a>'); }
|
||||
x += addHtmlValue('MeshCmd', '<a id=meshcmddownloadid href="meshagents?meshcmd=3" rel="noreferrer noopener" target="_blank"></a>');
|
||||
if (mode == 0) { x += addHtmlValue('Action File', '<a href="meshagents?meshaction=generic" rel="noreferrer noopener" target="_blank">MeshAction (.txt)</a>'); }
|
||||
if (mode == 1) { x += addHtmlValue('Action File', '<a href="meshagents?meshaction=route&nodeid=' + nodeid + '" rel="noreferrer noopener" target="_blank">MeshAction (.txt)</a>'); }
|
||||
x += "</div>";
|
||||
|
||||
setDialogMode(2, ["Download MeshCmd","Network Router"][mode], 9, null, x);
|
||||
@ -3886,6 +3893,9 @@
|
||||
break;
|
||||
case 2:
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onDesktopStateChange state', state);
|
||||
break;
|
||||
}
|
||||
updateDesktopButtons();
|
||||
deskAdjust();
|
||||
@ -4249,6 +4259,9 @@
|
||||
break;
|
||||
case 3:
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onTerminalStateChange state', state);
|
||||
break;
|
||||
}
|
||||
updateTerminalButtons();
|
||||
}
|
||||
@ -4372,6 +4385,9 @@
|
||||
p13targetpath = '';
|
||||
files.sendText({ action: 'ls', reqid: 1, path: '' });
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFilesStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4474,7 +4490,7 @@
|
||||
h = "<div class=filelist file=999><input file=999 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value='" + f.nx + "'> <span style=float:right title=\"" + title + "\">" + right + "</span><span><div class=fileIcon" + f.t + "></div><a style=cursor:pointer onclick=p13folderset(\"" + encodeURIComponent(f.nx) + "\")>" + shortname + "</a></span></div>";
|
||||
} else {
|
||||
var link = shortname;
|
||||
if (f.s > 0) { link = "<a target=\"_blank\" style=cursor:pointer onclick=\"p13downloadfile('" + encodeURIComponent(newlinkpath + '/' + name) + "','" + encodeURIComponent(name) + "'," + f.s + ")\">" + shortname + "</a>"; }
|
||||
if (f.s > 0) { link = "<a rel=\"noreferrer noopener\" target=\"_blank\" style=cursor:pointer onclick=\"p13downloadfile('" + encodeURIComponent(newlinkpath + '/' + name) + "','" + encodeURIComponent(name) + "'," + f.s + ")\">" + shortname + "</a>"; }
|
||||
h = "<div class=filelist file=3><input file=3 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value='" + f.nx + "'> <span class=fsize>" + fdatestr + "</span><span style=float:right>" + fsize + "</span><span><div class=fileIcon" + f.t + "></div>" + link + "</span></div>";
|
||||
}
|
||||
|
||||
@ -4673,6 +4689,9 @@
|
||||
case 3: // Transport as connected, send a command to indicate we want to start a file download
|
||||
downloadFile.send(JSON.stringify({ action: 'download', reqid: 1, path: downloadFile.xpath }));
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFileDownloadStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4719,6 +4738,9 @@
|
||||
case 3:
|
||||
p13uploadNextFile();
|
||||
break;
|
||||
default:
|
||||
console.log('Unknown onFileUploadStateChange state', state);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -5475,7 +5497,7 @@
|
||||
var link = shortname;
|
||||
var publiclink = '';
|
||||
if (publicfolder) { publiclink = ' (<a style=cursor:pointer title=\"Display public link\" onclick=\'p5showPublicLink(\"' + publicPath + '/' + f.nx + '\")\'>Link</a>)'; }
|
||||
if (f.s > 0) { link = "<a target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>" + publiclink; }
|
||||
if (f.s > 0) { link = "<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>" + publiclink; }
|
||||
h = "<div class=filelist file=3><input file=3 style=float:left name=fc class=fcb type=checkbox onchange=p5setActions() value='" + f.nx + "'> <span class=fsize>" + fdatestr + "</span><span style=float:right>" + fsize + "</span><span><div class=fileIcon" + f.t + "></div>" + link + "</span></div>";
|
||||
}
|
||||
|
||||
@ -6195,7 +6217,7 @@
|
||||
h = "<div class=filelist file=999><span style=float:right title=\"" + title + "\"></span><span><div class=fileIcon" + f.t + "></div> <a style=cursor:pointer onclick=d3folderset(\"" + encodeURIComponent(f.nx) + "\")>" + shortname + "</a></span></div>";
|
||||
} else {
|
||||
var link = shortname;
|
||||
//if (f.s > 0) { link = "<a target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>"; }
|
||||
//if (f.s > 0) { link = "<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"downloadfile.ashx?link=" + encodeURIComponent(filetreelinkpath + '/' + f.nx) + "\">" + shortname + "</a>"; }
|
||||
h = "<div class=filelist file=3><input style=float:left name=fcx class=fcb type=checkbox onchange=d3setActions() value='" + f.nx + "'> <span style=float:right>" + fsize + "</span><span><div class=fileIcon" + f.t + "></div>" + link + "</span></div>";
|
||||
}
|
||||
|
||||
@ -6527,7 +6549,7 @@
|
||||
//function addHtmlValue(t, v) { return '<div style=height:20px><div style=float:right;width:220px><b>' + v + '</b></div><div>' + t + '</div></div>'; }
|
||||
function addHtmlValue(t, v) { return '<table><td style=width:120px>' + t + '<td><b>' + v + '</b></table>'; }
|
||||
function addHtmlValue2(t, v) { return '<div><div style=display:inline-block;float:right>' + v + '</div><div style=display:inline-block>' + t + '</div></div>'; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } } } return r; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } default: { break; } } } return r; }
|
||||
function focusTextBox(x) { setTimeout(function(){ Q(x).selectionStart = Q(x).selectionEnd = 65535; Q(x).focus(); }, 0); }
|
||||
function validateEmail(v) { var emailReg = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return emailReg.test(v); } // New version
|
||||
</script>
|
||||
|
@ -402,7 +402,7 @@ function trademarks(x) { return x.replace(/\(R\)/g, '®').replace(/\(TM\)/g,
|
||||
}
|
||||
|
||||
function haltEvent(e) { if (e.preventDefault) e.preventDefault(); if (e.stopPropagation) e.stopPropagation(); return false; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } } } return r; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } default: { break; } } } return r; }
|
||||
|
||||
// Update user controls
|
||||
function updateControls() {
|
||||
@ -535,6 +535,7 @@ function trademarks(x) { return x.replace(/\(R\)/g, '®').replace(/\(TM\)/g,
|
||||
case 0: { performWebRtcSwitch(); break; } // Other side is ready for switch over to WebRTC
|
||||
case 1: { sendws({ action: 'rtcSwitch', v: 2 }); break; } // Other side no longer sending data on websocket, confirm we got the end marker
|
||||
case 2: { for (var i in webchannel.xoutBuffer) { webchannel.send(webchannel.xoutBuffer[i]); } delete webchannel.xoutBuffer; break; } // Send any pending data over WebRTC and start using WebRTC with all traffic
|
||||
default: { console.log('Unknown rtcSwitch value: ' + data.action); break; } //
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -162,7 +162,7 @@
|
||||
}
|
||||
|
||||
function haltEvent(e) { if (e.preventDefault) e.preventDefault(); if (e.stopPropagation) e.stopPropagation(); return false; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } } } return r; }
|
||||
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } default: { break; } } } return r; }
|
||||
|
||||
// Update user controls
|
||||
function updateControls() {
|
||||
@ -295,6 +295,7 @@
|
||||
case 0: { performWebRtcSwitch(); break; } // Other side is ready for switch over to WebRTC
|
||||
case 1: { sendws({ action: 'rtcSwitch', v: 2 }); break; } // Other side no longer sending data on websocket, confirm we got the end marker
|
||||
case 2: { for (var i in webchannel.xoutBuffer) { webchannel.send(webchannel.xoutBuffer[i]); } delete webchannel.xoutBuffer; break; } // Send any pending data over WebRTC and start using WebRTC with all traffic
|
||||
default: { console.log('Unknown rtcSwitch value: ' + data.action); break; } //
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
16
webserver.js
16
webserver.js
@ -192,7 +192,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (obj.args.tlsoffload) { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers
|
||||
obj.app.use(obj.bodyParser.urlencoded({ extended: false }));
|
||||
var sessionOptions = {
|
||||
name: 'xid', // Recommanded security practice to not use the default cookie name
|
||||
name: 'xid', // Recommended security practice to not use the default cookie name
|
||||
httpOnly: true,
|
||||
keys: [obj.args.sessionkey], // If multiple instances of this server are behind a load-balancer, this secret must be the same for all instances
|
||||
secure: (obj.args.notls != true) // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html)
|
||||
@ -899,8 +899,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
if ((serverNameSplit.length == 4) && (parseInt(serverNameSplit[0]) == serverNameSplit[0]) && (parseInt(serverNameSplit[1]) == serverNameSplit[1]) && (parseInt(serverNameSplit[2]) == serverNameSplit[2]) && (parseInt(serverNameSplit[3]) == serverNameSplit[3])) {
|
||||
// Server name is an IPv4 address
|
||||
var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_ip.mescript');
|
||||
readEntireTextFile(filepath, function (data) {
|
||||
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_ip.mescript'), function (data) {
|
||||
if (data == null) { res.sendStatus(404); return; }
|
||||
var scriptFile = JSON.parse(data);
|
||||
|
||||
@ -926,8 +925,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
});
|
||||
} else {
|
||||
// Server name is a hostname
|
||||
var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_dns.mescript');
|
||||
readEntireTextFile(filepath, function (data) {
|
||||
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_dns.mescript'), function (data) {
|
||||
if (data == null) { res.sendStatus(404); return; }
|
||||
var scriptFile = JSON.parse(data);
|
||||
|
||||
@ -955,8 +953,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
else if (req.query.type == 2) {
|
||||
var filename = 'cira_cleanup.mescript';
|
||||
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });
|
||||
var filepath = obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript');
|
||||
readEntireTextFile(filepath, function (data) {
|
||||
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript'), function (data) {
|
||||
if (data == null) { res.sendStatus(404); return; }
|
||||
res.send(Buffer.from(data));
|
||||
});
|
||||
@ -967,6 +964,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
function handleDownloadUserFiles(req, res) {
|
||||
var domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) return;
|
||||
if (obj.common.validateString(req.path, 1, 4096) == false) { res.sendStatus(404); return; }
|
||||
var domainname = 'domain', spliturl = decodeURIComponent(req.path).split('/'), filename = '';
|
||||
if ((spliturl.length < 3) || (obj.common.IsFilenameValid(spliturl[2]) == false) || (domain.userQuota == -1)) { res.sendStatus(404); return; }
|
||||
if (domain.id != '') { domainname = 'domain-' + domain.id; }
|
||||
@ -1694,9 +1692,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
for (var agentid in obj.parent.meshAgentBinaries) {
|
||||
var agentinfo = obj.parent.meshAgentBinaries[agentid];
|
||||
response += '<tr><td>' + agentinfo.id + '</td><td>' + agentinfo.desc + '</td>';
|
||||
response += '<td><a target=_blank href="' + req.originalUrl + '?id=' + agentinfo.id + '">' + agentinfo.rname + '</a></td>';
|
||||
response += '<td><a rel="noreferrer noopener" target=_blank href="' + req.originalUrl + '?id=' + agentinfo.id + '">' + agentinfo.rname + '</a></td>';
|
||||
response += '<td>' + agentinfo.size + '</td><td>' + agentinfo.hash + '</td>';
|
||||
response += '<td><a target=_blank href="' + req.originalUrl + '?meshcmd=' + agentinfo.id + '">' + agentinfo.rname.replace('agent', 'cmd') + '</a></td></tr>';
|
||||
response += '<td><a rel="noreferrer noopener" target=_blank href="' + req.originalUrl + '?meshcmd=' + agentinfo.id + '">' + agentinfo.rname.replace('agent', 'cmd') + '</a></td></tr>';
|
||||
}
|
||||
response += '</table></body></html>';
|
||||
res.send(response);
|
||||
|
Loading…
Reference in New Issue
Block a user