diff options
| author | Minteck <freeziv.ytb@gmail.com> | 2021-03-07 18:29:17 +0100 |
|---|---|---|
| committer | Minteck <freeziv.ytb@gmail.com> | 2021-03-07 18:29:17 +0100 |
| commit | 0f79e708bf07721b73ea41e5d341be08e8ea4dce (patch) | |
| tree | f3c63cd6a9f4ef0b26f95eec6a031600232e80c8 /core/request.js | |
| download | electrode-0f79e708bf07721b73ea41e5d341be08e8ea4dce.tar.gz electrode-0f79e708bf07721b73ea41e5d341be08e8ea4dce.tar.bz2 electrode-0f79e708bf07721b73ea41e5d341be08e8ea4dce.zip | |
Initial commit
Diffstat (limited to 'core/request.js')
| -rw-r--r-- | core/request.js | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/core/request.js b/core/request.js new file mode 100644 index 0000000..caceceb --- /dev/null +++ b/core/request.js @@ -0,0 +1,111 @@ +const chalk = require('chalk'); +const mime = require('mime'); +const FileType = require('file-type'); + +module.exports = (req, res, post, files) => { + try { + res.setHeader("X-Electrode-WorkerID", cluster.worker.id) + res.setHeader('Cache-Control', 'private, no-cache, no-store, must-revalidate'); + res.setHeader('Expires', '-1'); + res.setHeader('Pragma', 'no-cache'); + if (req.url.includes('../')) { + console.log(chalk.gray(cluster.worker.id + " ") + chalk.blue("warn:") + " working around exploit"); + res.writeHead(301, { 'Location': '/index.php' }); + res.end(); + } else if (req.url.trim() == '/' || req.url.trim() == '//' || req.url.trim() == '') { + console.log(chalk.gray(cluster.worker.id + " ") + chalk.blue("warn:") + " working around redirection trap"); + res.writeHead(301, { 'Location': '/index.php' }); + res.end(); + } else { + console.log(chalk.gray(cluster.worker.id + " ") + chalk.green("verb:") + " " + req.method + " " + req.url + " - HTTP/" + req.httpVersion + " - " + req.connection.remoteAddress); + + filename = core.finder(req.url); + if (filename == null) { + res.writeHead(404, { 'Content-Type': 'text/html' }); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.yellow("warn:") + " not found: " + req.url); + res.write('<html><head><title>ENOTFOUND - File not found</title></head><body><h1>ENOTFOUND</h1><p>This file couldn\'t be found on the server</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + } else { + if (require('fs').lstatSync(filename).isDirectory()) { + res.writeHead(403, { 'Content-Type': 'text/html' }); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.yellow("warn:") + " is directory: " + req.url); + res.write('<html><head><title>EACCES - Permission denied</title></head><body><h1>EACCES</h1><p>Permission to access this file was denied by the server configuration</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + } else { + if (core.access(filename)) { + if (!filename.endsWith(".php")) { + res.setHeader("Cache-Control", "no-cache") + require('fs').readFile(filename, (error, file) => { + if (error) { + res.writeHead(500, { 'Content-Type': 'text/html' }); + res.write('<html><head><title>' + error.code + ' - Internal error</title></head><body><h1>' + error.code + '</h1><p>An internal server error ocurred while trying to give back the file</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.red("error:") + " while loading file: " + error.message); + } else { + FileType.fromFile(filename).then((type) => { + res.writeHead(200, { 'Content-Type': type + "", 'Content-Size': file.toString().length }); + res.end(file); + }); + } + }) + } else { + php.runtime(php.cache(req, res, filename, post, files)).then((phpc) => { + if (phpc.error == null) { + if (require('fs').existsSync("./cache/HAD_" + phpc.id + ".json")) { + try { + headers = JSON.parse(require('fs').readFileSync("./cache/HAD_" + phpc.id + ".json")); + hlist = {}; + headers.forEach(h => { + p = h.split(":"); + n = p[0]; + p.shift(); + v = p.join(":"); + hlist[n.toLowerCase()] = v; + }) + if (typeof hlist["content-type"] == "undefined") { + hlist["content-type"] = "text/html"; + } + if (typeof hlist["location"] != "undefined") { + res.writeHead(301, hlist); + } else { + res.writeHead(200, hlist); + } + } catch (e) { + console.log(chalk.gray(cluster.worker.id + " ") + chalk.red("error:") + " while loading php headers: " + e.message); + console.log(e.stack); + res.writeHead(500, { 'Content-Type': 'text/html' }); + res.write('<html><head><title>' + e.name + ' - post-PHP error</title></head><body><h1>' + e.name + '</h1><p>Unable to process PHP headers</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + } + } + + res.write(phpc.content); + res.end(); + core.headClean(); + } else { + res.writeHead(500, { 'Content-Type': 'text/html' }); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.red("error:") + " while running php: " + phpc.error.message); + console.log(phpc.error.stack); + res.write('<html><head><title>' + phpc.error.name + ' - PHP error</title></head><body><h1>' + phpc.error.name + '</h1><p>The PHP integration didn\'t fulfill the request correctly:</p><pre>' + phpc.stderr + '</pre><pre>' + phpc.error.message.split("\n").join("<br>") + '</pre><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + core.headClean(); + } + }); + } + } else { + res.writeHead(403, { 'Content-Type': 'text/html' }); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.yellow("warn:") + " denied by .htaccess: " + req.url); + res.write('<html><head><title>EACCES - Permission denied</title></head><body><h1>EACCES</h1><p>Permission to access this file was denied by the server configuration</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + res.end(); + } + } + } + } + } catch (error) { + res.writeHead(500, { 'Content-Type': 'text/html' }); + res.write('<html><head><title>' + error.name + ' - Internal error</title></head><body><h1>' + error.name + '</h1><p>An internal server error ocurred while trying to give back the file</p><hr><address>' + config.product.name + ' version ' + version + '</address></body></html>'); + console.log(chalk.gray(cluster.worker.id + " ") + chalk.red("error:") + " " + error.name + ": " + error.message); + console.log(error.stack); + res.end(); + } +} |