Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-15 19:50:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Completed improved device guest sharing.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-04-09 13:27:21 -07:00
parent 9bf2e211ab
commit 0ad256610c
6 changed files with 118 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
agents/meshcore.js
View File

@ -1608,6 +1608,10 @@ function onTunnelData(data) {
if ((data.length > 3) && (data[0] == '{')) { onTunnelControlData(data, this); return; }
this.httprequest.protocol = parseInt(data);
if (typeof this.httprequest.protocol != 'number') { this.httprequest.protocol = 0; }
// See if this protocol request is allowed.
if ((this.httprequest.soptions != null) && (this.httprequest.soptions.usages != null) && (this.httprequest.soptions.usages.indexOf(this.httprequest.protocol) == -1)) { this.httprequest.protocol = 0; }
if (this.httprequest.protocol == 10) {
//
// Basic file transfer
@ -1882,7 +1886,7 @@ function onTunnelData(data) {
}
else if (this.httprequest.protocol == 2) {
//
// Remote KVM
// Remote Desktop
//
// Check user access rights for desktop

12
meshrelay.js
View File

@ -771,7 +771,17 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
// Send connection request to agent
if (obj.id == null) { obj.id = ('' + Math.random()).substring(2); }
const rcookie = parent.parent.encodeCookie({ ruserid: user._id, nodeid: node._id }, parent.parent.loginCookieEncryptionKey);
const command = { nodeid: node._id, action: 'msg', type: 'tunnel', userid: user._id, value: '*/meshrelay.ashx?p=' + cookie.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, usage: 2, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
const command = { nodeid: node._id, action: 'msg', type: 'tunnel', userid: user._id, value: '*/meshrelay.ashx?p=' + cookie.p + '&id=' + obj.id + '&rauth=' + rcookie + '&nodeid=' + node._id, soptions: {}, rights: cookie.r, guestname: cookie.gn, consent: cookie.cf, remoteaddr: cleanRemoteAddr(obj.req.clientIp) };
// Limit what this relay connection can do
if (typeof cookie.p == 'number') {
var usages = [];
if (cookie.p & 1) { usages.push(1); usages.push(6); usages.push(8); usages.push(9); } // Terminal
if (cookie.p & 2) { usages.push(2); } // Desktop
if (cookie.p & 4) { usages.push(5); usages.push(10); } // Files
command.soptions.usages = usages;
}
if (typeof domain.consentmessages == 'object') {
if (typeof domain.consentmessages.title == 'string') { command.soptions.consentTitle = domain.consentmessages.title; }
if (typeof domain.consentmessages.desktop == 'string') { command.soptions.consentMsgDesktop = domain.consentmessages.desktop; }

23
meshuser.js
View File

@ -5015,7 +5015,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
else if ((command.start != null) && (typeof command.start != 'number')) { err = 'Invalid start time'; } // Check the start time in seconds
else if ((command.end != null) && (typeof command.end != 'number')) { err = 'Invalid end time'; } // Check the end time in seconds
else if (common.validateInt(command.consent, 0, 256) == false) { err = 'Invalid flags'; } // Check the flags
else if (common.validateInt(command.p, 1, 2) == false) { err = 'Invalid protocol'; } // Check the protocol, 1 = Terminal, 2 = Desktop
else if (common.validateInt(command.p, 1, 7) == false) { err = 'Invalid protocol'; } // Check the protocol, 1 = Terminal, 2 = Desktop, 4 = Files
else if ((command.expire == null) && ((command.start == null) || (command.end == null) || (command.start > command.end))) { err = 'No time specified'; } // Check that a time range is present
else {
if (command.nodeid.split('/').length == 1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
@ -5047,13 +5047,25 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
// If we are limited to no terminal, don't allow terminal sharing
if ((command.p == 1) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOTERMINAL) != 0)) {
if (((command.p & 1) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOTERMINAL) != 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
return;
}
// If we are limited to no desktop, don't allow desktop sharing
if (((command.p & 2) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NODESKTOP) != 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
// If we are limited to no files, don't allow file sharing
if (((command.p & 4) != 0) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOFILES) != 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
// If we have view only remote desktop rights, force view-only on the guest share.
if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { command.viewOnly = true; }
if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { command.viewOnly = true; command.p = (command.p & 1); }
// Create cookie
var publicid = getRandomPassword(), startTime, expireTime;
@ -5079,8 +5091,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
var httpsPort = ((args.aliasport == null) ? args.port : args.aliasport); // Use HTTPS alias port is specified
var xdomain = (domain.dns == null) ? domain.id : '';
if (xdomain != '') xdomain += '/';
var page = (command.p == 1) ? 'terminal' : 'desktop';
var url = 'https://' + serverName + ':' + httpsPort + '/' + xdomain + page + '?c=' + inviteCookie;
var url = 'https://' + serverName + ':' + httpsPort + '/' + xdomain + 'sharing?c=' + inviteCookie;
if (serverName.split('.') == 1) { url = '/' + xdomain + page + '?c=' + inviteCookie; }
command.url = url;
if (command.responseid != null) { command.result = 'OK'; }

70
views/default.handlebars
View File

@ -626,7 +626,7 @@
</div>
</div>
</div>
<div id=p11DeskConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px;text-align:left" onclick=p11clearConsoleMsg()></div>
<div id=p11DeskConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px;text-align:left" onclick=p11clearConsoleMsg()></div>
<div id=p11DeskSessionSelector style="display:none;position:absolute;left:30px;top:17px;right:30px;bottom:17px;overflow-y:auto"></div>
</div>
<div id=deskarea4 class="areaFoot">
@ -729,7 +729,7 @@
</td>
</tr>
</table>
<div id=p12TermConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
<div id=p12TermConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
</div>
</div>
<div id=p13 style="display:none">
@ -788,7 +788,7 @@
</td>
</tr>
</table>
<div id=p13FilesConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
<div id=p13FilesConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
<div id="p13filetable" style="">
<div id="p13bigok" style="display:none"><b>&checkmark;</b></div>
<div id="p13bigfail" style="display:none"><b>&#10007;</b></div>
@ -3211,7 +3211,7 @@
QV('agentInvitationLinkDiv', true);
break;
}
case 'createDeviceShareLink': { // Remote desktop sharing link
case 'createDeviceShareLink': { // Guest sharing link
if (xxdialogTag) break;
var node = getNodeFromId(message.nodeid), x = '';
if (node == null) break;
@ -3221,12 +3221,13 @@
x += addHtmlValue("Start Time", printDateTime(new Date(message.start)));
x += addHtmlValue("Expire Time", printDateTime(new Date(message.expire)));
var y = [];
if (message.consent & 1) { y.push("Notify"); }
if (message.consent & 8) { y.push("Prompt"); }
if (message.consent & 64) { y.push("Privacy bar"); }
if (message.consent & 0x0007) { y.push("Notify"); }
if (message.consent & 0x0038) { y.push("Prompt"); }
if (message.consent & 0x0040) { y.push("Privacy bar"); }
if (y.length == 0) { y.push("None"); }
x += addHtmlValue("User Consent", y.join(', '));
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer>' + ((message.p == 1)?"Remote Terminal Link":"Remote Desktop Link") + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
var type = ['', "Remote Terminal Link", "Remote Desktop Link", "Remote Desktop + Terminal Link", "Remote Files Link", "Remote Terminal + Files Link", "Remote Desktop + Files Link", "Remote Desktop + Terminal + Files Link"][message.p];
x += '<div id=agentInvitationLinkDiv style="text-align:center;font-size:large;margin:16px"><a href="' + message.url + '" id=agentInvitationLink rel="noreferrer noopener" target="_blank" style=cursor:pointer>' + type + '</a> <img src=images/link4.png height=10 width=10 title="' + "Copy link to clipboard" + '" style=cursor:pointer onclick=d2CopyInviteToClip()></div></div>';
setDialogMode(2, "Share Device", 1, null, x);
break;
}
@ -6524,12 +6525,13 @@
for (var i = 0; i < deviceShares.length; i++) {
var dshare = deviceShares[i];
var trash = '<a href="' + dshare.url + '" rel="noreferrer noopener" target=_blank title="' + "Device Sharing Link" + '" style=cursor:pointer><img src=images/link2.png border=0 height=10 width=10></a> <a href=# onclick=\'return p30removeDeviceSharing(event,"' + encodeURIComponentEx(currentNode._id) + '","' + encodeURIComponentEx(dshare.publicid) + '","' + encodeURIComponentEx(dshare.guestName) + '")\' title="' + "Remove device sharing" + '" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
var details = format("{0}, {1} to {2}", ((dshare.p == 1)?"Terminal":"Desktop"), printFlexDateTime(new Date(dshare.startTime)), printFlexDateTime(new Date(dshare.expireTime)));
var type = ['', "Terminal", "Desktop", "Desktop + Terminal", "Files", "Terminal + Files", "Desktop + Files", "Desktop + Terminal + Files"][dshare.p];
var details = format("{0}, {1} to {2}", type, printFlexDateTime(new Date(dshare.startTime)), printFlexDateTime(new Date(dshare.expireTime)));
if (dshare.viewOnly === true) { details += ", View only"; }
if (dshare.consent != null) {
if (dshare.consent == 0) { details += ", No Consent"; } else {
if (((dshare.consent & 8) != 0) || ((dshare.consent & 16) != 0)) { details += ", Prompt for consent"; }
if ((dshare.consent & 0x40) != 0) { details += ", Toolbar"; }
if ((dshare.consent & 0x0038) != 0) { details += ", Prompt for consent"; }
if ((dshare.consent & 0x0040) != 0) { details += ", Toolbar"; }
}
}
x += '<tr ' + (((++count % 2) == 0) ? 'style=background-color:#DDD' : '') + '><td style=width:30%><div class=m' + 2 + '></div><div>&nbsp;' + dshare.guestName + '<div></div></div></td><td style=width:70%><div style=float:right>' + trash + '</div><div>' + details + '</div></td></tr>';
@ -6731,8 +6733,26 @@
if ((rights != 0xFFFFFFFF) && ((rights & 0x100) != 0)) { deskFull = ''; }
var fullTerm = '<option value=1>' + "Terminal" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x200) != 0)) { fullTerm = ''; }
x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + ((currentNode.agent.caps & 1)?(deskFull + '<option value=3>' + "Desktop, View only" + '</option>'):'') + ((currentNode.agent.caps & 2)?fullTerm:'') + '</select>');
var fullFiles = '<option value=4>' + "Files" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x400) != 0)) { fullFiles = ''; }
var deskFiles = '<option value=5>' + "Desktop + Files" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x500) != 0)) { deskFiles = ''; }
var termFiles = '<option value=6>' + "Terminal + Files" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x600) != 0)) { termFiles = ''; }
var allFeatures = '<option value=7>' + "Desktop + Terminal + Files" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x700) != 0)) { allFeatures = ''; }
var y = '';
if (currentNode.agent.caps & 1) { y += (deskFull + '<option value=3>' + "Desktop, View only" + '</option>'); } // Agent is desktop capable
if (currentNode.agent.caps & 2) { y += fullTerm; } // Agent is terminal capable
if (currentNode.agent.caps & 4) { y += fullFiles; } // Agent is files capable
if (currentNode.agent.caps & 5) { y += deskFiles; } // Agent is desktop + files capable
if (currentNode.agent.caps & 6) { y += termFiles; } // Agent is terminal + files capable
if (currentNode.agent.caps & 7) { y += allFeatures; } // Agent is desktop + terminal + files capable
x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + y + '</select>');
var options = { 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days" }
y = '';
for (var i in options) { y += '<option value=' + i + '>' + options[i] + '</option>'; }
x += addHtmlValue("Validity", '<select id=d2timeRange style=float:right;width:250px onchange=showShareDeviceValidate()><option value=0>' + "Starting now" + '</option><option value=1>' + "Time range" + '</option></select>');
x += '<div id=d2modenow>';
@ -6758,16 +6778,28 @@
}
function showShareDeviceEx(b, tag) {
var consent = 0, p = parseInt(Q('d2shareType').value), viewOnly = false;
if (currentNode.agent.caps & 1) {
if (Q('d2shareType').value == 1) { if (Q('d2userConsent').value == 1) { consent = 18; } else { consent = 2; } } // Terminal Consent: 2 = Notify, 16 = Prompt
if (Q('d2shareType').value > 1) { if (Q('d2userConsent').value == 1) { consent = 73; } else { consent = 65; } } // Desktop Consent: 1 = Notify, 8 = Prompt, 64 = Privacy bar
var consent = 0, p = parseInt(Q('d2shareType').value), viewOnly = false, q = 0;
if (p == 3) { viewOnly = true; }
var q = [0, 1, 2, 2, 4, 6, 5, 7][p]; // Protocol flags: 1 = Terminal, 2 = Desktop, 4 = Files.
if (q & 1) {
consent |= 0x0002; // Terminal notify
if (Q('d2userConsent').value == 1) { consent |= 0x0010; } // Terminal prompt for user consent
}
if (p == 3) { p = 2; viewOnly = true; }
if (q & 2) {
consent |= 0x0001; // Desktop notify
consent |= 0x0040; // Desktop connection toolbar
if (Q('d2userConsent').value == 1) { consent |= 0x0008; } // Desktop prompt for user consent
}
if (q & 4) {
consent |= 0x0004; // Files notify
if (Q('d2userConsent').value == 1) { consent |= 0x0020; } // Files prompt for user consent
}
if (Q('d2timeRange').value == 0) {
meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: p, expire: parseInt(Q('d2inviteExpire').value), consent: consent, viewOnly: viewOnly });
meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: q, expire: parseInt(Q('d2inviteExpire').value), consent: consent, viewOnly: viewOnly });
} else {
meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: p, start: Math.floor(tag.selectedDates[0].getTime() / 1000), end: Math.floor(tag.selectedDates[1].getTime() / 1000), consent: consent, viewOnly: viewOnly });
meshserver.send({ action: 'createDeviceShareLink', nodeid: currentNode._id, guestname: Q('d2inviteName').value.trim(), p: q, start: Math.floor(tag.selectedDates[0].getTime() / 1000), end: Math.floor(tag.selectedDates[1].getTime() / 1000), consent: consent, viewOnly: viewOnly });
}
}

31
views/sharing.handlebars
View File

@ -30,7 +30,7 @@
<title>{{{title}}}</title>
</head>
<body style="overflow:hidden;background-color:black">
<div id=LeftSideToolBar style="position:absolute;left:0;bottom:0;width:52px;top:0;background:#113962;background:linear-gradient(to bottom, #104893 0%,#113962 100%);color:white;border-right: 5px solid #BBB;">
<div id=LeftSideToolBar style="display:none;position:absolute;left:0;bottom:0;width:52px;top:0;background:#113962;background:linear-gradient(to bottom, #104893 0%,#113962 100%);color:white;border-right: 5px solid #BBB;">
<div id=LeftMenuDesktop class="slbbutton slbbuttonsel2" title="Desktop" onclick=go(11)>
<div class="slb1" style="position:absolute;top:6px;left:6px"></div>
</div>
@ -66,7 +66,7 @@
<div id=DeskParent>
<canvas id=Desk width=640 height=480 oncontextmenu="return false" onmousedown=dmousedown(event) onmouseup=dmouseup(event) onmousemove=dmousemove(event) onmousewheel=dmousewheel(event)></canvas>
</div>
<div id=p11DeskConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=clearConsoleMsg()></div>
<div id=p11DeskConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:17px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=clearConsoleMsg()></div>
</div>
<div id=deskarea4 class="areaFoot" style="min-height:24px">
<div class="toright2">
@ -146,7 +146,7 @@
<input type=button onkeypress="return false" onkeydown="return false" class="bottombutton" id="pastebutton" value="Paste" title="Paste text into the terminal" onclick="showTermPasteDialog()" style="display:none" />
</div>
</div>
<div id=p12TermConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
<div id=p12TermConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:45px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p12clearConsoleMsg()></div>
</div>
<div id=p13 class="noselect" style="overflow:hidden;position:absolute;left:54px;top:0;right:0;bottom:0;display:none;background-color:white">
<div id="p13toolbar" style="position:absolute;left:0;top:0;right:0;bottom:28px">
@ -192,7 +192,7 @@
<div>&nbsp;&nbsp;<span id="p13currentpath"></span></div>
</div>
<div id="fileArea4" style="height:calc(100vh - 146px)">
<div id=p13FilesConsoleMsg style="display:none;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
<div id=p13FilesConsoleMsg style="display:none;text-align:left;cursor:pointer;position:absolute;left:30px;top:165px;color:yellow;background-color:rgba(0,0,0,0.6);padding:10px;border-radius:5px" onclick=p13clearConsoleMsg()></div>
<div id="p13filetable" style="width:100%;height:100%">
<div id="p13bigok" style="display:none"><b>&checkmark;</b></div>
<div id="p13bigfail" style="display:none"><b>&#10007;</b></div>
@ -285,7 +285,6 @@
var domain = '{{{domain}}}';
var domainUrl = '{{{domainurl}}}';
var authCookie = '{{{authCookie}}}';
var nodeid = '{{{nodeid}}}';
var viewOnly = parseInt('{{{viewOnly}}}');
var urlargs = parseUriArgs();
var debugmode = urlargs.debug;
@ -300,6 +299,7 @@
QH('p12power', printFlexDateTime(new Date(parseInt(expire))));
QH('p13power', printFlexDateTime(new Date(parseInt(expire))));
}
var features = parseInt('{{{features}}}');
// Terminal
var terminal = null;
@ -341,7 +341,24 @@
Q('p13filetable').addEventListener('dragover', p13fileDragOver, false);
Q('p13filetable').addEventListener('dragleave', p13fileDragLeave, false);
go(11); // Go to desktop
// Setup feature visibility
QV('LeftMenuDesktop', features & 2);
QV('LeftMenuTerminal', features & 1);
QV('LeftMenuFiles', features & 4);
if (features & 2) { go(11); } // Goto desktop
else if (features & 1) { go(12); } // Goto terminal
else if (features & 4) { go(13); } // Goto files
// Only show left bar if two or more features are visible
var featureCount = 0;
if (features & 1) { featureCount++; }
if (features & 2) { featureCount++; }
if (features & 4) { featureCount++; }
QV('LeftSideToolBar', featureCount > 1);
QS('p11')['left'] = (featureCount > 1) ? '54px' : '0px';
QS('p12')['left'] = (featureCount > 1) ? '54px' : '0px';
QS('p13')['left'] = (featureCount > 1) ? '54px' : '0px';
deskAdjust();
}
@ -1717,7 +1734,7 @@
//link = '<a href="devicefile.ashx?c=' + authCookie + '&m=' + currentNode.meshid.split('/')[2] + '&n=' + currentNode._id.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '" download="' + name + '" style=cursor:pointer>' + shortname + '</a>';
// Server link
//link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&m=' + currentNode.meshid.split('/')[2] + '&n=' + currentNode._id.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&n=' + nodeid.split('/')[2] + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
link = '<a onclick=downloadFile("devicefile.ashx?c=' + authCookie + '&f=' + encodeURIComponentEx(newlinkpath + '/' + name) + '","' + encodeURIComponentEx(name) + '") style=cursor:pointer>' + shortname + '</a>';
}
h = '<div id=fileEntry cmenu=filesContextMenu fileIndex=' + i + ' class=filelist file=3><input file=3 style=float:left name=fd class=fcb type=checkbox onchange=p13setActions() value=\'' + f.nx + '\'>&nbsp;<span class=fsize>' + fdatestr + '</span><span style=float:right>' + EscapeHtml(fsize) + '</span><span><div class=fileIcon' + f.t + '></div>' + link + '</span></div>';
}

14
webserver.js
View File

@ -2992,7 +2992,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
function handleDeviceFile(req, res) {
const domain = checkUserIpAddress(req, res);
if (domain == null) { return; }
if ((req.query.c == null) || (req.query.n == null) || (req.query.f == null)) { res.sendStatus(404); return; }
if ((req.query.c == null) || (req.query.f == null)) { res.sendStatus(404); return; }
// Check the inbound desktop sharing cookie
var c = obj.parent.decodeCookie(req.query.c, obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
@ -3002,6 +3002,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
const user = obj.users[c.userid];
if ((c == user)) { res.sendStatus(404); return; }
// If this cookie has restricted usages, check that it's allowed to perform downloads
if (Array.isArray(c.usages) && (c.usages.indexOf(10) < 0)) { res.sendStatus(404); return; } // Check protocol #10
if (c.nid != null) { req.query.n = c.nid.split('/')[2]; } // This cookie is restricted to a specific nodeid.
if (req.query.n == null) { res.sendStatus(404); return; }
// Check if this user has permission to manage this computer
obj.GetNodeWithRights(domain, user, 'node/' + domain.id + '/' + req.query.n, function (node, rights, visible) {
if ((node == null) || ((rights & MESHRIGHT_REMOTECONTROL) == 0) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device
@ -3310,7 +3316,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check the inbound desktop sharing cookie
var c = obj.parent.decodeCookie(req.query.c, obj.parent.invitationLinkEncryptionKey, 60); // 60 minute timeout
if ((c == null) || (c.a !== 5) || ((c.p !== 2) && (c.p != null)) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.start != 'number') || (typeof c.expire != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
if ((c == null) || (c.a !== 5) || (typeof c.p !== 'number') || (c.p < 1) || (c.p > 7) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.start != 'number') || (typeof c.expire != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
// Check the expired time, expire message.
if (c.expire <= Date.now()) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
@ -3335,13 +3341,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Looks good, let's create the outbound session cookies.
// Consent flags are 1 = Notify, 8 = Prompt, 64 = Privacy Bar.
const authCookie = obj.parent.encodeCookie({ userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: 2, gn: c.gn, cf: 65 | c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }, obj.parent.loginCookieEncryptionKey);
const authCookie = obj.parent.encodeCookie({ userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: c.p, gn: c.gn, cf: c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }, obj.parent.loginCookieEncryptionKey);
// Lets respond by sending out the desktop viewer.
var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
parent.debug('web', 'handleDesktopRequest: Sending guest sharing page for \"' + c.uid + '\", guest \"' + c.gn + '\".');
res.set({ 'Cache-Control': 'no-store' });
render(req, res, getRenderPage('sharing', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: '', domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27'), nodeid: c.nid, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, expire: c.expire, viewOnly: (c.vo == 1) ? 1 : 0, nodeName: encodeURIComponent(node.name) }, req, domain));
render(req, res, getRenderPage('sharing', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: '', domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27'), nodeid: c.nid, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, expire: c.expire, viewOnly: (c.vo == 1) ? 1 : 0, nodeName: encodeURIComponent(node.name), features: c.p }, req, domain));
});
});
}