From 23290232593c2831aad6f6fe8044010c84745dca Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 21 Dec 2020 23:25:30 -0800 Subject: [PATCH] Added .well-known support. --- redirserver.js | 10 +++++++--- webserver.js | 18 ++++++++++++------ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/redirserver.js b/redirserver.js index 5a48fd6a..f6e92b0f 100644 --- a/redirserver.js +++ b/redirserver.js @@ -94,9 +94,9 @@ module.exports.CreateRedirServer = function (parent, db, args, func) { for (var i in parent.config.domains) { if (parent.config.domains[i].dns != null) { continue; } var url = parent.config.domains[i].url; - obj.app.post(url + "amtevents.ashx", obj.parent.webserver.handleAmtEventRequest); - obj.app.get(url + "meshsettings", obj.parent.webserver.handleMeshSettingsRequest); - obj.app.get(url + "meshagents", obj.parent.webserver.handleMeshAgentRequest); + obj.app.post(url + 'amtevents.ashx', obj.parent.webserver.handleAmtEventRequest); + obj.app.get(url + 'meshsettings', obj.parent.webserver.handleMeshSettingsRequest); + obj.app.get(url + 'meshagents', obj.parent.webserver.handleMeshAgentRequest); // Server redirects if (parent.config.domains[i].redirects) { @@ -115,6 +115,10 @@ module.exports.CreateRedirServer = function (parent, db, args, func) { obj.app.get(url, performRedirection); // Root redirection obj.app.get(url + 'player.htm', performRedirection); // Player redirection + // Setup any .well-known folders + var p = obj.parent.path.join(obj.parent.datapath, '.well-known' + ((parent.config.domains[i].id == '') ? '' : ('-' + parent.config.domains[i].id))); + if (obj.parent.fs.existsSync(p)) { obj.app.use(url + '.well-known', obj.express.static(p)); } + // Setup all of the redirections to HTTPS const redirections = ['terms', 'logout', 'MeshServerRootCert.cer', 'mescript.ashx', 'checkmail', 'agentinvite', 'messenger', 'meshosxagent', 'devicepowerevents.ashx', 'downloadfile.ashx', 'userfiles/*', 'webrelay.ashx', 'health.ashx', 'logo.png', 'welcome.jpg']; for (i in redirections) { obj.app.get(url + redirections[i], performRedirection); } diff --git a/webserver.js b/webserver.js index 3fb4acb9..4f8834a8 100644 --- a/webserver.js +++ b/webserver.js @@ -5451,6 +5451,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { }); } + // Setup any .well-known folders + var p = obj.parent.path.join(obj.parent.datapath, '.well-known' + ((parent.config.domains[i].id == '') ? '' : ('-' + parent.config.domains[i].id))); + if (obj.parent.fs.existsSync(p)) { obj.app.use(url + '.well-known', obj.express.static(p)); } + // Setup the alternative agent-only port if (obj.agentapp) { // Receive mesh agent connections on alternate port @@ -5558,7 +5562,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { parent.debug('web', 'Sending 2FA email to: ' + user.email); parent.mailserver.sendAccountLoginMail(domain, user.email, user.otpekey.k, obj.getLanguageCodes(req), req.query.key); // Ask for a login token & confirm email was sent - try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, email2fasent: true, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } + try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, sms2fa: sms2fa, email2fasent: true, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } } else if ((req.query.token == '**sms**') && (sms2fa == true)) { // Cause a token to be sent to the user's phone number user.otpsms = { k: obj.common.zeroPad(getRandomSixDigitInteger(), 6), d: Date.now() }; @@ -5566,24 +5570,24 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { parent.debug('web', 'Sending 2FA SMS to: ' + user.phone); parent.smsserver.sendToken(domain, user.phone, user.otpsms.k, obj.getLanguageCodes(req)); // Ask for a login token & confirm sms was sent - try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', sms2fa: sms2fa, sms2fasent: true, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } + try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, sms2fa: sms2fa, sms2fasent: true, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } } else { // Ask for a login token parent.debug('web', 'Asking for login token'); - try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } + try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, sms2fa: sms2fa, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } } } else { checkUserOneTimePassword(req, domain, user, req.query.token, null, function (result) { if (result == false) { // Failed, ask for a login token again parent.debug('web', 'Invalid login token, asking again'); - try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } + try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'tokenrequired', email2fa: email2fa, sms2fa: sms2fa, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } } else { // We are authenticated with 2nd factor. // Check email verification if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); - try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, email2fasent: true })); ws.close(); } catch (e) { } + try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, sms2fa: sms2fa, email2fasent: true })); ws.close(); } catch (e) { } } else { func(ws, req, domain, user); } @@ -5594,7 +5598,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Check email verification if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); - try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, email2fasent: true })); ws.close(); } catch (e) { } + var email2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.email2factor != false)) && (parent.mailserver != null) && (user.otpekey != null)); + var sms2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.sms2factor != false)) && (parent.smsserver != null) && (user.phone != null)); + try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, sms2fa: sms2fa, email2fasent: true })); ws.close(); } catch (e) { } } else { // We are authenticated func(ws, req, domain, user);