Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-15 19:50:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Server code cleanup & fixes.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2019-01-05 12:04:18 -08:00
parent 25a804acc8
commit f18d201188
5 changed files with 62 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common.js
View File

@ -14,6 +14,7 @@
/*jshint esversion: 6 */
"use strict";
const fs = require("fs");
const crypto = require("crypto");
// Binary encoding and decoding functions
@ -171,4 +172,4 @@ module.exports.checkPasswordRequirements = function(password, requirements) {
if (requirements.upper && (upper < requirements.upper)) return false;
if (requirements.nonalpha && (nonalpha < requirements.nonalpha)) return false;
return true;
}
}

21
meshcentral.js
View File

@ -1235,27 +1235,6 @@ function CreateMeshCentralServer(config, args) {
function logWarnEvent(msg) { if (obj.servicelog != null) { obj.servicelog.warn(msg); } console.log(msg); }
function logErrorEvent(msg) { if (obj.servicelog != null) { obj.servicelog.error(msg); } console.error(msg); }
// Read entire file and return it in callback function
obj.readEntireTextFile = function(filepath, func) {
var called = false;
try {
obj.fs.open(filepath, 'r', function (err, fd) {
if (fd == null) { func(null); return; }
obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);
bytesRead += chunkSize;
}
obj.fs.close(fd);
called = true;
func(buffer.toString('utf8', 0, bufferSize));
});
});
} catch (e) { console.log(e); if (called == false) { func(null); } }
}
// Return the path of a file into the meshcentral-data path
obj.getConfigFilePath = function (filename) {
if ((obj.config != null) && (obj.config.configfiles != null) && (obj.config.configfiles[filename] != null) && (typeof obj.config.configfiles[filename] == 'string')) {

29
meshuser.js
View File

@ -717,7 +717,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
{
// Load the server error log
if ((user.siteadmin & 16) == 0) break;
obj.parent.parent.readEntireTextFile(obj.parent.parent.getConfigFilePath('mesherrors.txt'), function (data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } });
obj.parent.parent.fs.readFile(obj.parent.parent.getConfigFilePath('mesherrors.txt'), 'utf8', function (err, data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } });
break;
}
case 'serverclearerrorlog':
@ -1213,8 +1213,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Send a mesh agent core to the mesh agent
var file = obj.parent.getServerFilePath(user, domain, command.path);
if (file != null) {
obj.parent.readEntireTextFile(file.fullpath, function (data) {
if (data != null) {
obj.parent.parent.fs.readFile(file.fullpath, 'utf8', function (err, data) {
if (err != null) {
data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw)
obj.parent.sendMeshAgentCore(user, domain, command.nodeid, data);
}
@ -1238,8 +1238,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'close':
{
// Close the web socket session
console.log('CLOSING1');
if (obj.req.session && obj.req.session.ws && obj.req.session.ws == ws) { console.log('CLOSING2'); delete obj.req.session.ws; }
if (obj.req.session && obj.req.session.ws && obj.req.session.ws == ws) { delete obj.req.session.ws; }
try { ws.close(); } catch (e) { }
break;
}
@ -1397,26 +1396,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
}
// Read entire file and return it in callback function
function readEntireTextFile(filepath, func) {
var called = false;
try {
obj.fs.open(filepath, 'r', function (err, fd) {
obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.from(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);
bytesRead += chunkSize;
}
obj.fs.close(fd);
called = true;
func(buffer.toString('utf8', 0, bufferSize));
});
});
} catch (e) { if (called == false) { func(null); } }
}
// Read the folder and all sub-folders and serialize that into json.
function readFilesRec(path) {
var r = {}, dir = obj.fs.readdirSync(path);

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.2.5-r",
"version": "0.2.5-s",
"keywords": [
"Remote Management",
"Intel AMT",

135
webserver.js
View File

@ -300,12 +300,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
// Check if the source IP address is allowed, return domain if allowed
function checkUserIpAddress(req, res, rootonly) {
if ((obj.userAllowedIp != null) && (checkUserIpAddressEx(req, res, obj.userAllowedIp) == false)) { return null; }
if (rootonly == true) { return; }
var domain;
if (req.url) { domain = getDomain(req); } else { domain = getDomain(res); }
if (domain.userallowedip == null) return domain;
function checkUserIpAddress(req, res) {
if (checkUserIpAddressEx(req, res, obj.userAllowedIp) == false) { return null; }
const domain = (req.url ? getDomain(req) : getDomain(res));
if (checkUserIpAddressEx(req, res, domain.userallowedip) == false) { return null; }
return domain;
}
@ -322,7 +319,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
function handleLogoutRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
// Destroy the user's session to log them out will be re-created next request
@ -335,7 +332,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
function handleLoginRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
obj.authenticate(req.body.username, req.body.password, domain, function (err, userid, passhint) {
if (userid) {
@ -391,7 +388,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
function handleCreateAccountRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.newaccounts === 0) || (domain.newaccounts === false)) { res.sendStatus(401); return; }
if (!obj.common.validateUsername(req.body.username, 1, 64) || !obj.common.validateEmail(req.body.email, 1, 256) || !obj.common.validateString(req.body.password1, 1, 256) || !obj.common.validateString(req.body.password2, 1, 256) || (req.body.password1 != req.body.password2) || req.body.username == '~' || !obj.common.checkPasswordRequirements(req.body.password1, domain.passwordrequirements)) {
@ -445,7 +442,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Called to process an account reset request
function handleResetAccountRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.newaccounts === 0) || (domain.newaccounts === false)) { res.sendStatus(401); return; }
if (!req.body.email || checkEmail(req.body.email) == false) {
@ -477,7 +474,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Called to process a web based email verification request
function handleCheckMailRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if (req.query.c != null) {
var cookie = obj.parent.decodeCookie(req.query.c, obj.parent.mailserver.mailCookieEncryptionKey, 30);
@ -577,7 +574,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
function handleDeleteAccountRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
// Check if the user is logged and we have all required parameters
if (!req.session || !req.session.userid || !req.body.apassword1 || (req.body.apassword1 != req.body.apassword2) || (req.session.domainid != domain.id)) { res.redirect(domain.url); return; }
@ -621,7 +618,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle password changes
function handlePasswordChangeRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
// Check if the user is logged and we have all required parameters
if (!req.session || !req.session.userid || !req.body.apassword1 || (req.body.apassword1 != req.body.apassword2) || (req.session.domainid != domain.id)) { res.redirect(domain.url); return; }
@ -645,7 +642,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Indicates that any request to "/" should render "default" or "login" depending on login state
function handleRootRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if (!obj.args) { res.sendStatus(500); return; }
@ -829,14 +826,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Render the terms of service.
function handleTermsRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
// See if there is a terms.txt file in meshcentral-data
var p = obj.path.join(obj.parent.datapath, 'terms.txt');
if (obj.fs.existsSync(p)) {
readEntireTextFile(p, function (data) {
if (data == null) { res.sendStatus(404); return; }
obj.fs.readFile(p, 'utf8', function (err, data) {
if (err != null) { res.sendStatus(404); return; }
// Send the terms
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' });
@ -881,14 +878,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns the mesh server root certificate
function handleRootCertRequest(req, res) {
if (checkUserIpAddress(req, res, true) == false) { return; }
if (checkUserIpAddressEx(req, res, obj.userAllowedIp) === false) { return; } // Check server-wide IP filter only.
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + certificates.RootName + '.cer' });
res.send(Buffer.from(getRootCertBase64(), 'base64'));
}
// Returns an mescript for Intel AMT configuration
function handleMeScriptRequest(req, res) {
if (checkUserIpAddress(req, res, true) == false) { return; }
if (checkUserIpAddressEx(req, res, obj.userAllowedIp) === false) { return; } // Check server-wide IP filter only.
if (req.query.type == 1) {
var filename = 'cira_setup.mescript';
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });
@ -899,8 +896,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((serverNameSplit.length == 4) && (parseInt(serverNameSplit[0]) == serverNameSplit[0]) && (parseInt(serverNameSplit[1]) == serverNameSplit[1]) && (parseInt(serverNameSplit[2]) == serverNameSplit[2]) && (parseInt(serverNameSplit[3]) == serverNameSplit[3])) {
// Server name is an IPv4 address
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_ip.mescript'), function (data) {
if (data == null) { res.sendStatus(404); return; }
obj.fs.readFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_ip.mescript'), 'utf8', function (err, data) {
if (err != null) { res.sendStatus(404); return; }
var scriptFile = JSON.parse(data);
// Change a few things in the script
@ -925,8 +922,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
});
} else {
// Server name is a hostname
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_dns.mescript'), function (data) {
if (data == null) { res.sendStatus(404); return; }
obj.fs.readFile(obj.parent.path.join(__dirname, 'public/scripts/cira_setup_script_dns.mescript'), 'utf8', function (err, data) {
if (err != null) { res.sendStatus(404); return; }
var scriptFile = JSON.parse(data);
// Change a few things in the script
@ -953,8 +950,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
else if (req.query.type == 2) {
var filename = 'cira_cleanup.mescript';
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=' + filename });
readEntireTextFile(obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript'), function (data) {
if (data == null) { res.sendStatus(404); return; }
obj.fs.readFile(obj.parent.path.join(__dirname, 'public/scripts/cira_cleanup.mescript'), 'utf8', function (err, data) {
if (err != null) { res.sendStatus(404); return; }
res.send(Buffer.from(data));
});
}
@ -962,7 +959,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle user public file downloads
function handleDownloadUserFiles(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if (obj.common.validateString(req.path, 1, 4096) == false) { res.sendStatus(404); return; }
var domainname = 'domain', spliturl = decodeURIComponent(req.path).split('/'), filename = '';
@ -987,7 +984,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle logo request
function handleLogoRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
res.set({ 'Cache-Control': 'max-age=86400' }); // 1 day
if ((domain != null) && domain.titlepicture) {
@ -1034,12 +1031,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Download a file from the server
function handleDownloadFile(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((req.query.link == null) || (req.session == null) || (req.session.userid == null) || (domain == null) || (domain.userQuota == -1)) { res.sendStatus(404); return; }
var user = obj.users[req.session.userid];
const user = obj.users[req.session.userid];
if (user == null) { res.sendStatus(404); return; }
var file = obj.getServerFilePath(user, domain, req.query.link);
const file = obj.getServerFilePath(user, domain, req.query.link);
if (file == null) { res.sendStatus(404); return; }
res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=\"' + file.name + '\"' });
try { res.sendFile(file.fullpath); } catch (e) { res.sendStatus(404); }
@ -1047,20 +1044,20 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Upload a MeshCore.js file to the server
function handleUploadMeshCoreFile(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; }
var user = obj.users[req.session.userid];
const user = obj.users[req.session.userid];
if (user.siteadmin != 0xFFFFFFFF) { res.sendStatus(401); return; } // Check if we have mesh core upload rights (Full admin only)
var multiparty = require('multiparty');
var form = new multiparty.Form();
const multiparty = require('multiparty');
const form = new multiparty.Form();
form.parse(req, function (err, fields, files) {
if ((fields == null) || (fields.attrib == null) || (fields.attrib.length != 1)) { res.sendStatus(404); return; }
for (var i in files.files) {
var file = files.files[i];
readEntireTextFile(file.path, function (data) {
if (data == null) return;
obj.fs.readFile(file.path, 'utf8', function (err, data) {
if (err != null) return;
data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw)
obj.sendMeshAgentCore(user, domain, fields.attrib[0], data); // Upload the core
try { obj.fs.unlinkSync(file.path); } catch (e) { }
@ -1072,14 +1069,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Upload a file to the server
function handleUploadFile(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid) || (domain.userQuota == -1)) { res.sendStatus(401); return; }
var user = obj.users[req.session.userid];
const user = obj.users[req.session.userid];
if ((user.siteadmin & 8) == 0) { res.sendStatus(401); return; } // Check if we have file rights
var multiparty = require('multiparty');
var form = new multiparty.Form();
const multiparty = require('multiparty');
const form = new multiparty.Form();
form.parse(req, function (err, fields, files) {
if ((fields == null) || (fields.link == null) || (fields.link.length != 1)) { /*console.log('UploadFile, Invalid Fields:', fields, files);*/ res.sendStatus(404); return; }
var xfile = obj.getServerFilePath(user, domain, decodeURIComponent(fields.link[0]));
@ -1127,8 +1124,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Subscribe to all events we are allowed to receive
obj.subscribe = function (userid, target) {
var user = obj.users[userid];
var subscriptions = [userid, 'server-global'];
const user = obj.users[userid];
const subscriptions = [userid, 'server-global'];
if (user.siteadmin != null) {
if (user.siteadmin == 0xFFFFFFFF) subscriptions.push('*');
if ((user.siteadmin & 2) != 0) subscriptions.push('server-users');
@ -1221,9 +1218,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
};
// TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
var TLSSocket = require('tls').TLSSocket;
var tlsoptions = { secureProtocol: ((req.query.tls1only == 1) ? 'TLSv1_method' : 'SSLv23_method'), ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
var tlsock = new TLSSocket(ser, tlsoptions);
const TLSSocket = require('tls').TLSSocket;
const tlsoptions = { secureProtocol: ((req.query.tls1only == 1) ? 'TLSv1_method' : 'SSLv23_method'), ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
const tlsock = new TLSSocket(ser, tlsoptions);
tlsock.on('error', function (err) { Debug(1, "CIRA TLS Connection Error ", err); });
tlsock.on('secureConnect', function () { Debug(2, "CIRA Secure TLS Connection"); ws._socket.resume(); });
@ -1397,14 +1394,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle the web socket echo request, just echo back the data sent
function handleEchoWebSocket(ws, req) {
var domain = checkUserIpAddress(ws, req);
const domain = checkUserIpAddress(ws, req);
if (domain == null) return;
ws._socket.setKeepAlive(true, 240000); // Set TCP keep alive
// When data is received from the web socket, echo it back
ws.on('message', function (data) {
var cmd = data.toString('utf8');
if (cmd == 'close') {
if (data.toString('utf8') == 'close') {
try { ws.close(); } catch (e) { console.log(e); }
} else {
try { ws.send(data); } catch (e) { console.log(e); }
@ -1442,7 +1438,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle Intel AMT events
// To subscribe, add "http://server:port/amtevents.ashx" to Intel AMT subscriptions.
obj.handleAmtEventRequest = function (req, res) {
var domain = getDomain(req);
const domain = getDomain(req);
try {
if (req.headers.authorization) {
var authstr = req.headers.authorization;
@ -1518,14 +1514,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle a server backup request
function handleBackupRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid) || (obj.parent.args.noserverbackup == 1)) { res.sendStatus(401); return; }
var user = obj.users[req.session.userid];
if ((user.siteadmin & 1) == 0) { res.sendStatus(401); return; } // Check if we have server backup rights
// Require modules
const fs = require('fs');
const archive = require('archiver')('zip', { level: 9 }); // Sets the compression method to maximum.
// Good practice to catch this error explicitly
@ -1542,7 +1537,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
for (var i in backupList) {
var filename = backupList[i];
var filepath = obj.path.join(obj.parent.datapath, filename);
if (fs.existsSync(filepath)) { archive.file(filepath, { name: filename }); }
if (obj.fs.existsSync(filepath)) { archive.file(filepath, { name: filename }); }
}
// Finalize the archive (ie we are done appending files but streams have to finish yet)
@ -1551,14 +1546,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle a server restore request
function handleRestoreRequest(req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid) || (obj.parent.args.noserverbackup == 1)) { res.sendStatus(401); return; }
var user = obj.users[req.session.userid];
const user = obj.users[req.session.userid];
if ((user.siteadmin & 4) == 0) { res.sendStatus(401); return; } // Check if we have server restore rights
var multiparty = require('multiparty');
var form = new multiparty.Form();
const multiparty = require('multiparty');
const form = new multiparty.Form();
form.parse(req, function (err, fields, files) {
res.send('Server must be restarted, <a href="' + domain.url + '">click here to login</a>.');
parent.Stop(files.datafile[0].path);
@ -1567,7 +1562,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle a request to download a mesh agent
obj.handleMeshAgentRequest = function (req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
// If required, check if this user has rights to do this
@ -1642,7 +1637,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: Buffer.from(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe });
}
} else if (req.query.meshaction != null) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) { res.sendStatus(404); return; }
var user = obj.users[req.session.userid];
if ((req.query.meshaction == 'route') && (req.query.nodeid != null)) {
@ -1709,7 +1704,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Create a OSX mesh agent installer
obj.handleMeshOsxAgentRequest = function (req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if ((domain == null) || (req.query.id == null)) { res.sendStatus(404); return; }
// If required, check if this user has rights to do this
@ -1794,7 +1789,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Handle a request to download a mesh settings
obj.handleMeshSettingsRequest = function (req, res) {
var domain = checkUserIpAddress(req, res);
const domain = checkUserIpAddress(req, res);
if (domain == null) return;
//if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; }
@ -2098,26 +2093,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
return obj.path.join(obj.filespath, domainname + "/" + splitname[0] + "-" + splitname[2]);
}
// Read entire file and return it in callback function
function readEntireTextFile(filepath, func) {
var called = false;
try {
obj.fs.open(filepath, 'r', function (err, fd) {
obj.fs.fstat(fd, function (err, stats) {
var bufferSize = stats.size, chunkSize = 512, buffer = Buffer.alloc(bufferSize), bytesRead = 0;
while (bytesRead < bufferSize) {
if ((bytesRead + chunkSize) > bufferSize) { chunkSize = (bufferSize - bytesRead); }
obj.fs.readSync(fd, buffer, bytesRead, chunkSize, bytesRead);
bytesRead += chunkSize;
}
obj.fs.close(fd);
called = true;
func(buffer.toString('utf8', 0, bufferSize));
});
});
} catch (e) { if (called == false) { func(null); } }
}
// Return true is the input string looks like an email address
function checkEmail(str) {
var x = str.split('@');