Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-22 22:17:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added websocket per-message deflate support.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-07-09 16:40:31 -07:00
parent f412af4de0
commit fa3ae55074
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meshcentral-config-schema.json
View File

@ -55,6 +55,7 @@
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." }, "agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
"agentIdleTimeout": { "type": "integer", "minimum": 1 }, "agentIdleTimeout": { "type": "integer", "minimum": 1 },
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." }, "compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
"wscompression": { "type": "boolean", "default": false, "description": "Enables websocket per-message deflate compression." },
"meshErrorLogPath": { "type": "string" }, "meshErrorLogPath": { "type": "string" },
"npmPath": { "type": "string" }, "npmPath": { "type": "string" },
"npmProxy": { "type": "string", "format": "uri" }, "npmProxy": { "type": "string", "format": "uri" },

2
meshcentral.js
View File

@ -2595,7 +2595,7 @@ function mainStart() {
if (config.domains[i].mstsc === true) { mstsc = true; } if (config.domains[i].mstsc === true) { mstsc = true; }
if ((typeof config.domains[i].authstrategies == 'object')) { if ((typeof config.domains[i].authstrategies == 'object')) {
if (passport == null) { passport = ['passport']; } if (passport == null) { passport = ['passport']; }
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.apikey == 'string') && (typeof config.domains[i].authstrategies.twitter.apisecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); } if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); } if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); } if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); } if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }

1
package.json
View File

@ -43,6 +43,7 @@
"multiparty": "^4.2.1", "multiparty": "^4.2.1",
"nedb": "^1.8.0", "nedb": "^1.8.0",
"node-forge": "^0.8.4", "node-forge": "^0.8.4",
"permessage-deflate": "^0.1.7",
"ws": "^6.2.1", "ws": "^6.2.1",
"xmldom": "^0.1.27", "xmldom": "^0.1.27",
"yauzl": "^2.10.0" "yauzl": "^2.10.0"

8
webserver.js
View File

@ -4303,7 +4303,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Start the server, only after users and meshes are loaded from the database. // Start the server, only after users and meshes are loaded from the database.
if (obj.args.notls || obj.args.tlsoffload) { if (obj.args.notls || obj.args.tlsoffload) {
// Setup the HTTP server without TLS // Setup the HTTP server without TLS
obj.expressWs = require('express-ws')(obj.app); obj.expressWs = require('express-ws')(obj.app, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
} else { } else {
// Setup the HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS). // Setup the HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
//const tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!RSA:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1 }; // This does not work with TLS 1.3 //const tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!RSA:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1 }; // This does not work with TLS 1.3
@ -4315,7 +4315,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
//obj.tlsServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); }); //obj.tlsServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
obj.tlsServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); }); obj.tlsServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
obj.tlsServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); }); obj.tlsServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
obj.expressWs = require('express-ws')(obj.app, obj.tlsServer); obj.expressWs = require('express-ws')(obj.app, obj.tlsServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
} }
// Start a second agent-only server if needed // Start a second agent-only server if needed
@ -4328,7 +4328,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (agentPortTls == false) { if (agentPortTls == false) {
// Setup the HTTP server without TLS // Setup the HTTP server without TLS
obj.expressWsAlt = require('express-ws')(obj.agentapp); obj.expressWsAlt = require('express-ws')(obj.agentapp, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
} else { } else {
// Setup the agent HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS). // Setup the agent HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
// If TLS is used on the agent port, we always use the default TLS certificate. // If TLS is used on the agent port, we always use the default TLS certificate.
@ -4339,7 +4339,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
//obj.tlsAltServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); }); //obj.tlsAltServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
obj.tlsAltServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); }); obj.tlsAltServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
obj.tlsAltServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); }); obj.tlsAltServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer); obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
} }
} }