mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 22:17:31 +03:00
Added websocket per-message deflate support.
This commit is contained in:
parent
f412af4de0
commit
fa3ae55074
@ -55,6 +55,7 @@
|
||||
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
|
||||
"agentIdleTimeout": { "type": "integer", "minimum": 1 },
|
||||
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
|
||||
"wscompression": { "type": "boolean", "default": false, "description": "Enables websocket per-message deflate compression." },
|
||||
"meshErrorLogPath": { "type": "string" },
|
||||
"npmPath": { "type": "string" },
|
||||
"npmProxy": { "type": "string", "format": "uri" },
|
||||
|
@ -2595,7 +2595,7 @@ function mainStart() {
|
||||
if (config.domains[i].mstsc === true) { mstsc = true; }
|
||||
if ((typeof config.domains[i].authstrategies == 'object')) {
|
||||
if (passport == null) { passport = ['passport']; }
|
||||
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.apikey == 'string') && (typeof config.domains[i].authstrategies.twitter.apisecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
|
||||
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
|
||||
if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
|
||||
if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
|
||||
if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
|
||||
|
@ -43,6 +43,7 @@
|
||||
"multiparty": "^4.2.1",
|
||||
"nedb": "^1.8.0",
|
||||
"node-forge": "^0.8.4",
|
||||
"permessage-deflate": "^0.1.7",
|
||||
"ws": "^6.2.1",
|
||||
"xmldom": "^0.1.27",
|
||||
"yauzl": "^2.10.0"
|
||||
|
@ -4303,7 +4303,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Start the server, only after users and meshes are loaded from the database.
|
||||
if (obj.args.notls || obj.args.tlsoffload) {
|
||||
// Setup the HTTP server without TLS
|
||||
obj.expressWs = require('express-ws')(obj.app);
|
||||
obj.expressWs = require('express-ws')(obj.app, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
|
||||
} else {
|
||||
// Setup the HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
|
||||
//const tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!RSA:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1 }; // This does not work with TLS 1.3
|
||||
@ -4315,7 +4315,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
//obj.tlsServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
|
||||
obj.tlsServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
|
||||
obj.tlsServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
|
||||
obj.expressWs = require('express-ws')(obj.app, obj.tlsServer);
|
||||
obj.expressWs = require('express-ws')(obj.app, obj.tlsServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
|
||||
}
|
||||
|
||||
// Start a second agent-only server if needed
|
||||
@ -4328,7 +4328,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
if (agentPortTls == false) {
|
||||
// Setup the HTTP server without TLS
|
||||
obj.expressWsAlt = require('express-ws')(obj.agentapp);
|
||||
obj.expressWsAlt = require('express-ws')(obj.agentapp, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
|
||||
} else {
|
||||
// Setup the agent HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
|
||||
// If TLS is used on the agent port, we always use the default TLS certificate.
|
||||
@ -4339,7 +4339,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
//obj.tlsAltServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
|
||||
obj.tlsAltServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
|
||||
obj.tlsAltServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
|
||||
obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer);
|
||||
obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user