Commit a2e5e085 authored by CompileNix's avatar CompileNix

fix POSTed data potential disposed before completing reading

parent 82bd9d0d
......@@ -3,10 +3,10 @@ const http = require("http");
const url = require("url");
const fs = require("fs");
const zlib = require("zlib");
const WebSocketServer = require('ws').Server;
const WebSocketServer = require("ws").Server;
const htmlencode = require("htmlencode").Encoder("htmlEncode").htmlEncode;
const cache = [
{
const cache = [{
path: "robots.txt",
content: fs.readFileSync("./robots.txt", "utf8"),
content_type: "text/plain",
......@@ -41,12 +41,20 @@ const cache = [
}
];
cache.forEach((element) => {
cache.forEach(element => {
const contentBuffer = new Buffer(element.content);
element.length = Buffer.byteLength(element.content, "utf8");
element.content_gzip = zlib.gzipSync(contentBuffer, { level: zlib.Z_BEST_COMPRESSION, memLevel: 9, flush: zlib.Z_NO_FLUSH });
element.content_gzip = zlib.gzipSync(contentBuffer, {
level: zlib.Z_BEST_COMPRESSION,
memLevel: 9,
flush: zlib.Z_NO_FLUSH
});
element.content_gzip_length = Buffer.byteLength(element.content_gzip);
element.content_deflate = zlib.deflateSync(contentBuffer, { level: zlib.Z_BEST_COMPRESSION, memLevel: 9, flush: zlib.Z_NO_FLUSH });
element.content_deflate = zlib.deflateSync(contentBuffer, {
level: zlib.Z_BEST_COMPRESSION,
memLevel: 9,
flush: zlib.Z_NO_FLUSH
});
element.content_deflate_length = Buffer.byteLength(element.content_deflate);
});
......@@ -69,9 +77,11 @@ class Server {
http.createServer(Server.onRequest).listen(this.port);
this.socketServer = http.createServer(Server.onRequestSocketServer);
this.socketServer.listen(this.port + 1);
this.socket = new WebSocketServer({server: this.socketServer});
this.socket = new WebSocketServer({
server: this.socketServer
});
this.socket.on('connection', (ws) => {
this.socket.on('connection', ws => {
clients.push(ws);
ws.on('close', () => {
......@@ -86,7 +96,7 @@ class Server {
const queryPath = url.parse(request.url).path;
let returns = false;
cache.forEach((element) => {
cache.forEach(element => {
if (queryPath === `/${element.path}`) {
Server.sendResponse(request, response, element);
returns = true;
......@@ -113,20 +123,16 @@ class Server {
static debugOut(request, data) {
let stuff = {
Date: new Date(),
Method: request.method,
RequestUrl: request.url,
Data: data
Method: htmlencode(request.method),
RequestUrl: htmlencode(request.url),
Data: htmlencode(data)
};
let stuffString = JSON.stringify(stuff);
// eslint-disable-next-line no-console
console.log("Date: " + new Date() + "\n"
+ request.method + ": " + request.url + "\n"
+ "Headers: " + JSON.stringify(request.headers) + "\n"
+ "Data: " + data
+ "\n");
console.log(`Date: ${new Date()}\n${request.method}: ${request.url}\nHeaders: ${JSON.stringify(request.headers)}\nData: ${data}\n`);
clients.forEach((ws) => {
clients.forEach(ws => {
if (ws.OPEN !== 1) {
return;
}
......@@ -147,9 +153,17 @@ class Server {
let data;
const contentBuffer = new Buffer(element.content || "");
element.length = Buffer.byteLength(element.content, "utf8");
element.content_gzip = zlib.gzipSync(contentBuffer, { level: zlib.Z_BEST_COMPRESSION, memLevel: 9, flush: zlib.Z_NO_FLUSH });
element.content_gzip = zlib.gzipSync(contentBuffer, {
level: zlib.Z_BEST_COMPRESSION,
memLevel: 9,
flush: zlib.Z_NO_FLUSH
});
element.content_gzip_length = Buffer.byteLength(element.content_gzip);
element.content_deflate = zlib.deflateSync(contentBuffer, { level: zlib.Z_BEST_COMPRESSION, memLevel: 9, flush: zlib.Z_NO_FLUSH });
element.content_deflate = zlib.deflateSync(contentBuffer, {
level: zlib.Z_BEST_COMPRESSION,
memLevel: 9,
flush: zlib.Z_NO_FLUSH
});
element.content_deflate_length = Buffer.byteLength(element.content_deflate);
if (request.headers["accept-encoding"]) { // if accept-encoding
......@@ -206,7 +220,7 @@ class Server {
const queryPath = url.parse(request.url).path;
let returns = false;
cache.forEach((element) => {
cache.forEach(element => {
if (queryPath === `/${element.path}`) {
Server.sendResponse(request, response, element);
returns = true;
......@@ -215,48 +229,61 @@ class Server {
if (returns) return;
if (request.method === "POST") {
let body = "";
let requestHasPayload = false;
let requestPayload = "";
switch (request.method) {
case "PUT":
case "POST":
requestHasPayload = true;
request.on("data", postData => {
if (requestPayload.length + postData.length < 1e6) { // ~1 Megabyte
requestPayload += postData;
} else {
Server.debugOut(request, "Request entity too large");
Server.sendResponse(request, response, {
status_code: 413,
content: "Request entity too large"
});
return;
}
});
request.on("end", () => {
switch (request.headers["content-type"]) {
case "application/x-www-form-urlencoded":
requestPayload = querystring.unescape(requestPayload);
break;
}
request.on("data", (postData) => {
// reading http POST body
if (body.length + postData.length < 5e7) { // // 50 Megabyte
body += postData;
} else {
Server.debugOut(request, "Request entity too large");
Server.sendResponse(request, response, {
status_code: 413,
content: "Request entity too large"
status_code: 200,
content: "OK"
});
return;
}
});
request.on("end", () => {
switch(request.headers["content-type"]) {
case "application/x-www-form-urlencoded":
body = querystring.unescape(body);
break;
}
Server.debugOut(request, requestPayload);
});
break;
case "HEAD":
case "GET":
Server.debugOut(request, null);
break;
default:
Server.debugOut(request, null);
Server.sendResponse(request, response, {
status_code: 501,
content: "Not Implemented"
});
return;
}
Server.debugOut(request, body);
});
} else if (request.method === "GET") {
Server.debugOut(request, null);
} else {
Server.debugOut(request, null);
if (!requestHasPayload) {
Server.sendResponse(request, response, {
status_code: 501,
content: "Not Implemented"
status_code: 200,
content: "OK"
});
return;
}
Server.sendResponse(request, response, {
status_code: 200,
content: "OK"
});
return;
}
}
......
This diff is collapsed.
......@@ -8,6 +8,7 @@
"start": "npm install && node app.js"
},
"dependencies": {
"htmlencode": "*",
"jquery": "*",
"use-strict": "^1.0.1",
"ws": "^2.3.1"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment