diff --git a/index.js b/index.js
index fe8b7fd..5a12e3f 100644
--- a/index.js
+++ b/index.js
@@ -15,12 +15,12 @@ import { existsSync } from "fs";
import dotenv from "dotenv";
import cookieParser from "cookie-parser";
import wisp from "wisp-server-node";
-import { masqrCheck } from "./masqr.js";
+import { masqrCheck } from "./middleware/masqr.js";
import { handler as ssrHandler } from "./dist/server/entry.mjs";
dotenv.config();
-const whiteListedDomains = ["aluu.xyz", "localhost:3000"];
+const whiteListedDomains = ["aluu.xyz"];
const LICENSE_SERVER_URL = "https://license.mercurywork.shop/validate?license=";
const WISP_ENABLED = process.env.USE_WISP;
const MASQR_ENABLED = process.env.MASQR_ENABLED;
@@ -61,7 +61,7 @@ app.use(cookieParser());
// Set process.env.MASQR_ENABLED to "true" to enable masqr protection.
if (MASQR_ENABLED == "true") {
log("Starting Masqr...");
- app.use(await masqrCheck({ whitelist: whiteListedDomains, licenseServer: LICENSE_SERVER_URL }));
+ app.use(await masqrCheck({ whitelist: whiteListedDomains, licenseServer: LICENSE_SERVER_URL }, "Checkfailed.html"));
}
app.use(express.static(path.join(process.cwd(), "static")));
diff --git a/masqr.js b/masqr.js
deleted file mode 100644
index d08b88a..0000000
--- a/masqr.js
+++ /dev/null
@@ -1,66 +0,0 @@
-import path from "path";
-import fs from "fs";
-
-const failureFile = fs.readFileSync("Checkfailed.html", "utf8");
-
-export async function masqrCheck(config) {
- return async (req, res, next) => {
- if (req.headers.host && config.whitelist.includes(req.headers.host)) {
- next();
- return;
- }
- const authheader = req.headers.authorization;
- if (req.cookies["authcheck"]) {
- next();
- return;
- }
-
- if (req.cookies["refreshcheck"] != "true") {
- res.cookie("refreshcheck", "true", { maxAge: 10000 }); // 10s refresh check
- MasqFail(req, res);
- return;
- }
-
- if (!authheader) {
- res.setHeader("WWW-Authenticate", "Basic");
- res.status(401);
- MasqFail(req, res);
- return;
- }
-
- const auth = Buffer.from(authheader.split(" ")[1], "base64").toString().split(":");
- const pass = auth[1];
-
- const licenseCheck = (await (await fetch(config.licenseServer + pass + "&host=" + req.headers.host)).json())["status"];
- if (licenseCheck == "License valid") {
- res.cookie("authcheck", "true", {
- expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
- }); // authorize session, for like a year, by then the link will be expired lol
- res.send(``); // fun hack to make the browser refresh and remove the auth params from the URL
- return;
- }
-
- MasqFail(req, res);
- return;
- };
-}
-
-async function MasqFail(req, res) {
- if (!req.headers.host) {
- return;
- }
- const unsafeSuffix = req.headers.host + ".html";
- let safeSuffix = path.normalize(unsafeSuffix).replace(/^(\.\.(\/|\\|$))+/, "");
- let safeJoin = path.join(process.cwd() + "/Masqrd", safeSuffix);
- try {
- await fs.promises.access(safeJoin); // man do I wish this was an if-then instead of a "exception on fail"
- const failureFileLocal = await fs.promises.readFile(safeJoin, "utf8");
- res.setHeader("Content-Type", "text/html");
- res.send(failureFileLocal);
- return;
- } catch (e) {
- res.setHeader("Content-Type", "text/html");
- res.send(failureFile);
- return;
- }
-}
diff --git a/middleware/masqr.js b/middleware/masqr.js
new file mode 100644
index 0000000..11c8def
--- /dev/null
+++ b/middleware/masqr.js
@@ -0,0 +1,54 @@
+import path from "path";
+import fs from "fs";
+export async function masqrCheck(config, htmlFile) {
+ let loadedHTMLFile = fs.readFileSync(htmlFile, "utf8");
+ return async (req, res, next) => {
+ if (req.headers.host && config.whitelist.includes(req.headers.host)) {
+ next();
+ return;
+ }
+ const authheader = req.headers.authorization;
+ if (req.cookies["authcheck"]) {
+ next();
+ return;
+ }
+ if (!authheader) {
+ res.setHeader("WWW-Authenticate", "Basic");
+ res.status(401);
+ MasqFail(req, res, loadedHTMLFile);
+ return;
+ }
+ // If we are at this point, then the request should be a valid masqr request, and we are going to check the license server
+ const auth = Buffer.from(authheader.split(" ")[1], "base64").toString().split(":");
+ const pass = auth[1];
+ const licenseCheck = (await (await fetch(config.licenseServer + pass + "&host=" + req.headers.host)).json())["status"];
+ if (licenseCheck === "License valid") {
+ // Authenticated, set cookie for a year
+ res.cookie("authcheck", "true", {
+ expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
+ });
+ res.send(``); // fun hack to make the browser refresh and remove the auth params from the URL
+ return;
+ }
+ };
+}
+async function MasqFail(req, res, failureFile) {
+ if (!req.headers.host) {
+ return;
+ }
+ const unsafeSuffix = req.headers.host + ".html";
+ let safeSuffix = path.normalize(unsafeSuffix).replace(/^(\.\.(\/|\\|$))+/, "");
+ let safeJoin = path.join(process.cwd() + "/Masqrd", safeSuffix);
+ try {
+ await fs.promises.access(safeJoin); // man do I wish this was an if-then instead of a "exception on fail"
+ const failureFileLocal = await fs.promises.readFile(safeJoin, "utf8");
+ res.setHeader("Content-Type", "text/html");
+ res.send(failureFileLocal);
+ return;
+ }
+ catch (e) {
+ res.setHeader("Content-Type", "text/html");
+ res.send(failureFile);
+ return;
+ }
+}
diff --git a/src/components/LoadingSpinner.astro b/src/components/LoadingSpinner.astro
index 2381156..7056463 100644
--- a/src/components/LoadingSpinner.astro
+++ b/src/components/LoadingSpinner.astro
@@ -26,4 +26,4 @@
.indicator {
opacity: 75%;
}
-
\ No newline at end of file
+
diff --git a/src/pages/game/flash/[game].astro b/src/pages/game/flash/[game].astro
index c18a098..2595748 100644
--- a/src/pages/game/flash/[game].astro
+++ b/src/pages/game/flash/[game].astro
@@ -16,7 +16,7 @@ export const prerender = false;
-
+