Optimize masqr middleware, src will be published soon,

2024-07-23 23:54:33 -05:00 · 2024-07-23 23:54:33 -05:00 · 29177bbfac
commit 29177bbfac
parent f1dc7c91a7
5 changed files with 59 additions and 71 deletions
--- a/index.js
+++ b/index.js
@ -15,12 +15,12 @@ import { existsSync } from "fs";
 import dotenv from "dotenv";
 import cookieParser from "cookie-parser";
 import wisp from "wisp-server-node";
-import { masqrCheck } from "./masqr.js";
+import { masqrCheck } from "./middleware/masqr.js";
 import { handler as ssrHandler } from "./dist/server/entry.mjs";

 dotenv.config();

-const whiteListedDomains = ["aluu.xyz", "localhost:3000"];
+const whiteListedDomains = ["aluu.xyz"];
 const LICENSE_SERVER_URL = "https://license.mercurywork.shop/validate?license=";
 const WISP_ENABLED = process.env.USE_WISP;
 const MASQR_ENABLED = process.env.MASQR_ENABLED;
@ -61,7 +61,7 @@ app.use(cookieParser());
 // Set process.env.MASQR_ENABLED to "true" to enable masqr protection.
 if (MASQR_ENABLED == "true") {
  log("Starting Masqr...");
-  app.use(await masqrCheck({ whitelist: whiteListedDomains, licenseServer: LICENSE_SERVER_URL }));
+  app.use(await masqrCheck({ whitelist: whiteListedDomains, licenseServer: LICENSE_SERVER_URL }, "Checkfailed.html"));
 }

 app.use(express.static(path.join(process.cwd(), "static")));
--- a/masqr.js
+++ b/masqr.js
@ -1,66 +0,0 @@
-import path from "path";
-import fs from "fs";
-
-const failureFile = fs.readFileSync("Checkfailed.html", "utf8");
-
-export async function masqrCheck(config) {
-  return async (req, res, next) => {
-    if (req.headers.host && config.whitelist.includes(req.headers.host)) {
-      next();
-      return;
-    }
-    const authheader = req.headers.authorization;
-    if (req.cookies["authcheck"]) {
-      next();
-      return;
-    }
-
-    if (req.cookies["refreshcheck"] != "true") {
-      res.cookie("refreshcheck", "true", { maxAge: 10000 }); // 10s refresh check
-      MasqFail(req, res);
-      return;
-    }
-
-    if (!authheader) {
-      res.setHeader("WWW-Authenticate", "Basic");
-      res.status(401);
-      MasqFail(req, res);
-      return;
-    }
-
-    const auth = Buffer.from(authheader.split(" ")[1], "base64").toString().split(":");
-    const pass = auth[1];
-
-    const licenseCheck = (await (await fetch(config.licenseServer + pass + "&host=" + req.headers.host)).json())["status"];
-    if (licenseCheck == "License valid") {
-      res.cookie("authcheck", "true", {
-        expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
-      }); // authorize session, for like a year, by then the link will be expired lol
-      res.send(`<script> window.location.href = window.location.href </script>`); // fun hack to make the browser refresh and remove the auth params from the URL
-      return;
-    }
-
-    MasqFail(req, res);
-    return;
-  };
-}
-
-async function MasqFail(req, res) {
-  if (!req.headers.host) {
-    return;
-  }
-  const unsafeSuffix = req.headers.host + ".html";
-  let safeSuffix = path.normalize(unsafeSuffix).replace(/^(\.\.(\/|\\|$))+/, "");
-  let safeJoin = path.join(process.cwd() + "/Masqrd", safeSuffix);
-  try {
-    await fs.promises.access(safeJoin); // man do I wish this was an if-then instead of a "exception on fail"
-    const failureFileLocal = await fs.promises.readFile(safeJoin, "utf8");
-    res.setHeader("Content-Type", "text/html");
-    res.send(failureFileLocal);
-    return;
-  } catch (e) {
-    res.setHeader("Content-Type", "text/html");
-    res.send(failureFile);
-    return;
-  }
-}
--- a/middleware/masqr.js
+++ b/middleware/masqr.js
@ -0,0 +1,54 @@
+import path from "path";
+import fs from "fs";
+export async function masqrCheck(config, htmlFile) {
+    let loadedHTMLFile = fs.readFileSync(htmlFile, "utf8");
+    return async (req, res, next) => {
+        if (req.headers.host && config.whitelist.includes(req.headers.host)) {
+            next();
+            return;
+        }
+        const authheader = req.headers.authorization;
+        if (req.cookies["authcheck"]) {
+            next();
+            return;
+        }
+        if (!authheader) {
+            res.setHeader("WWW-Authenticate", "Basic");
+            res.status(401);
+            MasqFail(req, res, loadedHTMLFile);
+            return;
+        }
+        // If we are at this point, then the request should be a valid masqr request, and we are going to check the license server
+        const auth = Buffer.from(authheader.split(" ")[1], "base64").toString().split(":");
+        const pass = auth[1];
+        const licenseCheck = (await (await fetch(config.licenseServer + pass + "&host=" + req.headers.host)).json())["status"];
+        if (licenseCheck === "License valid") {
+            // Authenticated, set cookie for a year
+            res.cookie("authcheck", "true", {
+                expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
+            });
+            res.send(`<script>window.location.href = window.location.href</script>`); // fun hack to make the browser refresh and remove the auth params from the URL
+            return;
+        }
+    };
+}
+async function MasqFail(req, res, failureFile) {
+    if (!req.headers.host) {
+        return;
+    }
+    const unsafeSuffix = req.headers.host + ".html";
+    let safeSuffix = path.normalize(unsafeSuffix).replace(/^(\.\.(\/|\\|$))+/, "");
+    let safeJoin = path.join(process.cwd() + "/Masqrd", safeSuffix);
+    try {
+        await fs.promises.access(safeJoin); // man do I wish this was an if-then instead of a "exception on fail"
+        const failureFileLocal = await fs.promises.readFile(safeJoin, "utf8");
+        res.setHeader("Content-Type", "text/html");
+        res.send(failureFileLocal);
+        return;
+    }
+    catch (e) {
+        res.setHeader("Content-Type", "text/html");
+        res.send(failureFile);
+        return;
+    }
+}