Simple masqr setup

Checkfailed.html

@@ -0,0 +1,40 @@
+<!doctype html>
+<html>
+  <head>
+    <title>Welcome to nginx!</title>
+    <style>
+      html {
+        color-scheme: light dark;
+      }
+      body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+      }
+    </style>
+  </head>
+  <body>
+    <h1>Welcome to nginx!</h1>
+    <p>
+      If you see this page, the nginx web server is successfully installed and
+      working. Further configuration is required. If you are expecting another
+      page, please check your network or
+      <a href="/" id="rcheck"><b>Refresh this page</b></a>
+    </p>
+
+    <p>
+      For online documentation and support please refer to
+      <a href="http://nginx.org/">nginx.org</a>.<br />
+      Commercial support is available at
+      <a href="http://nginx.com/">nginx.com</a>.
+    </p>
+
+    <p><em>Thank you for using nginx.</em></p>
+    <script>
+      if (!localStorage["auth"] && new URL(document.all.rcheck.href).password) {
+        window.location.reload();
+        localStorage["auth"] = 1;
+      }
+    </script>
+  </body>
+</html>

index.js

@@ -11,9 +11,14 @@ import { build } from "astro";
 import chalk from "chalk";
 import { existsSync } from "fs";
 import dotenv from "dotenv";
+import cookieParser from "cookie-parser";
 import wisp from "wisp-server-node";
 dotenv.config();
 
+const LICENSE_SERVER_URL = "https://license.mercurywork.shop/validate?license=";
+const whiteListedDomains = ["aluu.xyz"]; // Add any public domains you have here
+const failureFile = fs.readFileSync("Checkfailed.html", "utf8");
+
 if (!existsSync("./dist")) build();
 
 const PORT = process.env.PORT || 3000;
@@ -41,6 +46,84 @@ console.log(chalk.gray("Starting Bare..."));
 
 const app = express();
 app.use(compression({ threshold: 0, filter: () => true }));
+app.use(cookieParser());
+
+async function MasqFail(req, res) {
+  if (!req.headers.host) {
+    // no bitch still using HTTP/1.0 go away
+    return;
+  }
+  const unsafeSuffix = req.headers.host + ".html";
+  let safeSuffix = path
+    .normalize(unsafeSuffix)
+    .replace(/^(\.\.(\/|\\|$))+/, "");
+  let safeJoin = path.join(process.cwd() + "/Masqrd", safeSuffix);
+  try {
+    await fs.promises.access(safeJoin); // man do I wish this was an if-then instead of a "exception on fail"
+    const failureFileLocal = await fs.promises.readFile(safeJoin, "utf8");
+    res.setHeader("Content-Type", "text/html");
+    res.send(failureFileLocal);
+    return;
+  } catch (e) {
+    res.setHeader("Content-Type", "text/html");
+    res.send(failureFile);
+    return;
+  }
+}
+
+// Woooooo masqr yayyyy (said no one)
+// uncomment for masqr
+ /* app.use(async (req, res, next) => {
+    if (req.headers.host && whiteListedDomains.includes(req.headers.host)) {
+            next();
+            return;
+    }
+    if (req.url.includes("/bare/")) { // replace this with your bare endpoint
+        next();
+        return;
+        // Bypass for UV and other bares
+    }
+
+    const authheader = req.headers.authorization;
+    
+    if (req.cookies["authcheck"]) {
+        next();
+        return;
+    }
+
+
+    if (req.cookies['refreshcheck'] != "true") {
+        res.cookie("refreshcheck",  "true",  {maxAge: 10000}) // 10s refresh check
+        MasqFail(req, res) 
+        return;
+    }
+    
+    if (!authheader) {
+        
+        res.setHeader('WWW-Authenticate', 'Basic'); // Yeah so we need to do this to get the auth params, kinda annoying and just showing a login prompt gives it away so its behind a 10s refresh check
+        res.status(401);
+        MasqFail(req, res) 
+        return;
+    }
+
+    const auth = Buffer.from(authheader.split(' ')[1],
+        'base64').toString().split(':');
+    const user = auth[0];
+    const pass = auth[1];
+
+    const licenseCheck = ((await (await fetch(LICENSE_SERVER_URL + pass + "&host=" + req.headers.host)).json()))["status"]
+    console.log(LICENSE_SERVER_URL + pass + "&host=" + req.headers.host +" returned " +licenseCheck)
+    if (licenseCheck == "License valid") {
+        res.cookie("authcheck", "true", {expires: new Date((Date.now()) + (365*24*60*60 * 1000))}) // authorize session, for like a year, by then the link will be expired lol
+        res.send(`<script> window.location.href = window.location.href </script>`) // fun hack to make the browser refresh and remove the auth params from the URL
+        return;
+    }
+    
+    MasqFail(req, res)
+    return; 
+}) */
+
+
 app.use(express.static(path.join(process.cwd(), "static")));
 app.use(express.static(path.join(process.cwd(), "build")));
 app.use("/uv/", express.static(uvPath));

package-lock.json

@@ -17,6 +17,7 @@
         "astro": "^4.4.1",
         "chalk": "^5.3.0",
         "compression": "^1.7.4",
+        "cookie-parser": "^1.4.6",
         "dotenv": "^16.3.1",
         "express": "^4.18.2",
         "npm": "^10.2.5",
@@ -2560,6 +2561,26 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/cookie-parser": {
+      "version": "1.4.6",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz",
+      "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==",
+      "dependencies": {
+        "cookie": "0.4.1",
+        "cookie-signature": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/cookie-parser/node_modules/cookie": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
+      "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/cookie-signature": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",

package.json

@@ -18,6 +18,7 @@
     "astro": "^4.4.1",
     "chalk": "^5.3.0",
     "compression": "^1.7.4",
+    "cookie-parser": "^1.4.6",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "npm": "^10.2.5",