@scrypted/server 0.0.181 → 0.1.1

package/src/scrypted-server-main.ts

@@ -8,7 +8,7 @@ import net from 'net';
 import { ScryptedRuntime } from './runtime';
 import level from './level';
 import { Plugin, ScryptedUser, Settings } from './db-types';
-import { SCRYPTED_DEBUG_PORT, SCRYPTED_INSECURE_PORT, SCRYPTED_SECURE_PORT } from './server-settings';
+import { getHostAddresses, SCRYPTED_DEBUG_PORT, SCRYPTED_INSECURE_PORT, SCRYPTED_SECURE_PORT } from './server-settings';
 import crypto from 'crypto';
 import cookieParser from 'cookie-parser';
 import axios from 'axios';
@@ -20,7 +20,6 @@ import { install as installSourceMapSupport } from 'source-map-support';
 import httpAuth from 'http-auth';
 import semver from 'semver';
 import { Info } from './services/info';
-import { getAddresses } from './addresses';
 import { sleep } from './sleep';
 import { createSelfSignedCertificate, CURRENT_SELF_SIGNED_CERTIFICATE_VERSION } from './cert';
 import { PluginError } from './plugin/plugin-error';
@@ -123,7 +122,6 @@ async function start() {
         certSetting = await db.upsert(certSetting);
     }
 
-
     const basicAuth = httpAuth.basic({
         realm: 'Scrypted',
     }, async (username, password, callback) => {
@@ -184,6 +182,7 @@ async function start() {
             // }
 
             res.locals.username = username;
+            (req as any).username = username;
         }
         next();
     });
@@ -193,6 +192,7 @@ async function start() {
         if (req.protocol === 'https' && req.headers.authorization && req.headers.authorization.toLowerCase()?.indexOf('basic') !== -1) {
             const basicChecker = basicAuth.check((req) => {
                 res.locals.username = req.user;
+                (req as any).username = req.user;
                 next();
             });
 
@@ -226,7 +226,7 @@ async function start() {
 
     console.log('#######################################################');
     console.log(`Scrypted Server (Local)   : https://localhost:${SCRYPTED_SECURE_PORT}/`);
-    for (const address of getAddresses()) {
+    for (const address of getHostAddresses(true, true)) {
         console.log(`Scrypted Server (Remote)  : https://${address}:${SCRYPTED_SECURE_PORT}/`);
     }
     console.log(`Version:       : ${await new Info().getVersion()}`);
@@ -360,10 +360,20 @@ async function start() {
 
     let hasLogin = await db.getCount(ScryptedUser) > 0;
 
+    app.options('/login', (req, res) => {
+        scrypted.addAccessControlHeaders(req, res);
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
+        res.send(200);
+    });
+
     app.post('/login', async (req, res) => {
+        scrypted.addAccessControlHeaders(req, res);
+
         const { username, password, change_password } = req.body;
         const timestamp = Date.now();
         const maxAge = 86400000;
+        const addresses = getHostAddresses(true, true).map(address => `https://${address}:${SCRYPTED_SECURE_PORT}`);
 
         if (hasLogin) {
             const user = await db.tryGet(ScryptedUser, username);
@@ -393,6 +403,7 @@ async function start() {
                 secure: true,
                 signed: true,
                 httpOnly: true,
+                sameSite: 'none',
             });
 
             if (change_password) {
@@ -405,6 +416,7 @@ async function start() {
             res.send({
                 username,
                 expiration: maxAge,
+                addresses,
             });
 
             return;
@@ -423,6 +435,7 @@ async function start() {
         user.salt = crypto.randomBytes(64).toString('base64');
         user.passwordHash = crypto.createHash('sha256').update(user.salt + password).digest().toString('hex');
         user.passwordDate = timestamp;
+        user.token = crypto.randomBytes(16).toString('hex');
         await db.upsert(user);
         hasLogin = true;
 
@@ -432,16 +445,21 @@ async function start() {
             secure: true,
             signed: true,
             httpOnly: true,
+            sameSite: 'none',
         });
 
         res.send({
             username,
+            token: user.token,
             expiration: maxAge,
+            addresses,
         });
     });
 
-
     app.get('/login', async (req, res) => {
+        scrypted.addAccessControlHeaders(req, res);
+
+        const addresses = getHostAddresses(true, true).map(address => `https://${address}:${SCRYPTED_SECURE_PORT}`);
         if (req.protocol === 'https' && req.headers.authorization) {
             const username = await new Promise(resolve => {
                 const basicChecker = basicAuth.check((req) => {
@@ -484,31 +502,10 @@ async function start() {
             return;
         }
 
-        // this database lookup on every web request is not necessary, the cookie
-        // itself is the auth, and is signed. furthermore, this is currently
-        // a single user setup anywyas. revisit this at some point when
-        // multiple users are implemented.
-
-        // const user = await db.tryGet(ScryptedUser, username);
-        // if (!user) {
-        //     res.send({
-        //         error: 'User not found.',
-        //         hasLogin,
-        //     })
-        //     return;
-        // }
-
-        // if (timestamp < user.passwordDate) {
-        //     res.send({
-        //         error: 'Login invalid. Password has changed.',
-        //         hasLogin,
-        //     })
-        //     return;
-        // }
-
         res.send({
             expiration: 86400000 - (Date.now() - timestamp),
             username,
+            addresses,
         })
     });
 

package/src/server-settings.ts

@@ -1,24 +1,62 @@
 import os from 'os';
+import * as nodeIp from 'ip';
 
 export const SCRYPTED_INSECURE_PORT = parseInt(process.env.SCRYPTED_INSECURE_PORT) || 11080;
 export const SCRYPTED_SECURE_PORT = parseInt(process.env.SCRYPTED_SECURE_PORT) || 10443;
 export const SCRYPTED_DEBUG_PORT = parseInt(process.env.SCRYPTED_DEBUG_PORT) || 10081;
 
 export function getIpAddress(): string {
-    const ni = os.networkInterfaces();
-    for (const i of [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]) {
-        let ipv4: os.NetworkInterfaceInfo;
-        let ipv6: os.NetworkInterfaceInfo;
-        for (const en of (ni[`en${i}`] || [])) {
-            if (en.family === 'IPv4')
-                ipv4 = en;
-            else if (en.family === 'IPv6')
-                ipv6 = en;
-        }
-
-        if (ipv4 || ipv6)
-            return (ipv4 || ipv6).address;
-    }
-
-    return '127.0.0.1';
+    return nodeIp.address();
+}
+
+function nodeIpAddress(family: string): string[] {
+    // https://chromium.googlesource.com/external/webrtc/+/master/rtc_base/network.cc#236
+    const costlyNetworks = ["ipsec", "tun", "utun", "tap"];
+
+    const ignoreNetworks = [
+        // seen these on macos
+        'llw',
+        'awdl',
+
+        ...costlyNetworks,
+    ];
+
+    const interfaces = os.networkInterfaces();
+
+    const all = Object.keys(interfaces)
+        .map((nic) => {
+            for (const costly of ignoreNetworks) {
+                if (nic.startsWith(costly)) {
+                    return {
+                        nic,
+                        addresses: [],
+                    };
+                }
+            }
+            const addresses = interfaces[nic]!.filter(
+                (details) =>
+                    details.family.toLowerCase() === family
+                    && !nodeIp.isLoopback(details.address)
+            );
+            return {
+                nic,
+                addresses: addresses.map((address) => address.address),
+            };
+        })
+        .filter((address) => !!address);
+
+    // os.networkInterfaces doesn't actually return addresses in a good order.
+    // have seen instances where en0 (ethernet) is after en1 (wlan), etc.
+    // eth0 > eth1
+    all.sort((a, b) => a.nic.localeCompare(b.nic));
+    return Object.values(all)
+        .map((entry) => entry.addresses)
+        .flat();
+}
+
+export function getHostAddresses(useIpv4: boolean, useIpv6: boolean) {
+    const address: string[] = [];
+    if (useIpv4) address.push(...nodeIpAddress("ipv4"));
+    if (useIpv6) address.push(...nodeIpAddress("ipv6"));
+    return address;
 }

package/src/services/cors.ts

@@ -0,0 +1,19 @@
+import { ScryptedRuntime } from "../runtime";
+
+export interface CORSServer {
+    tag: string;
+    server: string;
+}
+
+export class CORSControl {
+    constructor(public runtime: ScryptedRuntime) {
+    }
+
+    async getCORS(): Promise<CORSServer[]> {
+        return this.runtime.cors;
+    }
+
+    async setCORS(servers: CORSServer[]) {
+        this.runtime.cors = servers;
+    }
+}

package/dist/addresses.js

@@ -1,12 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAddresses = void 0;
-const os_1 = __importDefault(require("os"));
-function getAddresses() {
-    return Object.entries(os_1.default.networkInterfaces()).filter(([iface]) => iface.startsWith('en') || iface.startsWith('eth') || iface.startsWith('wlan')).map(([_, addr]) => addr).flat().map(info => info.address).filter(address => address);
-}
-exports.getAddresses = getAddresses;
-//# sourceMappingURL=addresses.js.map

package/dist/addresses.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"addresses.js","sourceRoot":"","sources":["../src/addresses.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AAEpB,SAAgB,YAAY;IACxB,OAAO,MAAM,CAAC,OAAO,CAAC,YAAE,CAAC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;AAC1O,CAAC;AAFD,oCAEC"}

package/src/addresses.ts

@@ -1,5 +0,0 @@
-import os from 'os';
-
-export function getAddresses() {
-    return Object.entries(os.networkInterfaces()).filter(([iface]) => iface.startsWith('en') || iface.startsWith('eth') || iface.startsWith('wlan')).map(([_, addr]) => addr).flat().map(info => info.address).filter(address => address);
-}