t880216t-server 1.5.20

package/lib/plugins/whistle.nohost/lib/whistle.js

@@ -0,0 +1,149 @@
+const startWhistle = require('whistle');
+const path = require('path');
+const HOME_DIR = require('os').homedir();
+const { CONFIG_DATA_TYPE, getPort, getNohostPluginsPath, loadModule, PLUGINS_DIR } = require('./util');
+
+const WHISTLE_SECURE_FILTER = path.resolve(HOME_DIR, 'nohost/whistleSecureFilter.js');
+const IDLE_TIMEOUT = 6 * 60 * 1000;
+
+let index = 0;
+let updatedIndex;
+let curEnvList = [];
+let config;
+let proxy;
+let isHeadless;
+
+const getShadowRules = (options) => {
+  const shadowRules = isHeadless ? '* responseFor://name=x-upstream' : '* responseFor://name=x-upstream,req.x-whistle-nohost-env';
+  return options.defaultRules ? `${options.defaultRules}\n${shadowRules}` : shadowRules;
+};
+
+const syncData = () => {
+  let updateTimer;
+  let checkTimer;
+  process.on('data', (data) => {
+    const type = data && data.type;
+    if (type !== CONFIG_DATA_TYPE) {
+      return;
+    }
+    if (data.index >= 0) {
+      updatedIndex = data.index;
+      if (updatedIndex === index) {
+        clearTimeout(checkTimer);
+        checkTimer = null;
+      }
+    }
+    const shadowRules = getShadowRules(data);
+    if (config && shadowRules !== config.shadowRules) {
+      config.shadowRules = shadowRules;
+      proxy.rulesUtil.parseRules();
+    }
+    proxy.setAuth(data);
+  });
+  const updateRules = () => {
+    process.sendData({
+      index,
+      envList: proxy.rulesUtil.rules.list(),
+      type: CONFIG_DATA_TYPE,
+      runtimeInfo: proxy.getRuntimeInfo(),
+    });
+    updateTimer = null;
+    clearTimeout(checkTimer);
+    checkTimer = setTimeout(() => {
+      checkTimer = null;
+      if (updatedIndex !== index) {
+        updateRules();
+      }
+    }, 1000);
+  };
+  proxy.on('rulesDataChange', () => {
+    ++index;
+    updateTimer = updateTimer || setTimeout(updateRules, 300);
+  });
+};
+
+module.exports = (options, callback) => {
+  const projectPluginsPath = [
+    path.join(__dirname, '../../account'),
+    path.join(__dirname, '../../../../node_modules'),
+  ];
+  const username = options.value || '$';
+  const isRulesMode = username === '$';
+  const oldPluginsPath = [
+    path.join(PLUGINS_DIR, `whistle.nohost/${username}/lib/node_modules`),
+    path.join(PLUGINS_DIR, `whistle.nohost/${username}/node_modules`),
+    path.join(PLUGINS_DIR, 'whistle.nohost/lib/node_modules'),
+    path.join(PLUGINS_DIR, 'whistle.nohost/node_modules'),
+  ];
+  const accountPluginsPath = [
+    path.join(getNohostPluginsPath(), `account_plugins/${username}`),
+  ];
+  const customPluginsPath = [
+    path.join(getNohostPluginsPath(), 'worker_plugins'),
+  ];
+
+  isHeadless = /^\$\d+/.test(username);
+  let mode = 'multiEnv|disableUpdateTips|keepXFF|x-forwarded-proto';
+  if (options.worker) {
+    mode = `${mode}|plugins|hideLeftMenu`;
+  }
+  if (process.env.PFORK_MODE === 'bind') {
+    projectPluginsPath.unshift(process.cwd());
+  }
+  getPort((port) => {
+    proxy = startWhistle({
+      port,
+      host: '127.0.0.1',
+      cmdName: 'n2',
+      authKey: options.authKey,
+      encrypted: true,
+      storage: options.storage,
+      baseDir: process.env.NOHOST_BADE_DIR,
+      username,
+      password: isRulesMode ? `${Math.random()}` : options.password,
+      guestName: isRulesMode ? '' : options.guestName,
+      realPort: options.realPort,
+      realHost: options.realHost,
+      guestPassword: options.guestPassword,
+      shadowRules: getShadowRules(options),
+      mode: `${mode}${isRulesMode ? '|rules' : ''}`,
+      secureFilter: WHISTLE_SECURE_FILTER,
+      projectPluginsPath,
+      account: username,
+      accountPluginsPath,
+      customPluginsPath,
+      pluginsPath: (options.pluginsPath || []).concat(oldPluginsPath),
+      dnsServer: options.dnsServer,
+      addon: options.accountPluginPath,
+      pluginsDataMap: {
+        storage: {
+          storageServer: options.storageServer,
+        },
+      },
+    }, () => {
+      curEnvList = proxy.rulesUtil.rules.list();
+      const {
+        REMOTE_ADDR_HEAD: remoteAddrHead,
+        REMOTE_PORT_HEAD: remotePortHead,
+      } = proxy.config;
+      setTimeout(() => callback(null, {
+        port,
+        remoteAddrHead,
+        remotePortHead,
+        envList: curEnvList,
+      }), 100);
+    });
+    let timer;
+    const exitWhistleIfIdleTimeout = () => {
+      clearTimeout(timer);
+      timer = setTimeout(() => process.exit(), IDLE_TIMEOUT);
+    };
+    exitWhistleIfIdleTimeout();
+    config = loadModule('whistle/lib/config');
+    config.baseDirHash = '';
+    proxy.on('tunnelRequest', exitWhistleIfIdleTimeout);
+    proxy.on('wsRequest', exitWhistleIfIdleTimeout);
+    proxy.on('_request', exitWhistleIfIdleTimeout);
+    syncData();
+  });
+};

package/lib/plugins/whistle.nohost/lib/whistleMgr.js

@@ -0,0 +1,94 @@
+const p = require('pfork');
+const path = require('path');
+const accountMgr = require('./accountMgr');
+const {
+  CONFIG_DATA_TYPE,
+  AUTH_KEY,
+  pluginConfig,
+} = require('./util');
+
+const { realPort, realHost } = pluginConfig;
+const GUEST_AUTH = { guestName: '-' };
+const WHISTLE_WORKER = path.join(__dirname, 'whistle.js');
+const DELAY = 6000;
+const UPDATE_INTERVAL = 5000;
+const cache = {};
+
+exports.fork = (account) => {
+  if (!account) {
+    return;
+  }
+  const { name, password } = account;
+  if (cache[name]) {
+    return cache[name];
+  }
+  const getAccountData = () => {
+    const data = {
+      type: CONFIG_DATA_TYPE,
+      username: account.name,
+      password: account.password,
+      guest: accountMgr.isEnableGuest() ? GUEST_AUTH : null,
+      defaultRules: accountMgr.accountRules,
+    };
+    return data;
+  };
+  cache[name] = new Promise((resolve, reject) => {
+    const guestName = accountMgr.isEnableGuest() ? '-' : undefined;
+    p.fork({
+      authKey: AUTH_KEY,
+      password,
+      guestName,
+      defaultRules: accountMgr.accountRules,
+      storage: `whistle.nohost/${name}`,
+      script: WHISTLE_WORKER,
+      value: name,
+      realPort,
+      realHost,
+      storageServer: accountMgr.storageServer,
+      dnsServer: accountMgr.dnsServer,
+      accountPluginPath: accountMgr.accountPluginPath,
+    }, (err, result, child) => {
+      if (err) {
+        delete cache[name];
+        return reject(err);
+      }
+      resolve(result);
+      accountMgr.addEnvList(name, result.envList);
+      let timer;
+      const updateAuth = () => {
+        account = account && accountMgr.getAccount(account.name);
+        if (!account) {
+          return;
+        }
+        child.sendData(getAccountData());
+        timer = setTimeout(updateAuth, UPDATE_INTERVAL);
+      };
+      timer = setTimeout(updateAuth, UPDATE_INTERVAL);
+      child.on('exit', () => {
+        clearTimeout(timer);
+        delete cache[name];
+      });
+      child.on('data', (data) => {
+        const type = data && data.type;
+        if (type !== CONFIG_DATA_TYPE) {
+          return;
+        }
+        account = account && accountMgr.getAccount(account.name);
+        if (!account) {
+          return;
+        }
+        const accountData = getAccountData();
+        accountData.index = data.index;
+        child.sendData(accountData);
+        accountMgr.addEnvList(name, data.envList);
+      });
+    });
+  });
+  return cache[name];
+};
+exports.kill = (name) => {
+  p.kill({
+    script: WHISTLE_WORKER,
+    value: name,
+  }, DELAY);
+};

package/lib/plugins/whistle.nohost/package.json

@@ -0,0 +1,7 @@
+{
+  "name": "whistle.nohost",
+  "version": "1.0.0",
+  "whistleConfig": {
+    "priority": 100
+  }
+}

package/lib/plugins/whistle.nohost/rules.txt

@@ -0,0 +1,3 @@
+* whistle.nohost://none includeFilter://reqH:x-whistle-nohost-env=/^\$\d+$/
+* whistle.nohost://`${reqH.x-whistle-nohost-policy}` includeFilter://reqH:x-whistle-nohost-policy
+@whistle.nohost/cgi-bin/rules

package/lib/service/cgi/export.js

@@ -0,0 +1,76 @@
+const fs = require('fs');
+const path = require('path');
+const fse = require('fs-extra');
+const Limiter = require('async-limiter');
+const { gzip } = require('zlib');
+const { getSessionsDir, getDate, getAccessCode } = require('./util');
+
+const promises = {};
+const limiter = new Limiter({ concurrency: 10 });
+const ROUTE_RE = /^[\w.:/=+-]{1,100}$/;
+
+const writeFile = (filepath, data) => {
+  return new Promise((resolve, reject) => {
+    fs.writeFile(filepath, data, {
+      flag: 'wx',
+    }, (err) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve();
+      }
+    });
+  });
+};
+
+const createDir = (dir) => {
+  let p = promises[dir];
+  if (!p) {
+    p = fse.ensureDir(dir);
+    promises[dir] = p;
+  }
+  return p;
+};
+
+const compressSessions = (sessions) => {
+  return new Promise((resolve, reject) => {
+    limiter.push((done) => {
+      gzip(sessions, (err, buf) => {
+        done();
+        if (err) {
+          reject(err);
+        } else {
+          resolve(buf);
+        }
+      });
+    });
+  });
+};
+
+module.exports = async (ctx) => {
+  let { query: { username, route }, body: { name, sessions, code } } = ctx.request;
+  if (!name || !sessions || typeof sessions !== 'string') {
+    return;
+  }
+  code = getAccessCode(code);
+  const date = getDate();
+  const dir = getSessionsDir(username, date, code);
+  if (!dir) {
+    return;
+  }
+  await createDir(dir);
+  try {
+    sessions = await compressSessions(sessions);
+    name = encodeURIComponent(name);
+    if (code) {
+      name = `${name}[${code}]`;
+    }
+    await writeFile(path.join(dir, `${name}[gz]`), sessions);
+    ctx.body = { ec: 0, date, username, route: route && ROUTE_RE.test(route) ? route : undefined };
+  } catch (e) {
+    ctx.body = { ec: e.code === 'EEXIST' ? 1 : 2 };
+  }
+  if (ctx.get('origin')) {
+    ctx.set('Access-Control-Allow-Origin', '*');
+  }
+};

package/lib/service/cgi/import.js

@@ -0,0 +1,33 @@
+const fs = require('fs');
+const path = require('path');
+const { getSessionsDir, getAccessCode } = require('./util');
+
+const isGzipFile = (gzFilePath) => {
+  return new Promise((resolve) => {
+    fs.stat(gzFilePath, (err, stat) => {
+      resolve(!err && stat.isFile());
+    });
+  });
+};
+
+module.exports = async (ctx) => {
+  let { username, name, date, code } = ctx.request.query;
+  if (!name || typeof name !== 'string') {
+    return;
+  }
+  code = getAccessCode(code);
+  const dir = getSessionsDir(username, date, code);
+  if (!dir) {
+    return;
+  }
+  name = encodeURIComponent(name);
+  if (code) {
+    name = `${name}[${code}]`;
+  }
+  const gzFilePath = path.join(dir, `${name}[gz]`);
+  const isGFile = await isGzipFile(gzFilePath);
+  if (isGFile) {
+    ctx.set('content-encoding', 'gzip');
+  }
+  ctx.body = fs.createReadStream(isGFile ? gzFilePath : path.join(dir, name));
+};

package/lib/service/cgi/util.js

@@ -0,0 +1,35 @@
+const os = require('os');
+const path = require('path');
+
+const USERNAME_RE = /^[a-z\d.]{1,64}$/;
+const DATE_RE = /^\d{8}$/;
+const ACCESS_CODE_RE = /^[a-z\d]{4}$/i;
+const leftPad = num => (num > 9 ? num : `0${num}`);
+let nohostPath;
+
+const getSessionsPath = () => {
+  nohostPath = nohostPath || process.env.NOHOST_PATH || path.join(os.homedir(), '.NohostAppData');
+  return nohostPath;
+};
+
+const getDate = () => {
+  const now = new Date();
+  return `${now.getFullYear()}${leftPad(now.getMonth() + 1)}${leftPad(now.getDate())}`;
+};
+
+exports.getDate = getDate;
+
+const checkUsername = (username) => {
+  return username == null || username === '' || (typeof username === 'string' && USERNAME_RE.test(username));
+};
+
+exports.getSessionsDir = (username, date, encrypted) => {
+  if (!DATE_RE.test(date) || !checkUsername(username)) {
+    return;
+  }
+  const dir = getSessionsPath();
+  date = path.join(date, encrypted ? 'encrypted' : 'sessions');
+  return username ? path.join(dir, username, date) : path.join(dir, date);
+};
+
+exports.getAccessCode = code => (ACCESS_CODE_RE.test(code) ? code.toLowerCase() : '');

package/lib/service/index.js

@@ -0,0 +1,37 @@
+const { fork } = require('pfork');
+const script = require('path').join(__dirname, 'server.js');
+const getPort = require('../util/getPort');
+
+const workers = [];
+const getCreator = () => {
+  let promise;
+  return () => {
+    if (!promise) {
+      promise = new Promise((resolve, reject) => {
+        getPort((port) => {
+          fork({ value: `${port}`, script }, (err, _, child) => {
+            if (err) {
+              promise = null;
+              reject(err);
+            } else {
+              child.once('close', () => {
+                promise = null;
+              });
+              resolve(port);
+            }
+          });
+        });
+      });
+    }
+    return promise;
+  };
+};
+
+module.exports = (index) => {
+  let createServer = workers[index];
+  if (!createServer) {
+    createServer = getCreator();
+    workers[index] = getCreator();
+  }
+  return createServer();
+};

package/lib/service/router.js

@@ -0,0 +1,7 @@
+const exportSessions = require('./cgi/export');
+const importSessions = require('./cgi/import');
+
+module.exports = (router) => {
+  router.post('/cgi-bin/sessions/export', exportSessions);
+  router.get('/cgi-bin/sessions/import', importSessions);
+};

package/lib/service/server.js

@@ -0,0 +1,25 @@
+
+const { createServer } = require('http');
+const Koa = require('koa');
+const onerror = require('koa-onerror');
+const router = require('koa-router')();
+const bodyParser = require('koa-bodyparser');
+const setupRouter = require('./router');
+
+
+module.exports = ({ value: port }, callback) => {
+  const server = createServer();
+  const app = new Koa();
+  app.proxy = true;
+  app.silent = true;
+  if (process.env.PFORK_MODE === 'bind') {
+    onerror(app);
+  }
+  setupRouter(router);
+  app.use(bodyParser({ formLimit: '8mb' }));
+  app.use(router.routes());
+  app.use(router.allowedMethods());
+  server.on('request', app.callback());
+  server.on('error', callback);
+  server.listen(port, '127.0.0.1', callback);
+};

package/lib/util/address.js

@@ -0,0 +1,55 @@
+const os = require('os');
+const net = require('net');
+
+const LOCALHOST = '127.0.0.1';
+let addressList = [];
+let serverIp;
+
+(function updateSystyemInfo() {
+  const interfaces = os.networkInterfaces();
+  addressList = [];
+  Object.keys(interfaces).forEach((name) => {
+    const list = interfaces[name];
+    if (Array.isArray(list)) {
+      list.forEach((info) => {
+        if (!info.internal && (info.family === 'IPv4' || info.family === 4)) {
+          serverIp = info.address;
+        }
+        addressList.push(info.address.toLowerCase());
+      });
+      // 支持多网卡时，以环境变量指定 serverIp
+      const envServerIp = process.env.NOHOST_SERVER_IP;
+      if (net.isIP(envServerIp) && addressList.includes(envServerIp)) {
+        serverIp = envServerIp;
+      }
+    }
+  });
+  setTimeout(updateSystyemInfo, 30000);
+}());
+
+exports.getAddressList = () => addressList;
+
+const isLocalHost = (ip) => {
+  if (!ip || typeof ip !== 'string') {
+    return true;
+  }
+  return ip.length < 7 || ip === LOCALHOST;
+};
+
+const isLocalAddress = (address) => {
+  if (isLocalHost(address)) {
+    return true;
+  }
+  if (address === '0:0:0:0:0:0:0:1') {
+    return true;
+  }
+  address = address.toLowerCase();
+  if (address[0] === '[') {
+    address = address.slice(1, -1);
+  }
+  return addressList.indexOf(address) !== -1;
+};
+
+exports.isLocalAddress = isLocalAddress;
+
+exports.getServerIp = () => serverIp;

package/lib/util/getPort.js

@@ -0,0 +1,19 @@
+const http = require('http');
+
+let curPort = 30013;
+
+const getPort = (callback) => {
+  const server = http.createServer();
+  server.on('error', () => {
+    if (++curPort % 5 === 0) {
+      ++curPort;
+    }
+    getPort(callback);
+  });
+  server.listen(curPort, '127.0.0.1', () => {
+    server.removeAllListeners();
+    server.close(() => callback(curPort));
+  });
+};
+
+module.exports = getPort;

package/lib/util/login.js

@@ -0,0 +1,55 @@
+const crypto = require('crypto');
+const getAuth = require('basic-auth');
+
+const ENV_MAX_AGE = 60 * 60 * 24 * 3;
+
+const shasum = (str) => {
+  if (typeof str !== 'string') {
+    str = '';
+  }
+  const result = crypto.createHash('sha1');
+  result.update(str);
+  return result.digest('hex');
+};
+exports.shasum = shasum;
+
+const getLoginKey = (ctx, username, password) => {
+  const ip = ctx.ip || '127.0.0.1';
+  return shasum(`${username || ''}\n${password || ''}\n${ip}`);
+};
+
+exports.checkLogin = (ctx, authConf) => {
+  const {
+    username,
+    password,
+    nameKey,
+    authKey,
+  } = authConf;
+
+  if (!username || !password) {
+    return true;
+  }
+  const curName = ctx.cookies.get(nameKey);
+  const lkey = ctx.cookies.get(authKey);
+  const correctKey = getLoginKey(ctx, username, password);
+  if (curName === username && correctKey === lkey) {
+    return true;
+  }
+
+  const { name, pass } = getAuth(ctx.req) || {};
+  if (name === username && shasum(pass) === password) {
+    const options = {
+      expires: new Date(Date.now() + (ENV_MAX_AGE * 1000)),
+      path: '/',
+    };
+    ctx.cookies.set(nameKey, username, options);
+    ctx.cookies.set(authKey, correctKey, options);
+    return true;
+  }
+
+  ctx.status = 401;
+  ctx.set('WWW-Authenticate', ' Basic realm=User Login');
+  ctx.set('Content-Type', 'text/html; charset=utf8');
+  ctx.body = 'Access denied, please <a href="javascript:;" onclick="location.reload()">try again</a>.';
+  return false;
+};

package/lib/util/parseDomain.js

@@ -0,0 +1,17 @@
+
+const isBaseUrl = d => /^[\w-]+(?:\.[\w-]+){1,}$/.test(d);
+const SEP_RE = /\s*[,\s]\s*/;
+let domainList = [];
+let curDomain;
+
+const parseDomain = (domainStr) => {
+  if (domainStr !== curDomain) {
+    curDomain = domainStr;
+    domainList = curDomain.trim().split(SEP_RE).filter(isBaseUrl);
+  }
+  return domainList;
+};
+
+module.exports = (str) => {
+  return !str || typeof str !== 'string' ? [] : parseDomain(str);
+};