Mercurial > hg > rlgwebd
view rlgwebd @ 201:f3843245a35e
Initial support for TLS.
RLGWebD now serves via encrypted connections on port 8081.
The client-side script now uses secure WebSockets if the page is being
accessed via HTTPS.
author | John "Elwin" Edwards |
---|---|
date | Sun, 01 Jan 2017 20:18:01 -0500 |
parents | ea28353d620a |
children | 7f25bb89b59c |
line wrap: on
line source
#!/usr/bin/env node var http = require('http'); var https = require('https'); var net = require('net'); var url = require('url'); var path = require('path'); var fs = require('fs'); var events = require('events'); var child_process = require('child_process'); // Dependencies var posix = require("posix"); var pty = require("pty.js"); var WebSocketServer = require("websocket").server; /* Configuration variables */ // These first files are NOT in the chroot. var domain_name = "rlgallery.org"; var ctlsocket = "/var/run/rlgwebd.sock"; var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; var httpPort = 8080; var httpsPort = 8081; var chrootDir = "/var/dgl/"; var dropToUser = "rodney"; var serveStaticRoot = "/var/www/"; // inside the chroot var clearbufs = [ new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J new Buffer([27, 91, 72, 27, 91, 74]) // screen: CSI H CSI J ]; /* Data on the games available. */ var games = { "rogue3": { "name": "Rogue V3", "uname": "rogue3", "suffix": ".r3sav", "path": "/usr/bin/rogue3" }, "rogue4": { "name": "Rogue V4", "uname": "rogue4", "suffix": ".r4sav", "path": "/usr/bin/rogue4" }, "rogue5": { "name": "Rogue V5", "uname": "rogue5", "suffix": ".r5sav", "path": "/usr/bin/rogue5" }, "srogue": { "name": "Super-Rogue", "uname": "srogue", "suffix": ".srsav", "path": "/usr/bin/srogue" }, "arogue5": { "name": "Advanced Rogue 5", "uname": "arogue5", "suffix": ".ar5sav", "path": "/usr/bin/arogue5" }, "arogue7": { "name": "Advanced Rogue 7", "uname": "arogue7", "suffix": ".ar7sav", "path": "/usr/bin/arogue7" }, "xrogue": { "name": "XRogue", "uname": "xrogue", "suffix": ".xrsav", "path": "/usr/bin/xrogue" } }; /* Global state */ var logins = {}; var sessions = {}; var dglgames = {}; var allowlogin = true; var gamemux = new events.EventEmitter(); /* A base class. TermSession and DglSession inherit from it. */ function BaseGame() { /* Games subclass EventEmitter, though there are few listeners. */ events.EventEmitter.call(this); /* Array of watching WebSockets. */ this.watchers = []; /* replaybuf holds the output since the last screen clear, so watchers can * begin with a complete screen. replaylen is the number of bytes stored. */ this.replaybuf = new Buffer(1024); this.replaylen = 0; /* Time of last activity. */ this.lasttime = new Date(); } BaseGame.prototype = new events.EventEmitter(); BaseGame.prototype.tag = function () { if (this.pname === undefined || this.gname === undefined) return ""; return this.gname + "/" + this.pname; }; BaseGame.prototype.framepush = function(chunk) { /* If this chunk resets the screen, discard what preceded it. */ if (isclear(chunk)) { this.replaybuf = new Buffer(1024); this.replaylen = 0; } /* Make sure there's space. */ while (this.replaybuf.length < chunk.length + this.replaylen) { var nbuf = new Buffer(this.replaybuf.length * 2); this.replaybuf.copy(nbuf, 0, 0, this.replaylen); this.replaybuf = nbuf; if (this.replaybuf.length > 65536) { tslog("Warning: %s frame buffer at %d bytes", this.tag(), this.replaybuf.length); } } chunk.copy(this.replaybuf, this.replaylen); this.replaylen += chunk.length; }; /* Adds a watcher. */ BaseGame.prototype.attach = function (wsReq) { var conn = wsReq.accept(null, wsReq.origin); conn.sendUTF(JSON.stringify({ "t": "w", "w": this.w, "h": this.h, "p": this.pname, "g": this.gname })); conn.sendUTF(JSON.stringify({"t": "d", "d": this.replaybuf.toString("hex", 0, this.replaylen)})); conn.on('close', this.detach.bind(this, conn)); this.watchers.push(conn); }; BaseGame.prototype.detach = function (socket) { var n = this.watchers.indexOf(socket); if (n >= 0) { this.watchers.splice(n, 1); tslog("A WebSocket watcher has left game %s", this.tag()); } }; /* Constructor. A TermSession handles a pty and the game running on it. * gname: (String) Name of the game to launch. * pname: (String) The player's name. * wsReq: (WebSocketRequest) The request from the client. * * Events: * "data": Data generated by child. Parameters: buf (Buffer) * "exit": Child terminated. Parameters: none */ function TermSession(gname, pname, wsReq) { BaseGame.call(this); /* Don't launch anything that's not a real game. */ if (gname in games) { this.game = games[gname]; this.gname = gname; } else { this.failed = true; wsReq.reject(404, errorcodes[2], "No such game"); tslog("Game %s is not available", game); return; } this.pname = pname; /* Set up the sizes. */ this.w = Math.floor(Number(wsReq.resourceURL.query.w)); if (!(this.w > 0 && this.w < 256)) this.w = 80; this.h = Math.floor(Number(wsReq.resourceURL.query.h)); if (!(this.h > 0 && this.h < 256)) this.h = 24; /* Environment. */ var childenv = {}; for (var key in process.env) { childenv[key] = process.env[key]; } var args = ["-n", this.pname]; var spawnopts = {"env": childenv, "cwd": "/", "rows": this.h, "cols": this.w, "name": "xterm-256color"}; this.term = pty.spawn(this.game.path, args, spawnopts); tslog("%s playing %s (pid %d)", this.pname, this.gname, this.term.pid); this.failed = false; sessions[this.gname + "/" + this.pname] = this; gamemux.emit('begin', this.gname, this.pname, 'rlg'); /* Set up the lockfile and ttyrec */ var ts = timestamp(this.lasttime); var progressdir = path.join("/dgldir/inprogress", this.gname); this.lock = path.join(progressdir, this.pname + ":node:" + ts + ".ttyrec"); var lmsg = this.term.pid.toString() + '\n' + this.h + '\n' + this.w + '\n'; fs.writeFile(this.lock, lmsg, "utf8"); var ttyrec = path.join("/dgldir/ttyrec", this.pname, this.gname, ts + ".ttyrec"); this.record = fs.createWriteStream(ttyrec, { mode: 0664 }); /* The player's WebSocket and its handlers. */ this.playerconn = wsReq.accept(null, wsReq.origin); this.playerconn.on('message', this.input_msg.bind(this)); this.playerconn.on('close', this.close.bind(this)); /* Send initial data. */ this.playerconn.sendUTF(JSON.stringify({"t": "s", "w": this.w, "h": this.h, "p": this.pname, "g": this.gname})); /* Begin the ttyrec with some metadata, like dgamelaunch does. */ var descstr = "\x1b[2J\x1b[1;1H\r\n"; descstr += "Player: " + this.pname + "\r\nGame: " + this.game.name + "\r\n"; descstr += "Server: Roguelike Gallery - rlgallery.org\r\n"; descstr += "Filename: " + ts + ".ttyrec\r\n"; descstr += "Time: (" + Math.floor(this.lasttime.getTime() / 1000) + ") "; descstr += this.lasttime.toUTCString().slice(0, -4) + "\r\n"; descstr += "Size: " + this.w + "x" + this.h + "\r\n\x1b[2J"; this.write_ttyrec(descstr); this.term.on("data", this.write_ttyrec.bind(this)); this.term.on("exit", this.destroy.bind(this)); } TermSession.prototype = new BaseGame(); /* Currently this also sends to the player and any watchers. */ TermSession.prototype.write_ttyrec = function (datastr) { this.lasttime = new Date(); var buf = new Buffer(datastr); var chunk = new Buffer(buf.length + 12); /* TTYREC headers */ chunk.writeUInt32LE(Math.floor(this.lasttime.getTime() / 1000), 0); chunk.writeUInt32LE(1000 * (this.lasttime.getTime() % 1000), 4); chunk.writeUInt32LE(buf.length, 8); buf.copy(chunk, 12); this.record.write(chunk); this.framepush(buf); /* Send to the player. */ var msg = JSON.stringify({"t": "d", "d": buf.toString("hex")}); this.playerconn.sendUTF(msg); /* Send to any watchers. */ for (var i = 0; i < this.watchers.length; i++) { if (this.watchers[i].connected) this.watchers[i].sendUTF(msg); } this.emit('data', buf); }; /* For writing to the subprocess's stdin. */ TermSession.prototype.write = function (data) { this.term.write(data); }; TermSession.prototype.input_msg = function (message) { var parsedMsg = getMsgWS(message); if (parsedMsg.t == 'q') { this.close(); } else if (parsedMsg.t == 'd') { var hexstr = parsedMsg.d.replace(/[^0-9a-f]/gi, ""); if (hexstr.length % 2 != 0) { hexstr = hexstr.slice(0, -1); } var keybuf = new Buffer(hexstr, "hex"); this.write(keybuf); } }; /* Teardown. */ TermSession.prototype.close = function () { if (this.tag() in sessions) this.term.kill('SIGHUP'); }; TermSession.prototype.destroy = function () { var tag = this.tag(); fs.unlink(this.lock); this.record.end(); var watchsocks = this.watchers; this.watchers = []; for (var i = 0; i < watchsocks.length; i++) { if (watchsocks[i].connected) watchsocks[i].close(); } if (this.playerconn.connected) { this.playerconn.sendUTF(JSON.stringify({"t": "q"})); this.playerconn.close(); } this.emit('exit'); gamemux.emit('end', this.gname, this.pname); delete sessions[tag]; tslog("Game %s ended.", tag); /* Was that the last game? */ if (!allowlogin && Object.keys(sessions).length == 0) { shutdown(); } }; function DglSession(filename) { BaseGame.call(this); var pathcoms = filename.split('/'); this.gname = pathcoms[pathcoms.length - 2]; if (!(this.gname in games)) { this.emit('open', false); return; } var basename = pathcoms[pathcoms.length - 1]; var firstsep = basename.indexOf(':'); this.pname = basename.slice(0, firstsep); var fname = basename.slice(firstsep + 1); this.ttyrec = path.join("/dgldir/ttyrec", this.pname, this.gname, fname); /* Flag to prevent multiple handlers from reading simultaneously and * getting into a race. */ this.reading = false; this.rpos = 0; fs.readFile(filename, {encoding: "utf8"}, (function (err, data) { if (err) { this.emit('open', false); return; } var lines = data.split('\n'); this.h = Number(lines[1]); this.w = Number(lines[2]); fs.open(this.ttyrec, "r", (function (err, fd) { if (err) { this.emit('open', false); } else { this.fd = fd; this.emit('open', true); tslog("DGL %s: open", this.tag()); gamemux.emit('begin', this.gname, this.pname, 'dgl'); this.startchunk(); this.recwatcher = fs.watch(this.ttyrec, this.notifier.bind(this)); } }).bind(this)); }).bind(this)); } DglSession.prototype = new BaseGame(); /* 3 functions to get data from the ttyrec file. */ DglSession.prototype.startchunk = function () { if (this.reading) return; this.reading = true; var header = new Buffer(12); fs.read(this.fd, header, 0, 12, this.rpos, this.datachunk.bind(this)); }; DglSession.prototype.datachunk = function (err, n, buf) { /* Stop recursion if end of file has been reached. */ if (err || n < 12) { if (!err && n > 0) { tslog("DGL %s: expected 12-byte header, got %d", this.tag(), n); } this.reading = false; return; } this.rpos += 12; /* Update timestamp, to within 1 second. */ this.lasttime = new Date(1000 * buf.readUInt32LE(0)); var datalen = buf.readUInt32LE(8); if (datalen > 16384) { // Something is probably wrong... tslog("DGL %s: looking for %d bytes", this.tag(), datalen); } var databuf = new Buffer(datalen); fs.read(this.fd, databuf, 0, datalen, this.rpos, this.handledata.bind(this)); }; DglSession.prototype.handledata = function (err, n, buf) { if (err || n < buf.length) { /* Next time, read the header again. */ this.rpos -= 12; this.reading = false; tslog("DGL %s: expected %d bytes, got %d", this.tag(), buf.length, n); return; } this.rpos += n; this.reading = false; /* Process the data */ this.framepush(buf); var wmsg = JSON.stringify({"t": "d", "d": buf.toString("hex")}); for (var i = 0; i < this.watchers.length; i++) { if (this.watchers[i].connected) this.watchers[i].sendUTF(wmsg); } this.emit("data", buf); /* Recurse. */ this.startchunk(); }; /* Handles events from the ttyrec file watcher. */ DglSession.prototype.notifier = function (ev, finame) { if (ev == "change") this.startchunk(); /* If another kind of event appears, something strange happened. */ }; DglSession.prototype.close = function () { this.recwatcher.close(); /* Ensure all data is handled before quitting. */ this.startchunk(); var connlist = this.watchers; this.watchers = []; for (var i = 0; i < connlist.length; i++) { if (connlist[i].connected) connlist[i].close(); } fs.close(this.fd); this.emit("close"); gamemux.emit('end', this.gname, this.pname); tslog("DGL %s: closed", this.tag()); }; function wsStartGame(wsReq) { var playmatch = wsReq.resourceURL.pathname.match(/^\/play\/([^\/]*)$/); if (!playmatch[1] || !(playmatch[1] in games)) { wsReq.reject(404, errorcodes[2]); return; } var gname = playmatch[1]; if (!allowlogin) { wsReq.reject(404, errorcodes[6]); return; } if (!("key" in wsReq.resourceURL.query)) { wsReq.reject(404, "No key given."); return; } var lkey = wsReq.resourceURL.query["key"]; if (!(lkey in logins)) { wsReq.reject(404, errorcodes[1]); return; } var pname = logins[lkey].name; function progcallback(err, fname) { if (fname) { wsReq.reject(404, errorcodes[4]); tslog("%s is already playing %s", pname, gname); } else { new TermSession(gname, pname, wsReq); } }; checkprogress(pname, games[gname], progcallback, []); } /* Some functions which check whether a player is currently playing or * has a saved game. Maybe someday they will provide information on * the game. */ function checkprogress(user, game, callback, args) { var progressdir = path.join("/dgldir/inprogress", game.uname); fs.readdir(progressdir, function(err, files) { if (err) { args.unshift(err, null); callback.apply(null, args); return; } var fre = RegExp("^" + user + ":"); for (var i = 0; i < files.length; i++) { if (files[i].match(fre)) { args.unshift(null, files[i]); callback.apply(null, args); return; } } args.unshift(null, false); callback.apply(null, args); }); } function checksaved(user, game, callback, args) { var savedirc = game.uname + "save"; var basename = String(pwent.uid) + "-" + user + game.suffix; var savefile = path.join("/var/games/roguelike", savedirc, basename); fs.exists(savefile, function (exist) { args.unshift(exist); callback.apply(null, args); }); } function playerstatus(user, callback) { var sdata = {}; function finishp() { for (var gname in games) { if (!(gname in sdata)) return; } callback(sdata); } function regsaved(exists, game) { if (exists) sdata[game.uname] = "s"; else sdata[game.uname] = "0"; finishp(); } function regactive(err, filename, game) { if (!err && filename) { if (filename.match(/^[^:]*:node:/)) sdata[game.uname] = "p"; else sdata[game.uname] = "d"; finishp(); } else checksaved(user, game, regsaved, [game]); } for (var gname in games) { checkprogress(user, games[gname], regactive, [games[gname]]); } } /* A few utility functions */ function timestamp(dd) { if (!(dd instanceof Date)) { dd = new Date(); } sd = dd.toISOString(); sd = sd.slice(0, sd.indexOf(".")); return sd.replace("T", "."); } function randkey(words) { if (!words || !(words > 0)) words = 1; function rand32() { rnum = Math.floor(Math.random() * 65536 * 65536); hexstr = rnum.toString(16); while (hexstr.length < 8) hexstr = "0" + hexstr; return hexstr; } var key = ""; for (var i = 0; i < words; i++) key += rand32(); return key; } /* Compares two buffers, returns true for equality up to index n */ function bufncmp(buf1, buf2, n) { if (!Buffer.isBuffer(buf1) || !Buffer.isBuffer(buf2)) return false; for (var i = 0; i < n; i++) { if (i == buf1.length && i == buf2.length) return true; if (i == buf1.length || i == buf2.length) return false; if (buf1[i] != buf2[i]) return false; } return true; } function isclear(buf) { for (var i = 0; i < clearbufs.length; i++) { if (bufncmp(buf, clearbufs[i], clearbufs[i].length)) return true; } return false; } function tslog() { arguments[0] = new Date().toISOString() + ": " + String(arguments[0]); console.log.apply(console, arguments); } /* Returns a list of the cookies in the request, obviously. */ function getCookies(req) { cookies = []; if ("cookie" in req.headers) { cookstrs = req.headers["cookie"].split("; "); for (var i = 0; i < cookstrs.length; i++) { eqsign = cookstrs[i].indexOf("="); if (eqsign > 0) { name = cookstrs[i].slice(0, eqsign).toLowerCase(); val = cookstrs[i].slice(eqsign + 1); cookies[name] = val; } else if (eqsign < 0) cookies[cookstrs[i]] = null; } } return cookies; } function getMsg(posttext) { var jsonobj; if (!posttext) return {}; try { jsonobj = JSON.parse(posttext); } catch (e) { if (e instanceof SyntaxError) return {}; } if (typeof(jsonobj) != "object") return {}; return jsonobj; } function getMsgWS(msgObj) { if (msgObj.type != "utf8") return {}; return getMsg(msgObj.utf8Data); } function login(req, res, formdata) { if (!allowlogin) { sendError(res, 6, null, false); return; } if (!("name" in formdata)) { sendError(res, 2, "Username not given.", false); return; } else if (!("pw" in formdata)) { sendError(res, 2, "Password not given.", false); return; } var username = String(formdata["name"]); var password = String(formdata["pw"]); function checkit(code, signal) { /* Checks the exit status, see sqlickrypt.c for details. */ if (code != 0) { sendError(res, 3); if (code == 1) tslog("Password check failed for user %s", username); else if (code == 2) tslog("Attempted login by nonexistent user %s", username); else tslog("Login failed: sqlickrypt error %d", code); return; } var lkey = randkey(2); while (lkey in logins) lkey = randkey(2); logins[lkey] = {"name": username, "ts": new Date()}; res.writeHead(200, {'Content-Type': 'application/json'}); var reply = {"t": "l", "k": lkey, "u": username}; res.write(JSON.stringify(reply)); res.end(); tslog("%s has logged in", username); return; } /* Launch the sqlickrypt utility to check the password. */ var pwchecker = child_process.spawn("/bin/sqlickrypt", ["check"]); pwchecker.on("exit", checkit); pwchecker.stdin.end(username + '\n' + password + '\n', "utf8"); return; } /* Sets things up for a new user, like dgamelaunch's commands[register] */ function regsetup(username) { function regsetup_l2(err) { for (var g in games) { fs.mkdir(path.join("/dgldir/ttyrec", username, games[g].uname), 0755); } } fs.mkdir(path.join("/dgldir/userdata", username), 0755); fs.mkdir(path.join("/dgldir/ttyrec/", username), 0755, regsetup_l2); } function register(req, res, formdata) { var uname, passwd, email; if (typeof (formdata.name) != "string" || formdata.name === "") { sendError(res, 2, "No name given."); return; } else uname = formdata["name"]; if (typeof (formdata.pw) != "string" || formdata.pw === "") { sendError(res, 2, "No password given."); return; } else passwd = formdata["pw"]; if (typeof (formdata.email) != "string" || formdata.email === "") { /* E-mail is optional */ email = "nobody@nowhere.not"; } else email = formdata["email"]; function checkreg(code, signal) { if (code === 0) { var lkey = randkey(2); while (lkey in logins) lkey = randkey(2); logins[lkey] = {"name": uname, "ts": new Date()}; var reply = {"t": "r", "k": lkey, "u": uname}; res.writeHead(200, {'Content-Type': 'application/json'}); res.write(JSON.stringify(reply)); res.end(); tslog("Added new user: %s", uname); regsetup(uname); } else if (code == 4) { sendError(res, 2, "Invalid characters in name or email."); tslog("Attempted registration: %s %s", uname, email); } else if (code == 1) { sendError(res, 2, "Username " + uname + " is already being used."); tslog("Attempted duplicate registration: %s", uname); } else { sendError(res, 0, null); tslog("sqlickrypt register failed with code %d", code); } } var child_adder = child_process.spawn("/bin/sqlickrypt", ["register"]); child_adder.on("exit", checkreg); child_adder.stdin.end(uname + '\n' + passwd + '\n' + email + '\n', "utf8"); return; } /* Stops a running game if the request has the proper key. */ function stopgame(res, formdata) { if (!("key" in formdata) || !(formdata["key"] in logins)) { sendError(res, 1); return; } var pname = logins[formdata["key"]].name; if (!("g" in formdata) || !(formdata["g"] in games)) { sendError(res, 2, "No such game."); return; } var gname = formdata["g"]; function checkback(err, fname) { if (!fname) { sendError(res, 7); return; } var fullfile = path.join("/dgldir/inprogress", gname, fname); fs.readFile(fullfile, "utf8", function(err, fdata) { if (err) { sendError(res, 7); return; } var pid = parseInt(fdata.split('\n')[0], 10); try { process.kill(pid, 'SIGHUP'); } catch (err) { /* If the PID is invalid, the lockfile is stale. */ if (err.code == "ESRCH") { var nodere = RegExp("^" + pname + ":node:"); if (fname.match(nodere)) { fs.unlink(fullfile); } } } /* The response doesn't mean that the game is gone. The only way * to make sure a dgamelaunch-supervised game is over would be to * poll fname until it disappears. */ res.writeHead(200, {'Content-Type': 'application/json'}); res.write(JSON.stringify({"t": "q"})); res.end(); }); } checkprogress(pname, games[gname], checkback, []); } function startProgressWatcher() { var watchdirs = []; for (var gname in games) { watchdirs.push(path.join("/dgldir/inprogress", gname)); } var subproc = child_process.spawn("/bin/dglwatcher", watchdirs); subproc.stdout.setEncoding('utf8'); subproc.stdout.on('data', function (chunk) { var fname = chunk.slice(2, -1); var filere = /.*\/([^\/]*)\/([^\/:]*):(node:)?(.*)/; var matchresult = fname.match(filere); if (!matchresult || matchresult[3]) return; var gname = matchresult[1]; var pname = matchresult[2]; var tag = gname + "/" + pname; if (chunk[0] == "E") { tslog("DGL: %s is playing %s: %s", pname, gname, fname) dglgames[tag] = new DglSession(fname); } else if (chunk[0] == "C") { tslog("DGL: %s started playing %s: %s", pname, gname, fname) dglgames[tag] = new DglSession(fname); } else if (chunk[0] == "D") { tslog("DGL: %s finished playing %s: %s", pname, gname, fname) dglgames[tag].close(); delete dglgames[tag]; } else { tslog("Watcher says: %s", chunk) } }); subproc.stdout.resume(); return subproc; } function serveStatic(req, res, fname) { var nname = path.normalize(fname); if (nname == "" || nname == "/") nname = "index.html"; if (nname.match(/\/$/)) path.join(nname, "index.html"); /* it was a directory */ var realname = path.join(serveStaticRoot, nname); var extension = path.extname(realname); fs.exists(realname, function (exists) { var resheaders = {}; if (!exists || !extension || extension == ".html")