#!/usr/bin/env node
// If you can't quite trust node to find it on its own
var localModules = '/usr/local/lib/node_modules/';
var http = require('http');
var net = require('net');
var url = require('url');
var path = require('path');
var fs = require('fs');
var child_process = require('child_process');
var daemon = require(path.join(localModules, "daemon"));
/* Configuration variables */
// These first two files are NOT in the chroot.
var ctlsocket = "/var/local/rlgwebd/ctl";
var logfile = "/var/local/rlgwebd/log";
var httpPort = 8080;
var chrootDir = "/var/dgl/";
var dropToUID = 501;
var dropToGID = 501;
var serveStaticRoot = "/var/www/"; // inside the chroot
var playtimeout = 3600000; // Idle time before games are autosaved, in ms
/* Global state */
var sessions = {};
var allowlogin = true;
var games = {
"rogue3": {
"name": "Rogue V3",
"uname": "rogue3",
"path": "/bin/rogue3"
},
"rogue4": {
"name": "Rogue V4",
"uname": "rogue4",
"path": "/bin/rogue4"
},
"rogue5": {
"name": "Rogue V5",
"uname": "rogue5",
"path": "/bin/rogue5"
},
"srogue": {
"name": "Super-Rogue",
"uname": "srogue",
"path": "/bin/srogue"
}
};
/* Constructor for TermSessions. Note that it opens the terminal and
* adds itself to the sessions dict. It currently assumes the user has
* been authenticated.
*/
function TermSession(game, user, files, dims) {
/* First make sure starting the game will work. */
if (game in games) {
this.game = games[game];
}
else {
// TODO: throw an exception instead
return null;
}
this.player = user;
/* This order seems to best avoid race conditions... */
this.alive = false;
this.sessid = randkey();
while (this.sessid in sessions) {
this.sessid = randkey();
}
/* Grab a spot in the sessions table. */
sessions[this.sessid] = this;
/* State for messaging. */
this.nsend = 0;
this.nrecv = 0;
this.msgQ = []
this.Qtimeout = null;
/* Set up the sizes. */
this.w = Math.floor(Number(dims[1]));
if (!(this.w > 0 && this.w < 256))
this.w = 80;
this.h = Math.floor(Number(dims[0]));
if (!(this.h > 0 && this.h < 256))
this.h = 24;
/* Environment. */
var childenv = {};
for (var key in process.env) {
childenv[key] = process.env[key];
}
childenv["PTYHELPER"] = String(this.h) + "x" + String(this.w);
/* TODO handle tty-opening errors */
/* TODO make argument-finding into a method */
args = [this.game.path, "-n", user.toString()];
this.child = child_process.spawn("/bin/ptyhelper", args, {"env": childenv});
var ss = this;
this.alive = true;
this.data = [];
this.lock = files[0];
fs.writeFile(this.lock, this.child.pid.toString() + '\n' + this.w + '\n' +
this.h + '\n', "utf8");
this.record = fs.createWriteStream(files[1], { mode: 0664 });
/* END setup */
function ttyrec_chunk(buf) {
var ts = new Date();
var chunk = new Buffer(buf.length + 12);
/* TTYREC headers */
chunk.writeUInt32LE(Math.floor(ts.getTime() / 1000), 0);
chunk.writeUInt32LE(1000 * (ts.getTime() % 1000), 4);
chunk.writeUInt32LE(buf.length, 8);
buf.copy(chunk, 12);
ss.data.push(chunk);
ss.record.write(chunk);
}
this.child.stdout.on("data", ttyrec_chunk);
this.child.stderr.on("data", ttyrec_chunk);
this.child.on("exit", function (code, signal) {
ss.exitcode = (code != null ? code : 255);
ss.alive = false;
fs.unlink(ss.lock);
/* Wait for all the data to get collected */
setTimeout(ss.cleanup, 1000);
});
this.write = function (data, n) {
if (!this.alive || typeof (n) != "number") {
return;
}
//console.log("Got message " + n);
var oindex = n - this.nrecv;
if (oindex === 0) {
//console.log("Writing message " + n);
this.child.stdin.write(data);
this.nrecv++;
var next;
while ((next = this.msgQ.shift()) !== undefined) {
//console.log("Writing message " + this.nrecv);
this.child.stdin.write(next);
this.nrecv++;
}
if (this.msgQ.length == 0 && this.Qtimeout) {
clearTimeout(this.Qtimeout);
this.Qtimeout = null;
}
}
else if (oindex > 0 && oindex <= 1024) {
tslog("Stashing message %d at %d", n, oindex - 1);
this.msgQ[oindex - 1] = data;
if (!this.Qtimeout) {
var nextn = this.nrecv + this.msgQ.length + 1;
this.Qtimeout = setTimeout(this.flushQ, 30000, this, nextn);
}
}
/* Otherwise, discard it */
return;
};
this.flushQ = function (session, n) {
/* Callback for when an unreceived message times out.
* n is the first empty space that will not be given up on. */
if (!session.alive)
return;
session.nrecv++;
var next;
/* Clear the queue up to n */
while (session.nrecv < n) {
next = session.msgQ.shift();
if (next !== undefined)
session.child.stdin.write(next);
session.nrecv++;
}
/* Clear out anything that's ready. */
while ((next = session.msgQ.shift()) !== undefined) {
session.child.stdin.write(next);
session.nrecv++;
}
/* Now set another timeout if necessary. */
if (session.msgQ.length != 0) {
var nextn = session.nrecv + session.msgQ.length + 1;
session.Qtimeout = setTimeout(session.flushQ, 30000, session, nextn);
}
tslog("Flushing queue for session %s", session.sessid);
};
this.read = function () {
if (this.data.length == 0)
return null;
var pos = 0;
var i = 0;
for (i = 0; i < this.data.length; i++)
pos += this.data[i].length - 12;
var nbuf = new Buffer(pos);
var tptr;
pos = 0;
while (this.data.length > 0) {
tptr = this.data.shift();
tptr.copy(nbuf, pos, 12);
pos += tptr.length - 12;
}
return nbuf;
};
this.close = function () {
if (this.alive)
this.child.kill('SIGHUP');
};
this.cleanup = function () {
/* Call this when the child is dead. */
if (ss.alive)
return;
ss.record.end();
/* Give the client a chance to read any leftover data. */
if (ss.data.length > 0)
setTimeout(ss.remove, 8000);
else
ss.remove();
};
this.remove = function () {
var id = ss.sessid;
delete sessions[id];
tslog("Session %s removed.", id);
};
}
/* A few utility functions */
function timestamp() {
dd = new Date();
sd = dd.toISOString();
sd = sd.slice(0, sd.indexOf("."));
return sd.replace("T", ".");
}
function randkey() {
rnum = Math.floor(Math.random() * 65536 * 65536);
hexstr = rnum.toString(16);
while (hexstr.length < 8)
hexstr = "0" + hexstr;
return hexstr;
}
function tslog() {
arguments[0] = new Date().toISOString() + ": " + String(arguments[0]);
console.log.apply(console, arguments);
}
/* Returns a list of the cookies in the request, obviously. */
function getCookies(req) {
cookies = [];
if ("cookie" in req.headers) {
cookstrs = req.headers["cookie"].split("; ");
for (var i = 0; i < cookstrs.length; i++) {
eqsign = cookstrs[i].indexOf("=");
if (eqsign > 0) {
name = cookstrs[i].slice(0, eqsign).toLowerCase();
val = cookstrs[i].slice(eqsign + 1);
cookies[name] = val;
}
else if (eqsign < 0)
cookies[cookstrs[i]] = null;
}
}
return cookies;
}
function getMsg(posttext) {
var jsonobj;
if (!posttext)
return {};
try {
jsonobj = JSON.parse(posttext);
}
catch (e) {
if (e instanceof SyntaxError)
return {};
}
if (typeof(jsonobj) != "object")
return {};
return jsonobj;
}
function reaper() {
var now = new Date();
function reapcheck(session) {
if (!session.alive)
return;
fs.fstat(session.record.fd, function (err, stats) {
if (!err && now - stats.mtime > playtimeout) {
tslog("Reaping %s", session.sessid);
session.close();
}
});
}
for (var sessid in sessions) {
reapcheck(sessions[sessid]);
}
}
function login(req, res, formdata) {
if (!allowlogin) {
sendError(res, 6, null);
return;
}
if (!("game" in formdata)) {
sendError(res, 2, "No game specified.");
return;
}
else if (!("name" in formdata)) {
sendError(res, 2, "Username not given.");
return;
}
else if (!("pw" in formdata)) {
sendError(res, 2, "Password not given.");
return;
}
var username = formdata["name"];
var password = formdata["pw"];
var gname = formdata["game"];
var dims = [formdata["h"], formdata["w"]];
if (!(gname in games)) {
sendError(res, 2, "No such game: " + gname);
tslog("Request for nonexistant game \"%s\"", gname);
return;
}
var progressdir = "/dgldir/inprogress-" + games[gname].uname;
// This sets up the game once starting is approved.
function startgame() {
var ts = timestamp();
var lockfile = path.join(progressdir, username + ":node:" + ts + ".ttyrec");
var ttyrec = path.join("/dgldir/ttyrec", username, gname, ts + ".ttyrec");
var nsession = new TermSession(gname, username, [lockfile, ttyrec], dims);
if (nsession) {
/* Technically there's a race condition for the "lock"file, but since
* it requires the user deliberately starting two games at similar times,
* it's not too serious. We can't get O_EXCL in Node anyway. */
res.writeHead(200, {'Content-Type': 'application/json'});
var reply = {"t": "l", "id": nsession.sessid, "w": nsession.w, "h":
nsession.h};
res.write(JSON.stringify(reply));
res.end();
tslog("%s playing %s (key %s, pid %d)", username, gname,
nsession.sessid, nsession.child.pid);
}
else {
sendError(res, 5, "Failed to open TTY");
tslog("Unable to allocate TTY for %s", gname);
}
}
function checkit(code, signal) {
// check the password
if (code != 0) {
sendError(res, 3);
if (code == 1)
tslog("Password check failed for user %s", username);
else if (code == 2)
tslog("Attempted login by nonexistent user %s", username);
else
tslog("Login failed: sqlickrypt error %d", code);
return;
}
// check for an existing game
fs.readdir(progressdir, function(err, files) {
if (!err) {
var fre = RegExp("^" + username + ":");
for (var i = 0; i < files.length; i++) {
if (files[i].match(fre)) {
sendError(res, 4, null);
tslog("%s is already playing %s", username, gname);
return;
}
}
}
// If progressdir isn't readable, start a new game anyway.
startgame();
});
}
/* Launch the sqlickrypt utility to check the password. */
var checker = child_process.spawn("/bin/sqlickrypt", ["check"]);
checker.on("exit", checkit);
checker.stdin.end(username + '\n' + password + '\n', "utf8");
return;
}
/* Sets things up for a new user, like dgamelaunch's commands[register] */
function regsetup(username) {
function regsetup_l2(err) {
for (var g in games) {
fs.mkdir(path.join("/dgldir/ttyrec", username, games[g].uname), 0755);
}
}
fs.mkdir(path.join("/dgldir/userdata", username), 0755);
fs.mkdir(path.join("/dgldir/ttyrec/", username), 0755, regsetup_l2);
}
function register(req, res, formdata) {
var uname, passwd, email;
if (typeof (formdata.name) != "string" || formdata.name === "") {
sendError(res, 2, "No name given.");
return;
}
else
uname = formdata["name"];
if (typeof (formdata.pw) != "string" || formdata.pw === "") {
sendError(res, 2, "No password given.");
return;
}
else
passwd = formdata["pw"];
if (typeof (formdata.email) != "string" || formdata.email === "") {
/* E-mail is optional */
email = "nobody@nowhere.not";
}
else
email = formdata["email"];
function checkreg(code, signal) {
if (code == 4) {
sendError(res, 2, "Invalid characters in name or email.");
tslog("Attempted registration: %s %s", uname, email);
}
else if (code == 1) {
sendError(res, 2, "Username " + uname + " is already being used.");
tslog("Attempted duplicate registration: %s", uname);
}
else if (code != 0) {
sendError(res, 0, null);
tslog("sqlickrypt register failed with code %d", code);
}
else {
res.writeHead(200, {'Content-Type': 'application/json'});
var reply = {"t": "r", "d": uname};
res.write(JSON.stringify(reply));
res.end();
tslog("Added new user: %s", uname);
regsetup(uname);
}
}
var child_adder = child_process.spawn("/bin/sqlickrypt", ["register"]);
child_adder.on("exit", checkreg);
child_adder.stdin.end(uname + '\n' + passwd + '\n' + email + '\n', "utf8");
return;
}
function logout(term, res) {
if (!term.alive) {
sendError(res, 1, null);
return;
}
term.close();
var resheaders = {'Content-Type': 'application/json'};
res.writeHead(200, resheaders);
res.write(JSON.stringify({"t": "q"}));
res.end();
return;
}
function findTermSession(formdata) {
if (typeof(formdata) != "object")
return null;
if ("id" in formdata) {
var sessid = formdata["id"];
if (sessid in sessions) {
return sessions[sessid];
}
}
return null;
}
function serveStatic(req, res, fname) {
var nname = path.normalize(fname);
if (nname == "" || nname == "/")
nname = "index.html";
if (nname.match(/\/$/))
path.join(nname, "index.html"); /* it was a directory */
var realname = path.join(serveStaticRoot, nname);
var extension = path.extname(realname);
path.exists(realname, function (exists) {
var resheaders = {};
if (!exists || !extension || extension == ".html")
resheaders["Content-Type"] = "text/html; charset=utf-8";
else if (extension == ".png")
resheaders["Content-Type"] = "image/png";
else if (extension == ".css")
resheaders["Content-Type"] = "text/css";
else if (extension == ".js")
resheaders["Content-Type"] = "text/javascript";
else if (extension == ".svg")
resheaders["Content-Type"] = "image/svg+xml";
else
resheaders["Content-Type"] = "application/octet-stream";
if (exists) {
fs.readFile(realname, function (error, data) {
if (error) {
res.writeHead(500, {});
res.end();
}
else {
res.writeHead(200, resheaders);
if (req.method != 'HEAD')
res.write(data);
res.end();
}
});
}
else {
res.writeHead(404, resheaders);
if (req.method != 'HEAD') {
res.write("" + nname + "\n"
+ nname + " Not Found
\n");
}
res.end();
}
});
return;
}
function readFeed(res, term) {
if (term) {
var reply = {};
var result = term.read();
if (result == null) {
if (term.alive)
reply.t = "n";
else {
if (allowlogin)
reply.t = "q";
else {
sendError(res, 6, null);
return;
}
}
}
else {
reply.t = "d";
reply.n = term.nsend++;
reply.d = result.toString("hex");
}
res.writeHead(200, { "Content-Type": "application/json" });
res.write(JSON.stringify(reply));
res.end();
}
else {
sendError(res, 1, null);
}
}
function statusmsg(req, res) {
var reply = {"s": allowlogin, "g": []};
for (var sessid in sessions) {
if (sessions[sessid].alive) {
var gamedesc = {};
gamedesc["p"] = sessions[sessid].player;
gamedesc["g"] = sessions[sessid].game.name;
reply["g"].push(gamedesc);
}
}
res.writeHead(200, { "Content-Type": "application/json" });
if (req.method != 'HEAD')
res.write(JSON.stringify(reply));
res.end();
}
var errorcodes = [ "Generic Error", "Not logged in", "Invalid data",
"Login failed", "Already playing", "Game launch failed",
"Server shutting down" ];
function sendError(res, ecode, msg) {
res.writeHead(200, { "Content-Type": "application/json" });
var edict = {"t": "E"};
if (!(ecode < errorcodes.length && ecode > 0))
ecode = 0;
edict["c"] = ecode;
edict["s"] = errorcodes[ecode];
if (msg)
edict["s"] += ": " + msg;
res.write(JSON.stringify(edict));
res.end();
}
function webHandler(req, res) {
/* default headers for the response */
var resheaders = {'Content-Type': 'text/html'};
/* The request body will be added to this as it arrives. */
var reqbody = "";
var formdata;
/* Register a listener to get the body. */
function moredata(chunk) {
reqbody += chunk;
}
req.on('data', moredata);
/* This will send the response once the whole request is here. */
function respond() {
formdata = getMsg(reqbody);
var target = url.parse(req.url).pathname;
var cterm = findTermSession(formdata);
/* First figure out if the client is POSTing to a command interface. */
if (req.method == 'POST') {
if (target == '/feed') {
if (!cterm) {
sendError(res, 1, null);
return;
}
if (formdata.t == "q") {
/* The client wants to terminate the process. */
logout(cterm, res);
}
else if (formdata.t == "d" && typeof(formdata.d) == "string") {
/* process the keys */
hexstr = formdata.d.replace(/[^0-9a-f]/gi, "");
if (hexstr.length % 2 != 0) {
sendError(res, 2, "incomplete byte");
return;
}
keybuf = new Buffer(hexstr, "hex");
/* TODO OoO correction */
cterm.write(keybuf, formdata.n);
}
readFeed(res, cterm);
}
else if (target == "/login") {
login(req, res, formdata);
}
else if (target == "/addacct") {
register(req, res, formdata);
}
else {
res.writeHead(405, resheaders);
res.end();
}
}
else if (req.method == 'GET' || req.method == 'HEAD') {
if (target == '/feed') {
if (req.method == 'HEAD') {
res.writeHead(200, {"Content-Type": "application/json"});
res.end();
return;
}
if (!cterm) {
sendError(res, 1, null);
return;
}
readFeed(res, cterm);
}
else if (target == '/status') {
statusmsg(req, res);
}
else /* Go look for it in the filesystem */
serveStatic(req, res, target);
}
else { /* Some other method */
res.writeHead(501, resheaders);
res.write("501\n501 Not Implemented
\n");
res.end();
}
return;
}
req.on('end', respond);
}
function shutdown () {
httpServer.close();
httpServer.removeAllListeners('request');
ctlServer.close();
tslog("Shutting down...");
process.exit();
}
function conHandler(chunk) {
var msg = chunk.toString().split('\n')[0];
if (msg == "quit") {
allowlogin = false;
tslog("Disconnecting...");
for (var sessid in sessions) {
sessions[sessid].close();
}
setTimeout(shutdown, 10000);
}
}
process.on("exit", function () {
for (var sessid in sessions) {
if (sessions[sessid].alive)
sessions[sessid].child.kill('SIGHUP');
}
tslog("Quitting...");
return;
});
/* Initialization STARTS HERE */
process.env["TERM"] = "xterm-256color";
if (process.getuid() != 0) {
tslog("Not running as root, cannot chroot.");
process.exit(1);
}
var httpServer; // declare here so shutdown() can find it
/* Open the control socket before chrooting where it can't be found */
var ctlServer = net.createServer(function (sock) {
sock.on('data', conHandler);
});
ctlServer.listen(ctlsocket, function () {
/* fork off and die */
try {
daemon.start(logfile);
}
catch (err) {
tslog("Daemonization failed: %s", err);
process.exit(1);
}
/* chroot and drop permissions. daemon.chroot() does chdir() itself. */
try {
daemon.chroot(chrootDir);
}
catch (err) {
tslog("chroot to %s failed: %s", chrootDir, err);
process.exit(1);
}
try {
// drop gid first, that requires UID=0
process.setgid(dropToGID);
process.setuid(dropToUID);
}
catch (err) {
tslog("Could not drop permissions: %s", err);
process.exit(1);
}
httpServer = http.createServer(webHandler);
httpServer.listen(httpPort);
tslog('rlgwebd running on port %d', httpPort);
setInterval(reaper, playtimeout / 4);
});