Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- This script depends on "mime_types.txt" accessible in my public pastes https://pastebin.com/u/IWBH_01
- It is a basic insecure nodejs server with upload.
- */
- global.self=global;0;
- var http = require("http"),
- fs=require("fs"),
- zlib=require("zlib"),
- gurl=function(s,bf,af){
- var a1="",ci0=s.indexOf(bf);
- if(ci0+1){a1=s.substr(ci0+bf.length);
- var ci1=a1.indexOf(af);
- if(ci1+1)a1=a1.substring(0,ci1);
- }
- return a1;},
- urlqp=function(wlc){
- var oo={},a0=wlc.substr(wlc.indexOf("?")+1).split("&"),i2=0;
- while(i2<a0.length){
- var zi2=a0[i2],ei=zi2.indexOf("="),ez=ei>0;
- oo[decodeURIComponent((ez?zi2.substr(0,ei):zi2).replace(/\+/g," ")).replace(/\x20/g,"_")]=ez?decodeURIComponent(zi2.substr(ei+1).replace(/\+/g," ")):"";
- i2++;
- }
- return oo;},
- mimes_=urlqp(gurl(fs.readFileSync("//mnt/sdb2/stuff_stored_here/windows/www_partial/mime_types.txt","utf-8"),'"','";')),
- esc_str=function(s,l,e,h){
- if(!l)l=127;
- s=s.split('');
- var i0=0,cc,cs,ex="\"'\r\n\0"+(typeof e=="string"?e:""),L='length';
- while(i0<s[L]){
- cc=s[i0].charCodeAt(0);
- if((ex.indexOf(s[i0])+1)||cc>l){
- if(h) s[i0]="&#"+cc+";"; else{
- cs=cc.toString(16);
- if(cs[L]<2)cs="0"+cs;
- if(cs[L]==2)s[i0]="\\x"+cs;
- else if(cs[L]==3)cs="0"+cs;
- if(cs[L]==4)s[i0]="\\u"+cs;}
- }i0++;
- }return s.join('');},
- getFoF=function(pth,fp,si){ //fp = client side path, si = show index.html
- if(fs.existsSync(pth)){
- try{
- var itms=fs.readdirSync(pth),skp;
- if(si){ for(var nm of itms){ var nL=nm.toLowerCase(); if(nL=="index.html"||nL=="index.htm"){ skp=!0;if(pth[pth.length-1]!="/")pth+="/";pth+=nm;break; } } }
- if(!skp){
- itms.sort().reverse();
- var p2=fp||pth,lcs=p2[p2.length-1]=="/",p3=p2+(lcs?"":"/"),ti="Index of "+esc_str(p3,127,!1,!0),r="<!Doctype html><html><head><meta content=\"text/html;charset=utf-8\" http-equiv=\"Content-Type\"/>"+(lcs?"":"<base href=\""+p3+"\">")+"<title>"+ti+"</title></head><body><div style=\"position:fixed;top:0;left:0;overflow:scroll;\">\r\n"+ti+"<br>\r\n<table><tr><td>Name</td><td>Type</td><td>Size</td><td>Created</td><td>Modified</td></tr><tr><td><a href=\"../\">../ (parent folder)</a></td><td>Folder</td><td>-</td><td>-</td><td>-</td></tr>\r\n";
- for(var fn of itms){
- var st2=fs.statSync(p3+fn),idr=st2.isDirectory();
- r+="<tr><td><a href=\""+encodeURI(fn)+(idr?"/":"")+"\">"+esc_str(fn,127,!1,!0)+"</a></td><td>"+(idr?"Folder":"File")+"</td><td>"+st2.size+" bytes</td><td>"+st2.ctime.toGMTString()+"</td><td>"+st2.mtime.toGMTString()+"</td></tr>\r\n";
- }
- return r+"</table><br>Upload here: <input type='file' id='f1' multiple='true' ><br><span id='res'></span></div><script type=\"text/javascript\">var d=document,gI='getElementById',sy1=d.getElementsByTagName('div')[0].style,f1=d[gI]('f1'),res=d[gI]('res'); sy1.width=self.innerWidth+'px';sy1.height=self.innerHeight+'px'; f1.onchange="+(function(){
- var i=0,frds=[],
- rdff=function(e){
- var fi=f1.files[this.n],xhr1=new XMLHttpRequest(),d0="/*ulf"+location.pathname;
- if(d0[d0.length-1]!="/")d0+="/";
- xhr1.open("POST",d0+fi.name,!0);
- res.innerHTML+="<br>sending "+fi.name;
- xhr1.onload=function(){res.innerHTML+="<br>"+fi.name+": "+xhr1.responseText;};
- xhr1.send(e.target.result);
- delete frds[this.n];
- },
- errf=function(e){res.innerHTML+=("<br>The file '"+f1.files[this.n].name+"' could not be read! Code "+e.target.error.code);};
- while(i<f1.files.length){
- frds[i] = new FileReader();
- frds[i].n=i;
- frds[i].addEventListener("load",rdff);
- frds[i].addEventListener("error",errf);
- frds[i].readAsArrayBuffer(f1.files[i]);
- i++;
- }
- }).toString()+";</script></body></html>";
- }
- }catch(e){}
- return fs.readFileSync(pth);
- }
- },
- snd_rsp=function(rc,rspS,hed){
- if(!rspS)rspS="no content";
- var h1={"Content-Type":"text/html;charset=utf-8","Content-Length":rspS.length,"Access-Control-Allow-Origin":"*"};
- if(typeof hed=="object")Object.assign(h1,hed);
- if(rspS.length>2048){
- if(typeof rspS=="string")rspS=new Buffer(rspS);
- h1["Content-Encoding"]="gzip";
- rspS=zlib.gzipSync(rspS);
- h1["Content-Length"]=rspS.length;
- }
- this.writeHead(rc||200,h1);
- this.write(rspS);
- this.end();
- },
- srv_func=function(req, rsp){
- self.L_req=req;
- var Sk=req.socket,
- o_={"rep":{"ip":Sk.remoteAddress,"port":Sk.remotePort},
- "lep":{"ip":Sk.localAddress,"port":Sk.localPort}},
- rspnd=snd_rsp.bind(rsp),
- buf_=[];
- console.log("got "+req.url+"\nfrom: "+o_.rep.ip+"\n");
- req.on('data',buf_.push.bind(buf_));
- req.on('end', function(){
- var body=Buffer.concat(buf_),
- qi=req.url.indexOf("?"),unq=decodeURIComponent(qi>0?req.url.substr(0,qi):req.url).replace(/\/\.\.\//g,"/").replace(/\/.\//g,"/"),
- sc,rspS,rshed={},rspS;
- if(unq.substr(0,6)=="/*ulf/"&&body.length){
- console.log("upload?");
- var fp=unq.substr(5); rspS="";
- if(fs.existsSync(fp)){ rspS="file exists."; }else{ try{ fs.writeFileSync(fp,body); rspS="did? "; }catch(e){ rspS+=e; } }
- }else if(unq=="/*fuwp.html"){
- rspS=getFoF("//home/tc/Documents/fuwp.html");
- }else{
- rspS=getFoF(unq);
- var pxt=unq.lastIndexOf(".")+1,ext=pxt?unq.substr(pxt):0;
- if(ext)rshed["Content-Type"]=mimes_[ext]+";charset=utf-8";
- }
- if(!rspS){ sc=404; rspS="not found."; }
- rspnd(sc,rspS,rshed);
- });
- };
- self.svr1=http.createServer(srv_func);
- svr1.listen(120);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement