titaniumnet-mirror/Holy-Unblocker
1
0
Fork 0
mirror of https://github.com/QuiteAFancyEmerald/Holy-Unblocker.git synced 2025-05-13 12:00:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated Alloy Proxy

Browse source 
XSS Fix Update.
This commit is contained in:
TheEmeraldStarr 2020-09-18 10:24:00 -07:00
parent 7070e8eeb3
commit f4f21fdc75
4 changed files with 315 additions and 294 deletions
Download patch file Download diff file Expand all files Collapse all files

84
app.js
View file

@ -6,6 +6,7 @@ var fs = require('fs');
var app = express(); var app = express();
var cookieParser = require('cookie-parser'); var cookieParser = require('cookie-parser');
var session = require('express-session'); var session = require('express-session');
var xss = require("xss");
var config = JSON.parse(fs.readFileSync('config.json', 'utf-8')), var config = JSON.parse(fs.readFileSync('config.json', 'utf-8')),
httpsAgent = new https.Agent({ httpsAgent = new https.Agent({
@ -20,8 +21,7 @@ var config = JSON.parse(fs.readFileSync('config.json', 'utf-8')),
server, server,
port = process.env.PORT || config.port, port = process.env.PORT || config.port,
ready = (() => { ready = (() => {
var a = 'http://', var a = 'http://', b = config.listenip;
b = config.listenip;
if (config.ssl) a = 'https://'; if (config.ssl) a = 'https://';
if (b == '0.0.0.0' || b == '127.0.0.1') b = 'localhost'; if (b == '0.0.0.0' || b == '127.0.0.1') b = 'localhost';
console.log('AlloyProxy is now running at', a + b + ':' + port); console.log('AlloyProxy is now running at', a + b + ':' + port);
@ -35,31 +35,31 @@ else server = http.createServer(app).listen(port, config.listenip, ready);
app.use(cookieParser()); app.use(cookieParser());
app.use(session({ app.use(session({
secret: 'alloy', secret: 'alloy',
saveUninitialized: true, saveUninitialized: true,
resave: true resave: true
})); }));
app.use((req, res, next) => { app.use((req, res, next)=>{
// nice bodyparser alternative that wont cough up errors // nice bodyparser alternative that wont cough up errors
req.setEncoding('utf8'); req.setEncoding('utf8');
req.raw_body = '' req.raw_body = ''
req.body = new Object() req.body = new Object()
req.on('data', chunk => { req.raw_body += chunk }); req.on('data', chunk=>{ req.raw_body += chunk });
req.on('end', () => { req.on('end', ()=>{
req.str_body = req.raw_body.toString('utf8'); req.str_body = req.raw_body.toString('utf8');
try { try{
var result = new Object(); var result = new Object();
req.str_body.split('&').forEach((pair) => { req.str_body.split('&').forEach((pair)=>{
pair = pair.split('='); pair = pair.split('=');
req.body[pair[0]] = decodeURIComponent(pair[1] || ''); req.body[pair[0]] = decodeURIComponent(pair[1] || '');
}); });
} catch (err) { }catch(err){
req.body = {} req.body = {}
} }
@ -98,15 +98,15 @@ function error(statusCode, info) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}: ${info}`) return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}: ${info}`)
} }
if (info && !statusCode) { if (info && !statusCode) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error: ${info}`) return (fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error: ${info}`))
} }
if (statusCode && !info) { if (statusCode && !info) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}`) return (fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}`))
} }
return fs.readFileSync('public/assets/error.html', 'utf8').toString().replace('%ERROR%', `An error has occurred!`) return (fs.readFileSync('public/assets/error.html', 'utf8').toString().replace('%ERROR%', `An error has occurred!`))
} }
app.post('/createSession', async(req, res) => { app.post('/createSession', async (req, res) => {
if (req.body.url.startsWith('//')) { if (req.body.url.startsWith('//')) {
req.body.url = 'http:' + req.body.url; req.body.url = 'http:' + req.body.url;
} else if (req.body.url.startsWith('https://') || req.body.url.startsWith('http://')) { } else if (req.body.url.startsWith('https://') || req.body.url.startsWith('http://')) {
@ -124,7 +124,7 @@ app.post('/createSession', async(req, res) => {
var prefix = '/fetch'; var prefix = '/fetch';
app.use(prefix, async(req, res, next) => { app.use(prefix, async (req, res, next) => {
var location = rewriteURL(req.url.slice(1), 'decode'); var location = rewriteURL(req.url.slice(1), 'decode');
if (req.url.startsWith('/rv') && !req.session.rvURL) { if (req.url.startsWith('/rv') && !req.session.rvURL) {
res.send(error('400', 'No valid session URL for reverse proxy mode was found!')) res.send(error('400', 'No valid session URL for reverse proxy mode was found!'))
@ -134,11 +134,11 @@ app.use(prefix, async(req, res, next) => {
} }
location = { location = {
href: location, href: location,
hostname: location.split('/').splice(2).splice(0, 1).join('/'), hostname : location.split('/').splice(2).splice(0, 1).join('/'),
origin: location.split('/').splice(0, 3).join('/'), origin : location.split('/').splice(0, 3).join('/'),
origin_encoded: base64Encode(location.split('/').splice(0, 3).join('/')), origin_encoded : base64Encode(location.split('/').splice(0, 3).join('/')),
path: '/' + location.split('/').splice(3).join('/'), path : '/' + location.split('/').splice(3).join('/'),
protocol: location.split('\:').splice(0, 1).join(''), protocol : location.split('\:').splice(0, 1).join(''),
} }
var httpAgent = new http.Agent({ var httpAgent = new http.Agent({
keepAlive: true keepAlive: true
@ -172,7 +172,7 @@ app.use(prefix, async(req, res, next) => {
try { try {
// str_body is a string containing the requests body // str_body is a string containing the requests body
options['body'] = req.str_body; options['body'] = req.str_body;
} catch (err) { }catch(err){
return; return;
} }
} }
@ -180,9 +180,9 @@ app.use(prefix, async(req, res, next) => {
location.origin_encoded = 'rv' location.origin_encoded = 'rv'
} }
if (!req.url.startsWith(`/${location.origin_encoded}/`)) { if (!req.url.startsWith(`/${location.origin_encoded}/`)) {
try { try{
return res.redirect(307, `/fetch/${location.origin_encoded}/`) return res.redirect(307,`/fetch/${location.origin_encoded}/`)
} catch (err) { }catch(err){
return; return;
} }
} }
@ -196,8 +196,8 @@ app.use(prefix, async(req, res, next) => {
} }
return res.redirect(307, '/fetch/' + base64Encode('https://old.reddit.com') + location.path) return res.redirect(307, '/fetch/' + base64Encode('https://old.reddit.com') + location.path)
} }
const response = await fetch(location.href, options).catch(err => res.send(error('404', `"${location.href}" was not found!`))); const response = await fetch(location.href, options).catch(err => res.send(error('404', `"${xss(location.href)}" was not found!`)));
if (typeof response.buffer != 'function') return; if(typeof response.buffer != 'function')return;
var resbody = await response.buffer(); var resbody = await response.buffer();
var contentType = 'text/plain' var contentType = 'text/plain'
@ -290,7 +290,7 @@ app.use(prefix, async(req, res, next) => {
res.send(resbody) res.send(resbody)
}) })
app.use('/alloy/url/', function(req, res, next) { app.use('/alloy/url/',function (req, res, next) {
const mainurl = req.url.split('/').slice(1).join('/') const mainurl = req.url.split('/').slice(1).join('/')
const host = mainurl.split('/').slice(0, 3).join('/') const host = mainurl.split('/').slice(0, 3).join('/')
const buff = new Buffer(host); const buff = new Buffer(host);
@ -301,38 +301,38 @@ app.use('/alloy/url/', function(req, res, next) {
}) })
app.use('/alloy/', function(req, res, next) { app.use('/alloy/',function (req, res, next) {
if (req.query.url) { if (req.query.url) {
var clientInput = base64Decode(req.query.url) var clientInput = base64Decode(req.query.url)
var fetchURL; var fetchURL;
if (clientInput.startsWith('//')) { if (clientInput.startsWith('//')) {
fetchURL = rewriteURL('http:' + clientInput) fetchURL = rewriteURL('http:' + clientInput)
} else if (clientInput.startsWith('http://') || clientInput.startsWith('https://')) { } else if (clientInput.startsWith('http://') || clientInput.startsWith('https://')) {
fetchURL = rewriteURL(clientInput) fetchURL = rewriteURL(clientInput)
} else { } else {
fetchURL = rewriteURL('http://' + clientInput) fetchURL = rewriteURL('http://' + clientInput)
} }
return res.redirect(307, '/fetch/' + fetchURL) return res.redirect(307, '/fetch/' + fetchURL)
} }
res.sendFile(__dirname + '/alloy' + req.url, function(err) { res.sendFile(__dirname + '/alloy' + req.url, function (err) {
if (err) { if (err) {
if (req.session.fetchURL) { if (req.session.fetchURL) {
return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url) return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url)
} else return res.redirect(307, '/') } else return res.redirect(307, '/')
} }
}) })
}) })
app.use(function(req, res, next) { app.use(function (req, res, next) {
res.sendFile(__dirname + '/public' + req.url, function(err) { res.sendFile(__dirname + '/public' + req.url, function (err) {
if (err) { if (err) {
if (req.session.fetchURL) { if (req.session.fetchURL) {
return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url) return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url)
} else return res.redirect(307, '/') } else return res.redirect(307, '/')
} }
}) })
}); });

7
app.json
View file

@ -1,6 +1,7 @@
{ {
"name": "Holy Unblocker", "name": "Alloy Proxy",
"description": "A website that can be used to bypass web filters; both extension and firewall. Hosted on Alloy Proxy. Node Unblocker hosted externally.", "description": "A node.js web proxy featuring URL encoding, and amazing compatablity!",
"repository": "https://github.com/QuiteAFancyEmerald/HolyUB/", "repository": "https://github.com/titaniumnetwork-dev/alloyproxy/",
"logo": "https://avatars1.githubusercontent.com/u/47227492?s=200&v=4",
"keywords": ["node", "proxy", "unblocker"] "keywords": ["node", "proxy", "unblocker"]
} }

25
package-lock.json generated
View file

@ -40,6 +40,11 @@
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
"integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==" "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
}, },
"commander": {
"version": "2.20.3",
"resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
"integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
},
"content-disposition": { "content-disposition": {
"version": "0.5.3", "version": "0.5.3",
"resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
@ -72,6 +77,11 @@
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
"integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
}, },
"cssfilter": {
"version": "0.0.10",
"resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz",
"integrity": "sha1-xtJnJjKi5cg+AT5oZKQs6N79IK4="
},
"debug": { "debug": {
"version": "2.6.9", "version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@ -277,9 +287,9 @@
"integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==" "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
}, },
"node-fetch": { "node-fetch": {
"version": "2.6.0", "version": "2.6.1",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
"integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==" "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
}, },
"on-finished": { "on-finished": {
"version": "2.3.0", "version": "2.3.0",
@ -438,6 +448,15 @@
"version": "1.1.2", "version": "1.1.2",
"resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
},
"xss": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/xss/-/xss-1.0.8.tgz",
"integrity": "sha512-3MgPdaXV8rfQ/pNn16Eio6VXYPTkqwa0vc7GkiymmY/DqR1SE/7VPAAVZz1GJsJFrllMYO3RHfEaiUGjab6TNw==",
"requires": {
"commander": "^2.20.3",
"cssfilter": "0.0.10"
}
} }
} }
} }

5
package.json
View file

@ -26,7 +26,8 @@
"express": "^4.17.1", "express": "^4.17.1",
"express-session": "^1.17.1", "express-session": "^1.17.1",
"follow-redirects": "^1.13.0", "follow-redirects": "^1.13.0",
"node-fetch": "^2.6.0", "node-fetch": ">=2.6.1",
"parse-raw-http": "0.0.1" "parse-raw-http": "0.0.1",
"xss": "^1.0.8"
} }
} }