titaniumnet-mirror/Holy-Unblocker
1
0
Fork 0
mirror of https://github.com/QuiteAFancyEmerald/Holy-Unblocker.git synced 2025-05-13 03:50:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated Alloy Proxy

Browse source 
XSS Fix Update.
This commit is contained in:
TheEmeraldStarr 2020-09-18 10:24:00 -07:00
parent 7070e8eeb3
commit f4f21fdc75
4 changed files with 315 additions and 294 deletions
Download patch file Download diff file Expand all files Collapse all files

84
app.js
View file

@ -6,6 +6,7 @@ var fs = require('fs');
var app = express();
var cookieParser = require('cookie-parser');
var session = require('express-session');
var xss = require("xss");
var config = JSON.parse(fs.readFileSync('config.json', 'utf-8')),
httpsAgent = new https.Agent({
@ -20,8 +21,7 @@ var config = JSON.parse(fs.readFileSync('config.json', 'utf-8')),
server,
port = process.env.PORT || config.port,
ready = (() => {
var a = 'http://',
b = config.listenip;
var a = 'http://', b = config.listenip;
if (config.ssl) a = 'https://';
if (b == '0.0.0.0' || b == '127.0.0.1') b = 'localhost';
console.log('AlloyProxy is now running at', a + b + ':' + port);
@ -35,31 +35,31 @@ else server = http.createServer(app).listen(port, config.listenip, ready);
app.use(cookieParser());
app.use(session({
secret: 'alloy',
saveUninitialized: true,
resave: true
secret: 'alloy',
saveUninitialized: true,
resave: true
}));
app.use((req, res, next) => {
app.use((req, res, next)=>{
// nice bodyparser alternative that wont cough up errors
req.setEncoding('utf8');
req.raw_body = ''
req.body = new Object()
req.on('data', chunk => { req.raw_body += chunk });
req.on('data', chunk=>{ req.raw_body += chunk });
req.on('end', () => {
req.on('end', ()=>{
req.str_body = req.raw_body.toString('utf8');
try {
try{
var result = new Object();
req.str_body.split('&').forEach((pair) => {
req.str_body.split('&').forEach((pair)=>{
pair = pair.split('=');
req.body[pair[0]] = decodeURIComponent(pair[1] || '');
});
} catch (err) {
}catch(err){
req.body = {}
}
@ -98,15 +98,15 @@ function error(statusCode, info) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}: ${info}`)
}
if (info && !statusCode) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error: ${info}`)
return (fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error: ${info}`))
}
if (statusCode && !info) {
return fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}`)
return (fs.readFileSync('alloy/assets/error.html', 'utf8').toString().replace('%ERROR%', `Error ${statusCode}`))
}
return fs.readFileSync('public/assets/error.html', 'utf8').toString().replace('%ERROR%', `An error has occurred!`)
return (fs.readFileSync('public/assets/error.html', 'utf8').toString().replace('%ERROR%', `An error has occurred!`))
}
app.post('/createSession', async(req, res) => {
app.post('/createSession', async (req, res) => {
if (req.body.url.startsWith('//')) {
req.body.url = 'http:' + req.body.url;
} else if (req.body.url.startsWith('https://') || req.body.url.startsWith('http://')) {
@ -124,7 +124,7 @@ app.post('/createSession', async(req, res) => {
var prefix = '/fetch';
app.use(prefix, async(req, res, next) => {
app.use(prefix, async (req, res, next) => {
var location = rewriteURL(req.url.slice(1), 'decode');
if (req.url.startsWith('/rv') && !req.session.rvURL) {
res.send(error('400', 'No valid session URL for reverse proxy mode was found!'))
@ -134,11 +134,11 @@ app.use(prefix, async(req, res, next) => {
}
location = {
href: location,
hostname: location.split('/').splice(2).splice(0, 1).join('/'),
origin: location.split('/').splice(0, 3).join('/'),
origin_encoded: base64Encode(location.split('/').splice(0, 3).join('/')),
path: '/' + location.split('/').splice(3).join('/'),
protocol: location.split('\:').splice(0, 1).join(''),
hostname : location.split('/').splice(2).splice(0, 1).join('/'),
origin : location.split('/').splice(0, 3).join('/'),
origin_encoded : base64Encode(location.split('/').splice(0, 3).join('/')),
path : '/' + location.split('/').splice(3).join('/'),
protocol : location.split('\:').splice(0, 1).join(''),
}
var httpAgent = new http.Agent({
keepAlive: true
@ -172,7 +172,7 @@ app.use(prefix, async(req, res, next) => {
try {
// str_body is a string containing the requests body
options['body'] = req.str_body;
} catch (err) {
}catch(err){
return;
}
}
@ -180,9 +180,9 @@ app.use(prefix, async(req, res, next) => {
location.origin_encoded = 'rv'
}
if (!req.url.startsWith(`/${location.origin_encoded}/`)) {
try {
return res.redirect(307, `/fetch/${location.origin_encoded}/`)
} catch (err) {
try{
return res.redirect(307,`/fetch/${location.origin_encoded}/`)
}catch(err){
return;
}
}
@ -196,8 +196,8 @@ app.use(prefix, async(req, res, next) => {
}
return res.redirect(307, '/fetch/' + base64Encode('https://old.reddit.com') + location.path)
}
const response = await fetch(location.href, options).catch(err => res.send(error('404', `"${location.href}" was not found!`)));
if (typeof response.buffer != 'function') return;
const response = await fetch(location.href, options).catch(err => res.send(error('404', `"${xss(location.href)}" was not found!`)));
if(typeof response.buffer != 'function')return;
var resbody = await response.buffer();
var contentType = 'text/plain'
@ -290,7 +290,7 @@ app.use(prefix, async(req, res, next) => {
res.send(resbody)
})
app.use('/alloy/url/', function(req, res, next) {
app.use('/alloy/url/',function (req, res, next) {
const mainurl = req.url.split('/').slice(1).join('/')
const host = mainurl.split('/').slice(0, 3).join('/')
const buff = new Buffer(host);
@ -301,38 +301,38 @@ app.use('/alloy/url/', function(req, res, next) {
})
app.use('/alloy/', function(req, res, next) {
app.use('/alloy/',function (req, res, next) {
if (req.query.url) {
var clientInput = base64Decode(req.query.url)
var fetchURL;
if (clientInput.startsWith('//')) {
if (req.query.url) {
var clientInput = base64Decode(req.query.url)
var fetchURL;
if (clientInput.startsWith('//')) {
fetchURL = rewriteURL('http:' + clientInput)
} else if (clientInput.startsWith('http://') || clientInput.startsWith('https://')) {
} else if (clientInput.startsWith('http://') || clientInput.startsWith('https://')) {
fetchURL = rewriteURL(clientInput)
} else {
} else {
fetchURL = rewriteURL('http://' + clientInput)
}
}
return res.redirect(307, '/fetch/' + fetchURL)
}
res.sendFile(__dirname + '/alloy' + req.url, function(err) {
}
res.sendFile(__dirname + '/alloy' + req.url, function (err) {
if (err) {
if (req.session.fetchURL) {
return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url)
} else return res.redirect(307, '/')
}
})
})
})
app.use(function(req, res, next) {
res.sendFile(__dirname + '/public' + req.url, function(err) {
app.use(function (req, res, next) {
res.sendFile(__dirname + '/public' + req.url, function (err) {
if (err) {
if (req.session.fetchURL) {
return res.redirect(307, '/fetch/' + req.session.fetchURL + req.url)
} else return res.redirect(307, '/')
}
})
})
});

7
app.json
View file

@ -1,6 +1,7 @@
{
"name": "Holy Unblocker",
"description": "A website that can be used to bypass web filters; both extension and firewall. Hosted on Alloy Proxy. Node Unblocker hosted externally.",
"repository": "https://github.com/QuiteAFancyEmerald/HolyUB/",
"name": "Alloy Proxy",
"description": "A node.js web proxy featuring URL encoding, and amazing compatablity!",
"repository": "https://github.com/titaniumnetwork-dev/alloyproxy/",
"logo": "https://avatars1.githubusercontent.com/u/47227492?s=200&v=4",
"keywords": ["node", "proxy", "unblocker"]
}

25
package-lock.json generated
View file

@ -40,6 +40,11 @@
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
"integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
},
"commander": {
"version": "2.20.3",
"resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
"integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
},
"content-disposition": {
"version": "0.5.3",
"resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
@ -72,6 +77,11 @@
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
"integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
},
"cssfilter": {
"version": "0.0.10",
"resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz",
"integrity": "sha1-xtJnJjKi5cg+AT5oZKQs6N79IK4="
},
"debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@ -277,9 +287,9 @@
"integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
},
"node-fetch": {
"version": "2.6.0",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
"integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
"version": "2.6.1",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
"integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
},
"on-finished": {
"version": "2.3.0",
@ -438,6 +448,15 @@
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
},
"xss": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/xss/-/xss-1.0.8.tgz",
"integrity": "sha512-3MgPdaXV8rfQ/pNn16Eio6VXYPTkqwa0vc7GkiymmY/DqR1SE/7VPAAVZz1GJsJFrllMYO3RHfEaiUGjab6TNw==",
"requires": {
"commander": "^2.20.3",
"cssfilter": "0.0.10"
}
}
}
}

5
package.json
View file

@ -26,7 +26,8 @@
"express": "^4.17.1",
"express-session": "^1.17.1",
"follow-redirects": "^1.13.0",
"node-fetch": "^2.6.0",
"parse-raw-http": "0.0.1"
"node-fetch": ">=2.6.1",
"parse-raw-http": "0.0.1",
"xss": "^1.0.8"
}
}