Started work on improved device guest sharing.

2025-03-09 15:40:18 +00:00 · 2021-04-09 00:28:02 -07:00 · 2021-04-09 00:28:02 -07:00 · 9bf2e211ab
commit 9bf2e211ab
parent 2ded4c60d5
77 changed files with 2740 additions and 132 deletions
--- a/webserver.js
+++ b/webserver.js
@ -2992,7 +2992,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
    function handleDeviceFile(req, res) {
        const domain = checkUserIpAddress(req, res);
        if (domain == null) { return; }
-        if ((req.query.c == null) || (req.query.m == null) || (req.query.n == null) || (req.query.f == null)) { res.sendStatus(404); return; }
+        if ((req.query.c == null) || (req.query.n == null) || (req.query.f == null)) { res.sendStatus(404); return; }

        // Check the inbound desktop sharing cookie
        var c = obj.parent.decodeCookie(req.query.c, obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
@ -3003,13 +3003,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
        if ((c == user)) { res.sendStatus(404); return; }

        // Check if this user has permission to manage this computer
-        const meshid = 'mesh/' + domain.id + '/' + req.query.m;
-        const nodeid = 'node/' + domain.id + '/' + req.query.n;
-        if ((obj.GetNodeRights(c.userid, meshid, nodeid) & MESHRIGHT_REMOTECONTROL) == 0) { res.sendStatus(404); return; }
+        obj.GetNodeWithRights(domain, user, 'node/' + domain.id + '/' + req.query.n, function (node, rights, visible) {
+            if ((node == null) || ((rights & MESHRIGHT_REMOTECONTROL) == 0) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device

-        // All good, start the file transfer
-        req.query.id = getRandomLowerCase(12);
-        obj.meshDeviceFileHandler.CreateMeshDeviceFile(obj, null, res, req, domain, user, meshid, nodeid);
+            // All good, start the file transfer
+            req.query.id = getRandomLowerCase(12);
+            obj.meshDeviceFileHandler.CreateMeshDeviceFile(obj, null, res, req, domain, user, node.meshid, node._id);
+        });
    }

    // Handle download of a server file by an agent
@ -3301,6 +3301,52 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
        });
    }

+    // Serve the guest sharing page
+    function handleSharingRequest(req, res) {
+        const domain = getDomain(req, res);
+        if (domain == null) { return; }
+        if (req.query.c == null) { res.sendStatus(404); return; }
+        if (domain.guestdevicesharing === false) { res.sendStatus(404); return; } // This feature is not allowed.
+
+        // Check the inbound desktop sharing cookie
+        var c = obj.parent.decodeCookie(req.query.c, obj.parent.invitationLinkEncryptionKey, 60); // 60 minute timeout
+        if ((c == null) || (c.a !== 5) || ((c.p !== 2) && (c.p != null)) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.start != 'number') || (typeof c.expire != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
+
+        // Check the expired time, expire message.
+        if (c.expire <= Date.now()) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
+
+        // Check the public id
+        obj.db.GetAllTypeNodeFiltered([c.nid], domain.id, 'deviceshare', null, function (err, docs) {
+            // Check if any desktop sharing links are present, expire message.
+            if ((err != null) || (docs.length == 0)) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
+
+            // Search for the device share public identifier, expire message.
+            var found = false;
+            for (var i = 0; i < docs.length; i++) { if (docs[i].publicid == c.pid) { found = true; } }
+            if (found == false) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
+
+            // Get information about this node
+            obj.db.Get(c.nid, function (err, nodes) {
+                if ((err != null) || (nodes == null) || (nodes.length != 1)) { res.sendStatus(404); return; }
+                var node = nodes[0];
+
+                // Check the start time, not yet valid message.
+                if ((c.start > Date.now()) || (c.start > c.expire)) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 11, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }
+
+                // Looks good, let's create the outbound session cookies.
+                // Consent flags are 1 = Notify, 8 = Prompt, 64 = Privacy Bar.
+                const authCookie = obj.parent.encodeCookie({ userid: c.uid, domainid: domain.id, nid: c.nid, ip: req.clientIp, p: 2, gn: c.gn, cf: 65 | c.cf, r: 8, expire: c.expire, pid: c.pid, vo: c.vo }, obj.parent.loginCookieEncryptionKey);
+
+                // Lets respond by sending out the desktop viewer.
+                var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
+                parent.debug('web', 'handleDesktopRequest: Sending guest sharing page for \"' + c.uid + '\", guest \"' + c.gn + '\".');
+                res.set({ 'Cache-Control': 'no-store' });
+                render(req, res, getRenderPage('sharing', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: '', domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27'), nodeid: c.nid, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, expire: c.expire, viewOnly: (c.vo == 1) ? 1 : 0, nodeName: encodeURIComponent(node.name) }, req, domain));
+            });
+        });
+    }
+
+
    // Handle domain redirection
    obj.handleDomainRedirect = function (req, res) {
        const domain = checkUserIpAddress(req, res);
@ -5286,6 +5332,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
            obj.app.get(url + 'player', handlePlayerRequest);
            obj.app.get(url + 'desktop', handleDesktopRequest);
            obj.app.get(url + 'terminal', handleTerminalRequest);
+            obj.app.get(url + 'sharing', handleSharingRequest);
            obj.app.ws(url + 'agenttransfer.ashx', handleAgentFileTransfer); // Setup agent to/from server file transfer handler
            obj.app.ws(url + 'meshrelay.ashx', function (ws, req) {
                PerformWSSessionAuth(ws, req, true, function (ws1, req1, domain, user, cookie) {