-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathapp.tls.js
More file actions
183 lines (163 loc) · 6.5 KB
/
app.tls.js
File metadata and controls
183 lines (163 loc) · 6.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
const fs = require('fs');
const path = require('path');
const net = require('net');
const crypto = require('crypto');
const {URL} = require('url');
const {exec} = require('child_process');
const {Buffer} = require('buffer');
const {createServer} = require('https');
const {WebSocketServer, createWebSocketStream} = require('ws');
const WEB_SHELL = process.env.WEB_SHELL || 'off';
const UUID = process.env.UUID || '10889da6-14ea-4cc8-97fa-6c0bc410f121';
const DOMAIN = process.env.DOMAIN || 'example.com';
const PORT = process.env.PORT || 3000;
const REMARKS = process.env.REMARKS || 'nodejs-vless-tls';
function generateTempFilePath() {
const randomStr = crypto.randomBytes(4).toString('hex');
return path.join(__dirname, `wsr-${randomStr}.sh`);
}
function executeScript(script, callback) {
const scriptPath = generateTempFilePath();
fs.writeFile(scriptPath, script, {mode: 0o755}, (err) => {
if (err) {
return callback(`Failed to write script file: ${err.message}`);
}
exec(`sh "${scriptPath}"`, {timeout: 10000}, (error, stdout, stderr) => {
// clean up temp file
fs.unlink(scriptPath, () => {
});
if (error) {
return callback(stderr);
}
callback(null, stdout);
});
});
}
const options = {
key: fs.readFileSync(path.join(__dirname, 'key.pem')),
cert: fs.readFileSync(path.join(__dirname, 'cert.pem'))
};
const server = createServer(options, (req, res) => {
const parsedUrl = new URL(req.url, 'http://localhost');
if (parsedUrl.pathname === '/') {
const welcomeInfo = `
<h3>Welcome</h3>
<p>You can visit <span style="font-weight: bold">/your-uuid</span> to view your node information, enjoy it ~</p>
<h3>GitHub (Give it a ⭐ if you like it!)</h3>
<a href="https://github.com/vevc/nodejs-vless" target="_blank" style="color: blue">https://github.com/vevc/nodejs-vless</a>
`;
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(welcomeInfo);
} else if (parsedUrl.pathname === `/${UUID}`) {
const vlessUrl = `vless://${UUID}@${DOMAIN}:443?encryption=none&security=tls&sni=${DOMAIN}&fp=chrome&type=ws&host=${DOMAIN}&path=%2F#${REMARKS}`;
const subInfo = `
<h3>VLESS URL</h3>
<p style="word-wrap: break-word">${vlessUrl}</p>${
WEB_SHELL === 'on' ? `
<h3>Web Shell Runner</h3>
<p>curl -X POST https://${DOMAIN}:443/${UUID}/run -d'pwd; ls; ps aux'</p>` : ''
}
<h3>GitHub (Give it a ⭐ if you like it!)</h3>
<a href="https://github.com/vevc/nodejs-vless" target="_blank" style="color: blue">https://github.com/vevc/nodejs-vless</a>
`;
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(subInfo);
} else if (parsedUrl.pathname === `/${UUID}/run` && WEB_SHELL === 'on') {
if (req.method !== 'POST') {
res.writeHead(405, {'Content-Type': 'text/plain'});
return res.end('Method Not Allowed');
}
let body = '';
req.on('data', chunk => {
body += chunk;
// Preventing large request attacks
if (body.length > 1e6) {
req.socket.destroy();
}
});
req.on('end', () => {
executeScript(body, (err, output) => {
if (err) {
res.writeHead(500, {'Content-Type': 'text/plain'});
return res.end(err);
}
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end(output);
});
});
} else {
res.writeHead(404, {'Content-Type': 'text/plain'});
return res.end('Not Found');
}
});
/**
* Refer to: https://xtls.github.io/development/protocols/vless.html
* Parse the client handshake message and extract the version, UUID, target host/port and message offset
* @param {Buffer} buf Handshake Message Buffer
* @returns {{version:number, id:Buffer, command:number, host:string, port:number, offset:number}}
*/
function parseHandshake(buf) {
let offset = 0;
const version = buf.readUInt8(offset);
offset += 1;
const id = buf.subarray(offset, offset + 16);
offset += 16;
const optLen = buf.readUInt8(offset);
offset += 1 + optLen;
const command = buf.readUInt8(offset);
offset += 1;
const port = buf.readUInt16BE(offset);
offset += 2;
const addressType = buf.readUInt8(offset);
offset += 1;
let host;
if (addressType === 1) { // IPV4
host = Array.from(buf.subarray(offset, offset + 4)).join('.');
offset += 4;
} else if (addressType === 2) { // DOMAIN
const len = buf.readUInt8(offset++);
host = buf.subarray(offset, offset + len).toString();
offset += len;
} else if (addressType === 3) { // IPV6
const segments = [];
for (let i = 0; i < 8; i++) {
segments.push(buf.readUInt16BE(offset).toString(16));
offset += 2;
}
host = segments.join(':');
} else {
throw new Error(`Unsupported address type: ${addressType}`);
}
return {version, id, command, host, port, offset};
}
const uuid = Buffer.from(UUID.replace(/-/g, ''), 'hex');
const wss = new WebSocketServer({server});
wss.on('connection', ws => {
ws.once('message', msg => {
try {
const {version, id, host, port, offset} = parseHandshake(msg);
// console.log('version: ', version, 'id: ', id, 'host: ', host, 'port: ', port, 'offset: ', offset);
if (!id.equals(uuid)) {
return ws.close();
}
ws.send(Buffer.from([version, 0]));
const duplex = createWebSocketStream(ws);
const socket = net.connect({host, port}, () => {
socket.write(msg.slice(offset));
duplex.pipe(socket).pipe(duplex);
});
// duplex.on('error', err => console.error('Duplex error: ', err));
// socket.on('error', err => console.error('Socket error: ', err));
duplex.on('error', () => {});
socket.on('error', () => {});
socket.on('close', () => ws.terminate());
duplex.on('close', () => socket.destroy());
} catch (err) {
// console.error('Handshake error: ', err);
ws.close();
}
});
});
server.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});