Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Complex file HTTP server.
Early WIP.
This project is at the early stage. Simplified installation should be added later.
Now supporting GNU/Linux. BSD users might see problems.
All config files are stored in ~/.config/cfhs-js
.
It may contain multiple directories; each of them represent one instance.
Each instance has 3 files:
conf
dirs
tokens
conf
This is where main configuration options reside. Now only the port number is configurable.
Example:
Port=1453
ServerName=Example HTTP File Server
UrlPrefix=http://127.0.0.1:1453
This is not shell script, so no need to quote or escape for space characters.
You have to write port number in UrlPrefix
again, unless it is the default
port of the protocol specified afore. While this program is supposed to listen
at a harmless port, users might need to visit through Nginx which listens at
80 or 443, according to your specific setup.
dirs
Write a list of directories to be shared. Use absolute paths.
Example:
/tmp/cfhs-default:abcd
/tmp/cfhs-new
Optionally append :abcd
at the end of a line to let it appear as abcd
in the
root index.
In the example, the 2 directories will appear as abcd
and cfhs-new
in the
root index.
tokens
Users should not touch this file. The program manages tokens.
This file is a CSV with 5 columns:
Index | Field Name | Details |
---|---|---|
0 | Timestamp | Timestamp of generation. |
1 | Type | Single uppercase letter. A for admin; V for visitor. |
2 | Token | UUID with hyphen. |
3 | Path | The path which this token is authorized to access. |
4 | Expiry | The expiry date, ISO 8601 format, initial 19 characters. |
cfhs-js-ctl new MyInstanceName
This will create the instance configuration directory.
cfhs-js-ctl start MyInstanceName
cfhs-js-ctl end MyInstanceName
You may start and stop instances with the 2 subcommands.
cfhs-js-ctl status-all
The program cfhsctl
is a small script to manage configrations and processes.
It starts and ends serverd.js
processes, which actually accepts HTTP requests.
Since this project is an early-stage WIP, you may prefer to use serverd.js
with manual configuration, instead of playing with cfhsctl
.
Tokens include admin tokens and visitor tokens. Admin tokens can be used to generate visitor tokens.
Admin tokens can access all directories and files, but visitor tokens can only access the directories which they are authorized.
Both programs create tokens.
When a user visits a page, the URL should include a token. If the token is an admin token, or a visitor token with correct access at the path, the user will be allowed to see the index of the directory or download the file. When navigating from page to page, the token will be preserved in the URL.
Copyright (c) 2021 Neruthes.
Published under GNU GPLv2. See file LICENSE
.
FAQs
Complex HTTP File Server
The npm package cfhs-js receives a total of 0 weekly downloads. As such, cfhs-js popularity was classified as not popular.
We found that cfhs-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.