From 9069fa2123c2b92af929b8f0d685c53154aae95f Mon Sep 17 00:00:00 2001 From: DeNNii Date: Fri, 16 Jan 2026 18:24:04 +1100 Subject: [PATCH] Optimize architecture: Nginx now proxies everything to Node; added static file support for all assets --- proxy-server.js | 62 +++++++++++++++++++++++++++++++++++-------------- script.js | 8 +++---- 2 files changed, 47 insertions(+), 23 deletions(-) diff --git a/proxy-server.js b/proxy-server.js index e11deb9..e763e0f 100644 --- a/proxy-server.js +++ b/proxy-server.js @@ -118,33 +118,59 @@ if (cluster.isMaster) { } // Serve static files for the UI - if (req.method === 'GET' && (req.url === '/' || req.url === '/index.html' || req.url === '/script.js' || req.url.startsWith('/script.js?') || req.url === '/styles.css' || req.url === '/worker.js')) { + if (req.method === 'GET') { let requestPath = req.url.split('?')[0]; let filePath = '.' + requestPath; if (requestPath === '/') filePath = './index.html'; - const extname = path.extname(filePath); - let contentType = 'text/html'; - switch (extname) { - case '.js': contentType = 'text/javascript'; break; - case '.css': contentType = 'text/css'; break; + // Basic security: don't allow accessing files outside the directory or sensitive files + const resolvedPath = path.resolve(filePath); + const rootPath = path.resolve('.'); + + if (!resolvedPath.startsWith(rootPath) || filePath.includes('..')) { + res.writeHead(403); + res.end('Forbidden'); + return; } - fs.readFile(filePath, (error, content) => { - if (error) { - if (error.code == 'ENOENT') { - res.writeHead(404); - res.end('File not found'); - } else { - res.writeHead(500); - res.end('Error loading file: ' + error.code); - } + fs.access(filePath, fs.constants.F_OK, (err) => { + if (!err) { + const extname = path.extname(filePath).toLowerCase(); + let contentType = 'text/html'; + const mimeTypes = { + '.js': 'text/javascript', + '.css': 'text/css', + '.png': 'image/png', + '.jpg': 'image/jpeg', + '.svg': 'image/svg+xml', + '.json': 'application/json' + }; + contentType = mimeTypes[extname] || 'text/plain'; + + fs.readFile(filePath, (error, content) => { + if (!error) { + res.writeHead(200, { 'Content-Type': contentType }); + res.end(content, 'utf-8'); + } else { + res.writeHead(500); + res.end('Server Error'); + } + }); + } else if (req.url === '/health' || req.url === '//health' || (req.url === '/git-info' || req.url === '//git-info')) { + // Handled by other logic (keep going) + } else if (req.url === '/') { + // Fallback for root if index.html doesn't exist? (Unlikely) } else { - res.writeHead(200, { 'Content-Type': contentType }); - res.end(content, 'utf-8'); + // Not a static file, maybe fall through to POST check } }); - return; + + // Special handling for health and git-info which are GET but not files + if (req.url.includes('/health') || req.url.includes('/git-info')) { + // Let it fall through to those handlers + } else { + return; + } } // Only allow POST requests to the proxy diff --git a/script.js b/script.js index acc5099..5e22d0c 100644 --- a/script.js +++ b/script.js @@ -38,11 +38,9 @@ class StressTestingTool { requestBody: null, thinkTime: 1000, proxyUrl: - window.location.protocol === "file:" || - window.location.hostname === "localhost" || - window.location.hostname === "127.0.0.1" - ? "http://localhost:3000" - : "/proxy", + window.location.protocol.startsWith('http') + ? window.location.origin + : "http://localhost:3000", // Crawler settings crawlerEnabled: false,