port, zombie_port, allowed_user_cookie, session_token,

) {

if ( DEBUG.debugAddr ) {

const base = port - 2;

for( let i = base; i < base + 5; i++ ) {

const key = `ADDR_${i}`;

console.log(key, process.env[key]);

}

}

DEBUG.val && console.log(`Starting websocket server on ${port}`);

const app = express();

app.use(compression());

const server_port = parseInt(port);

const StandardCSP = {

defaultSrc: ["'self'"],

imgSrc: [

"'self'",

"data:",

"blob:"

],

mediaSrc: [

"data:",

"'self'",

"https://localhost:*",

"https://*.dosyago.com:*",

"https://browse.cloudtabs.net:*",

...(process.env.TORBB ? [

`https://${process.env[`ADDR_${server_port}`]}:*`, // main service (for data: urls seemingly)

`https://${process.env[`ADDR_${server_port - 2}`]}:*`, // audio onion service

] : [

`https://${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

`https://*.${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

])

],

frameSrc: [

"'self'",

"https://localhost:*",

"https://link.local:*",

"https://browse.cloudtabs.net:*",

"https://*.dosyago.com:*",

...(process.env.TORBB ? [

`https://${process.env[`ADDR_${server_port - 2}`]}:*`, // audio onion service

] : [

`https://*.${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

`https://${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

])

],

connectSrc: [

"'self'",

"wss://*.dosyago.com:*",

"wss://localhost:*",

"wss://link.local:*",

`https://*.dosyago.com:${server_port-1}`,

`https://*.dosyago.com:${server_port+1}`,

"https://browse.cloudtabs.net:*",

"https://browse.cloudtabs.net",

"wss://browse.cloudtabs.net:*",

`https://localhost:${server_port-1}`,

`https://localhost:${server_port+1}`,

`https://link.local:${server_port-1}`,

`https://link.local:${server_port+1}`,

...CONFIG.connectivityTests,

...(process.env.TORBB ? [

`https://${process.env[`ADDR_${server_port}`]}:*`, // main service

`https://${process.env[`ADDR_${server_port - 2}`]}:*`, // audio onion service

`https://${process.env[`ADDR_${server_port + 1}`]}:*`, // devtools

`https://${process.env[`ADDR_${server_port + 2}`]}:*`, // docs

] : [

`https://${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

`https://*.${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

`wss://${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

`wss://*.${process.env.DOMAIN}:*`, // main service (for data: urls seemingly)

]),

// for checking if access via TOR

"https://check.torproject.org/"

],

fontSrc: [

"'self'",

"'unsafe-inline'",

"https://fonts.googleapis.com",

"https://fonts.gstatic.com"

],

styleSrc: [

"'self'",

"'unsafe-inline'",

"https://fonts.googleapis.com",

"https://fonts.gstatic.com"

],

scriptSrc: [

"'self'",

"'unsafe-eval'",

"'unsafe-inline'",

"https://browse.cloudtabs.net:*",

"https://*.dosyago.com:*"

],

scriptSrcAttr: [

"'self'",

"'unsafe-inline'"

],

frameAncestors: [

"'self'",

"https://browse.cloudtabs.net:*",

"https://*.dosyago.com:*",

...ALLOWED_3RD_PARTY_EMBEDDERS

],

objectSrc: ["'none'"],

upgradeInsecureRequests: [],

};

const sockets = new Set();

const websockets = new Set();

const peers = new Set();

let latestMessageId = 0;

if ( ! DEBUG.noSecurityHeaders ) {

app.use(helmet({

contentSecurityPolicy: {

directives: {

defaultSrc: ["'self'"],

imgSrc: [

"'self'",

"data:",

"blob:"

],

mediaSrc: [

"'self'",

"https://*.dosyago.com:*"

],

frameSrc: [

"'self'",

"https://*.dosyago.com:*"

],

connectSrc: [

"'self'",

"wss://*.dosyago.com:*",

"wss://localhost:*",

"https://browse.cloudtabs.net",

`https://*.dosyago.com:${server_port-1}`,

`https://*.dosyago.com:${server_port+1}`,

`https://localhost:${server_port-1}`,

`https://localhost:${server_port+1}`,

...CONFIG.connectivityTests

],

fontSrc: [

"'self'",

"'unsafe-inline'",

"https://fonts.googleapis.com",

"https://fonts.gstatic.com"

],

styleSrc: [

"'self'",

"'unsafe-inline'",

"https://fonts.googleapis.com",

"https://fonts.gstatic.com"

],

scriptSrc: [

"'self'",

"'unsafe-eval'",

"'unsafe-inline'",

"https://*.dosyago.com:*"

],

scriptSrcAttr: [

"'self'",

"'unsafe-inline'"

],

frameAncestors: [

"'self'",

"https://*.dosyago.com:*",

...ALLOWED_3RD_PARTY_EMBEDDERS

],

objectSrc: ["'none'"],

upgradeInsecureRequests: [],

},

reportOnly: false,

},

frameguard: FRAME_LIMIT

}));

app.use(helmet({

contentSecurityPolicy: {

directives: StandardCSP,

reportOnly: false,

},

frameguard: FRAME_LIMIT

}));

app.use(helmet.hsts({

maxAge: 0

}));

}

const CrossOriginSecure = helmet({

crossOriginResourcePolicy: {

policy: 'cross-origin'

},

contentSecurityPolicy: {

directives: StandardCSP,

reportOnly: false,

},

frameguard: FRAME_LIMIT

});

const SEC_HEADERS = DEBUG.noSecurityHeaders ? [Cors] : [Cors, CrossOriginSecure];

const OPEN_HEADERS = [Cors, CrossOriginOpen];

app.use(RateLimiter);

app.use(bodyParser.urlencoded({extended:true}));

app.use(bodyParser.json());

app.use(cookieParser());

app.use(upload.array("files", 10));

app.use((req, res, next) => {

const newOrigin = `${req.protocol}://${req.headers.host}`;

if ( newOrigin !== serverOrigin ) {

serverOrigin = newOrigin;

DEBUG.showOrigin && console.log({serverOrigin});

}

next();

});

// serve assets that can be injected into pages

app.get('/assets/*path', OPEN_HEADERS, (req, res, next) => next());

if ( start_mode == "signup" ) {

app.get("/", (req,res) => res.sendFile(path.join(APP_ROOT, 'public', 'index.html')));

} else {

if ( DEBUG.mode == 'dev' ) {

app.get("/", SEC_HEADERS, (req,res) => res.sendFile(path.join(APP_ROOT, 'public', 'image.html')));

} else {

app.get("/", SEC_HEADERS, (req,res) => res.sendFile(path.join(APP_ROOT, '..', 'dist', 'image.html')));

}

app.get("/login", SEC_HEADERS, (req,res) => {

console.log('login', req.query);

const {ui: ui = 'true',token,ran: ran = Math.random(),url:Url} = req.query;

DEBUG.debugCookie && console.log({token, session_token});

if ( token == session_token ) {

res.cookie(COOKIENAME+port, allowed_user_cookie, COOKIE_OPTS);

DEBUG.debugCookie && console.log('set cookie', COOKIENAME+port, allowed_user_cookie, COOKIE_OPTS);

let url;

url = `/?ran=${ran||Math.random()}&ui=${ui}#${session_token}`;

if ( process.env.TORBB ) {

const zVal = encodeURIComponent(btoa(JSON.stringify({

x: process.env[`ADDR_${server_port-2}`], // audio port onion service

y: process.env[`ADDR_${server_port+1}`], // devtools port onion service

})));

if ( !! Url ) {

url = `/?url=${encodeURIComponent(Url)}&z=${zVal}&ran=${ran||Math.random()}&ui=${ui}#${session_token}`;

} else {

url = `/?ran=${ran||Math.random()}&z=${zVal}&ui=${ui}#${session_token}`;

}

} else if ( !! Url ) {

url = `/?url=${encodeURIComponent(Url)}&ran=${ran||Math.random()}&ui=${ui}#${session_token}`;

}

console.log({url});

const userAgent = req.headers['user-agent'];

const isSafari = SafariPlatform.test(userAgent);

if ( isSafari && DEBUG.ensureRSA_for_3PC ) { // ensure request storage access for 3rd-party cookies

res.type('html');

res.end(SafariPermissionLoader());

} else {

res.redirect(url);

}

} else {

res.type("html");

res.status(401);

if ( session_token == 'token2' ) {

res.end(`Incorrect token, not token2. <a href=/login?token=token2>Try again.</a>`);

} else {

res.end(`Incorrect token. <a href=https://${req.hostname}/>Try again.</a>`);

}

}

});

app.get("/local_cookie.js", SEC_HEADERS, (req,res) => {

console.log('local cookie', req.query);

const {ui: ui = 'true',token,ran: ran = Math.random(),url:Url} = req.query;

DEBUG.debugCookie && console.log({token, session_token});

if ( token == session_token ) {

res.type('application/javascript');

const userAgent = req.headers['user-agent'];

const isSafari = SafariPlatform.test(userAgent);

if ( isSafari || DEBUG.useLocalAuthInPrepFor_3PC_PhaseOut ) {

res.send(`

} else {

res.send(`

}

} else {

res.type("html");

if ( session_token == 'token2' ) {

res.end(`Incorrect token, not token2. <a href=/login?token=token2>Try again.</a>`);

} else {

res.end(`Incorrect token. <a href=https://${req.hostname}/>Try again.</a>`);

}

}

});

app.get("/SPLlogin", (req,res) => {

const {token,ran,url:Url} = req.query;

if ( token == session_token ) {

res.cookie(COOKIENAME+port, allowed_user_cookie, COOKIE_OPTS);

let url;

url = `/?ran=${ran||Math.random()}#${session_token}`;

if ( !! Url ) {

url = `/?url=${encodeURIComponent(Url)}&ran=${ran||Math.random()}#${session_token}`;

}

res.redirect(url);

} else {

res.type("html");

if ( session_token == 'token2' ) {

res.end(`Incorrect token, not token2. <a href=/login?token=token2>Try again.</a>`);

} else {

res.end(`Incorrect token. <a href=https://${req.hostname}/>Try again.</a>`);

}

}

});

app.get("/pptr", (req,res) => {

res.type('html');

res.end(`

});

app.get("/SPLgenerate", (req,res) => {

res.cookie('SPL-cookie'+port, Date.now().toString(36), COOKIE_OPTS);

res.sendFile(path.resolve(APP_ROOT,...(DEBUG.mode === 'dev' ? ['public', 'assets'] : ['..', 'dist', 'assets']),'SPL2.html'));

});

}

/*

app.use(express.static(path.resolve(APP_ROOT, ...(DEBUG.mode === 'dev' ? ['public'] : ['..', 'dist']))));

try {

SAFARI_PERMISSION_LOADER_HTML = fs.readFileSync(path.resolve(APP_ROOT,...(DEBUG.mode === 'dev' ? ['public', 'assets'] : ['..', 'dist', 'assets']),'SPL.html'));

} catch(e) {

console.warn(`Could not find SafariPermissionLoader HTML file. Hope you don't need to support Safari!`);

}

const secure_options = {};

try {

const sec = {

key: fs.readFileSync(path.resolve(CONFIG.sslcerts(server_port), 'privkey.pem')),

cert: fs.readFileSync(path.resolve(CONFIG.sslcerts(server_port), 'fullchain.pem')),

ca: fs.existsSync(path.resolve(CONFIG.sslcerts(server_port), 'chain.pem')) ?

fs.readFileSync(path.resolve(CONFIG.sslcerts(server_port), 'chain.pem'))

:

undefined

};

Object.assign(secure_options, sec);

} catch(e) {

console.warn(`No certs found so will use insecure no SSL.`);

console.log(secure_options, CONFIG.sslcerts(server_port));

}

const secure = secure_options.cert && secure_options.key;

const server = protocol.createServer.apply(protocol, GO_SECURE && secure ? [secure_options, app] : [app]);

const wss = new WebSocketServer({

server,

perMessageDeflate: false

});

let shuttingDown = false;

const shutDown = async (sig) => {

console.log(`Shutdown requested. Signal: ${sig}`);

if ( shuttingDown ) return;

shuttingDown = true;

server.close(() => console.info(`Server closed on SIGINT`));

peers.forEach(peer => {

try {

peer.destroy(`Server going down.`);

} catch(e) {

DEBUG.debugConnect && console.info(`Error closing peer`, e, peer);

}

});

websockets.forEach(ws => {

try {

ws.close(1001, "server going down");

} catch(e) {

DEBUG.debugConnect && console.info(`Error closing websocket`, e, ws);

}

});

sockets.forEach(socket => {

try { socket.destroy() } catch(e) {

DEBUG.socDebug && console.warn(`MAIN SERVER: port ${server_port}, error closing socket`, e)

}

});

await releaseLicense();

process.exit(0);

};

server.on('connection', socket => {

sockets.add(socket);

socket.on('close', () => sockets.delete(socket));

});

server.on('upgrade', (req, socket, head) => {

sockets.add(socket);

socket.on('close', () => sockets.delete(socket));

socket.setNoDelay(true);

});

wss.on('connection', async (ws, req) => {

const connectionId = Math.random().toString(36) + (+ new Date).toString(36);

const url = new URL(req.url, `${req.protocol}://${req.headers.host}`);

const qp = url.searchParams.get('session_token');

const cookie = req.headers.cookie;

let query;

try {

query = new URL(req.url).searchParams;

} catch(e) {

query = new URL(`https://localhost${req.url}`).searchParams;

}

const localCookie = url.searchParams.get(COOKIENAME+port) || req.headers['x-browserbox-local-auth'] || query.get('localCookie');

const IP = req.connection.remoteAddress;

let closed = false;

DEBUG.val && console.log({wsConnected:{cookie, localCookie, qp, IP}});

zl.act.saveIP(IP);

const validAuth = (cookie && cookie.includes(`${COOKIENAME+port}=${allowed_user_cookie}`)) ||

(qp && qp == session_token) || (localCookie == allowed_user_cookie);

if( validAuth ) {

DEBUG.debugConnect && console.log(`Check 1`);

await zl.act.addLink({so, forceMeta}, {connectionId, fastest: null, peer: null, socket:ws}, zombie_port);

DEBUG.debugConnect && console.log(`Check 2`);

forceMeta({

multiplayer: {

onlineCount: zl.act.linkStats(zombie_port).onlineCount

}

});

stopShutdownTimer();

DEBUG.debugConnect && console.log(`Check 3`);

let peer;

zl.life.onDeath(zombie_port, () => {

console.info("Zombie/chrome closed or crashed.");

zl.act.deleteConnection(zombie_port);

if ( fs.existsSync(path.join(os.homedir(), 'restart_chrome')) ) {

fs.unlinkSync(path.join(os.homedir(), 'restart_chrome'));

console.log(`Restarting chrome on request`);

const MAX_RETRIES = 10;

let count = 0;

restart();

async function restart() {

let port;

try {

({port} = await zl.life.newZombie({port: zombie_port}));

} catch(e) {

console.warn(`Error starting chrome`);

zl.life.kill(zombie_port);

}

if ( port != zombie_port ) {

console.log(`Zombie port mismatch`, {zombie_port, acquired_port: port});

if ( port ) {

zl.life.kill(port);

}

await sleep(500);

if ( count++ < MAX_RETRIES ) {

console.log(`Retrying...`);

setTimeout(() => restart(), 0);

} else {

console.warn(new Error(`Failed to restart chrome. Retry count exceeded`));

}

}

}

}

//console.log("Closing as zombie crashed.");

//ws.close();

});

ws.on('close', () => {

DEBUG.debugConnect && console.log(`Check 8`);

websockets.delete(ws);

closed = true;

ws = null;

peer && peer.destroy(new Error(`Main communication WebSocket closed.`));

console.log(`Clients connected now: ${websockets.size}`);

if ( websockets.size === 0 ) {

startShutdownTimer();

}

peer = null;

zl.act.addLink({so, forceMeta}, {connectionId, peer: null, socket:null}, zombie_port);

zl.act.deleteLink({connectionId}, zombie_port);

zl.act.fanOut(socket => so(

socket,

{

meta:[

{

multiplayer: {

onlineCount: zl.act.linkStats(zombie_port).onlineCount

}

}

]

}

), zombie_port);

});

ws.on('message', message => {

// possible improvement to simplicity and efficiency

// creating a function for EVERY message call is probably really inefficient

// I know my servers run low CPU and low memory but this might be better somehow

// still I prioritize simplicity, reliability and maintainability over cleverness

// and performance optimization where performance does not impact usability

const func = async () => {

const Data = [], Frames = [], Meta = [], State = {};

message = JSON.parse(message);

DEBUG.cnx && console.log(message);

const {fastestChannel, copeer, zombie, tabs, messageId, viewport} = message;

let {screenshotAck} = message;

latestMessageId = messageId;

try {

if ( fastestChannel ) {

if ( DEBUG.chooseFastest ) {

if ( fastestChannel.websocket ) {

DEBUG.logFastest && console.log(`Fastest is websocket`);

zl.act.addLink({so, forceMeta}, {connectionId, fastest: ws, peer, socket:ws}, zombie_port);

} else if ( fastestChannel.webrtcpeer ) {

DEBUG.logFastest && console.log(`Fastest is webrtc`);

zl.act.addLink({so, forceMeta}, {connectionId, fastest: peer, peer, socket:ws}, zombie_port);

} else {

console.warn(`Unknown fastest channel`, fastestChannel);

}

}

}

if ( screenshotAck ) {

(DEBUG.debugCast || DEBUG.acks) && console.log('client sent screenshot ack', screenshotAck);

if ( screenshotAck == 1 ) {

(DEBUG.debugCast || DEBUG.acks) && console.log('client sent screenshot no frame received code');

screenshotAck = { frameId: 1, requiresCastId: true }

}

if ( !screenshotAck.requiresCastId || DEBUG.allowAckBlastOnStart ) {

zl.act.screenshotAck(

connectionId,

zombie_port,

screenshotAck,

{Data, Frames, Meta, State, receivesFrames: false, messageId}

);

}

}

if ( zombie ) {

const {events} = zombie;

let {receivesFrames} = zombie;

if ( receivesFrames ) {

// switch it on in DEBUG and save it on the websocket for all future events

ws.receivesFrames = receivesFrames;

} else {

receivesFrames = ws.receivesFrames;

}

// debug

DEBUG.val > DEBUG.med &&

console.log(`Starting ${events.length} events for message ${messageId}`);

await eventSendLoop(events, {Data, Frames, Meta, State, receivesFrames, messageId, connectionId});

// debug

DEBUG.val > DEBUG.med &&

console.log(`Ending ${events.length} events for message ${messageId}\n`);

const {totalBandwidth} = State;

if ( DEBUG.sendFramesWhenTheyArrive ) {

zl.act.fanOut(socket => so(

socket,

{messageId, data:Data, frameBuffer:[], meta:Meta, totalBandwidth}

), zombie_port);

} else {

if ( DEBUG.binaryFrames ) {

if ( DEBUG.cwebp && ! zl.act.isSafari(zombie_port) ) {

console.warn(`Not currently supported due to when dependency of cwebp not correctly building in esbuild

/*

} else {

for( let frame of Frames ) {

so(DEBUG.useWebRTC && peer ? peer : ws,frame);

}

}

zl.act.fanOut(

socket => so(

socket,

{messageId, data:Data, frameBuffer: [], meta:Meta, totalBandwidth}

),

zombie_port

);

} else {

zl.act.fanOut(socket => so(

socket,

{messageId, data:Data, frameBuffer:Frames, meta:Meta, totalBandwidth}

), zombie_port);