diff --git a/.dockerignore b/.dockerignore index 5db08b7bf..77470feb1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -32,7 +32,6 @@ tsconfig.json /extra/healthcheck.exe /extra/healthcheck /extra/exe-builder -/extra/push-examples /extra/uptime-kuma-push # Comment the following line if you want to rebuild the healthcheck binary diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..bd9dfe4ef --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,2 @@ +--- +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/security.md b/.github/ISSUE_TEMPLATE/security.md deleted file mode 100644 index 708670e85..000000000 --- a/.github/ISSUE_TEMPLATE/security.md +++ /dev/null @@ -1,17 +0,0 @@ ---- - -name: "Security Issue" -about: "Just for alerting @louislam, do not provide any details here" -title: "Security Issue" -ref: "main" -labels: - -- security - ---- - -DO NOT PROVIDE ANY DETAILS HERE. Please privately report to https://github.com/louislam/uptime-kuma/security/advisories/new. - -Why need this issue? It is because GitHub Advisory do not send a notification to @louislam, it is a workaround to do so. - -Your GitHub Advisory URL: diff --git a/.github/ISSUE_TEMPLATE/security_issue.yml b/.github/ISSUE_TEMPLATE/security_issue.yml new file mode 100644 index 000000000..0104f9c3c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/security_issue.yml @@ -0,0 +1,45 @@ +--- +name: "🛡️ Security Issue" +description: | + Notify Louis Lam about a security concern. Please do NOT include any sensitive details in this issue. +# title: "Security Issue" +labels: [security] +assignees: [louislam] +body: + - type: "markdown" + attributes: + value: | + ## **⚠️ Report a Security Vulnerability** + + ### **IMPORTANT: DO NOT SHARE VULNERABILITY DETAILS HERE** + + If you have discovered a security vulnerability, please report it securely using the GitHub Security Advisory. + + **Note**: This issue is only for notifying the maintainers of the repository, as the GitHub Security Advisory does not automatically send notifications. + + - **Confidentiality**: The information you provide in the GitHub Security Advisory will initially remain confidential. However, once the vulnerability is addressed, the advisory will be publicly disclosed on GitHub. + - **Access and Visibility**: Until the advisory is published, it will only be visible to the maintainers of the repository and invited collaborators. + - **Credit**: You will be automatically credited as a contributor for identifying and reporting the vulnerability. Your contribution will be reflected in the MITRE Credit System. + - **Important Reminder**: **Do not include any sensitive or detailed vulnerability information in this issue.** This issue is only for sharing the advisory URL to notify the maintainers of the repository, not for discussing the vulnerability itself. + + **Thank you for helping us keep Uptime Kuma secure!** + + ## **Step 1: Submit a GitHub Security Advisory** + + Right-click the link below and select `Open link in new tab` to access the page. This will keep the security issue open, allowing you to easily return and paste the Advisory URL here later. + + ➡️ [Create a New Security Advisory](https://github.com/louislam/uptime-kuma/security/advisories/new) + + ## **Step 2: Share the Advisory URL** + + Once you've created your advisory, please share the URL below. This will notify Louis Lam and enable them to take the appropriate action. + + - type: "textarea" + id: github-advisory-url + validations: + required: true + attributes: + label: "GitHub Advisory URL for @louislam" + placeholder: | + Please paste the GitHub Advisory URL here. Only the URL is required. + Example: https://github.com/louislam/uptime-kuma/security/advisories/GHSA-8h5r-7t6l-q3kz diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml index bf76d9eb6..f58229c7c 100644 --- a/.github/workflows/auto-test.yml +++ b/.github/workflows/auto-test.yml @@ -78,7 +78,7 @@ jobs: e2e-test: needs: [ ] - runs-on: ARM64 + runs-on: ubuntu-24.04-arm steps: - run: git config --global core.autocrlf false # Mainly for Windows - uses: actions/checkout@v4 diff --git a/package-lock.json b/package-lock.json index ccf1a628c..586b0d6a4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,8 +37,8 @@ "html-escaper": "^3.0.3", "http-cookie-agent": "~5.0.4", "http-graceful-shutdown": "~3.1.7", - "http-proxy-agent": "~5.0.0", - "https-proxy-agent": "~5.0.1", + "http-proxy-agent": "~7.0.2", + "https-proxy-agent": "~7.0.6", "iconv-lite": "~0.6.3", "isomorphic-ws": "^5.0.0", "jsesc": "~3.0.2", @@ -60,7 +60,7 @@ "node-cloudflared-tunnel": "~1.0.9", "node-radius-client": "~1.0.0", "nodemailer": "~6.9.13", - "nostr-tools": "^1.13.1", + "nostr-tools": "^2.10.4", "notp": "~2.0.3", "openid-client": "^5.4.2", "password-hash": "~1.2.2", @@ -77,7 +77,7 @@ "semver": "~7.5.4", "socket.io": "~4.8.0", "socket.io-client": "~4.8.0", - "socks-proxy-agent": "6.1.1", + "socks-proxy-agent": "~8.0.5", "tar": "~6.2.1", "tcp-ping": "~0.1.1", "thirty-two": "~1.0.2", @@ -1052,32 +1052,6 @@ "node": ">=18.0.0" } }, - "node_modules/@azure/core-rest-pipeline/node_modules/http-proxy-agent": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", - "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", - "license": "MIT", - "dependencies": { - "agent-base": "^7.1.0", - "debug": "^4.3.4" - }, - "engines": { - "node": ">= 14" - } - }, - "node_modules/@azure/core-rest-pipeline/node_modules/https-proxy-agent": { - "version": "7.0.6", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", - "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", - "license": "MIT", - "dependencies": { - "agent-base": "^7.1.2", - "debug": "4" - }, - "engines": { - "node": ">= 14" - } - }, "node_modules/@azure/core-tracing": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/@azure/core-tracing/-/core-tracing-1.2.0.tgz", @@ -2827,6 +2801,29 @@ "node-pre-gyp": "bin/node-pre-gyp" } }, + "node_modules/@mapbox/node-pre-gyp/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/@mapbox/node-pre-gyp/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/@mongodb-js/saslprep": { "version": "1.1.9", "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.9.tgz", @@ -2838,9 +2835,9 @@ } }, "node_modules/@noble/ciphers": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-0.2.0.tgz", - "integrity": "sha512-6YBxJDAapHSdd3bLDv6x2wRPwq4QFMUaB3HvljNBUTThDd12eSm7/3F+2lnfzx2jvM+S6Nsy0jEt9QbPqSwqRw==", + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-0.5.3.tgz", + "integrity": "sha512-B0+6IIHiqEs3BPMT0hcRmHvEj2QHOLu+uwt+tqDDeVd0oyVzh7BPrDcPjRnV1PV/5LaknXJJQvOuRGR0zQJz+w==", "license": "MIT", "funding": { "url": "https://paulmillr.com/funding/" @@ -4270,15 +4267,6 @@ "testcontainers": "^10.16.0" } }, - "node_modules/@tootallnate/once": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz", - "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==", - "license": "MIT", - "engines": { - "node": ">= 10" - } - }, "node_modules/@types/accepts": { "version": "1.3.7", "resolved": "https://registry.npmjs.org/@types/accepts/-/accepts-1.3.7.tgz", @@ -10117,29 +10105,15 @@ } }, "node_modules/http-proxy-agent": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz", - "integrity": "sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==", - "license": "MIT", + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", + "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", "dependencies": { - "@tootallnate/once": "2", - "agent-base": "6", - "debug": "4" + "agent-base": "^7.1.0", + "debug": "^4.3.4" }, "engines": { - "node": ">= 6" - } - }, - "node_modules/http-proxy-agent/node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "license": "MIT", - "dependencies": { - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" + "node": ">= 14" } }, "node_modules/http2-wrapper": { @@ -10156,28 +10130,15 @@ } }, "node_modules/https-proxy-agent": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", - "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "license": "MIT", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", + "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", "dependencies": { - "agent-base": "6", + "agent-base": "^7.1.2", "debug": "4" }, "engines": { - "node": ">= 6" - } - }, - "node_modules/https-proxy-agent/node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "license": "MIT", - "dependencies": { - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" + "node": ">= 14" } }, "node_modules/human-signals": { @@ -11679,6 +11640,33 @@ "node": ">= 6" } }, + "node_modules/make-fetch-happen/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "optional": true, + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/make-fetch-happen/node_modules/socks-proxy-agent": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-6.2.1.tgz", + "integrity": "sha512-a6KW9G+6B3nWZ1yB8G7pJwL3ggLy1uTzKAgCb7ttblwqdz9fMGJUuTy3uFzEP48FAs9FLILlmzDlE2JJhVQaXQ==", + "optional": true, + "dependencies": { + "agent-base": "^6.0.2", + "debug": "^4.3.3", + "socks": "^2.6.2" + }, + "engines": { + "node": ">= 10" + } + }, "node_modules/map-obj": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz", @@ -12582,18 +12570,21 @@ } }, "node_modules/nostr-tools": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/nostr-tools/-/nostr-tools-1.17.0.tgz", - "integrity": "sha512-LZmR8GEWKZeElbFV5Xte75dOeE9EFUW/QLI1Ncn3JKn0kFddDKEfBbFN8Mu4TMs+L4HR/WTPha2l+PPuRnJcMw==", + "version": "2.10.4", + "resolved": "https://registry.npmjs.org/nostr-tools/-/nostr-tools-2.10.4.tgz", + "integrity": "sha512-biU7sk+jxHgVASfobg2T5ttxOGGSt69wEVBC51sHHOEaKAAdzHBLV/I2l9Rf61UzClhliZwNouYhqIso4a3HYg==", "license": "Unlicense", "dependencies": { - "@noble/ciphers": "0.2.0", - "@noble/curves": "1.1.0", + "@noble/ciphers": "^0.5.1", + "@noble/curves": "1.2.0", "@noble/hashes": "1.3.1", "@scure/base": "1.1.1", "@scure/bip32": "1.3.1", "@scure/bip39": "1.2.1" }, + "optionalDependencies": { + "nostr-wasm": "0.1.0" + }, "peerDependencies": { "typescript": ">=5.0.0" }, @@ -12603,6 +12594,37 @@ } } }, + "node_modules/nostr-tools/node_modules/@noble/curves": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.2.0.tgz", + "integrity": "sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw==", + "license": "MIT", + "dependencies": { + "@noble/hashes": "1.3.2" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/nostr-tools/node_modules/@noble/curves/node_modules/@noble/hashes": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.3.2.tgz", + "integrity": "sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ==", + "license": "MIT", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/nostr-wasm": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/nostr-wasm/-/nostr-wasm-0.1.0.tgz", + "integrity": "sha512-78BTryCLcLYv96ONU8Ws3Q1JzjlAt+43pWQhIl86xZmWeegYCNLPml7yQ+gG3vR6V5h4XGj+TxO+SS5dsThQIA==", + "license": "MIT", + "optional": true + }, "node_modules/notp": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/notp/-/notp-2.0.3.tgz", @@ -15227,29 +15249,16 @@ } }, "node_modules/socks-proxy-agent": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-6.1.1.tgz", - "integrity": "sha512-t8J0kG3csjA4g6FTbsMOWws+7R7vuRC8aQ/wy3/1OWmsgwA68zs/+cExQ0koSitUDXqhufF/YJr9wtNMZHw5Ew==", - "license": "MIT", + "version": "8.0.5", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz", + "integrity": "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==", "dependencies": { - "agent-base": "^6.0.2", - "debug": "^4.3.1", - "socks": "^2.6.1" + "agent-base": "^7.1.2", + "debug": "^4.3.4", + "socks": "^2.8.3" }, "engines": { - "node": ">= 10" - } - }, - "node_modules/socks-proxy-agent/node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "license": "MIT", - "dependencies": { - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" + "node": ">= 14" } }, "node_modules/sortablejs": { diff --git a/package.json b/package.json index 6af61da25..ef6456b4a 100644 --- a/package.json +++ b/package.json @@ -95,8 +95,8 @@ "html-escaper": "^3.0.3", "http-cookie-agent": "~5.0.4", "http-graceful-shutdown": "~3.1.7", - "http-proxy-agent": "~5.0.0", - "https-proxy-agent": "~5.0.1", + "http-proxy-agent": "~7.0.2", + "https-proxy-agent": "~7.0.6", "iconv-lite": "~0.6.3", "isomorphic-ws": "^5.0.0", "jsesc": "~3.0.2", @@ -118,7 +118,7 @@ "node-cloudflared-tunnel": "~1.0.9", "node-radius-client": "~1.0.0", "nodemailer": "~6.9.13", - "nostr-tools": "^1.13.1", + "nostr-tools": "^2.10.4", "notp": "~2.0.3", "openid-client": "^5.4.2", "password-hash": "~1.2.2", @@ -135,7 +135,7 @@ "semver": "~7.5.4", "socket.io": "~4.8.0", "socket.io-client": "~4.8.0", - "socks-proxy-agent": "6.1.1", + "socks-proxy-agent": "~8.0.5", "tar": "~6.2.1", "tcp-ping": "~0.1.1", "thirty-two": "~1.0.2", diff --git a/server/modules/apicache/apicache.js b/server/modules/apicache/apicache.js index 41930b24d..95a04d9e3 100644 --- a/server/modules/apicache/apicache.js +++ b/server/modules/apicache/apicache.js @@ -485,7 +485,7 @@ function ApiCache() { } if (typeof duration === "string") { - let split = duration.match(/^([\d\.,]+)\s?(\w+)$/); + let split = duration.match(/^([\d\.,]+)\s?([a-zA-Z]+)$/); if (split.length === 3) { let len = parseFloat(split[1]); diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js index ff38bd0d9..e18602bdc 100644 --- a/server/notification-providers/aliyun-sms.js +++ b/server/notification-providers/aliyun-sms.js @@ -17,7 +17,7 @@ class AliyunSMS extends NotificationProvider { if (heartbeatJSON != null) { let msgBody = JSON.stringify({ name: monitorJSON["name"], - time: heartbeatJSON["time"], + time: heartbeatJSON["localDateTime"], status: this.statusToString(heartbeatJSON["status"]), msg: heartbeatJSON["msg"], }); diff --git a/server/notification-providers/google-chat.js b/server/notification-providers/google-chat.js index 0b72fea95..9e94844d7 100644 --- a/server/notification-providers/google-chat.js +++ b/server/notification-providers/google-chat.js @@ -72,6 +72,7 @@ class GoogleChat extends NotificationProvider { // construct json data let data = { + fallbackText: chatHeader["title"], cardsV2: [ { card: { diff --git a/server/notification-providers/nostr.js b/server/notification-providers/nostr.js index 87847382e..72f0bb621 100644 --- a/server/notification-providers/nostr.js +++ b/server/notification-providers/nostr.js @@ -1,11 +1,10 @@ const NotificationProvider = require("./notification-provider"); const { - relayInit, - getPublicKey, - getEventHash, - getSignature, + finalizeEvent, + Relay, + kinds, nip04, - nip19 + nip19, } = require("nostr-tools"); // polyfills for node versions @@ -31,7 +30,6 @@ class Nostr extends NotificationProvider { const createdAt = Math.floor(Date.now() / 1000); const senderPrivateKey = await this.getPrivateKey(notification.sender); - const senderPublicKey = getPublicKey(senderPrivateKey); const recipientsPublicKeys = await this.getPublicKeys(notification.recipients); // Create NIP-04 encrypted direct message event for each recipient @@ -39,34 +37,41 @@ class Nostr extends NotificationProvider { for (const recipientPublicKey of recipientsPublicKeys) { const ciphertext = await nip04.encrypt(senderPrivateKey, recipientPublicKey, msg); let event = { - kind: 4, - pubkey: senderPublicKey, + kind: kinds.EncryptedDirectMessage, created_at: createdAt, tags: [[ "p", recipientPublicKey ]], content: ciphertext, }; - event.id = getEventHash(event); - event.sig = getSignature(event, senderPrivateKey); - events.push(event); + const signedEvent = finalizeEvent(event, senderPrivateKey); + events.push(signedEvent); } // Publish events to each relay const relays = notification.relays.split("\n"); let successfulRelays = 0; - - // Connect to each relay for (const relayUrl of relays) { - const relay = relayInit(relayUrl); - try { - await relay.connect(); - successfulRelays++; + const relay = await Relay.connect(relayUrl); + let eventIndex = 0; - // Publish events - for (const event of events) { - relay.publish(event); - } + // Authenticate to the relay, if required + try { + await relay.publish(events[0]); + eventIndex = 1; } catch (error) { - continue; + if (relay.challenge) { + await relay.auth(async (evt) => { + return finalizeEvent(evt, senderPrivateKey); + }); + } + } + + try { + for (let i = eventIndex; i < events.length; i++) { + await relay.publish(events[i]); + } + successfulRelays++; + } catch (error) { + console.error(`Failed to publish event to ${relayUrl}:`, error); } finally { relay.close(); } @@ -90,7 +95,7 @@ class Nostr extends NotificationProvider { const { data } = senderDecodeResult; return data; } catch (error) { - throw new Error(`Failed to get private key: ${error.message}`); + throw new Error(`Failed to decode private key for sender ${sender}: ${error.message}`); } } @@ -109,10 +114,10 @@ class Nostr extends NotificationProvider { if (type === "npub") { publicKeys.push(data); } else { - throw new Error("not an npub"); + throw new Error(`Recipient ${recipient} is not an npub`); } } catch (error) { - throw new Error(`Error decoding recipient: ${error}`); + throw new Error(`Error decoding recipient ${recipient}: ${error}`); } } return publicKeys; diff --git a/server/notification-providers/pushdeer.js b/server/notification-providers/pushdeer.js index 276c2f476..b1f675957 100644 --- a/server/notification-providers/pushdeer.js +++ b/server/notification-providers/pushdeer.js @@ -11,7 +11,8 @@ class PushDeer extends NotificationProvider { async send(notification, msg, monitorJSON = null, heartbeatJSON = null) { const okMsg = "Sent Successfully."; const serverUrl = notification.pushdeerServer || "https://api2.pushdeer.com"; - const url = `${serverUrl.trim().replace(/\/*$/, "")}/message/push`; + // capture group below is nessesary to prevent an ReDOS-attack + const url = `${serverUrl.trim().replace(/([^/])\/+$/, "$1")}/message/push`; let valid = msg != null && monitorJSON != null && heartbeatJSON != null; diff --git a/server/notification-providers/whapi.js b/server/notification-providers/whapi.js index 70e0fbb4c..d83dc470f 100644 --- a/server/notification-providers/whapi.js +++ b/server/notification-providers/whapi.js @@ -24,7 +24,7 @@ class Whapi extends NotificationProvider { "body": msg, }; - let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text"; + let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text"; await axios.post(url, data, config); diff --git a/server/proxy.js b/server/proxy.js index 3f3771ab9..d38e3e4f1 100644 --- a/server/proxy.js +++ b/server/proxy.js @@ -1,7 +1,7 @@ const { R } = require("redbean-node"); -const HttpProxyAgent = require("http-proxy-agent"); -const HttpsProxyAgent = require("https-proxy-agent"); -const SocksProxyAgent = require("socks-proxy-agent"); +const { HttpProxyAgent } = require("http-proxy-agent"); +const { HttpsProxyAgent } = require("https-proxy-agent"); +const { SocksProxyAgent } = require("socks-proxy-agent"); const { debug } = require("../src/util"); const { UptimeKumaServer } = require("./uptime-kuma-server"); const { CookieJar } = require("tough-cookie"); @@ -100,17 +100,17 @@ class Proxy { let jar = new CookieJar(); const proxyOptions = { - protocol: proxy.protocol, - host: proxy.host, - port: proxy.port, cookies: { jar }, }; + const proxyUrl = new URL(`${proxy.protocol}://${proxy.host}:${proxy.port}`); + if (proxy.auth) { - proxyOptions.auth = `${proxy.username}:${proxy.password}`; + proxyUrl.username = proxy.username; + proxyUrl.password = proxy.password; } - debug(`Proxy Options: ${JSON.stringify(proxyOptions)}`); + debug(`Proxy URL: ${proxyUrl.toString()}`); debug(`HTTP Agent Options: ${JSON.stringify(httpAgentOptions)}`); debug(`HTTPS Agent Options: ${JSON.stringify(httpsAgentOptions)}`); @@ -122,15 +122,15 @@ class Proxy { // eslint-disable-next-line no-case-declarations const HttpsCookieProxyAgent = createCookieAgent(HttpsProxyAgent); - httpAgent = new HttpCookieProxyAgent({ - ...httpAgentOptions || {}, + httpAgent = new HttpCookieProxyAgent(proxyUrl.toString(), { + ...(httpAgentOptions || {}), + ...proxyOptions, + }); + httpsAgent = new HttpsCookieProxyAgent(proxyUrl.toString(), { + ...(httpsAgentOptions || {}), ...proxyOptions, }); - httpsAgent = new HttpsCookieProxyAgent({ - ...httpsAgentOptions || {}, - ...proxyOptions, - }); break; case "socks": case "socks5": @@ -138,10 +138,9 @@ class Proxy { case "socks4": // eslint-disable-next-line no-case-declarations const SocksCookieProxyAgent = createCookieAgent(SocksProxyAgent); - agent = new SocksCookieProxyAgent({ + agent = new SocksCookieProxyAgent(proxyUrl.toString(), { ...httpAgentOptions, ...httpsAgentOptions, - ...proxyOptions, tls: { rejectUnauthorized: httpsAgentOptions.rejectUnauthorized, },