UNPKG

ftp-srv-u

Version:

Modern, extensible FTP Server

github.com/AndyLee1024/ftp-srv

AndyLee1024/ftp-srv

77 lines (61 loc) 2.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
const _ = require('lodash'); const Promise = require('bluebird'); const REGISTRY = require('./registry'); const CMD_FLAG_REGEX = new RegExp(/^-(\w{1})$/); class FtpCommands { constructor(connection) { this.connection = connection; this.previousCommand = {}; this.blacklist = _.get(this.connection, 'server.options.blacklist', []).map((cmd) => _.upperCase(cmd)); this.whitelist = _.get(this.connection, 'server.options.whitelist', []).map((cmd) => _.upperCase(cmd)); } parse(message) { const strippedMessage = message.replace(/"/g, ''); let [directive, ...args] = strippedMessage.split(' '); directive = _.chain(directive).trim().toUpper().value(); const parseCommandFlags = !['RETR', 'SIZE', 'STOR'].includes(directive); const params = args.reduce(({arg, flags}, param) => { if (parseCommandFlags && CMD_FLAG_REGEX.test(param)) flags.push(param); else arg.push(param); return {arg, flags}; }, {arg: [], flags: []}); const command = { directive, arg: params.arg.length ? params.arg.join(' ') : null, flags: params.flags, raw: message }; return command; } handle(command) { if (typeof command === 'string') command = this.parse(command); // Obfuscate password from logs const logCommand = _.clone(command); if (logCommand.directive === 'PASS') logCommand.arg = '********'; const log = this.connection.log.child({directive: command.directive}); log.trace({command: logCommand}, 'Handle command'); if (!REGISTRY.hasOwnProperty(command.directive)) { return this.connection.reply(502, 'Command not allowed'); } if (_.includes(this.blacklist, command.directive)) { return this.connection.reply(502, 'Command blacklisted'); } if (this.whitelist.length > 0 && !_.includes(this.whitelist, command.directive)) { return this.connection.reply(502, 'Command not whitelisted'); } const commandRegister = REGISTRY[command.directive]; const commandFlags = _.get(commandRegister, 'flags', {}); if (!commandFlags.no_auth && !this.connection.authenticated) { return this.connection.reply(530, 'Command requires authentication'); } if (!commandRegister.handler) { return this.connection.reply(502, 'Handler not set on command'); } const handler = commandRegister.handler.bind(this.connection); return Promise.resolve(handler({log, command, previous_command: this.previousCommand})) .finally(() => { this.previousCommand = _.clone(command); }); } } module.exports = FtpCommands;