chore: big-ip specific release v0.2.11

4 years ago · 7223f2cd8f
9 changed files with 89 additions and 60 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@ -1,4 +1,20 @@
 # Change Log
+## [0.2.11] 2020-05-12
+BIG-IP Specific version
+### BREAKING
+- Not compatible with versions of ephemeral_auth before 0.4.8 due to child resources moving under /ssh
+### Changes
+- in `config.json.sample` - `allowreauth` set to `false` by default
+- in `config.json.sample` - potential future proofing for CORS support `http.origins`
+- `ssh` module updated to 0.8.9
+- Move all child resources to start from under /ssh
+  - /socket.io -> /ssh/socket.io
+  - /webssh2.css -> /ssh/webssh2.css
+  - /webssh2.bundle.js -> /ssh/webssh2.bundle.js
+  - /reauth -> /ssh/reauth
+  - perhaps more
+
+## [0.2.10] not actually released
 ## [0.2.9] 2019-06-13
 ### Changes
 - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
--- a/README.md
+++ b/README.md
@ -86,6 +86,8 @@ docker run --name webssh2 -d -p 2222:2222 webssh2

 * **listen.port** - _integer_ - Port node should listen on for client connections, defaults to `2222`

+* **http.origins** - _array_ - COORS origins to allow connections from to socket.io server, defaults to `localhost:2222`. Changed in 0.3.1, to enable previous, less secure, default behavior of everything use `*:*` (not recommended). Check [#240](../../issues/240)
+
 * **user.name** - _string_ - Specify user name to authenticate with. In normal cases this should be left to the default `null` setting.

 * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.
--- a/app/client/public/client.htm
+++ b/app/client/public/client.htm
@ -5,7 +5,7 @@
  <style>
    html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
  </style>
-  <link rel="stylesheet" href="/webssh2.css" />
+  <link rel="stylesheet" href="/ssh/webssh2.css" />
 </head>
 <body>
  <div class="box">
@ -20,6 +20,6 @@
      <div id="status"></div>
    </div>
  </div>
-<script src="/webssh2.bundle.js" defer></script>
+<script src="/ssh/webssh2.bundle.js" defer></script>
 </body>
 </html>
--- a/app/client/public/webssh2.bundle.js
+++ b/app/client/public/webssh2.bundle.js
--- a/app/client/src/client.htm
+++ b/app/client/src/client.htm
@ -5,7 +5,7 @@
  <style>
    html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
  </style>
-  <link rel="stylesheet" href="/webssh2.css" />
+  <link rel="stylesheet" href="/ssh/webssh2.css" />
 </head>
 <body>
  <div class="box">
@ -20,6 +20,6 @@
      <div id="status"></div>
    </div>
  </div>
-<script src="/webssh2.bundle.js" defer></script>
+<script src="/ssh/webssh2.bundle.js" defer></script>
 </body>
 </html>
--- a/app/client/src/js/index.js
+++ b/app/client/src/js/index.js
@ -38,16 +38,9 @@ function resizeScreen () {
  socket.emit('resize', { cols: term.cols, rows: term.rows })
 }

-if (document.location.pathname) {
-  var parts = document.location.pathname.split('/')
-  var base = parts.slice(0, parts.length - 1).join('/') + '/'
-  var resource = base.substring(1) + 'socket.io'
-  socket = io.connect(null, {
-    resource: resource
-  })
-} else {
-  socket = io.connect()
-}
+socket = io.connect({
+  path: '/ssh/socket.io'
+})

 term.on('data', function (data) {
  socket.emit('data', data)
@ -171,7 +164,7 @@ function drawMenu (data) {
 // reauthenticate
 function reauthSession () { // eslint-disable-line
  console.log('re-authenticating')
-  window.location.href = '/reauth'
+  window.location.href = '/ssh/reauth'
  return false
 }

--- a/app/config.json.sample
+++ b/app/config.json.sample
@ -3,6 +3,9 @@
    "ip": "0.0.0.0",
    "port": 2222
  },
+  "http": {
+    "origins": ["*:*"]
+  },
  "user": {
    "name": null,
    "password": null
@ -31,7 +34,7 @@
  },
  "options": {
    "challengeButton": true,
-    "allowreauth": true
+    "allowreauth": false
  },
  "algorithms": {
    "kex": [
--- a/app/package.json
+++ b/app/package.json
@ -1,13 +1,18 @@
 {
  "name": "webssh2",
-  "version": "0.2.9",
+  "version": "0.2.11",
  "ignore": [
    ".gitignore"
  ],
  "bin": "./index.js",
  "description": "A Websocket to SSH2 gateway using term.js, socket.io, ssh2, and express",
  "homepage": "https://github.com/billchurch/WebSSH2",
-  "keywords": "ssh webssh terminal webterminal",
+  "keywords": [
+    "ssh",
+    "webssh",
+    "terminal",
+    "webterminal"
+  ],
  "license": "SEE LICENSE IN FILE - LICENSE",
  "private": false,
  "repository": {
@ -35,8 +40,9 @@
    "express-session": "~1.15.6",
    "morgan": "~1.9.1",
    "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
+    "serve-favicon": "~2.5.0",
    "socket.io": "~2.2.0",
-    "ssh2": "~0.6.1",
+    "ssh2": "~0.8.9",
    "validator": "~10.9.0"
  },
  "scripts": {
--- a/app/server/app.js
+++ b/app/server/app.js
@ -13,49 +13,52 @@ var logger = require('morgan')

 // sane defaults if config.json or parts are missing
 let config = {
-  'listen': {
-    'ip': '0.0.0.0',
-    'port': 2222
+  listen: {
+    ip: '0.0.0.0',
+    port: 2222
  },
-  'user': {
-    'name': null,
-    'password': null
+  http: {
+    origins: ['*:*']
  },
-  'ssh': {
-    'host': null,
-    'port': 22,
-    'term': 'xterm-color',
-    'readyTimeout': 20000,
-    'keepaliveInterval': 120000,
-    'keepaliveCountMax': 10
+  user: {
+    name: null,
+    password: null
  },
-  'terminal': {
-    'cursorBlink': true,
-    'scrollback': 10000,
-    'tabStopWidth': 8,
-    'bellStyle': 'sound'
+  ssh: {
+    host: null,
+    port: 22,
+    term: 'xterm-color',
+    readyTimeout: 20000,
+    keepaliveInterval: 120000,
+    keepaliveCountMax: 10
  },
-  'header': {
-    'text': null,
-    'background': 'green'
+  terminal: {
+    cursorBlink: true,
+    scrollback: 10000,
+    tabStopWidth: 8,
+    bellStyle: 'sound'
  },
-  'session': {
-    'name': 'WebSSH2',
-    'secret': 'mysecret'
+  header: {
+    text: null,
+    background: 'green'
  },
-  'options': {
-    'challengeButton': true,
-    'allowreauth': true
+  session: {
+    name: 'WebSSH2',
+    secret: 'mysecret'
  },
-  'algorithms': {
-    'kex': [
+  options: {
+    challengeButton: true,
+    allowreauth: true
+  },
+  algorithms: {
+    kex: [
      'ecdh-sha2-nistp256',
      'ecdh-sha2-nistp384',
      'ecdh-sha2-nistp521',
      'diffie-hellman-group-exchange-sha256',
      'diffie-hellman-group14-sha1'
    ],
-    'cipher': [
+    cipher: [
      'aes128-ctr',
      'aes192-ctr',
      'aes256-ctr',
@ -65,23 +68,23 @@ let config = {
      'aes256-gcm@openssh.com',
      'aes256-cbc'
    ],
-    'hmac': [
+    hmac: [
      'hmac-sha2-256',
      'hmac-sha2-512',
      'hmac-sha1'
    ],
-    'compress': [
+    compress: [
      'none',
      'zlib@openssh.com',
      'zlib'
    ]
  },
-  'serverlog': {
-    'client': false,
-    'server': false
+  serverlog: {
+    client: false,
+    server: false
  },
-  'accesslog': false,
-  'verify': false
+  accesslog: false,
+  verify: false
 }

 // test if config.json exists, if not provide error message but try to run
@ -112,9 +115,10 @@ var compression = require('compression')
 var server = require('http').Server(app)
 var myutil = require('./util')
 var validator = require('validator')
-var io = require('socket.io')(server, { serveClient: false })
+var io = require('socket.io')(server, { serveClient: false, path: '/ssh/socket.io', origins: config.http.origins })
 var socket = require('./socket')
 var expressOptions = require('./expressOptions')
+var favicon = require('serve-favicon')

 // express
 app.use(compression({ level: 9 }))
@ -124,13 +128,18 @@ if (config.accesslog) app.use(logger('common'))
 app.disable('x-powered-by')

 // static files
-app.use(express.static(publicPath, expressOptions))
+app.use('/ssh', express.static(publicPath, expressOptions))
+// app.use(express.static(publicPath, expressOptions))
+
+// favicon from root if being pre-fetched by browser to prevent a 404
+app.use(favicon(path.join(publicPath,'favicon.ico')))

-app.get('/reauth', function (req, res, next) {
+app.get('/ssh/reauth', function (req, res, next) {
  var r = req.headers.referer || '/'
  res.status(401).send('<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; url=' + r + '"></head><body bgcolor="#000"></body></html>')
 })

+// eslint-disable-next-line complexity
 app.get('/ssh/host/:host?', function (req, res, next) {
  res.sendFile(path.join(path.join(publicPath, 'client.htm')))
  // capture, assign, and validated variables