From 2b12825a0ca827dc4f56467747ab29daa1279c2f Mon Sep 17 00:00:00 2001
From: billchurch <wmchurch@gmail.com>
Date: Tue, 12 Dec 2017 12:41:54 -0500
Subject: [PATCH] moving files around to get rid of unneeded directories

---
 ChangeLog.md                 |  5 +++++
 app.js                       |  1 +
 hostkeys.json                |  8 ++++++++
 index.js                     |  2 +-
 server.js                    | 15 +++++++++++++++
 socket/index.js => socket.js | 19 ++++++++++++++++++-
 util/index.js => util.js     |  2 +-
 7 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 hostkeys.json
 create mode 100644 server.js
 rename socket/index.js => socket.js (92%)
 rename util/index.js => util.js (97%)

diff --git a/ChangeLog.md b/ChangeLog.md
index 46aba01..afd53cd 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,4 +1,9 @@
 # Change Log
+## [0.1.4] 2017-11-09
+### Changed
+- Moved socket and util out of folders into .js in root.
+
+
 ## [0.1.3] 2017-09-28
 ### Changed
 - Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
diff --git a/app.js b/app.js
index a299c48..147e68c 100644
--- a/app.js
+++ b/app.js
@@ -47,6 +47,7 @@ app.get('/ssh/host/:host?', function (req, res, next) {
     term: (/^(([a-z]|[A-Z]|[0-9]|[!^(){}\-_~])+)?\w$/.test(req.query.sshterm) &&
       req.query.sshterm) || config.ssh.term,
     allowreplay: validator.isBoolean(req.headers.allowreplay + '') || false,
+    sessionID: validator.isAlphanumeric(req.headers.sessionID + '') || false,
     serverlog: {
       client: config.serverlog.client || false,
       server: config.serverlog.server || false
diff --git a/hostkeys.json b/hostkeys.json
new file mode 100644
index 0000000..2bd157a
--- /dev/null
+++ b/hostkeys.json
@@ -0,0 +1,8 @@
+[
+  {
+    "localhost": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
+  },
+  {
+    "127.0.0.1": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
+  }
+]
diff --git a/index.js b/index.js
index 3f9a113..b30df75 100644
--- a/index.js
+++ b/index.js
@@ -1,4 +1,4 @@
-// server.js
+// index.js
 /*
  * WebSSH2 - Web to SSH2 gateway
  * Bill Church - https://github.com/billchurch/WebSSH2 - May 2017
diff --git a/server.js b/server.js
new file mode 100644
index 0000000..5a2c0d7
--- /dev/null
+++ b/server.js
@@ -0,0 +1,15 @@
+const express = require('express')
+const app = express()
+const port = 3000
+
+app.get('/', (request, response) => {
+  response.send('Hello from Express!')
+})
+
+app.listen(port, (err) => {
+  if (err) {
+    return console.log('something bad happened', err)
+  }
+
+  console.log(`server is listening on ${port}`)
+})
diff --git a/socket/index.js b/socket.js
similarity index 92%
rename from socket/index.js
rename to socket.js
index d035113..3531cb3 100644
--- a/socket/index.js
+++ b/socket.js
@@ -1,11 +1,14 @@
-// socket/index.js
+// socket.js
 
 // private
 var debug = require('debug')
 var debugWebSSH2 = require('debug')('WebSSH2')
 var SSH = require('ssh2').Client
+var hostkeys = require('./hostkeys.json')
 var termCols, termRows
 
+console.log(JSON.stringify(hostkeys))
+
 // public
 module.exports = function socket (socket) {
   // if websocket connection arrives without an express session, kill it
@@ -101,6 +104,7 @@ module.exports = function socket (socket) {
     finish([socket.request.session.userpassword])
   })
   if (socket.request.session.username && socket.request.session.userpassword && socket.request.session.ssh) {
+    console.log('hostkeys: ' + hostkeys[0].[0])
     conn.connect({
       host: socket.request.session.ssh.host,
       port: socket.request.session.ssh.port,
@@ -109,6 +113,15 @@ module.exports = function socket (socket) {
       tryKeyboard: true,
       algorithms: socket.request.session.ssh.algorithms,
       readyTimeout: socket.request.session.ssh.readyTimeout,
+      hostHash: 'sha1',
+      hostVerifier: function (hash) {
+        if (hash === hostkeys['127.0.0.1']) {
+          return (verified = true)
+        } else {
+          err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash }
+          SSHerror('CONN CONNECT', err)
+        }
+      },
       debug: debug('ssh2')
     })
   } else {
@@ -137,6 +150,10 @@ module.exports = function socket (socket) {
           ' from=' + socket.handshake.address.yellow.bold.underline)
       } else {
         console.log('WebSSH2 Logout: user=' + socket.request.session.username + ' from=' + socket.handshake.address + ' host=' + socket.request.session.ssh.host + ' port=' + socket.request.session.ssh.port + ' sessionID=' + socket.request.sessionID + '/' + socket.id + ' allowreplay=' + socket.request.session.ssh.allowreplay + ' term=' + socket.request.session.ssh.term)
+        if (err) {
+          theError = (err) ? ': ' + err.message : ''
+          console.log('WebSSH2 error' + theError)
+        }
       }
       socket.emit('ssherror', 'SSH ' + myFunc + theError)
       socket.request.session.destroy()
diff --git a/util/index.js b/util.js
similarity index 97%
rename from util/index.js
rename to util.js
index 413aad6..8137112 100644
--- a/util/index.js
+++ b/util.js
@@ -1,4 +1,4 @@
-// util/index.js
+// util.js
 
 // private
 require('colors') // allow for color property extensions in log messages