Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge 461e2c3ccc into 64e86994f7

Browse source
This commit is contained in:
Tom Broughton 2023-10-31 13:40:38 +00:00 committed by GitHub
commit 57ff6bd570
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 247 additions and 311 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View file

@ -1,75 +0,0 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: ["bug", "triage"]
assignees:
- billchurch
body:
- type: markdown
attributes:
value: |
Depending on the type of issue, please include the follwing information:
- type: textarea
id: what-happened
attributes:
label: What happened?
description: Also tell us, what did you expect to happen?
placeholder: Tell us what you see!
value: "A bug happened!"
validations:
required: true
- type: input
id: node_ver
attributes:
label: Node Version
description: version of Node this problem occurs on
placeholder: npm -v
validations:
required: true
- type: input
id: npm_ver
attributes:
label: NPM Version
description: version of NPM this problem occurs on
placeholder: npm -v
validations:
required: true
- type: input
id: server_ver
attributes:
label: Server OS Version
description: Server OS Version / Distribution / Processor Architecture
placeholder: uname -a;cat /etc/os-release
validations:
required: true
- type: input
id: webssh2_ver
attributes:
label: WebSSH2 release version
description: Version of WebSSH you are using
placeholder: grep version app/package.json
validations:
required: true
- type: input
id: sshhost_ver
attributes:
label: OS and Version of SSH server
description: OS and Version of SSH server connecting to
placeholder: 'on target server run: uname -a;sshd -v'
validations:
required: false
- type: input
id: browser_ver
attributes:
label: Browser Version
description: Information from brwoser's About... or a screenshot of the about screen.
placeholder:
validations:
required: false
- type: textarea
id: logs
attributes:
label: Relevant log output
description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
render: shell

10
.github/ISSUE_TEMPLATE/custom.md vendored
View file

@ -1,10 +0,0 @@
---
name: Question
about: General how-to questions
title: ''
labels: ''
assignees: ''
---

20
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -1,20 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

65
.github/workflows/action-test.yml vendored
View file

@ -1,65 +0,0 @@
name: Manually Release Previous Tag
on:
workflow_dispatch:
inputs:
tag:
description: 'Repo Branch/Tag'
default: 'main'
type: 'string'
required: true
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v3
with:
ref: ${{ inputs.tag }}
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
VERSION=${{ inputs.tag }}
VERSION="${VERSION//v}"
TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}"
# If the VERSION looks like a version number, assume that
# this is the most recent version of the image and also
# tag it 'latest'.
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${DOCKER_IMAGE}"
fi
# Set output parameters.
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}

67
.github/workflows/docker-multiplatform.yml vendored
View file

@ -1,67 +0,0 @@
---
name: 'Build Docker Images'
on:
release:
types: [published]
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v3
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
# If this is git tag, use the tag name as a docker tag
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/webssh2-v}
TAGS="${DOCKER_IMAGE}:${VERSION}"
fi
# If this is git branch, use the branch name as a docker tag
if [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=${GITHUB_REF#refs/heads/}
TAGS="${DOCKER_IMAGE}:${VERSION}"
fi
# If the VERSION looks like a version number, assume that
# this is the most recent version of the image and also
# tag it 'latest'. This is done by just specifying the ${DOCKER_IMAGE}
# without a tag.
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${DOCKER_IMAGE}"
fi
# Set output parameters.
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}

46
.github/workflows/release.yml vendored
View file

@ -1,46 +0,0 @@
---
name: 'Create Release'
on:
push:
branches:
- main
paths-ignore:
- '.github/**'
- '.devcontainer/**'
- '.**'
- '**.md'
jobs:
release:
runs-on: ubuntu-latest
outputs:
paths_released: ${{ steps.manifest_release.outputs.paths_released }}
steps:
- uses: google-github-actions/release-please-action@v3
id: manifest_release
with:
token: ${{ secrets.RELEASE_PLEASE_UAT }}
command: manifest
package-name: webssh2
path: app
default-branch: main
publish:
runs-on: ubuntu-20.04
needs: release
strategy:
fail-fast: false
matrix:
path: ${{fromJson(needs.release.outputs.paths_released)}}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 16
registry-url: 'https://registry.npmjs.org'
- name: publish-to-npm
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
run: |
cd ${{ matrix.path }}
npm install
npx lerna bootstrap
npx lerna publish from-package --no-push --no-private --yes

34
.github/workflows/upload-image.yml vendored Normal file
View file

@ -0,0 +1,34 @@
# Sample workflow to access AWS resources when workflow is tied to branch
# The workflow Creates static website using aws s3
name: RUSI Gatsby Devops image uploader
on: workflow_dispatch
# permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
ImagePackageUpload:
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::615693933970:role/rusi-web-github-actions-oidc-role-ops
role-session-name: rusiwebgithubactions
aws-region: "eu-west-1"
# Upload an image to ECR
- name: create config
env:
KEY: ${{ secrets.GATSBY_DEVOPS_PRIVATE_KEY }}
AER_USER_PWD: ${{ secrets.AER_USER_PWD }}
run: |
mv app/config.json.sample app/config.json
jq --arg pk "$KEY" '.user.privatekey = $pk' app/config.json > app/config.json.tmp && mv app/config.json.tmp app/config.json
jq --arg pwd "$AER_USER_PWD" '.user.password = $pwd' app/config.json > app/config.json.tmp && mv app/config.json.tmp app/config.json
- name: Upload image to ECR
run: |
./image-build-upload.sh

12
README.md
View file

@ -1,15 +1,15 @@
# THIS REPO IS NOT IN USE - leaving here in case we need it in near future
# RUSI gatsby devops
This repo is used to initiate an ssh session for devops purposes and is restricted to Aer VPN IP address access.
# WebSSH2 # WebSSH2
[![Build Status](https://travis-ci.com/billchurch/webssh2.svg?branch=main)](https://travis-ci.com/billchurch/webssh2) [![GitHub version](https://img.shields.io/github/v/release/billchurch/webssh2)](https://github.com/billchurch/webssh2/releases/latest) [![docker build images](https://github.com/billchurch/webssh2/actions/workflows/docker-multiplatform.yml/badge.svg)](https://github.com/billchurch/webssh2/actions/workflows/docker-multiplatform.yml)
[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/billchurch)
Web SSH Client using ssh2, socket.io, xterm.js, and express Web SSH Client using ssh2, socket.io, xterm.js, and express
A bare bones example of an HTML5 web-based terminal emulator and SSH client. We use SSH2 as a client on a host to proxy a Websocket / Socket.io connection to a SSH2 server. A bare bones example of an HTML5 web-based terminal emulator and SSH client. We use SSH2 as a client on a host to proxy a Websocket / Socket.io connection to a SSH2 server.
<img width="600" height="340" alt="WebSSH2 v0.2.0 demo" src="https://user-images.githubusercontent.com/1668075/182425293-acc8741e-cc92-4105-afdc-9538e1685d4b.gif">
# Requirements # Requirements
Node v14.x or above. If using <v14.x you should be able to run by replacing the "read-config" package to @1 like this (after a clone): Node v14.x or above. If using <v14.x you should be able to run by replacing the "read-config" package to @1 like this (after a clone):

13
app/config.json.sample
View file

@ -1,15 +1,18 @@
{ {
"listen": { "listen": {
"ip": "0.0.0.0", "ip": "0.0.0.0",
"port": 2224 "port": 2222
}, },
"socketio": { "socketio": {
"serveClient": false, "serveClient": false,
"path": "/ssh/socket.io", "path": "/ssh/socket.io",
"origins": ["localhost:2222"], "origins": ["localhost:2222"]
},
"ipfilter": {
"allowed_ips": ["18.130.190.183"]
}, },
"user": { "user": {
"name": null, "name": "aer",
"password": null, "password": null,
"privatekey": null, "privatekey": null,
"overridebasic": false "overridebasic": false
@ -37,8 +40,8 @@
"background": "green" "background": "green"
}, },
"session": { "session": {
"name": "WebSSH2", "name": "rusi-gatsby-devops-container",
"secret": "mysecret" "secret": "set-by-gha"
}, },
"options": { "options": {
"challengeButton": true, "challengeButton": true,

114
app/package-lock.json generated
View file

@ -1,18 +1,19 @@
{ {
"name": "webssh2", "name": "webssh2",
"version": "0.5.0-pre-4", "version": "0.5.0-pre-5",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "webssh2", "name": "webssh2",
"version": "0.5.0-pre-4", "version": "0.5.0-pre-5",
"license": "SEE LICENSE IN FILE - LICENSE", "license": "SEE LICENSE IN FILE - LICENSE",
"dependencies": { "dependencies": {
"basic-auth": "~2.0.1", "basic-auth": "~2.0.1",
"cidr-matcher": "^2.1.1", "cidr-matcher": "^2.1.1",
"debug": "^4.3.4", "debug": "^4.3.4",
"express": "^4.18.1", "express": "^4.18.1",
"express-ipfilter": "^1.3.1",
"express-session": "^1.17.3", "express-session": "^1.17.3",
"morgan": "~1.10.0", "morgan": "~1.10.0",
"read-config-ng": "^3.0.5", "read-config-ng": "^3.0.5",
@ -3989,6 +3990,25 @@
"node": ">= 0.10.0" "node": ">= 0.10.0"
} }
}, },
"node_modules/express-ipfilter": {
"version": "1.3.1",
"resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.1.tgz",
"integrity": "sha512-9WZC8wGkI6I6ygZNzuZ2MbFJiGoDXs1dM+E8LKtSP13pdgqrnkonWlgvvbxG3YZpa7Haz7Ndum9/J6qkj52OqA==",
"dependencies": {
"ip": "^1.1.8",
"lodash": "^4.17.11",
"proxy-addr": "^2.0.7",
"range_check": "^2.0.4"
},
"engines": {
"node": ">=8.9.0"
}
},
"node_modules/express-ipfilter/node_modules/ip": {
"version": "1.1.8",
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz",
"integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg=="
},
"node_modules/express-session": { "node_modules/express-session": {
"version": "1.17.3", "version": "1.17.3",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz", "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
@ -5181,6 +5201,14 @@
"integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==", "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==",
"dev": true "dev": true
}, },
"node_modules/ip6": {
"version": "0.2.10",
"resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz",
"integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA==",
"bin": {
"ip6": "ip6-cli.js"
}
},
"node_modules/ip6addr": { "node_modules/ip6addr": {
"version": "0.2.5", "version": "0.2.5",
"resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz", "resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz",
@ -6549,10 +6577,16 @@
"optional": true "optional": true
}, },
"node_modules/nanoid": { "node_modules/nanoid": {
"version": "3.3.4", "version": "3.3.6",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
"dev": true, "dev": true,
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/ai"
}
],
"bin": { "bin": {
"nanoid": "bin/nanoid.cjs" "nanoid": "bin/nanoid.cjs"
}, },
@ -7465,9 +7499,9 @@
} }
}, },
"node_modules/postcss": { "node_modules/postcss": {
"version": "8.4.14", "version": "8.4.31",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
"integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==", "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
"dev": true, "dev": true,
"funding": [ "funding": [
{ {
@ -7477,10 +7511,14 @@
{ {
"type": "tidelift", "type": "tidelift",
"url": "https://tidelift.com/funding/github/npm/postcss" "url": "https://tidelift.com/funding/github/npm/postcss"
},
{
"type": "github",
"url": "https://github.com/sponsors/ai"
} }
], ],
"dependencies": { "dependencies": {
"nanoid": "^3.3.4", "nanoid": "^3.3.6",
"picocolors": "^1.0.0", "picocolors": "^1.0.0",
"source-map-js": "^1.0.2" "source-map-js": "^1.0.2"
}, },
@ -7778,6 +7816,18 @@
"safe-buffer": "^5.1.0" "safe-buffer": "^5.1.0"
} }
}, },
"node_modules/range_check": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz",
"integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==",
"dependencies": {
"ip6": "^0.2.0",
"ipaddr.js": "^1.9.1"
},
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/range-parser": { "node_modules/range-parser": {
"version": "1.2.1", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@ -13318,6 +13368,24 @@
} }
} }
}, },
"express-ipfilter": {
"version": "1.3.1",
"resolved": "https://registry.npmjs.org/express-ipfilter/-/express-ipfilter-1.3.1.tgz",
"integrity": "sha512-9WZC8wGkI6I6ygZNzuZ2MbFJiGoDXs1dM+E8LKtSP13pdgqrnkonWlgvvbxG3YZpa7Haz7Ndum9/J6qkj52OqA==",
"requires": {
"ip": "^1.1.8",
"lodash": "^4.17.11",
"proxy-addr": "^2.0.7",
"range_check": "^2.0.4"
},
"dependencies": {
"ip": {
"version": "1.1.8",
"resolved": "https://registry.npmjs.org/ip/-/ip-1.1.8.tgz",
"integrity": "sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg=="
}
}
},
"express-session": { "express-session": {
"version": "1.17.3", "version": "1.17.3",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz", "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
@ -14189,6 +14257,11 @@
"integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==", "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==",
"dev": true "dev": true
}, },
"ip6": {
"version": "0.2.10",
"resolved": "https://registry.npmjs.org/ip6/-/ip6-0.2.10.tgz",
"integrity": "sha512-1LdpyKjhvepd6EbAU6rW4g14vuYtx5TnJX9TfZZBhsM6DsyPQLNzW12rtbUqXBMwqFrLVV/Gcxv0GNFvJp2cYA=="
},
"ip6addr": { "ip6addr": {
"version": "0.2.5", "version": "0.2.5",
"resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz", "resolved": "https://registry.npmjs.org/ip6addr/-/ip6addr-0.2.5.tgz",
@ -15216,9 +15289,9 @@
"optional": true "optional": true
}, },
"nanoid": { "nanoid": {
"version": "3.3.4", "version": "3.3.6",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
"dev": true "dev": true
}, },
"natural-compare": { "natural-compare": {
@ -15874,12 +15947,12 @@
} }
}, },
"postcss": { "postcss": {
"version": "8.4.14", "version": "8.4.31",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
"integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==", "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",
"dev": true, "dev": true,
"requires": { "requires": {
"nanoid": "^3.3.4", "nanoid": "^3.3.6",
"picocolors": "^1.0.0", "picocolors": "^1.0.0",
"source-map-js": "^1.0.2" "source-map-js": "^1.0.2"
} }
@ -16076,6 +16149,15 @@
"safe-buffer": "^5.1.0" "safe-buffer": "^5.1.0"
} }
}, },
"range_check": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/range_check/-/range_check-2.0.4.tgz",
"integrity": "sha512-aed0ocXXj+SIiNNN9b+mZWA3Ow2GXHtftOGk2xQwshK5GbEZAvUcPWNQBLTx/lPcdFRIUFlFCRtHTQNIFMqynQ==",
"requires": {
"ip6": "^0.2.0",
"ipaddr.js": "^1.9.1"
}
},
"range-parser": { "range-parser": {
"version": "1.2.1", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",

1
app/package.json
View file

@ -36,6 +36,7 @@
"cidr-matcher": "^2.1.1", "cidr-matcher": "^2.1.1",
"debug": "^4.3.4", "debug": "^4.3.4",
"express": "^4.18.1", "express": "^4.18.1",
"express-ipfilter": "^1.3.1",
"express-session": "^1.17.3", "express-session": "^1.17.3",
"morgan": "~1.10.0", "morgan": "~1.10.0",
"read-config-ng": "^3.0.5", "read-config-ng": "^3.0.5",

29
app/server/app.js
View file

@ -17,6 +17,7 @@ const server = require('http').Server(app);
const favicon = require('serve-favicon'); const favicon = require('serve-favicon');
const io = require('socket.io')(server, config.socketio); const io = require('socket.io')(server, config.socketio);
const session = require('express-session')(config.express); const session = require('express-session')(config.express);
const ipFilter = require('express-ipfilter').IpFilter
const appSocket = require('./socket'); const appSocket = require('./socket');
const { setDefaultCredentials, basicAuth } = require('./util'); const { setDefaultCredentials, basicAuth } = require('./util');
@ -38,6 +39,34 @@ function safeShutdownGuard(req, res, next) {
// express // express
app.use(safeShutdownGuard); app.use(safeShutdownGuard);
app.use(session); app.use(session);
//just respond with success for healthchecker no matter what the ip addess is
app.get('/status', function (req, res) {
res.status(200).send('success');
});
app.get('/headers', function (req, res) {
console.log("request");
console.log(req);
console.log("headers");
console.log(req.headers);
res.status(200).send('success');
});
//restrict access to anything else via ip addresses based on x-forwarded for
//@todo create environment var to determin to used this or the general req header
if(config.ipfilter.allowed_ips.length > 0){
console.log("using ip filter");
let clientIp = function(req, res) {
return req.headers['x-forwarded-for'] ? (req.headers['x-forwarded-for']).split(',')[0] : "";
};
app.use(
ipFilter({
detectIp: clientIp,
forbidden: 'You are not authorized to access this page.',
filter: config.ipfilter.allowed_ips,
})
);
}
if (config.accesslog) app.use(logger('common')); if (config.accesslog) app.use(logger('common'));
app.disable('x-powered-by'); app.disable('x-powered-by');
app.use(favicon(path.join(publicPath, 'favicon.ico'))); app.use(favicon(path.join(publicPath, 'favicon.ico')));

8
app/server/config.js
View file

@ -38,7 +38,10 @@ const configDefault = {
setHeaders(res) { setHeaders(res) {
res.set('x-timestamp', Date.now()); res.set('x-timestamp', Date.now());
}, },
}, }
},
ipfilter: {
allowed_ips: [],
}, },
user: { user: {
name: null, name: null,
@ -133,4 +136,7 @@ if (process.env.SOCKETIO_PATH) config.socketio.path = process.env.SOCKETIO_PATH;
if (process.env.SOCKETIO_SERVECLIENT) if (process.env.SOCKETIO_SERVECLIENT)
config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT; config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT;
if (process.env.ALLOWED_IP_ADDRESSES)
config.ipfilter.allowed_ips.push(process.env.ALLOWED_IP_ADDRESSES.split(" "))
module.exports = config; module.exports = config;

64
image-build-upload.sh Executable file
View file

@ -0,0 +1,64 @@
#!/bin/bash
####################################
#
# This script will build and upload a container to ECR
# flags --package-path | -p path to the package, default to pwd
# --checks-only | -c if = 1 will just check the registry if the package exists or not
####################################
RUSI_AWS_ECR_ACCOUNT_ID="615693933970"
REPO_NAME="rusi-web-gatsby-devops-ops"
IMAGE_VERSION="latest"
REQ_BUILD=0 #we check local repo to see if image already exists
REQ_UPLOAD=0 #we check the ecr repo to see if already exists
echo "Authenticating with AWS ECR."
AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account)
if [[ -z "$AWS_ACCOUNT_ID" ]]; then
echo "Unable to get AWS account ID."
exit 1
fi
if [[ "${AWS_ACCOUNT_ID}" != "${RUSI_AWS_ECR_ACCOUNT_ID}" ]]; then
echo "You're not logged in to the RUSI aws account."
exit 1
fi
echo "Checking if repository exists"
#note, we are calling the repository for a given image the same name as the image
#create the repository if it doesn't exist
aws ecr describe-repositories --repository-names "${REPO_NAME}" || aws ecr create-repository --repository-name "${REPO_NAME}"
#check to see if the image version already exists in the repo
echo "Checking if image version already exists in ECR"
if [ -z $(aws ecr list-images --repository-name "${REPO_NAME}" --query imageIds[?imageTag==\'"${IMAGE_VERSION}"\'].imageTag --output text) ];then
echo "The container will need uploading"
REQ_UPLOAD="1"
fi
#Forcing until we have unique image versions in place
REQ_UPLOAD="1"
#no need to go any further if image version already in registry
if [ "${REQ_UPLOAD}" == "0" ]; then
echo "Image version ${IMAGE_VERSION} already in Registry, exiting"
exit 0
fi
echo "Local ${REPO_NAME}:${IMAGE_VERSION} does not exist, building..."
docker build -t ${REPO_NAME}:${IMAGE_VERSION} . --no-cache
#upload the image into ECR
aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com" &> /dev/null
ECR_IMAGE="${AWS_ACCOUNT_ID}.dkr.ecr.eu-west-1.amazonaws.com/${REPO_NAME}:${IMAGE_VERSION}"
echo "Pushing container to ECR"
docker tag "${REPO_NAME}:${IMAGE_VERSION}" $ECR_IMAGE
if ! docker push $ECR_IMAGE; then
echo "Unable to push container to ECR"
exit 1
fi