chore: big-ip specific release v0.2.11

ChangeLog.md

@@ -1,4 +1,20 @@
 # Change Log
+## [0.2.11] 2020-05-12
+BIG-IP Specific version
+### BREAKING
+- Not compatible with versions of ephemeral_auth before 0.4.8 due to child resources moving under /ssh
+### Changes
+- in `config.json.sample` - `allowreauth` set to `false` by default
+- in `config.json.sample` - potential future proofing for CORS support `http.origins`
+- `ssh` module updated to 0.8.9
+- Move all child resources to start from under /ssh
+  - /socket.io -> /ssh/socket.io
+  - /webssh2.css -> /ssh/webssh2.css
+  - /webssh2.bundle.js -> /ssh/webssh2.bundle.js
+  - /reauth -> /ssh/reauth
+  - perhaps more
+
+## [0.2.10] not actually released
 ## [0.2.9] 2019-06-13
 ### Changes
 - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)

README.md

@@ -86,6 +86,8 @@ docker run --name webssh2 -d -p 2222:2222 webssh2
 
 * **listen.port** - _integer_ - Port node should listen on for client connections, defaults to `2222`
 
+* **http.origins** - _array_ - COORS origins to allow connections from to socket.io server, defaults to `localhost:2222`. Changed in 0.3.1, to enable previous, less secure, default behavior of everything use `*:*` (not recommended). Check [#240](../../issues/240)
+
 * **user.name** - _string_ - Specify user name to authenticate with. In normal cases this should be left to the default `null` setting.
 
 * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.

app/client/public/client.htm

@@ -5,7 +5,7 @@
   <style>
     html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
   </style>
-  <link rel="stylesheet" href="/webssh2.css" />
+  <link rel="stylesheet" href="/ssh/webssh2.css" />
 </head>
 <body>
   <div class="box">
@@ -20,6 +20,6 @@
       <div id="status"></div>
     </div>
   </div>
-<script src="/webssh2.bundle.js" defer></script>
+<script src="/ssh/webssh2.bundle.js" defer></script>
 </body>
 </html>

app/client/src/client.htm

@@ -5,7 +5,7 @@
   <style>
     html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
   </style>
-  <link rel="stylesheet" href="/webssh2.css" />
+  <link rel="stylesheet" href="/ssh/webssh2.css" />
 </head>
 <body>
   <div class="box">
@@ -20,6 +20,6 @@
       <div id="status"></div>
     </div>
   </div>
-<script src="/webssh2.bundle.js" defer></script>
+<script src="/ssh/webssh2.bundle.js" defer></script>
 </body>
 </html>

app/client/src/js/index.js

@@ -38,16 +38,9 @@ function resizeScreen () {
   socket.emit('resize', { cols: term.cols, rows: term.rows })
 }
 
-if (document.location.pathname) {
+socket = io.connect({
-  var parts = document.location.pathname.split('/')
+  path: '/ssh/socket.io'
-  var base = parts.slice(0, parts.length - 1).join('/') + '/'
+})
-  var resource = base.substring(1) + 'socket.io'
-  socket = io.connect(null, {
-    resource: resource
-  })
-} else {
-  socket = io.connect()
-}
 
 term.on('data', function (data) {
   socket.emit('data', data)
@@ -171,7 +164,7 @@ function drawMenu (data) {
 // reauthenticate
 function reauthSession () { // eslint-disable-line
   console.log('re-authenticating')
-  window.location.href = '/reauth'
+  window.location.href = '/ssh/reauth'
   return false
 }
 

app/config.json.sample

@@ -3,6 +3,9 @@
     "ip": "0.0.0.0",
     "port": 2222
   },
+  "http": {
+    "origins": ["*:*"]
+  },
   "user": {
     "name": null,
     "password": null
@@ -31,7 +34,7 @@
   },
   "options": {
     "challengeButton": true,
-    "allowreauth": true
+    "allowreauth": false
   },
   "algorithms": {
     "kex": [

app/package.json

@@ -1,13 +1,18 @@
 {
   "name": "webssh2",
-  "version": "0.2.9",
+  "version": "0.2.11",
   "ignore": [
     ".gitignore"
   ],
   "bin": "./index.js",
   "description": "A Websocket to SSH2 gateway using term.js, socket.io, ssh2, and express",
   "homepage": "https://github.com/billchurch/WebSSH2",
-  "keywords": "ssh webssh terminal webterminal",
+  "keywords": [
+    "ssh",
+    "webssh",
+    "terminal",
+    "webterminal"
+  ],
   "license": "SEE LICENSE IN FILE - LICENSE",
   "private": false,
   "repository": {
@@ -35,8 +40,9 @@
     "express-session": "~1.15.6",
     "morgan": "~1.9.1",
     "read-config": "git+https://github.com/billchurch/nodejs-read-config.git",
+    "serve-favicon": "~2.5.0",
     "socket.io": "~2.2.0",
-    "ssh2": "~0.6.1",
+    "ssh2": "~0.8.9",
     "validator": "~10.9.0"
   },
   "scripts": {

app/server/app.js

@@ -13,49 +13,52 @@ var logger = require('morgan')
 
 // sane defaults if config.json or parts are missing
 let config = {
-  'listen': {
+  listen: {
-    'ip': '0.0.0.0',
+    ip: '0.0.0.0',
-    'port': 2222
+    port: 2222
   },
-  'user': {
+  http: {
-    'name': null,
+    origins: ['*:*']
-    'password': null
   },
-  'ssh': {
+  user: {
-    'host': null,
+    name: null,
-    'port': 22,
+    password: null
-    'term': 'xterm-color',
-    'readyTimeout': 20000,
-    'keepaliveInterval': 120000,
-    'keepaliveCountMax': 10
   },
-  'terminal': {
+  ssh: {
-    'cursorBlink': true,
+    host: null,
-    'scrollback': 10000,
+    port: 22,
-    'tabStopWidth': 8,
+    term: 'xterm-color',
-    'bellStyle': 'sound'
+    readyTimeout: 20000,
+    keepaliveInterval: 120000,
+    keepaliveCountMax: 10
   },
-  'header': {
+  terminal: {
-    'text': null,
+    cursorBlink: true,
-    'background': 'green'
+    scrollback: 10000,
+    tabStopWidth: 8,
+    bellStyle: 'sound'
   },
-  'session': {
+  header: {
-    'name': 'WebSSH2',
+    text: null,
-    'secret': 'mysecret'
+    background: 'green'
   },
-  'options': {
+  session: {
-    'challengeButton': true,
+    name: 'WebSSH2',
-    'allowreauth': true
+    secret: 'mysecret'
   },
-  'algorithms': {
+  options: {
-    'kex': [
+    challengeButton: true,
+    allowreauth: true
+  },
+  algorithms: {
+    kex: [
       'ecdh-sha2-nistp256',
       'ecdh-sha2-nistp384',
       'ecdh-sha2-nistp521',
       'diffie-hellman-group-exchange-sha256',
       'diffie-hellman-group14-sha1'
     ],
-    'cipher': [
+    cipher: [
       'aes128-ctr',
       'aes192-ctr',
       'aes256-ctr',
@@ -65,23 +68,23 @@ let config = {
       'aes256-gcm@openssh.com',
       'aes256-cbc'
     ],
-    'hmac': [
+    hmac: [
       'hmac-sha2-256',
       'hmac-sha2-512',
       'hmac-sha1'
     ],
-    'compress': [
+    compress: [
       'none',
       'zlib@openssh.com',
       'zlib'
     ]
   },
-  'serverlog': {
+  serverlog: {
-    'client': false,
+    client: false,
-    'server': false
+    server: false
   },
-  'accesslog': false,
+  accesslog: false,
-  'verify': false
+  verify: false
 }
 
 // test if config.json exists, if not provide error message but try to run
@@ -112,9 +115,10 @@ var compression = require('compression')
 var server = require('http').Server(app)
 var myutil = require('./util')
 var validator = require('validator')
-var io = require('socket.io')(server, { serveClient: false })
+var io = require('socket.io')(server, { serveClient: false, path: '/ssh/socket.io', origins: config.http.origins })
 var socket = require('./socket')
 var expressOptions = require('./expressOptions')
+var favicon = require('serve-favicon')
 
 // express
 app.use(compression({ level: 9 }))
@@ -124,13 +128,18 @@ if (config.accesslog) app.use(logger('common'))
 app.disable('x-powered-by')
 
 // static files
-app.use(express.static(publicPath, expressOptions))
+app.use('/ssh', express.static(publicPath, expressOptions))
+// app.use(express.static(publicPath, expressOptions))
 
-app.get('/reauth', function (req, res, next) {
+// favicon from root if being pre-fetched by browser to prevent a 404
+app.use(favicon(path.join(publicPath,'favicon.ico')))
+
+app.get('/ssh/reauth', function (req, res, next) {
   var r = req.headers.referer || '/'
   res.status(401).send('<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; url=' + r + '"></head><body bgcolor="#000"></body></html>')
 })
 
+// eslint-disable-next-line complexity
 app.get('/ssh/host/:host?', function (req, res, next) {
   res.sendFile(path.join(path.join(publicPath, 'client.htm')))
   // capture, assign, and validated variables