feat: CORS support

Support setting origins for socket.io, fixes #240

README.md

@@ -99,6 +99,8 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf
 
 * **listen.port** - _integer_ - Port node should listen on for client connections, defaults to `2222`
 
+* **http.origins** - _array_ - COORS origins to allow connections from to socket.io server, defaults to `localhost:2222`. Changed in 0.3.1, to enable previous, less secure, default behavior of everything use `*:*` (not recommended). Check [#240](../../issues/240)
+
 * **user.name** - _string_ - Specify user name to authenticate with. In normal cases this should be left to the default `null` setting.
 
 * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.

app/client/public/webssh2.bundle.js.LICENSE.txt

@@ -1,8 +1,12 @@
 /*!
- * The buffer module from node.js, for the browser.
- *
- * @author   Feross Aboukhadijeh <http://feross.org>
- * @license  MIT
+ * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com
+ * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
+ */
+
+/*!
+ * Socket.IO v2.2.0
+ * (c) 2014-2018 Guillermo Rauch
+ * Released under the MIT License.
  */
 
 /*! https://mths.be/utf8js v2.1.2 by @mathias */

app/client/public/webssh2.css

@@ -36,7 +36,6 @@
  */
 
 .xterm {
-    font-feature-settings: "liga" 0;
     position: relative;
     user-select: none;
     -ms-user-select: none;
@@ -59,10 +58,10 @@
 }
 
 .xterm .xterm-helper-textarea {
-    /*
-     * HACK: to fix IE's blinking cursor
-     * Move textarea out of the screen to the far left, so that the cursor is not visible.
-     */
+    padding: 0;
+    border: 0;
+    margin: 0;
+    /* Move textarea out of the screen to the far left, so that the cursor is not visible */
     position: absolute;
     opacity: 0;
     left: -9999em;
@@ -169,6 +168,7 @@
 .xterm-underline {
     text-decoration: underline;
 }
+
 body, html  {
   font-family: helvetica, sans-serif, arial;
   font-size: 1em;
@@ -316,3 +316,4 @@ body, html  {
 .dropup:hover .dropbtn {
     background-color: #3e8e41;
 }
+

app/client/src/js/index.js

@@ -1,6 +1,6 @@
 'use strict'
 
-import * as io from 'socket.io-client'
+import * as io from 'socket.io-client/dist/socket.io.slim'
 import { Terminal } from 'xterm'
 import { FitAddon } from 'xterm-addon-fit'
 /* import * as fit from 'xterm/dist/addons/fit/fit'

app/config.json.sample

@@ -3,6 +3,9 @@
     "ip": "0.0.0.0",
     "port": 2222
   },
+  "http": {
+    "origins": ["localhost:2222"]
+  },
   "user": {
     "name": null,
     "password": null,

app/package.json

@@ -35,20 +35,20 @@
     "basic-auth": "~2.0.1",
     "cidr-matcher": "2.1.1",
     "colors": "~1.4.0",
-    "debug": "^4.1.1",
+    "debug": "^4.3.1",
     "express": "~4.17.1",
-    "express-session": "~1.17.0",
-    "morgan": "~1.9.1",
-    "read-config-ng": "^3.0.1",
+    "express-session": "~1.17.1",
+    "morgan": "~1.10.0",
+    "read-config-ng": "^3.0.2",
     "serve-favicon": "^2.5.0",
-    "socket.io": "2.2.0",
-    "ssh2": "~0.8.8",
-    "validator": "^12.2.0"
+    "socket.io": "^2.2.0",
+    "ssh2": "~0.8.9",
+    "validator": "^13.6.0"
   },
   "scripts": {
     "start": "node index.js",
-    "build": "webpack --progress --colors --config scripts/webpack.prod.js",
-    "builddev": "webpack --progress --colors --config scripts/webpack.dev.js",
+    "build": "webpack --progress --config scripts/webpack.prod.js",
+    "builddev": "webpack --progress --config scripts/webpack.dev.js",
     "analyze": "webpack --json --config scripts/webpack.prod.js | webpack-bundle-size-analyzer",
     "test": "snyk test",
     "watch": "nodemon index.js",
@@ -67,29 +67,29 @@
     ]
   },
   "devDependencies": {
-    "terser-webpack-plugin": "^2.3.5",
-    "xterm-addon-fit": "^0.3.0",
-    "xterm-addon-search": "^0.5.0",
-    "xterm-addon-web-links": "^0.2.1",
-    "@fortawesome/fontawesome-svg-core": "^1.2.27",
-    "@fortawesome/free-solid-svg-icons": "^5.12.1",
+    "@fortawesome/fontawesome-svg-core": "^1.2.35",
+    "@fortawesome/free-solid-svg-icons": "^5.15.3",
     "clean-webpack-plugin": "^3.0.0",
-    "copy-webpack-plugin": "^5.1.1",
-    "cross-env": "^7.0.2",
-    "css-loader": "^3.4.2",
-    "extract-text-webpack-plugin": "^4.0.0-beta.0",
-    "file-loader": "^5.1.0",
+    "copy-webpack-plugin": "^8.1.1",
+    "cross-env": "^7.0.3",
+    "css-loader": "^5.2.4",
+    "file-loader": "^6.2.0",
+    "mini-css-extract-plugin": "^1.6.0",
     "nodaemon": "0.0.5",
-    "postcss-discard-comments": "^4.0.2",
-    "snazzy": "^8.0.0",
-    "standard": "^14.3.1",
-    "standard-version": "^8.0.1",
-    "style-loader": "^1.1.3",
-    "url-loader": "^3.0.0",
-    "webpack": "^4.42.0",
-    "webpack-cli": "^3.3.11",
-    "webpack-merge": "^4.2.2",
-    "webpack-stream": "^5.2.1",
-    "xterm": "^4.4.0"
+    "postcss-discard-comments": "^5.0.0",
+    "snazzy": "^9.0.0",
+    "standard": "^16.0.3",
+    "standard-version": "^9.3.0",
+    "style-loader": "^2.0.0",
+    "terser-webpack-plugin": "^5.1.1",
+    "url-loader": "^4.1.1",
+    "webpack": "^5.37.0",
+    "webpack-cli": "^4.7.0",
+    "webpack-merge": "^5.7.3",
+    "webpack-stream": "^6.1.2",
+    "xterm": "^4.12.0",
+    "xterm-addon-fit": "^0.5.0",
+    "xterm-addon-search": "^0.8.0",
+    "xterm-addon-web-links": "^0.4.0"
   }
 }

app/scripts/webpack.common.js

@@ -1,7 +1,7 @@
 const path = require('path')
 const { CleanWebpackPlugin } = require('clean-webpack-plugin')
 const CopyWebpackPlugin = require('copy-webpack-plugin')
-const ExtractTextPlugin = require('extract-text-webpack-plugin')
+const MiniCssExtractPlugin = require('mini-css-extract-plugin');
 module.exports = {
   context: path.resolve('__dirname', '../'),
   entry: {
@@ -9,11 +9,13 @@ module.exports = {
   },
   plugins: [
     new CleanWebpackPlugin(),
-    new CopyWebpackPlugin([
+    new CopyWebpackPlugin({
+      patterns: [
         './client/src/client.htm',
         './client/src/favicon.ico'
-    ]),
-    new ExtractTextPlugin('[name].css')
+      ]
+    }),
+    new MiniCssExtractPlugin()
   ],
   output: {
     filename: '[name].bundle.js',
@@ -23,14 +25,7 @@ module.exports = {
     rules: [
       {
         test: /\.css$/,
-        use: ExtractTextPlugin.extract({
-          fallback: 'style-loader',
-          use: [
-            {
-              loader: 'css-loader'
-            }
-          ]
-        })
+        use: [MiniCssExtractPlugin.loader, 'css-loader']
       }
     ]
   }

app/scripts/webpack.prod.js

@@ -1,13 +1,13 @@
 const TerserPlugin = require('terser-webpack-plugin')
-const merge = require('webpack-merge')
+const { merge } = require('webpack-merge')
 const common = require('./webpack.common.js')
 
 module.exports = merge(common, {
+  mode: 'production',
   optimization: {
     minimize: true,
     minimizer: [new TerserPlugin({
       terserOptions: {
-        parallel: 4,
         ie8: false,
         safari10: false
       }

app/server/app.js

@@ -17,6 +17,9 @@ let config = {
     ip: '0.0.0.0',
     port: 2222
   },
+  http: {
+    origins: ['localhost:2222']
+  },
   user: {
     name: null,
     password: null,
@@ -115,7 +118,7 @@ var server = require('http').Server(app)
 var myutil = require('./util')
 myutil.setDefaultCredentials(config.user.name, config.user.password, config.user.privatekey)
 var validator = require('validator')
-var io = require('socket.io')(server, { serveClient: false, path: '/ssh/socket.io' })
+var io = require('socket.io')(server, { serveClient: false, path: '/ssh/socket.io', origins: config.http.origins })
 var socket = require('./socket')
 var expressOptions = require('./expressOptions')
 var favicon = require('serve-favicon')