Move to cidr-matcher

Signed-off-by: Matt Oswalt <matt@keepingitclassless.net>

app/package.json

@@ -42,7 +42,7 @@
     "xterm-addon-fit": "^0.3.0",
     "xterm-addon-search": "^0.3.0",
     "xterm-addon-web-links": "^0.2.1",
-    "netmask": "1.0.6"
+    "cidr-matcher": "2.1.1"
   },
   "scripts": {
     "start": "node index.js",

app/server/socket.js

@@ -6,7 +6,7 @@
 var debug = require('debug')
 var debugWebSSH2 = require('debug')('WebSSH2')
 var SSH = require('ssh2').Client
-var Netmask = require('netmask').Netmask
+var CIDRMatcher = require('cidr-matcher');
 // var fs = require('fs')
 // var hostkeys = JSON.parse(fs.readFileSync('./hostkeyhashes.json', 'utf8'))
 var termCols, termRows
@@ -25,19 +25,12 @@ module.exports = function socket (socket) {
 
   // If configured, check that requsted host is in a permitted subnet
   if (socket.request.session.ssh.allowedSubnets.length > 0) {
-    var permitted = false;
+    var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets);
-    for (const subnet of socket.request.session.ssh.allowedSubnets) {
+    if (!matcher.contains(socket.request.session.ssh.host)) {
-      var subnetBlock = new Netmask(subnet);
+      socket.emit('401 UNAUTHORIZED')
-      if (subnetBlock.contains(socket.request.session.ssh.host)) {
+      debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED')
-        permitted = true;
+      socket.disconnect(true)
-        break;
+      return
-      }
-    }
-    if (!permitted) {
-        socket.emit('401 UNAUTHORIZED')
-        debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED')
-        socket.disconnect(true)
-        return
     }
   }