chore: refactor ./app/server/app.js

safeShutdown and setupSession
2021-05-20 12:47:20 -04:00 · 2021-05-20 12:47:20 -04:00 · df2a896139
commit df2a896139
parent dc3aa3f91f
5 changed files with 175 additions and 139 deletions
--- a/app/package-lock.json
+++ b/app/package-lock.json
@ -6357,6 +6357,14 @@
        "passport-strategy": "1.x.x"
      }
    },
    "passport-local": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/passport-local/-/passport-local-1.0.0.tgz",
      "integrity": "sha1-H+YyaMkudWBmJkN+O5BmYsFbpu4=",
      "requires": {
        "passport-strategy": "1.x.x"
      }
    },
    "passport-strategy": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
--- a/app/package.json
+++ b/app/package.json
@ -1,6 +1,6 @@
 {
  "name": "webssh2",
-  "version": "0.5.0-dev-0",
+  "version": "0.5.0-dev-1",
  "ignore": [
    ".gitignore"
  ],
@ -42,6 +42,7 @@
    "passport": "^0.4.1",
    "passport-custom": "^1.1.1",
    "passport-http": "^0.3.0",
    "passport-local": "^1.0.0",
    "read-config-ng": "^3.0.2",
    "serve-favicon": "^2.5.0",
    "socket.io": "^4.1.1",
--- a/app/server/app.js
+++ b/app/server/app.js
@ -1,6 +1,3 @@
 /* jshint esversion: 6, asi: true, node: true */
 /* eslint no-unused-expressions: ["error", { "allowShortCircuit": true, "allowTernary": true }],
   no-console: ["error", { allow: ["warn", "error"] }] */
 // app.js
 // eslint-disable-next-line import/order
@ -17,32 +14,27 @@ const logger = require('morgan');
 const passport = require('passport');
 const { BasicStrategy } = require('passport-http');
 const CustomStrategy = require('passport-custom').Strategy;
 const LocalStrategy = require('passport-local').Strategy;
 const app = express();
 const server = require('http').Server(app);
 const validator = require('validator');
 const favicon = require('serve-favicon');
 const io = require('socket.io')(server, {
  serveClient: false,
  path: '/ssh/socket.io',
  origins: config.http.origins,
 });
-const session = require('express-session')({
+const session = require('express-session')(config.session);
-  secret: config.session.secret,
+const { setupSession } = require('./setupSession');
  name: config.session.name,
  resave: false,
  saveUninitialized: false,
  unset: 'destroy',
 });
 const appSocket = require('./socket');
 const expressOptions = require('./expressOptions');
-const myutil = require('./util');
+const safeShutdown = require('./safeShutdown');
 // Static credentials strategy
 // when config.user.overridebasic is true, those credentials
 // are used instead of HTTP basic auth.
 passport.use(
-  'custom',
+  'overridebasic',
  new CustomStrategy((req, done) => {
    if (config.user.overridebasic) {
      const user = {
@ -72,31 +64,34 @@ passport.use(
  })
 );
-// safe shutdown
+// Local auth strategy
-let shutdownMode = false;
+// for taking credentials from GET/POST
-let shutdownInterval = 0;
+passport.use(
-let connectionCount = 0;
+  new LocalStrategy((username, password, done) => {
-// eslint-disable-next-line consistent-return
+    const user = {
-function safeShutdownGuard(req, res, next) {
+      username,
-  if (shutdownMode) {
+      password,
-    res.status(503).end('Service unavailable: Server shutting down');
+    };
-  } else {
+    debug(
-    return next();
+      `myAuth.name: ${username.yellow.bold.underline} and password ${
-  }
+        password ? 'exists'.yellow.bold.underline : 'is blank'.underline.red.bold
-}
+      }`
-// clean stop
+    );
-function stopApp(reason) {
+    return done(null, user);
-  shutdownMode = false;
+  })
-  // eslint-disable-next-line no-console
+);
-  if (reason) console.log(`Stopping: ${reason}`);
+
-  if (shutdownInterval) clearInterval(shutdownInterval);
+passport.serializeUser((user, done) => {
-  io.close();
+  done(null, user);
-  server.close();
+});
-}
+
 passport.deserializeUser((user, done) => {
  done(null, user);
 });
 module.exports = { server, config };
 // express
-app.use(safeShutdownGuard);
+app.use(safeShutdown.safeShutdownGuard);
 app.use(session);
 app.use(passport.initialize());
 app.use(passport.session());
@ -122,85 +117,23 @@ app.get('/ssh/reauth', (req, res) => {
    );
 });
-passport.serializeUser((user, done) => {
+// This route allows for collection of credentials from POST/GET
-  done(null, user);
+app.get(
-});
+  '/ssh/login/host/:host?',
  passport.authenticate(['overridebasic', 'local'], { session: true }),
  (req, res) => {
    setupSession(req, config);
    res.sendFile(path.join(path.join(publicPath, 'client.htm')));
  }
 );
-passport.deserializeUser((user, done) => {
+// This route allows for collection of credentials from HTTP Basic
  done(null, user);
 });
 // eslint-disable-next-line complexity
 app.get(
  '/ssh/host/:host?',
-  passport.authenticate(['custom', 'basic'], { session: true }),
+  passport.authenticate(['overridebasic', 'basic'], { session: true }),
  (req, res) => {
-    req.session.username = req.user.username;
+    setupSession(req, config);
    req.session.userpassword = req.user.password;
    res.sendFile(path.join(path.join(publicPath, 'client.htm')));
    // capture, assign, and validate variables
    req.session.ssh = {
      host:
        config.ssh.host ||
        (validator.isIP(`${req.params.host}`) && req.params.host) ||
        (validator.isFQDN(req.params.host) && req.params.host) ||
        (/^(([a-z]|[A-Z]|[0-9]|[!^(){}\-_~])+)?\w$/.test(req.params.host) && req.params.host),
      port:
        (validator.isInt(`${req.query.port}`, { min: 1, max: 65535 }) && req.query.port) ||
        config.ssh.port,
      localAddress: config.ssh.localAddress,
      localPort: config.ssh.localPort,
      header: {
        name: req.query.header || config.header.text,
        background: req.query.headerBackground || config.header.background,
      },
      algorithms: config.algorithms,
      keepaliveInterval: config.ssh.keepaliveInterval,
      keepaliveCountMax: config.ssh.keepaliveCountMax,
      allowedSubnets: config.ssh.allowedSubnets,
      term:
        (/^(([a-z]|[A-Z]|[0-9]|[!^(){}\-_~])+)?\w$/.test(req.query.sshterm) && req.query.sshterm) ||
        config.ssh.term,
      terminal: {
        cursorBlink: validator.isBoolean(`${req.query.cursorBlink}`)
          ? myutil.parseBool(req.query.cursorBlink)
          : config.terminal.cursorBlink,
        scrollback:
          validator.isInt(`${req.query.scrollback}`, { min: 1, max: 200000 }) &&
          req.query.scrollback
            ? req.query.scrollback
            : config.terminal.scrollback,
        tabStopWidth:
          validator.isInt(`${req.query.tabStopWidth}`, { min: 1, max: 100 }) &&
          req.query.tabStopWidth
            ? req.query.tabStopWidth
            : config.terminal.tabStopWidth,
        bellStyle:
          req.query.bellStyle && ['sound', 'none'].indexOf(req.query.bellStyle) > -1
            ? req.query.bellStyle
            : config.terminal.bellStyle,
      },
      allowreplay:
        config.options.challengeButton ||
        (validator.isBoolean(`${req.headers.allowreplay}`)
          ? myutil.parseBool(req.headers.allowreplay)
          : false),
      allowreauth: config.options.allowreauth || false,
      mrhsession:
        validator.isAlphanumeric(`${req.headers.mrhsession}`) && req.headers.mrhsession
          ? req.headers.mrhsession
          : 'none',
      serverlog: {
        client: config.serverlog.client || false,
        server: config.serverlog.server || false,
      },
      readyTimeout:
        (validator.isInt(`${req.query.readyTimeout}`, { min: 1, max: 300000 }) &&
          req.query.readyTimeout) ||
        config.ssh.readyTimeout,
    };
    if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name);
    if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background);
  }
 );
@ -220,41 +153,17 @@ io.on('connection', appSocket);
 // socket.io
 // expose express session with socket.request.session
 io.use((socket, next) => {
-  socket.request.res ? session(socket.request, socket.request.res, next) : next(next); // eslint disable-line
+  socket.request.res ? session(socket.request, socket.request.res, next) : next(next);
 });
 io.on('connection', (socket) => {
  connectionCount += 1;
  socket.on('disconnect', () => {
-    connectionCount -= 1;
+    if (io.of('/').sockets.size <= 1 && safeShutdown.shutdownMode) {
-    if (connectionCount <= 0 && shutdownMode) {
+      safeShutdown.stopApp(io, server, 'All clients disconnected');
      stopApp('All clients disconnected');
    }
  });
 });
 // trap SIGTERM and SIGINT (CTRL-C) and handle shutdown gracefully
 const signals = ['SIGTERM', 'SIGINT'];
-signals.forEach((signal) =>
+signals.forEach((signal) => process.on(signal, () => safeShutdown.doShutdown(io, server, config)));
  process.on(signal, () => {
    if (shutdownMode) stopApp('Safe shutdown aborted, force quitting');
    else if (connectionCount > 0) {
      let remainingSeconds = config.safeShutdownDuration;
      shutdownMode = true;
      const message =
        connectionCount === 1 ? ' client is still connected' : ' clients are still connected';
      console.error(connectionCount + message);
      console.error(`Starting a ${remainingSeconds} seconds countdown`);
      console.error('Press Ctrl+C again to force quit');
      shutdownInterval = setInterval(() => {
        remainingSeconds -= 1;
        if (remainingSeconds <= 0) {
          stopApp('Countdown is over');
        } else {
          io.sockets.emit('shutdownCountdownUpdate', remainingSeconds);
        }
      }, 1000);
    } else stopApp();
  })
 );
--- a/app/server/safeShutdown.js
+++ b/app/server/safeShutdown.js
@ -0,0 +1,47 @@
 // safeShutdown.js
 // safe shutdown
 let shutdownMode = false;
 let shutdownInterval = 0;
 // eslint-disable-next-line consistent-return
 exports.safeShutdownGuard = (req, res, next) => {
  if (shutdownMode) {
    res.status(503).end('Service unavailable: Server shutting down');
  } else {
    return next();
  }
 };
 // clean stop
 const stopApp = (io, server, reason) => {
  shutdownMode = false;
  // eslint-disable-next-line no-console
  if (reason) console.log(`Stopping: ${reason}`);
  if (shutdownInterval) clearInterval(shutdownInterval);
  return process.exit(0);
 };
 exports.doShutdown = (io, server, config) => {
  if (shutdownMode) stopApp(io, server, 'Safe shutdown aborted, force quitting');
  else if (io.of('/').sockets.size > 0) {
    let remainingSeconds = config.safeShutdownDuration;
    shutdownMode = true;
    const message =
      io.of('/').sockets.size === 1 ? ' client is still connected' : ' clients are still connected';
    console.error(io.of('/').sockets.size + message);
    console.error(`Starting a ${remainingSeconds} seconds countdown`);
    console.error('Press Ctrl+C again to force quit');
    shutdownInterval = setInterval(() => {
      remainingSeconds -= 1;
      if (remainingSeconds <= 0) {
        console.error('shutdown remaining seconds 0');
        stopApp('Countdown is over');
      } else {
        io.sockets.emit('shutdownCountdownUpdate', remainingSeconds);
      }
    }, 1000);
  } else stopApp(io, server);
 };
 exports.stopApp = stopApp;
 exports.shutdownMode = shutdownMode;
--- a/app/server/setupSession.js
+++ b/app/server/setupSession.js
@ -0,0 +1,71 @@
 // setupSession.js
 const validator = require('validator');
 const myutil = require('./util');
 // private
 // capture, assign, and validate variables for later use
 exports.setupSession = function setupSession(req, config) {
  req.session.username = req.user.username;
  req.session.userpassword = req.user.password;
  req.session.ssh = {
    host:
      config.ssh.host ||
      (validator.isIP(`${req.params.host}`) && req.params.host) ||
      (validator.isFQDN(req.params.host) && req.params.host) ||
      (/^(([a-z]|[A-Z]|[0-9]|[!^(){}\-_~])+)?\w$/.test(req.params.host) && req.params.host),
    port:
      (validator.isInt(`${req.query.port}`, { min: 1, max: 65535 }) && req.query.port) ||
      config.ssh.port,
    localAddress: config.ssh.localAddress,
    localPort: config.ssh.localPort,
    header: {
      name: req.query.header || config.header.text,
      background: req.query.headerBackground || config.header.background,
    },
    algorithms: config.algorithms,
    keepaliveInterval: config.ssh.keepaliveInterval,
    keepaliveCountMax: config.ssh.keepaliveCountMax,
    allowedSubnets: config.ssh.allowedSubnets,
    term:
      (/^(([a-z]|[A-Z]|[0-9]|[!^(){}\-_~])+)?\w$/.test(req.query.sshterm) && req.query.sshterm) ||
      config.ssh.term,
    terminal: {
      cursorBlink: validator.isBoolean(`${req.query.cursorBlink}`)
        ? myutil.parseBool(req.query.cursorBlink)
        : config.terminal.cursorBlink,
      scrollback:
        validator.isInt(`${req.query.scrollback}`, { min: 1, max: 200000 }) && req.query.scrollback
          ? req.query.scrollback
          : config.terminal.scrollback,
      tabStopWidth:
        validator.isInt(`${req.query.tabStopWidth}`, { min: 1, max: 100 }) && req.query.tabStopWidth
          ? req.query.tabStopWidth
          : config.terminal.tabStopWidth,
      bellStyle:
        req.query.bellStyle && ['sound', 'none'].indexOf(req.query.bellStyle) > -1
          ? req.query.bellStyle
          : config.terminal.bellStyle,
    },
    allowreplay:
      config.options.challengeButton ||
      (validator.isBoolean(`${req.headers.allowreplay}`)
        ? myutil.parseBool(req.headers.allowreplay)
        : false),
    allowreauth: config.options.allowreauth || false,
    mrhsession:
      validator.isAlphanumeric(`${req.headers.mrhsession}`) && req.headers.mrhsession
        ? req.headers.mrhsession
        : 'none',
    serverlog: {
      client: config.serverlog.client || false,
      server: config.serverlog.server || false,
    },
    readyTimeout:
      (validator.isInt(`${req.query.readyTimeout}`, { min: 1, max: 300000 }) &&
        req.query.readyTimeout) ||
      config.ssh.readyTimeout,
  };
  if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name);
  if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background);
 };