From 0eabf9ad63237730b1d96d39f04e2a50a4f6de81 Mon Sep 17 00:00:00 2001 From: Kostas Lekkas Date: Tue, 15 Mar 2016 14:26:27 +0200 Subject: [PATCH 1/2] Drop support for port 4200 --- CHANGELOG.md | 1 + src/connect-proxy/device.coffee | 2 +- test/app.coffee | 28 ++++++++++++++-------------- test/connect-proxy/device.coffee | 7 ------- 4 files changed, 16 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d723c56..d1db413e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ +* Remove device port 4200 from web access whitelist [External] [Kostas] * Updated dependencies [Internal] [Page] * Reduce noise in logs [Internal] [Kostas] * Always restart resin-vpn.service if process exits or is killed. [Internal] [Kostas] diff --git a/src/connect-proxy/device.coffee b/src/connect-proxy/device.coffee index 23d8b54a..9697966c 100644 --- a/src/connect-proxy/device.coffee +++ b/src/connect-proxy/device.coffee @@ -6,7 +6,7 @@ _ = require 'lodash' platformEndpoint = url.resolve("https://#{process.env.RESIN_API_HOST}", '/ewa/') resinApi = new PlatformApi(platformEndpoint) -DEVICE_WEB_PORTS = [ 80, 8080, 4200 ] +DEVICE_WEB_PORTS = [ 80, 8080 ] API_USERNAME = 'resin_api' API_KEY = process.env.VPN_SERVICE_API_KEY diff --git a/test/app.coffee b/test/app.coffee index f2403157..bff1a7f3 100644 --- a/test/app.coffee +++ b/test/app.coffee @@ -163,19 +163,19 @@ describe 'VPN proxy', -> is_online: 1 ]) - it 'should allow port 4200 without authentication', (done) -> + it 'should allow port 8080 without authentication', (done) -> server = http.createServer (req, res) -> res.writeHead(200, 'Content-type': 'text/plain') - res.end('hello from 4200') + res.end('hello from 8080') Promise.using vpnClient.connect({ user: 'user3', pass: 'pass' }), -> Promise.fromNode (cb) -> - server.listen(4200, cb) + server.listen(8080, cb) .then -> - requestAsync({ url: 'http://deadbeef.resin:4200/test', proxy: 'http://localhost:3128', tunnel: true }) + requestAsync({ url: 'http://deadbeef.resin:8080/test', proxy: 'http://localhost:3128', tunnel: true }) .spread (response, data) -> expect(response).to.have.property('statusCode').that.equals(200) - expect(data).to.equal('hello from 4200') + expect(data).to.equal('hello from 8080') .finally -> Promise.fromNode (cb) -> server.close(cb) @@ -186,39 +186,39 @@ describe 'VPN proxy', -> requestMock.register 'get', 'https://api.resindev.io/ewa/device', (args, cb) -> cb(null, { statusCode: 200 }, d: [ uuid: 'deadbeef', is_web_accessible: 0, is_online: 1 ]) - it 'should not allow port 4200 without authentication', (done) -> + it 'should not allow port 8080 without authentication', (done) -> server = http.createServer (req, res) -> res.writeHead(200, 'Content-type': 'text/plain') - res.end('hello from 4200') + res.end('hello from 8080') Promise.using vpnClient.connect({ user: 'user4', pass: 'pass' }), -> Promise.fromNode (cb) -> - server.listen(4200, cb) + server.listen(8080, cb) .then -> - connection = requestAsync({ url: 'http://deadbeef.resin:4200/test', proxy: 'http://localhost:3128', tunnel: true }) + connection = requestAsync({ url: 'http://deadbeef.resin:8080/test', proxy: 'http://localhost:3128', tunnel: true }) expect(connection).to.be.rejected .finally -> Promise.fromNode (cb) -> server.close(cb) .nodeify(done) - it 'should allow port 4200 with authentication', (done) -> + it 'should allow port 8080 with authentication', (done) -> server = http.createServer (req, res) -> res.writeHead(200, 'Content-type': 'text/plain') - res.end('hello from 4200') + res.end('hello from 8080') Promise.using vpnClient.connect({ user: 'user5', pass: 'pass' }), -> Promise.fromNode (cb) -> - server.listen(4200, cb) + server.listen(8080, cb) .then -> requestOpts = - url: 'http://deadbeef.resin:4200/test' + url: 'http://deadbeef.resin:8080/test' proxy: 'http://resin_api:test_api_key@localhost:3128' tunnel: true requestAsync(requestOpts) .spread (response, data) -> expect(response).to.have.property('statusCode').that.equals(200) - expect(data).to.equal('hello from 4200') + expect(data).to.equal('hello from 8080') .finally -> Promise.fromNode (cb) -> server.close(cb) diff --git a/test/connect-proxy/device.coffee b/test/connect-proxy/device.coffee index d9f6136c..9b60f398 100644 --- a/test/connect-proxy/device.coffee +++ b/test/connect-proxy/device.coffee @@ -90,13 +90,6 @@ describe 'isAccessible()', -> access = isAccessible(@mockDevice, 8080, null) expect(access).to.be.true - it 'should allow access on port 4200', -> - @mockDevice.is_web_accessible = true - access = isAccessible(@mockDevice, 4200, null) - expect(access).to.be.true -# isResinApi = auth?.username is API_USERNAME and auth?.password is API_KEY - - # exports.isAccessible = (device, port, auth) -> # isResinApi = auth?.username is API_USERNAME and auth?.password is API_KEY # isWebPort = _.contains(DEVICE_WEB_PORTS, parseInt(port)) From b94c61bf2e880d92f9ad361693c46cfefd8080b0 Mon Sep 17 00:00:00 2001 From: Kostas Lekkas Date: Tue, 15 Mar 2016 14:24:33 +0200 Subject: [PATCH 2/2] Fix typo --- test/connect-proxy/device.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/connect-proxy/device.coffee b/test/connect-proxy/device.coffee index 9b60f398..d7ff7bec 100644 --- a/test/connect-proxy/device.coffee +++ b/test/connect-proxy/device.coffee @@ -67,7 +67,7 @@ describe 'isAccessible()', -> username: 'resin_api' password: process.env.VPN_SERVICE_API_KEY - access = isAccessible(@mockDevice, 22, auth) + access = isAccessible(@mockDevice, 22222, auth) expect(access).to.be.true it 'should disallow access when device is inaccessible', ->