fix: subnet unauthorized now emits "ssherror" which persists across w…

…ebsocket termination
billchurch · Nov 23, 2019 · e796f9f · e796f9f
1 parent 16a27ce
commit e796f9f
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 9 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,4 +1,8 @@
 # Change Log
+### 0.3.0 [TBD]
+### Added
+- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
+
 ### 0.2.9 [2019-06-13]
 ### Changes
 - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)

diff --git a/app/package.json b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "webssh2",
-  "version": "0.2.10-0",
+  "version": "0.2.10-1",
   "ignore": [
     ".gitignore"
   ],

diff --git a/app/server/socket.js b/app/server/socket.js
@@ -28,8 +28,10 @@ module.exports = function socket (socket) {
   if ( (((socket.request.session || {}).ssh || {}).allowedSubnets || {}).length && ( socket.request.session.ssh.allowedSubnets.length > 0 ) )  {
     var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets);
     if (!matcher.contains(socket.request.session.ssh.host)) {
-      socket.emit('401 UNAUTHORIZED')
-      debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED')
+      console.log('WebSSH2 ' + 'error: Requested host outside configured subnets / REJECTED'.red.bold +
+      ' user=' + socket.request.session.username.yellow.bold.underline +
+      ' from=' + socket.handshake.address.yellow.bold.underline)
+      socket.emit('ssherror', '401 UNAUTHORIZED')
       socket.disconnect(true)
       return
     }

diff --git a/scripts/ver.sh b/scripts/ver.sh
@@ -7,10 +7,10 @@ source ./scripts/util.sh
 
 echo
 # get current version of workspace, ask to change or rebuild
-webssh_ilx_ver=$(jq -r ".version" ./workspace/extensions/webssh2/package.json 2>&1)
-if [[ $? -ne 0 ]]; then exit; echo "error reading ILX irule version";fi
+webssh_ver=$(jq -r ".version" ./app/package.json 2>&1)
+if [[ $? -ne 0 ]]; then exit; echo "error reading package version";fi
 
-echo "Current version of $webssh_workspace_name is: $webssh_ilx_ver"
+echo "Current version of package is: $webssh_ver"
 
 echo -n "If you want to change this version, enter it now otherwise press enter to retain: "
 
@@ -19,11 +19,11 @@ read newver
 echo
 
 if [[ ("$newver" != "") ]]; then
-  echo "Updating version of ILX to: $newver"
+  echo "Updating version of package to: $newver"
   export newver
-  jq --arg newver "$newver" '.version = $newver' < ./workspace/extensions/webssh2/package.json > ./workspace/extensions/webssh2/package.json.new 
+  jq --arg newver "$newver" '.version = $newver' < ./app/package.json > ./app/package.json.new 
   if [[ $? -ne 0 ]]; then exit; echo "error changing version - ilx";fi
-  mv ./workspace/extensions/webssh2/package.json.new ./workspace/extensions/webssh2/package.json
+  mv ./app/package.json.new ./app/package.json
 else
   echo "No changes made"
 fi