From ce579781e8f53a0191f2108d86151440fb117609 Mon Sep 17 00:00:00 2001 From: Matt Oswalt Date: Sat, 23 Nov 2019 01:02:24 -0800 Subject: [PATCH] Move to cidr-matcher Signed-off-by: Matt Oswalt --- app/package.json | 2 +- app/server/socket.js | 21 +++++++-------------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/app/package.json b/app/package.json index 7f84d34..82545ab 100644 --- a/app/package.json +++ b/app/package.json @@ -42,7 +42,7 @@ "xterm-addon-fit": "^0.3.0", "xterm-addon-search": "^0.3.0", "xterm-addon-web-links": "^0.2.1", - "netmask": "1.0.6" + "cidr-matcher": "2.1.1" }, "scripts": { "start": "node index.js", diff --git a/app/server/socket.js b/app/server/socket.js index e123776..a91584c 100644 --- a/app/server/socket.js +++ b/app/server/socket.js @@ -6,7 +6,7 @@ var debug = require('debug') var debugWebSSH2 = require('debug')('WebSSH2') var SSH = require('ssh2').Client -var Netmask = require('netmask').Netmask +var CIDRMatcher = require('cidr-matcher'); // var fs = require('fs') // var hostkeys = JSON.parse(fs.readFileSync('./hostkeyhashes.json', 'utf8')) var termCols, termRows @@ -25,19 +25,12 @@ module.exports = function socket (socket) { // If configured, check that requsted host is in a permitted subnet if (socket.request.session.ssh.allowedSubnets.length > 0) { - var permitted = false; - for (const subnet of socket.request.session.ssh.allowedSubnets) { - var subnetBlock = new Netmask(subnet); - if (subnetBlock.contains(socket.request.session.ssh.host)) { - permitted = true; - break; - } - } - if (!permitted) { - socket.emit('401 UNAUTHORIZED') - debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED') - socket.disconnect(true) - return + var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets); + if (!matcher.contains(socket.request.session.ssh.host)) { + socket.emit('401 UNAUTHORIZED') + debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED') + socket.disconnect(true) + return } }