From e796f9fb5874d6557433f25e8976b7aa58fa8144 Mon Sep 17 00:00:00 2001
From: Bill Church <wmchurch@gmail.com>
Date: Sat, 23 Nov 2019 09:00:28 -0500
Subject: [PATCH] fix: subnet unauthorized now emits "ssherror" which persists
 across websocket termination

---
 ChangeLog.md         |  4 ++++
 app/package.json     |  2 +-
 app/server/socket.js |  6 ++++--
 scripts/ver.sh       | 12 ++++++------
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index c2ebc13..778172c 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,4 +1,8 @@
 # Change Log
+### 0.3.0 [TBD]
+### Added
+- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
+
 ### 0.2.9 [2019-06-13]
 ### Changes
 - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
diff --git a/app/package.json b/app/package.json
index 82545ab..d818522 100644
--- a/app/package.json
+++ b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "webssh2",
-  "version": "0.2.10-0",
+  "version": "0.2.10-1",
   "ignore": [
     ".gitignore"
   ],
diff --git a/app/server/socket.js b/app/server/socket.js
index 31e98d7..da880f8 100644
--- a/app/server/socket.js
+++ b/app/server/socket.js
@@ -28,8 +28,10 @@ module.exports = function socket (socket) {
   if ( (((socket.request.session || {}).ssh || {}).allowedSubnets || {}).length && ( socket.request.session.ssh.allowedSubnets.length > 0 ) )  {
     var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets);
     if (!matcher.contains(socket.request.session.ssh.host)) {
-      socket.emit('401 UNAUTHORIZED')
-      debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED')
+      console.log('WebSSH2 ' + 'error: Requested host outside configured subnets / REJECTED'.red.bold +
+      ' user=' + socket.request.session.username.yellow.bold.underline +
+      ' from=' + socket.handshake.address.yellow.bold.underline)
+      socket.emit('ssherror', '401 UNAUTHORIZED')
       socket.disconnect(true)
       return
     }
diff --git a/scripts/ver.sh b/scripts/ver.sh
index 72101c3..9602899 100755
--- a/scripts/ver.sh
+++ b/scripts/ver.sh
@@ -7,10 +7,10 @@ source ./scripts/util.sh
 
 echo
 # get current version of workspace, ask to change or rebuild
-webssh_ilx_ver=$(jq -r ".version" ./workspace/extensions/webssh2/package.json 2>&1)
-if [[ $? -ne 0 ]]; then exit; echo "error reading ILX irule version";fi
+webssh_ver=$(jq -r ".version" ./app/package.json 2>&1)
+if [[ $? -ne 0 ]]; then exit; echo "error reading package version";fi
 
-echo "Current version of $webssh_workspace_name is: $webssh_ilx_ver"
+echo "Current version of package is: $webssh_ver"
 
 echo -n "If you want to change this version, enter it now otherwise press enter to retain: "
 
@@ -19,11 +19,11 @@ read newver
 echo
 
 if [[ ("$newver" != "") ]]; then
-  echo "Updating version of ILX to: $newver"
+  echo "Updating version of package to: $newver"
   export newver
-  jq --arg newver "$newver" '.version = $newver' < ./workspace/extensions/webssh2/package.json > ./workspace/extensions/webssh2/package.json.new 
+  jq --arg newver "$newver" '.version = $newver' < ./app/package.json > ./app/package.json.new 
   if [[ $? -ne 0 ]]; then exit; echo "error changing version - ilx";fi
-  mv ./workspace/extensions/webssh2/package.json.new ./workspace/extensions/webssh2/package.json
+  mv ./app/package.json.new ./app/package.json
 else
   echo "No changes made"
 fi