Update action-test.yml

* fix: set correct vars and cols property

* fix: add cols and rows to session.ssh property

* style: remove const assignment

---------

Co-authored-by: w-v <wtv@protonmail.ch>
Co-authored-by: bc 064 <87337961+bcvort@users.noreply.github.com>

.devcontainer/Dockerfile

@@ -1,16 +0,0 @@
-# [Choice] Node.js version (use -bullseye variants on local arm64/Apple Silicon): 18, 16, 14, 18-bullseye, 16-bullseye, 14-bullseye, 18-buster, 16-buster, 14-buster
-ARG VARIANT=16-bullseye
-FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:${VARIANT}
-
-# [Optional] Uncomment this section to install additional OS packages.
-# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-#     && apt-get -y install --no-install-recommends <your-package-list-here>
-
-RUN apt-get update && apt-get install gnupg2 -y
-
-# [Optional] Uncomment if you want to install an additional version of node using nvm
-# ARG EXTRA_NODE_VERSION=10
-# RUN su node -c "source /usr/local/share/nvm/nvm.sh && nvm install ${EXTRA_NODE_VERSION}"
-
-# [Optional] Uncomment if you want to install more global node packages
-# RUN su node -c "npm install -g <your-package-list -here>"

.devcontainer/devcontainer.json

@@ -1,22 +1,27 @@
 {
 	"name": "Node.js & TypeScript",
-	"build": {
-		"dockerfile": "Dockerfile",
-		// Update 'VARIANT' to pick a Node version: 18, 16, 14.
-		// Append -bullseye or -buster to pin to an OS version.
-		// Use -bullseye variants on local on arm64/Apple Silicon.
-		"args": { 
-			"VARIANT": "16-bullseye"
-		}
-	},
+	"image": "mcr.microsoft.com/devcontainers/base:jammy",
 
+	"mounts": [
+		"source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh/personal_id_rsa.pub,target=/home/vscode/.hostssh/id_rsa.pub,readonly,type=bind,consistency=cached"
+	],
+	"features": {
+		"ghcr.io/devcontainers-contrib/features/node-asdf:0": {},
+	},
 	// Configure tool-specific properties.
 	"customizations": {
 		// Configure properties specific to VS Code.
 		"vscode": {
 			// Add the IDs of extensions you want installed when the container is created.
 			"extensions": [
-				"dbaeumer.vscode-eslint"
+				"ms-vscode-remote.remote-containers",
+				"dbaeumer.vscode-eslint",
+				"GitHub.copilot",
+				"GitHub.copilot-chat",
+				"esbenp.prettier-vscode",
+				"rvest.vs-code-prettier-eslint",
+				"bierner.markdown-mermaid",
+				"stylelint.vscode-stylelint"
 			]
 		}
 	},
@@ -25,8 +30,8 @@
 	// "forwardPorts": [],
 
 	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "yarn install",
+	"postCreateCommand": "/bin/bash ./.devcontainer/scripts/tools.sh >> ~/post-create-tools.log",
 
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-	"remoteUser": "node"
+	"remoteUser": "vscode"
 }

.devcontainer/scripts/tools.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+mkdir -p ~/.ssh && \
+  touch ~/.ssh/known_hosts && \
+  sudo tee ~/.ssh/config > /dev/null << EOF 
+Host github.com
+  HostName github.com
+  PreferredAuthentications publickey
+  IdentityFile ~/.hostssh/id_rsa.pub
+EOF
+
+sudo chown -R vscode:vscode ~/.ssh

.dockerignore

@@ -1,3 +1,9 @@
 .git
 .cache
 app/node_modules
+app/client/src
+app/scripts
+app/.*
+app/*.sample
+app/client/tsconfig.json
+app/CHANGELOG.md

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,75 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+assignees:
+  - billchurch
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Depending on the type of issue, please include the follwing information:
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: input
+    id: node_ver
+    attributes: 
+      label: Node Version
+      description: version of Node this problem occurs on
+      placeholder: npm -v
+    validations:
+      required: true
+  - type: input
+    id: npm_ver
+    attributes: 
+      label: NPM Version
+      description: version of NPM this problem occurs on
+      placeholder: npm -v
+    validations:
+      required: true
+  - type: input
+    id: server_ver
+    attributes: 
+      label: Server OS Version
+      description: Server OS Version / Distribution / Processor Architecture
+      placeholder: uname -a;cat /etc/os-release
+    validations:
+      required: true
+  - type: input
+    id: webssh2_ver
+    attributes: 
+      label: WebSSH2 release version
+      description: Version of WebSSH you are using 
+      placeholder: grep version app/package.json
+    validations:
+      required: true
+  - type: input
+    id: sshhost_ver
+    attributes: 
+      label: OS and Version of SSH server
+      description: OS and Version of SSH server connecting to
+      placeholder: 'on target server run: uname -a;sshd -v'
+    validations:
+      required: false
+  - type: input
+    id: browser_ver
+    attributes: 
+      label: Browser Version
+      description: Information from brwoser's About... or a screenshot of the about screen.
+      placeholder:
+    validations:
+      required: false
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+

.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,10 @@
+---
+name: Question
+about: General how-to questions
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/docker-multiplatform-tag.yml

@@ -0,0 +1,69 @@
+---
+name: 'Build Docker On Tag'
+
+on:
+  push:
+    branches:
+      - bigip-server
+    tags:
+      - 'v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
+  workflow_dispatch: # Allows manual triggering from the GitHub UI
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v3
+        
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
+
+          # If this is a git tag, use the tag name as a docker tag
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+            TAGS="${DOCKER_IMAGE}:${VERSION}"
+          fi
+          
+          # If this is a git branch, use the branch name as a docker tag
+          if [[ $GITHUB_REF == refs/heads/* ]]; then
+            VERSION=${GITHUB_REF#refs/heads/}
+            TAGS="${DOCKER_IMAGE}:${VERSION}"
+          fi
+
+          # If the VERSION looks like a version number, also tag as 'latest'
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+          fi
+
+          # Set output parameters
+          echo ::set-output name=tags::${TAGS}
+          echo ::set-output name=docker_image::${DOCKER_IMAGE}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/ppc64le
+          push: true
+          tags: ${{ steps.prep.outputs.tags }}

.github/workflows/docker-multiplatform.yml

@@ -2,11 +2,8 @@
 name: 'Build Docker Images'
 
 on:
-  push:
-    branches:
-      - main
-    tags:
-      - '**'
+  release:
+    types: [published]
 
 jobs:
   docker:
@@ -21,7 +18,7 @@ jobs:
 
           # If this is git tag, use the tag name as a docker tag
           if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
+            VERSION=${GITHUB_REF#refs/tags/webssh2-v}
             TAGS="${DOCKER_IMAGE}:${VERSION}"
           fi
           

.github/workflows/release.yml

@@ -1,16 +1,47 @@
 ---
 name: 'Create Release'
-
 on:
   push:
-    tags:
-      - '**'
-
+    branches:
+      - main
+    paths-ignore:
+      - '.github/**'
+      - '.devcontainer/**'
+      - '.**'
+      - '**.md'
 jobs:
-  release-please:
+  release:
     runs-on: ubuntu-latest
+    outputs:
+      paths_released: ${{ steps.manifest_release.outputs.paths_released }}
     steps:
       - uses: google-github-actions/release-please-action@v3
+        id: manifest_release
         with:
+          token: ${{ secrets.RELEASE_PLEASE_UAT }}
+          command: manifest
+          package-name: webssh2
+          path: app
+          default-branch: main
           release-type: node
-          package-name: release-please-action
+  publish:
+    runs-on: ubuntu-20.04
+    needs: release
+    strategy:
+      fail-fast: false
+      matrix:
+        path: ${{fromJson(needs.release.outputs.paths_released)}}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 16
+          registry-url: 'https://registry.npmjs.org'
+      - name: publish-to-npm
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+        run: |
+          cd ${{ matrix.path }}
+          npm install
+          npx lerna bootstrap
+          npx lerna publish from-package --no-push --no-private --yes

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.0.0"
+  "app": "0.5.0-pre-4"
 }

Build/Release/BIG-IP-ILX-WebSSH2-0.2.8.tgz.sha256

@@ -1 +0,0 @@
-e2e70f7d2949b6c8fe0299f888a3725763a62c01a1faea1fb729babc2ed51c92  Build/Release/BIG-IP-ILX-WebSSH2-0.2.8.tgz

ChangeLog.md

@@ -1,382 +1,3 @@
-# Change Log
+# Changelog Moved
 
-## 0.4.5 [20220417]
-### Fixes
-- update read-config-ng to 3.0.5, fixes [#277](../../issues/277)
-## 0.4.5 [20220331]
-### Fixes
-- Update socket.io to 4.2.0
-- Update read-config-ng to 3.0.4
-
-## 0.4.4 [20211209]
-### Fixes
-- Add ./node_modules to .dockerignore [#240](../../issues/240) thanks @UncleSamSwiss
-- validator to 13.7.0 [to mitigate potential Regular Expression Denial of Service (ReDoS)](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600)
-- cidr-matcher should be [re-installed to pickup >json-schema@4.0.0 due to prototype pollution vulnerability](https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922)
-- Update xterm.js to 4.15.0 [#261](../../issues/261)
-- Replace deprecated term.setOptions with term.options
-### Changes
-- update README.md for additional Docker methods thanks @Utopiah
-
-## 0.4.3 [20211019]
-- update dependencies
-  - ssh2 to 1.4.0 [to mitigate potential command injection in windows](https://snyk.io/vuln/SNYK-JS-SSH2-1656673)
-## 0.4.2 [20210813]
-### changes
-- update dependencies
-  - socket.io to 4.1.1
-  - read-config-ng to 3.0.2
-  - debug to 4.3.1
-## 0.4.1 [20210703]
-### Fixes
-- lost comma in config.json.sample 71fe377
-### Changes
-- bump ws@7.4.6 to [mitigate potential ReDoS vulnerability](https://github.com/websockets/ws/releases/tag/7.4.6)
-- dev: update CI tools
-- dev: update dev tools
-- dev: update build tools 
-
-## 0.4.0 [20210519]
-### BREAKING
-- Disabled ssh.serverlog.client option, this disables the POC which allowed for logging of the data sent between the client/server to the console.log. 
-- Dropping support for node versions under 14
-### Changes
-- Removed HTML menu code from ./app/server/socket.js, the menu is now fully laid out in the ./app/client/src/index.html and the option elements are hidden by default. Not sure why it wasn't done this way from the start, but there it is.
-- Updated socket.io to v4.1.1
-- Client javascript `./app/client/src/js/index.ts` is now built on TypeScript (`npm run build` will generate javascript for client and place into `app/client/public/webssh2.bundle.js` as before)
-- Build environment changes
-  - removed unused xterm-addon-search, xterm-addon-weblinks, standard, postcss-discard-comments
-  - added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools
-### Added
-- Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy
-- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic`
-### CONTRIBUTING
-In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
-
-If you've not used it before, I recommend installing the [vscode extensions](https://blog.echobind.com/integrating-prettier-eslint-airbnb-style-guide-in-vscode-47f07b5d7d6a) for that and [Prettier](https://prettier.io/) and getting familiar. The autocorrections are great (especially if you hate dealing with semi-colons...)
-
-As of 0.4.0-testing-0, the client code is written in [TypeScript](https://www.typescriptlang.org/docs/handbook/typescript-in-5-minutes.html). It's not that much different from JavaScript, and the introduction strong typing will ultimately help to produce better code. Eventually we want to move the whole project to TypeScript but that make take a bit more time. Take a moment to look at ./app/client/src/js/index.ts to see what TypeScript looks like.
-## 0.3.1 [20210513]
-### BREAKING
-- Ability to configure CORS settings for socket.io see [#240](../../issues/240) for more information on how this may break existing deployments. Default settings in example `config.json` are currently permissive `http.origins: ["*:*"]` please note that if a `config.json` is not present, the default is `http.origins: ["localhost:2222"]
-### Added
-- Safe Shutdown Feature - thanks to @edgarogh
-  - Sending SIGINT or SIGTERM to node process responsible for WebSSH2 or Docker process will result in a "safe" shutdown
-  - Timer is configured in config.safeShutdownDuration
-- feat: Use docker build to create multi-arch images (#202)
-### Fixed
-- obey host ssh.host in config fixes #190
-### Changed
-- `config.json.sample`: `allowreauth` now defaults to `false` fixes #238
-- update ssh2 to 0.8.8 -> 0.8.9 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.8...v0.8.9)
-- update xterm to 4.12.0 [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.4.0...4.12.0)
-- update read-config-ng to 3.0.2
-- update morgan to 1.10.0
-- update debug to 4.3.1
-- update express-session to 1.17.1
-- update validator to 13.6.0
-- development tools updates (build environment requires minimum of Node 10, only needed for customization)
-  - update @fortawesome/fontawesome-svg-core to 1.2.35
-  - update @fortawesome/free-solid-svg-icons to 5.15.3
-  - update copy-webpack-plugin to 8.1.1
-  - update cross-env to 7.0.3
-  - update css-loader to 5.2.4
-  - update file-loader to 6.2.0
-  - update mini-css-extract-plugin to 1.6.0
-  - update postcss-discard-comments to 5.0.0
-  - update snazzy to 9.0.0
-  - update standard to 16.0.3
-  - update standard-version to 9.3.0
-  - update style-loader to 2.0.0
-  - update terser-webpack-plugin to 5.1.1
-  - update url-loader to 4.1.1
-  - update webpack to 5.37.0
-  - update webpack-cli to 4.7.0
-  - update webpack-merge to 5.7.3
-  - update webpack-stream to 6.1.2
-  - update xterm-addon-fit to 0.5.0
-  - update xterm-addon-search to 0.8.0
-  - update xterm-addon-web-links to 0.4.0
-  - update ssri from 6.0.1 to 6.0.2 [#233](../../pull/233)
-  - update hosted-git-info from 2.8.5 to 2.8.9 [#237](../../pull/237)
-  - update lodash from 4.17.19 to 4.17.21 [#236](../../pull/236)
-  - update handlebars from 4.7.6 to 4.7.7 [#235](../../pull/235)
-  - update y18n from 4.0.0 to 4.0.1 [#230](../../pull/230)
-  - update elliptic from 6.5.3 to 6.5.4 [#228](../../pull/222833)
-  - update ini from 1.3.5 to 1.3.8 [#217](../../pull/217)
-## 0.3.0 [20200315]
-🍀🍀🍀
-### Added
-- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
-- favicon
-  - added module `serve-favicon` to serve favicon from root if pre-fetched by browser
-  - added `link rel=icon` line in client.htm to serve favico.ico out of /ssh/
-
-### Changed
-- Using new repo for read-config -> read-config-ng-
-- removed express compression feature, added no real value.
-- module updates
-  - ssh2 to 0.8.6 -> 0.8.8 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.6...v0.8.8)
-  - xterm 4.2.0 -> 4.4.0 - [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.2.0...4.4.0)
-  - read-config-ng 3.0.1 - (taking over abandoned repo)n
-- development module updates (does not impact production, only for development and rebuilding)
-  - fortawesome/fontawesome-svg-core 1.2.27
-  - fortawesome/free-solid-svg-icons 5.12.1
-  - standard-version 7.1.0
-  - webpack 4.42.0
-    - webpack-cli 3.3.11
-    - terser-webpack-plugin 2.3.5
-    - copy-webpack-plugin 5.1.1
-    - cross-env 7.0.2
-    - css-loader 3.4.2
-    - file-loader 5.1.0
-    - style-loader 1.1.3
-    - url-loader 3.0.0
-
-### Potentially Breaking Changes
-- Move all child resources to start from under /ssh
-  - /socket.io -> /ssh/socket.io
-  - /webssh2.css -> /ssh/webssh2.css
-  - /webssh2.bundle.js -> /ssh/webssh2.bundle.js
-  - /reauth -> /ssh/reauth
-  - perhaps more
-
-### Fixes
-- Typo in config.json.sample, thanks @wuchihsu, fixes #173
-
-### Housekeeping
-- Removed irrelavant build scripts from /scripts
-
-## 0.2.9 [2019-06-13]
-### Changes
-- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
-- Patched read-config to mitigate vulnerability in js-yaml
-  - issue not exploitable on webssh2 implementation
-  - patched anyway
-  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
-  - See https://github.com/nodeca/js-yaml/issues/475 for more detail
-
-## 0.2.8 [2019-05-25]
-### Changes
-- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
-- fixes broken `npm run (build|builddev)`
-  - update font-awesome fonts to 5.6.3
-  - update webpack and dependancies
-  - update xterm to 3.8.0
-
-### Fixes
-- ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package
-
-## 0.2.7 [2018-11-11]
-### Changes
-- `config.reauth` was not respected if initial auth presented was incorrect, regardless of `reauth` setting in `config.json` reauth would always be attempted. fixes [#117](../../issues/117) 
-- **BREAKING** moved app files to /app, this may be a breaking change
-- Updated dockerfile for new app path
-- Updated app dependancies
-  - xterm v3.8.0
-    - https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
-  - basic-auth v2.0.1
-    - https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
-  - express v4.16.4
-    - https://github.com/expressjs/express/releases/tag/4.16.4
-  - validator v10.9.0
-    - https://github.com/chriso/validator.js/releases/tag/10.9.0
-- Updated dev dependancies
-  - snazzy v8.0.0 
-  - standard v12.0.1 
-  - uglifyjs-webpack-plugin v2.0.1 
-  - ajv v6.5.5 
-  - copy-webpack-plugin v4.6.0 
-  - css-loader v1.0.1 
-  - nodemon v1.18.6 
-  - postcss-discard-comments v4.0.1 
-  - snyk v1.108.2 
-  - url-loader v1.1.2 
-  - webpack v4.25.1 
-  - webpack-cli v3.1.2 
-
-## 0.2.6 [2018-11-09]
-### Changes
-- Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
-- Update node version supported to >=6 (PR #115) thanks @perlun
-- Update packages
-  - developer dependencies
-
-## 0.2.5 [2018-09-11]
-### Added
-- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
-  - Controlled by `config.json` option `options.allowreauth` true presents reauth dialog and false hides dialog
-
-### Changed
-- `options.challengeButton` enabled
-  - previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the `allowreplay` header value
-- Updated debug module to v4
-
-## 0.2.4 [2018-07-18]
-### Added
-- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
-- Added bellStyle options
-  - `GET var`: **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound "none"
-  - `config.json`: **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
-  - `workspace` folder on GITHUB for BIG-IP specific fixes/changes
-### Changed
-- Updated xterm.js to 3.1.0
-  - https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
-- Default listen IP in `config.json` changed back to 127.0.0.1 
-### Fixed
-- ESC]0; is now removed from log files when using the browser-side logging feature
-
-## 0.2.3 unreleased
-
-### Fixed
-- ESC]0; is now removed from log files when using the browser-side logging feature
-
-## 0.2.0 [2018-02-10]
-Mostly client (browser) related changes in this release
-
-### Added
-- Menu system
-- Fontawesome icons
-- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
-- New terminal options (config.json as well as GET vars)
-  - terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
-  - terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
-  - terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
-- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
-- Logging of MRH session (unassigned if not present)
-- Express compression feature
-
-### Changed
-- Updated xterm.js to 3.0.2
-  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
-  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
-  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
-- Moved javascript events out of html into javascript
-- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
-- Moved logging and credentials buttons to menu system
-- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
-
-### Fixed
-- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
-
-## 0.1.4 [2018-01-30]
-### Changed
-- Moved socket and util out of folders into .js in root.
-- added keepaliveInterval and keepaliveCountMax config options
-
-## 0.1.3 [2017-09-28]
-### Changed
-- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
-- Upgrade Express to 4.15.5 for ReDOS
-- Upgrade basic-auth to v2.0
-## 0.1.2 [2017-07-31]
-### Added
-- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
-### Changed
-- Updated xterm.js to 2.9.2 from 2.6.0
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
-  - See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
-- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
-  - ssh-streams to 0.1.19 from 0.1.16
-- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
-  - https://github.com/chriso/validator.js/releases/tag/8.0.0
-- Updated Express to 4.15.4, no fixes impacting WebSSH2
-  - https://github.com/expressjs/express/releases/tag/4.15.4
-- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
-  - https://github.com/expressjs/session/releases/tag/v1.15.5
-- Updated Debug to 3.0.0, no fixes impacting WebSSH2
-  - https://github.com/visionmedia/debug/releases/tag/3.0.0
-- Running in strict mode ('use strict';)
-
-
-## 0.1.1 [2017-06-03]
-### Added
-- `serverlog.client` and `serverlog.server` options added to `config.json` to enable logging of client commands to server log (only client portion implemented at this time)
-- morgan express middleware for logging
-### Changed
-- Updated socket.io to 1.7.4
-- continued refactoring, breaking up `index.js`
-- revised error handling methods
-- revised session termination methods
-### Fixed
-### Removed
-- color console decorations from `util/index.js`
-- SanatizeHeaders function from `util/index.js`
-
-## 0.1.0 [2017-05-27]
-### Added
-- This ChangeLog.md file
-- Support for UTF-8 characters (thanks @bara666)
-- Snyk, Bithound, Travis CI
-- Cross platform improvements (path mappings)
-- Session fixup between Express and Socket.io
-- Session secret settings in `config.json`
-- env variable `DEBUG=ssh2` will put the `ssh2` module into debug mode
-- env variable `DEBUG=WebSSH2` will output additional debug messages for functions
-and events in the application (not including the ssh2 module debug)
-- using Grunt to pull js and css source files from other modules `npm run build` to rebuild these if changed or updated.
-- `useminified` option in `config.json` to enable using minified client side javascript (true) defaults to false (non-minified)
-- sshterm= query option to specify TERM environment variable for host, valid strings are alpha-numeric with a hypen (validated). Otherwise the default ssh.term variable from `config.json` will be used.
-- validation for host (v4,v6,fqdn,hostname), port (integer 2-65535), and header (sanitized) from URL input
-
-### Changed
-- error handling in public/client.js
-- moved socket.io operations to their own file /socket/index.js, more changes like this to come (./socket/index.js)
-- all session based variables are now under the req.session.ssh property or socket.request.ssh (./index.js)
-- moved SSH algorithms to `config.json` and defined as a session variable (..session.ssh.algorithms)
--- prep for future feature to define algorithms in header or some other method to enable separate ciphers per host
-- minified and combined all js files to a single js in `./public/webssh2.min.js` also included a sourcemap `./public/webssh2.min.js` which maps to `./public/webssh2.js` for easier troubleshooting.
-- combined all css files to a single css in `./public/webssh2.css`
-- minified all css files to a single css in `./public/webssh2.min.css`
-- copied all unmodified source css and js to /public/src/css and /public/src/js respectively (for troubleshooting/etc)
-- sourcemaps of all minified code (in /public/src and /public/src/js)
-- renamed `client.htm` to `client-full.htm`
-- created `client-min.htm` to serve minified javascript
-- if header.text is null in `config.json` and header is not defined as a get parameter the Header will not be displayed. Both of these must be null / undefined and not specified as get parameters.
-
-### Fixed
-- Multiple errors may overwrite status bar which would cause confusion as to what originally caused the error. Example, ssh server disconnects which prompts a cascade of events (conn.on('end'), socket.on('disconnect'), conn.on('close')) and the original reason (conn.on('end')) would be lost and the user would erroneously receive a WEBSOCKET error as the last event to fire would be the websocket connection closing from the app.
-- ensure ssh session is closed when a browser disconnects from the websocket
-- if headerBackground is changed, status background is changed to the same color (typo, fixed)
-
-### Removed
-- Express Static References directly to module source directories due to concatenating and minifying js/css
-
-## 0.0.5 - [2017-03-23]
-### Added
-- Added experimental support for logging (see Readme)
-
-### Fixed
-- Terminal geometry now properly fills the browser screen and communicates this to the ssh session. Tested with IE 11 and recent versions of Chrome/Safari/Firefox.
-
-## 0.0.4 - [2017-03-23]
-### Added
-- Set default terminal to xterm-color
-- Mouse event support
-- New config option, config.ssh.term to set terminal
-
-### Changed
-- Update to Xterm.js 2.4.0
-- Minor code formatting cleanup
-
-## 0.0.3 - [2017-02-16]
-### Changed
-- Update xterm to latest (2.3.0)
-### Fixed
-- Fixed misspelled config.ssh.port property
-
-## 0.0.2 - [2017-02-01]
-### Changed
-- Moving terminal emulation to xterm.js
-- updating module version dependencies
-
-### Fixed
-- Fixed issue with banners not being displayed properly from UNIX hosts when only lf is used
-
-## 0.0.1 - [2016-06-28]
-### Added
-- Initial proof of concept and release. For historical purposes only.
+See [app/CHANGELOG.md](app/CHANGELOG.md)

Dockerfile

@@ -1,7 +1,9 @@
 FROM node:16-alpine
 
+RUN apk update && apk add bash
+
 WORKDIR /usr/src
 COPY app/ /usr/src/
-RUN npm install --omit=dev
+RUN npm ci --audit=false --bin-links=false --fund=false
 EXPOSE 2222/tcp
 ENTRYPOINT [ "/usr/local/bin/node", "index.js" ]

ISSUE_TEMPLATE.md

@@ -1,15 +0,0 @@
-Depending on the type of issue, please include the follwing information:
-- Node and NPM Version
-  - `node -v`
-  - `npm -v`
-- Server OS Version / Distribution / Processor Architecture
-  - `uname -a`
-  - `cat /etc/os-release`
-- WebSSH2 release version
-  - `grep version app/package.json`
-- OS and Version of SSH server connecting to
-  - `uname -a`
-  - `sshd -v`
-- Browser Version and OS
-  - Information from brwoser's About... or a screenshot of the about screen.
-- Any log or messages from the WebSSH2 output

README.md

@@ -8,7 +8,7 @@ Web SSH Client using ssh2, socket.io, xterm.js, and express
 
 A bare bones example of an HTML5 web-based terminal emulator and SSH client. We use SSH2 as a client on a host to proxy a Websocket / Socket.io connection to a SSH2 server.
 
-<img width="600" height="340" alt="WebSSH2 v0.2.0 demo" src="https://github.com/billchurch/WebSSH2/raw/main/screenshots/demo-800.gif">
+<img width="600" height="340" alt="WebSSH2 v0.2.0 demo" src="https://user-images.githubusercontent.com/1668075/182425293-acc8741e-cc92-4105-afdc-9538e1685d4b.gif">
 
 # Requirements
 Node v14.x or above. If using <v14.x you should be able to run by replacing the "read-config" package to @1 like this (after a clone):
@@ -45,7 +45,19 @@ Alternatively in main for testing, you can send credentials via POST with the va
 
 See [BUILDING.md](BUILDING.md) for more details.
 
-# Docker Instructions
+# Docker
+
+## NOTICE
+Docker versions differ from what is in `main` and are release dependant. 
+
+Meaning billchurch/webssh2:latest is the latest official release. This does NOT sync with what is in `main` on this repo. `main` is development and will change until it gets a release tag. 
+
+On occasion, examples or instructions on `main` will drift from what is released. You should refer to the tag of the version you're using to ensure you are following the proper guidance.
+
+That being said the most current release version is [0.4.6](https://github.com/billchurch/webssh2/tree/0.4.6), see that tag for details.
+
+## Instructions
+
 Some configuration options are available as [Environment Variables](#environment-variables). If there is a configuration option you require which does not have an environment variable please [open an issue requesting](../../issues/new/choose).
 
 [webssh2 images are available in docker hub](https://hub.docker.com/repository/docker/billchurch/webssh2).

SECURITY.md

@@ -13,4 +13,4 @@ The following versions will get security updates.
 
 ## Reporting a Vulnerability
 
-If you find a vulnerability, simply [open an issue](../../issues/new) with the details, use the lable `security`. 
+If you find a vulnerability, simply [open an issue](../../issues/new) with the details, use the label `security`. 

app/CHANGELOG.md

@@ -2,6 +2,60 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [0.5.0-pre-4](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-4...webssh2-v0.5.0-pre-4) (2022-08-07)
+
+
+### Features
+
+* test change for release ([476b566](https://github.com/billchurch/webssh2/commit/476b566c08a84bd35aaccf847253875b2c3afb10))
+
+## [0.4.7-pre-4](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-3...webssh2-v0.4.7-pre-4) (2022-08-03)
+
+
+### Miscellaneous Chores
+
+* release 0.4.7-pre-4 ([7d4ba87](https://github.com/billchurch/webssh2/commit/7d4ba87bc1c198600ea33ee220553ef46ea2a103))
+
+## [0.4.7-pre-3](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-2...webssh2-v0.4.7-pre-3) (2022-08-03)
+
+
+### Miscellaneous Chores
+
+* release 0.4.7-pre-3 ([0c78c1f](https://github.com/billchurch/webssh2/commit/0c78c1f31cc6380b7f0706822fc418cfede11413))
+
+## [0.4.7-pre-2](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.6...webssh2-v0.4.7-pre-2) (2022-08-02)
+
+
+### ⚠ BREAKING CHANGES
+
+* validate referer to /reauth is valid
+* bump xterm to 4.18.0
+* consistent logging messages see #286
+* config system changes #284 (#285)
+
+### Features
+
+* add additional params for POST requests [#290](https://github.com/billchurch/webssh2/issues/290) ([46c1560](https://github.com/billchurch/webssh2/commit/46c1560e3c126376e18124e14e5c7fb8c029a0a1))
+* add additional vars to POST requests [#290](https://github.com/billchurch/webssh2/issues/290) ([0a4e419](https://github.com/billchurch/webssh2/commit/0a4e419fb371ae95340fa890497022a2aa9d063a))
+* add fontFamily, letterSpacing, lineHeight ([97f3088](https://github.com/billchurch/webssh2/commit/97f3088780744e13a6724a4967a4896aac3f20d8))
+* add fontSize option [#292](https://github.com/billchurch/webssh2/issues/292) ([5e78812](https://github.com/billchurch/webssh2/commit/5e788129744d326e78ec91bda86ed5cecfd70d3f))
+* config system changes [#284](https://github.com/billchurch/webssh2/issues/284) ([#285](https://github.com/billchurch/webssh2/issues/285)) ([9c99b09](https://github.com/billchurch/webssh2/commit/9c99b0940ec726193deae3c4999d25a297874d67))
+* consistent logging messages see [#286](https://github.com/billchurch/webssh2/issues/286) ([50cfcb9](https://github.com/billchurch/webssh2/commit/50cfcb97788cbd3409b4605adceef3d47e370e38))
+* credentials over http post for [#290](https://github.com/billchurch/webssh2/issues/290) ([5b8f88c](https://github.com/billchurch/webssh2/commit/5b8f88cfef1745c88748277217204e6c38c7ff7e))
+* reorder viewport setup at ssh handshake [#292](https://github.com/billchurch/webssh2/issues/292) ([140e1e2](https://github.com/billchurch/webssh2/commit/140e1e24b14d6b74848e9d250c2b44f806ad627d))
+* validate referer to /reauth is valid ([0dcaa6e](https://github.com/billchurch/webssh2/commit/0dcaa6e15062cdc3252ce52abd9057caf4c00a30))
+
+
+### Bug Fixes
+
+* Fix the parameter passing problem of setDefaultCredentials to make it perform data initialization normally ([#288](https://github.com/billchurch/webssh2/issues/288)) ([40cbb35](https://github.com/billchurch/webssh2/commit/40cbb35616fa17c1c36520690f40ebce0b488153))
+* invalid css in style.css ([ffab534](https://github.com/billchurch/webssh2/commit/ffab5345dcb568fa2bb50a96f403174ad3728286))
+
+
+### package
+
+* bump xterm to 4.18.0 ([84c09ec](https://github.com/billchurch/webssh2/commit/84c09ec8a1909e4bbd0051debdbb905276a4245e))
+
 ### [0.4.6](https://github.com/billchurch/WebSSH2/compare/v0.2.10-0...v0.4.6) (2022-04-17)
 
 
@@ -24,3 +78,384 @@ All notable changes to this project will be documented in this file. See [standa
 * update config.json.sample ([#177](https://github.com/billchurch/WebSSH2/issues/177)) ([42f973b](https://github.com/billchurch/WebSSH2/commit/42f973b4796f7f50237dc8ce613e477aa89352ca))
 * update read-config-ng to 3.0.5, fixes [#277](https://github.com/billchurch/WebSSH2/issues/277) ([3e82c0d](https://github.com/billchurch/WebSSH2/commit/3e82c0dc4d31d1c97a7cf98139ef8e6dc0213b22))
 * update xterm.js fixes [#261](https://github.com/billchurch/WebSSH2/issues/261) ([c801ef9](https://github.com/billchurch/WebSSH2/commit/c801ef9e5826e13a403a6462241cf8a4ff456d45))
+
+## 0.4.5 [20220417]
+### Fixes
+- update read-config-ng to 3.0.5, fixes [#277](../../issues/277)
+## 0.4.5 [20220331]
+### Fixes
+- Update socket.io to 4.2.0
+- Update read-config-ng to 3.0.4
+
+## 0.4.4 [20211209]
+### Fixes
+- Add ./node_modules to .dockerignore [#240](../../issues/240) thanks @UncleSamSwiss
+- validator to 13.7.0 [to mitigate potential Regular Expression Denial of Service (ReDoS)](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600)
+- cidr-matcher should be [re-installed to pickup >json-schema@4.0.0 due to prototype pollution vulnerability](https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922)
+- Update xterm.js to 4.15.0 [#261](../../issues/261)
+- Replace deprecated term.setOptions with term.options
+### Changes
+- update README.md for additional Docker methods thanks @Utopiah
+
+## 0.4.3 [20211019]
+- update dependencies
+  - ssh2 to 1.4.0 [to mitigate potential command injection in windows](https://snyk.io/vuln/SNYK-JS-SSH2-1656673)
+## 0.4.2 [20210813]
+### changes
+- update dependencies
+  - socket.io to 4.1.1
+  - read-config-ng to 3.0.2
+  - debug to 4.3.1
+## 0.4.1 [20210703]
+### Fixes
+- lost comma in config.json.sample 71fe377
+### Changes
+- bump ws@7.4.6 to [mitigate potential ReDoS vulnerability](https://github.com/websockets/ws/releases/tag/7.4.6)
+- dev: update CI tools
+- dev: update dev tools
+- dev: update build tools 
+
+## 0.4.0 [20210519]
+### BREAKING
+- Disabled ssh.serverlog.client option, this disables the POC which allowed for logging of the data sent between the client/server to the console.log. 
+- Dropping support for node versions under 14
+### Changes
+- Removed HTML menu code from ./app/server/socket.js, the menu is now fully laid out in the ./app/client/src/index.html and the option elements are hidden by default. Not sure why it wasn't done this way from the start, but there it is.
+- Updated socket.io to v4.1.1
+- Client javascript `./app/client/src/js/index.ts` is now built on TypeScript (`npm run build` will generate javascript for client and place into `app/client/public/webssh2.bundle.js` as before)
+- Build environment changes
+  - removed unused xterm-addon-search, xterm-addon-weblinks, standard, postcss-discard-comments
+  - added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools
+### Added
+- Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy
+- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic`
+### CONTRIBUTING
+In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
+
+If you've not used it before, I recommend installing the [vscode extensions](https://blog.echobind.com/integrating-prettier-eslint-airbnb-style-guide-in-vscode-47f07b5d7d6a) for that and [Prettier](https://prettier.io/) and getting familiar. The autocorrections are great (especially if you hate dealing with semi-colons...)
+
+As of 0.4.0-testing-0, the client code is written in [TypeScript](https://www.typescriptlang.org/docs/handbook/typescript-in-5-minutes.html). It's not that much different from JavaScript, and the introduction strong typing will ultimately help to produce better code. Eventually we want to move the whole project to TypeScript but that make take a bit more time. Take a moment to look at ./app/client/src/js/index.ts to see what TypeScript looks like.
+## 0.3.1 [20210513]
+### BREAKING
+- Ability to configure CORS settings for socket.io see [#240](../../issues/240) for more information on how this may break existing deployments. Default settings in example `config.json` are currently permissive `http.origins: ["*:*"]` please note that if a `config.json` is not present, the default is `http.origins: ["localhost:2222"]
+### Added
+- Safe Shutdown Feature - thanks to @edgarogh
+  - Sending SIGINT or SIGTERM to node process responsible for WebSSH2 or Docker process will result in a "safe" shutdown
+  - Timer is configured in config.safeShutdownDuration
+- feat: Use docker build to create multi-arch images (#202)
+### Fixed
+- obey host ssh.host in config fixes #190
+### Changed
+- `config.json.sample`: `allowreauth` now defaults to `false` fixes #238
+- update ssh2 to 0.8.8 -> 0.8.9 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.8...v0.8.9)
+- update xterm to 4.12.0 [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.4.0...4.12.0)
+- update read-config-ng to 3.0.2
+- update morgan to 1.10.0
+- update debug to 4.3.1
+- update express-session to 1.17.1
+- update validator to 13.6.0
+- development tools updates (build environment requires minimum of Node 10, only needed for customization)
+  - update @fortawesome/fontawesome-svg-core to 1.2.35
+  - update @fortawesome/free-solid-svg-icons to 5.15.3
+  - update copy-webpack-plugin to 8.1.1
+  - update cross-env to 7.0.3
+  - update css-loader to 5.2.4
+  - update file-loader to 6.2.0
+  - update mini-css-extract-plugin to 1.6.0
+  - update postcss-discard-comments to 5.0.0
+  - update snazzy to 9.0.0
+  - update standard to 16.0.3
+  - update standard-version to 9.3.0
+  - update style-loader to 2.0.0
+  - update terser-webpack-plugin to 5.1.1
+  - update url-loader to 4.1.1
+  - update webpack to 5.37.0
+  - update webpack-cli to 4.7.0
+  - update webpack-merge to 5.7.3
+  - update webpack-stream to 6.1.2
+  - update xterm-addon-fit to 0.5.0
+  - update xterm-addon-search to 0.8.0
+  - update xterm-addon-web-links to 0.4.0
+  - update ssri from 6.0.1 to 6.0.2 [#233](../../pull/233)
+  - update hosted-git-info from 2.8.5 to 2.8.9 [#237](../../pull/237)
+  - update lodash from 4.17.19 to 4.17.21 [#236](../../pull/236)
+  - update handlebars from 4.7.6 to 4.7.7 [#235](../../pull/235)
+  - update y18n from 4.0.0 to 4.0.1 [#230](../../pull/230)
+  - update elliptic from 6.5.3 to 6.5.4 [#228](../../pull/222833)
+  - update ini from 1.3.5 to 1.3.8 [#217](../../pull/217)
+## 0.3.0 [20200315]
+🍀🍀🍀
+### Added
+- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
+- favicon
+  - added module `serve-favicon` to serve favicon from root if pre-fetched by browser
+  - added `link rel=icon` line in client.htm to serve favico.ico out of /ssh/
+
+### Changed
+- Using new repo for read-config -> read-config-ng-
+- removed express compression feature, added no real value.
+- module updates
+  - ssh2 to 0.8.6 -> 0.8.8 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.6...v0.8.8)
+  - xterm 4.2.0 -> 4.4.0 - [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.2.0...4.4.0)
+  - read-config-ng 3.0.1 - (taking over abandoned repo)n
+- development module updates (does not impact production, only for development and rebuilding)
+  - fortawesome/fontawesome-svg-core 1.2.27
+  - fortawesome/free-solid-svg-icons 5.12.1
+  - standard-version 7.1.0
+  - webpack 4.42.0
+    - webpack-cli 3.3.11
+    - terser-webpack-plugin 2.3.5
+    - copy-webpack-plugin 5.1.1
+    - cross-env 7.0.2
+    - css-loader 3.4.2
+    - file-loader 5.1.0
+    - style-loader 1.1.3
+    - url-loader 3.0.0
+
+### Potentially Breaking Changes
+- Move all child resources to start from under /ssh
+  - /socket.io -> /ssh/socket.io
+  - /webssh2.css -> /ssh/webssh2.css
+  - /webssh2.bundle.js -> /ssh/webssh2.bundle.js
+  - /reauth -> /ssh/reauth
+  - perhaps more
+
+### Fixes
+- Typo in config.json.sample, thanks @wuchihsu, fixes #173
+
+### Housekeeping
+- Removed irrelavant build scripts from /scripts
+
+## 0.2.9 [2019-06-13]
+### Changes
+- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
+- Patched read-config to mitigate vulnerability in js-yaml
+  - issue not exploitable on webssh2 implementation
+  - patched anyway
+  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
+  - See https://github.com/nodeca/js-yaml/issues/475 for more detail
+
+## 0.2.8 [2019-05-25]
+### Changes
+- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
+- fixes broken `npm run (build|builddev)`
+  - update font-awesome fonts to 5.6.3
+  - update webpack and dependancies
+  - update xterm to 3.8.0
+
+### Fixes
+- ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package
+
+## 0.2.7 [2018-11-11]
+### Changes
+- `config.reauth` was not respected if initial auth presented was incorrect, regardless of `reauth` setting in `config.json` reauth would always be attempted. fixes [#117](../../issues/117) 
+- **BREAKING** moved app files to /app, this may be a breaking change
+- Updated dockerfile for new app path
+- Updated app dependancies
+  - xterm v3.8.0
+    - https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
+  - basic-auth v2.0.1
+    - https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
+  - express v4.16.4
+    - https://github.com/expressjs/express/releases/tag/4.16.4
+  - validator v10.9.0
+    - https://github.com/chriso/validator.js/releases/tag/10.9.0
+- Updated dev dependancies
+  - snazzy v8.0.0 
+  - standard v12.0.1 
+  - uglifyjs-webpack-plugin v2.0.1 
+  - ajv v6.5.5 
+  - copy-webpack-plugin v4.6.0 
+  - css-loader v1.0.1 
+  - nodemon v1.18.6 
+  - postcss-discard-comments v4.0.1 
+  - snyk v1.108.2 
+  - url-loader v1.1.2 
+  - webpack v4.25.1 
+  - webpack-cli v3.1.2 
+
+## 0.2.6 [2018-11-09]
+### Changes
+- Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
+- Update node version supported to >=6 (PR #115) thanks @perlun
+- Update packages
+  - developer dependencies
+
+## 0.2.5 [2018-09-11]
+### Added
+- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
+  - Controlled by `config.json` option `options.allowreauth` true presents reauth dialog and false hides dialog
+
+### Changed
+- `options.challengeButton` enabled
+  - previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the `allowreplay` header value
+- Updated debug module to v4
+
+## 0.2.4 [2018-07-18]
+### Added
+- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
+- Added bellStyle options
+  - `GET var`: **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound "none"
+  - `config.json`: **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
+  - `workspace` folder on GITHUB for BIG-IP specific fixes/changes
+### Changed
+- Updated xterm.js to 3.1.0
+  - https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
+- Default listen IP in `config.json` changed back to 127.0.0.1 
+### Fixed
+- ESC]0; is now removed from log files when using the browser-side logging feature
+
+## 0.2.3 unreleased
+
+### Fixed
+- ESC]0; is now removed from log files when using the browser-side logging feature
+
+## 0.2.0 [2018-02-10]
+Mostly client (browser) related changes in this release
+
+### Added
+- Menu system
+- Fontawesome icons
+- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
+- New terminal options (config.json as well as GET vars)
+  - terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
+  - terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
+  - terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
+- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
+- Logging of MRH session (unassigned if not present)
+- Express compression feature
+
+### Changed
+- Updated xterm.js to 3.0.2
+  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
+  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
+  - See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
+- Moved javascript events out of html into javascript
+- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
+- Moved logging and credentials buttons to menu system
+- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
+
+### Fixed
+- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
+
+## 0.1.4 [2018-01-30]
+### Changed
+- Moved socket and util out of folders into .js in root.
+- added keepaliveInterval and keepaliveCountMax config options
+
+## 0.1.3 [2017-09-28]
+### Changed
+- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
+- Upgrade Express to 4.15.5 for ReDOS
+- Upgrade basic-auth to v2.0
+## 0.1.2 [2017-07-31]
+### Added
+- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
+### Changed
+- Updated xterm.js to 2.9.2 from 2.6.0
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
+  - See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
+- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
+  - ssh-streams to 0.1.19 from 0.1.16
+- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
+  - https://github.com/chriso/validator.js/releases/tag/8.0.0
+- Updated Express to 4.15.4, no fixes impacting WebSSH2
+  - https://github.com/expressjs/express/releases/tag/4.15.4
+- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
+  - https://github.com/expressjs/session/releases/tag/v1.15.5
+- Updated Debug to 3.0.0, no fixes impacting WebSSH2
+  - https://github.com/visionmedia/debug/releases/tag/3.0.0
+- Running in strict mode ('use strict';)
+
+
+## 0.1.1 [2017-06-03]
+### Added
+- `serverlog.client` and `serverlog.server` options added to `config.json` to enable logging of client commands to server log (only client portion implemented at this time)
+- morgan express middleware for logging
+### Changed
+- Updated socket.io to 1.7.4
+- continued refactoring, breaking up `index.js`
+- revised error handling methods
+- revised session termination methods
+### Fixed
+### Removed
+- color console decorations from `util/index.js`
+- SanatizeHeaders function from `util/index.js`
+
+## 0.1.0 [2017-05-27]
+### Added
+- This ChangeLog.md file
+- Support for UTF-8 characters (thanks @bara666)
+- Snyk, Bithound, Travis CI
+- Cross platform improvements (path mappings)
+- Session fixup between Express and Socket.io
+- Session secret settings in `config.json`
+- env variable `DEBUG=ssh2` will put the `ssh2` module into debug mode
+- env variable `DEBUG=WebSSH2` will output additional debug messages for functions
+and events in the application (not including the ssh2 module debug)
+- using Grunt to pull js and css source files from other modules `npm run build` to rebuild these if changed or updated.
+- `useminified` option in `config.json` to enable using minified client side javascript (true) defaults to false (non-minified)
+- sshterm= query option to specify TERM environment variable for host, valid strings are alpha-numeric with a hypen (validated). Otherwise the default ssh.term variable from `config.json` will be used.
+- validation for host (v4,v6,fqdn,hostname), port (integer 2-65535), and header (sanitized) from URL input
+
+### Changed
+- error handling in public/client.js
+- moved socket.io operations to their own file /socket/index.js, more changes like this to come (./socket/index.js)
+- all session based variables are now under the req.session.ssh property or socket.request.ssh (./index.js)
+- moved SSH algorithms to `config.json` and defined as a session variable (..session.ssh.algorithms)
+-- prep for future feature to define algorithms in header or some other method to enable separate ciphers per host
+- minified and combined all js files to a single js in `./public/webssh2.min.js` also included a sourcemap `./public/webssh2.min.js` which maps to `./public/webssh2.js` for easier troubleshooting.
+- combined all css files to a single css in `./public/webssh2.css`
+- minified all css files to a single css in `./public/webssh2.min.css`
+- copied all unmodified source css and js to /public/src/css and /public/src/js respectively (for troubleshooting/etc)
+- sourcemaps of all minified code (in /public/src and /public/src/js)
+- renamed `client.htm` to `client-full.htm`
+- created `client-min.htm` to serve minified javascript
+- if header.text is null in `config.json` and header is not defined as a get parameter the Header will not be displayed. Both of these must be null / undefined and not specified as get parameters.
+
+### Fixed
+- Multiple errors may overwrite status bar which would cause confusion as to what originally caused the error. Example, ssh server disconnects which prompts a cascade of events (conn.on('end'), socket.on('disconnect'), conn.on('close')) and the original reason (conn.on('end')) would be lost and the user would erroneously receive a WEBSOCKET error as the last event to fire would be the websocket connection closing from the app.
+- ensure ssh session is closed when a browser disconnects from the websocket
+- if headerBackground is changed, status background is changed to the same color (typo, fixed)
+
+### Removed
+- Express Static References directly to module source directories due to concatenating and minifying js/css
+
+## 0.0.5 - [2017-03-23]
+### Added
+- Added experimental support for logging (see Readme)
+
+### Fixed
+- Terminal geometry now properly fills the browser screen and communicates this to the ssh session. Tested with IE 11 and recent versions of Chrome/Safari/Firefox.
+
+## 0.0.4 - [2017-03-23]
+### Added
+- Set default terminal to xterm-color
+- Mouse event support
+- New config option, config.ssh.term to set terminal
+
+### Changed
+- Update to Xterm.js 2.4.0
+- Minor code formatting cleanup
+
+## 0.0.3 - [2017-02-16]
+### Changed
+- Update xterm to latest (2.3.0)
+### Fixed
+- Fixed misspelled config.ssh.port property
+
+## 0.0.2 - [2017-02-01]
+### Changed
+- Moving terminal emulation to xterm.js
+- updating module version dependencies
+
+### Fixed
+- Fixed issue with banners not being displayed properly from UNIX hosts when only lf is used
+
+## 0.0.1 - [2016-06-28]
+### Added
+- Initial proof of concept and release. For historical purposes only.

app/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Bill Church
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

app/client/public/webssh2.bundle.js.LICENSE.txt

@@ -1,5 +0,0 @@
-/*!
- * Font Awesome Free 6.1.2 by @fontawesome - https://fontawesome.com
- * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
- * Copyright 2022 Fonticons, Inc.
- */

app/client/public/webssh2.css

@@ -140,7 +140,7 @@
     cursor: crosshair;
 }
 
-.xterm .xterm-accessibility,
+.xterm .xterm-accessibility:not(.debug),
 .xterm .xterm-message {
     position: absolute;
     left: 0;
@@ -149,6 +149,16 @@
     right: 0;
     z-index: 10;
     color: transparent;
+    pointer-events: none;
+}
+
+.xterm .xterm-accessibility-tree:not(.debug) *::selection {
+  color: transparent;
+}
+
+.xterm .xterm-accessibility-tree {
+  user-select: text;
+  white-space: pre;
 }
 
 .xterm .live-region {
@@ -160,13 +170,27 @@
 }
 
 .xterm-dim {
-    opacity: 0.5;
+    /* Dim should not apply to background, so the opacity of the foreground color is applied
+     * explicitly in the generated class and reset to 1 here */
+    opacity: 1 !important;
 }
 
-.xterm-underline {
-    text-decoration: underline;
+.xterm-underline-1 { text-decoration: underline; }
+.xterm-underline-2 { text-decoration: double underline; }
+.xterm-underline-3 { text-decoration: wavy underline; }
+.xterm-underline-4 { text-decoration: dotted underline; }
+.xterm-underline-5 { text-decoration: dashed underline; }
+
+.xterm-overline {
+    text-decoration: overline;
 }
 
+.xterm-overline.xterm-underline-1 { text-decoration: overline underline; }
+.xterm-overline.xterm-underline-2 { text-decoration: overline double underline; }
+.xterm-overline.xterm-underline-3 { text-decoration: overline wavy underline; }
+.xterm-overline.xterm-underline-4 { text-decoration: overline dotted underline; }
+.xterm-overline.xterm-underline-5 { text-decoration: overline dashed underline; }
+
 .xterm-strikethrough {
     text-decoration: line-through;
 }
@@ -176,8 +200,12 @@
 	position: absolute;
 }
 
-.xterm-decoration-overview-ruler {
+.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer {
 	z-index: 7;
+}
+
+.xterm-decoration-overview-ruler {
+    z-index: 8;
     position: absolute;
     top: 0;
     right: 0;

app/client/src/js/index.ts

@@ -1,7 +1,7 @@
 /* eslint-disable import/no-extraneous-dependencies */
 import { io } from 'socket.io-client';
-import { Terminal } from 'xterm';
-import { FitAddon } from 'xterm-addon-fit';
+import { Terminal } from '@xterm/xterm';
+import { FitAddon } from '@xterm/addon-fit';
 import { library, dom } from '@fortawesome/fontawesome-svg-core';
 import { faBars, faClipboard, faDownload, faKey, faCog } from '@fortawesome/free-solid-svg-icons';
 
@@ -9,7 +9,7 @@ library.add(faBars, faClipboard, faDownload, faKey, faCog);
 dom.watch();
 
 const debug = require('debug')('WebSSH2');
-require('xterm/css/xterm.css');
+require('@xterm/xterm/css/xterm.css');
 require('../css/style.css');
 
 /* global Blob, logBtn, credentialsBtn, reauthBtn, downloadLogBtn */ // eslint-disable-line

app/index.js

@@ -5,7 +5,9 @@
  *
  * WebSSH2 - Web to SSH2 gateway
  * Bill Church - https://github.com/billchurch/WebSSH2 - May 2017
+ * See LICENSE file
  *
+ * test change
  */
 
 const { config } = require('./server/app');

app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "webssh2",
-  "version": "0.4.7-alpha.3",
+  "version": "0.6.0-pre-1",
   "ignore": [
     ".gitignore"
   ],
@@ -35,15 +35,15 @@
     "basic-auth": "~2.0.1",
     "cidr-matcher": "^2.1.1",
     "debug": "^4.3.4",
-    "express": "^4.18.1",
-    "express-session": "^1.17.3",
-    "json-merger": "^1.1.9",
+    "express": "^4.19.2",
+    "express-session": "^1.18.0",
     "morgan": "~1.10.0",
-    "read-config-ng": "^3.0.5",
+    "read-config-ng": "^3.0.7",
     "serve-favicon": "^2.5.0",
-    "socket.io": "^4.5.1",
-    "ssh2": "^1.11.0",
-    "validator": "^13.7.0"
+    "socket.io": "^4.7.5",
+    "ssh2": "^1.15.0",
+    "validator": "^13.11.0",
+    "winston": "^3.13.0"
   },
   "scripts": {
     "start": "node index.js",
@@ -56,36 +56,34 @@
     "release": "standard-version"
   },
   "devDependencies": {
-    "@fortawesome/fontawesome-svg-core": "^6.1.2",
-    "@fortawesome/free-solid-svg-icons": "^6.1.2",
-    "@typescript-eslint/eslint-plugin": "^5.31.0",
-    "@typescript-eslint/parser": "^5.31.0",
+    "@fortawesome/fontawesome-svg-core": "^6.5.2",
+    "@fortawesome/free-solid-svg-icons": "^6.5.2",
+    "@typescript-eslint/eslint-plugin": "^7.7.1",
+    "@typescript-eslint/parser": "^7.7.1",
+    "@xterm/addon-fit": "^0.10.0",
+    "@xterm/xterm": "^5.5.0",
     "clean-webpack-plugin": "^4.0.0",
-    "copy-webpack-plugin": "^11.0.0",
-    "css-loader": "^6.7.1",
-    "eslint": "^8.21.0",
+    "copy-webpack-plugin": "^12.0.2",
+    "css-loader": "^7.1.1",
+    "eslint": "^8.56.0",
     "eslint-config-airbnb-base": "^15.0.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-import": "^2.26.0",
-    "eslint-plugin-prettier": "^4.2.1",
-    "mini-css-extract-plugin": "^2.6.1",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-import": "^2.29.1",
+    "eslint-plugin-prettier": "^5.1.3",
+    "mini-css-extract-plugin": "^2.9.0",
     "nodaemon": "0.0.5",
-    "prettier": "^2.7.1",
+    "npm-check-updates": "^16.14.20",
+    "prettier": "^3.2.5",
     "snazzy": "^9.0.0",
-    "snyk": "^1.981.0",
-    "socket.io-client": "^4.5.1",
-    "source-map-loader": "^4.0.0",
+    "snyk": "^1.1290.0",
+    "socket.io-client": "^4.7.5",
+    "source-map-loader": "^5.0.0",
     "standard-version": "^9.5.0",
-    "terser-webpack-plugin": "^5.3.3",
-    "ts-loader": "^9.3.1",
-    "typescript": "^4.7.4",
-    "webpack": "^5.74.0",
-    "webpack-cli": "^4.10.0",
-    "webpack-merge": "^5.8.0",
-    "xterm": "^4.19.0",
-    "xterm-addon-fit": "^0.5.0"
-  },
-  "resolutions": {
-    "trim-newlines": "^3.0.1"
+    "terser-webpack-plugin": "^5.3.10",
+    "ts-loader": "^9.5.1",
+    "typescript": "^5.4.5",
+    "webpack": "^5.91.0",
+    "webpack-cli": "^5.1.4",
+    "webpack-merge": "^5.10.0"
   }
 }

app/server/app.js

@@ -13,7 +13,7 @@ const express = require('express');
 const logger = require('morgan');
 
 const app = express();
-const server = require('http').Server(app);
+const server = require('http').createServer(app);
 const favicon = require('serve-favicon');
 const io = require('socket.io')(server, config.socketio);
 const session = require('express-session')(config.express);
@@ -102,7 +102,8 @@ const onConnection = (socket) => {
   });
   socket.on('geometry', (cols, rows) => {
     // TODO need to rework how we pass settings to ssh2, this is less than ideal
-    socket.request.session.ssh.terminfo = { cols, rows };
+    socket.request.session.ssh.cols = cols;
+    socket.request.session.ssh.rows = rows;
     webssh2debug(socket, `SOCKET GEOMETRY: termCols = ${cols}, termRows = ${rows}`);
   });
 };

app/server/config.js

@@ -2,7 +2,6 @@
    no-console: ["error", { allow: ["warn", "error", "info"] }] */
 const fs = require('fs');
 const path = require('path');
-const merger = require('json-merger');
 const debugWebSSH2 = require('debug')('WebSSH2');
 const crypto = require('crypto');
 const util = require('util');
@@ -110,7 +109,8 @@ try {
   }
   console.info(`WebSSH2 service reading config from: ${configPath}`);
   const configFile = readconfig(configPath, { override: true });
-  myConfig = merger.mergeObjects([configDefault, configFile]);
+  // myConfig = merger.mergeObjects([configDefault, configFile]);
+  myConfig = { ...configDefault, ...configFile };
   debugWebSSH2(`\nCurrent config: ${util.inspect(myConfig)}`);
 } catch (err) {
   myConfig = configDefault;

app/server/routes.js

@@ -171,6 +171,8 @@ exports.connect = function connect(req, res) {
       letterSpacing,
       lineHeight,
     },
+    cols: null,
+    rows: null,
     allowreplay:
       config.options.challengeButton ||
       (validator.isBoolean(`${req.headers.allowreplay}`)

app/server/socket.js

@@ -105,7 +105,7 @@ module.exports = function appSocket(socket) {
       socket.emit('data', data.replace(/\r?\n/g, '\r\n').toString('utf-8'));
     });
 
-    conn.on('handshake', (data => {
+    conn.on('handshake', () => {
       socket.emit('setTerminalOpts', socket.request.session.ssh.terminal);
       socket.emit('menu');
       socket.emit('allowreauth', socket.request.session.ssh.allowreauth);
@@ -118,7 +118,7 @@ module.exports = function appSocket(socket) {
         'footer',
         `ssh://${socket.request.session.username}@${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
       );
-    }));
+    });
 
     conn.on('ready', () => {
       webssh2debug(

bin/BIG-IP-ILX-WebSSH2-current.tgz.sha256

@@ -1 +0,0 @@
-b512ae8f04eba0eab29e026542fab1063b1bb4ae6db04e3613a8939260fe031c  Build/Release/BIG-IP-ILX-WebSSH2-0.2.9.tgz

package.json

@@ -0,0 +1,6 @@
+{
+  "dependencies": {},
+  "devDependencies": {
+    "bun-types": "^1.0.1"
+  }
+}

release-please-config.json

@@ -1,12 +1,13 @@
 {
+  "changelogPath": "CHANGELOG.md",
+  "include-v-in-tags": false,
+  "prerelease": true,
   "packages": {
-    ".": {
+    "app": {
       "releaseType": "node",
       "draft": false,
-      "prerelease": false,
       "bumpMinorPreMajor": false,
       "bumpPatchForMinorPreMajor": false,
-      "changelogPath": "CHANGELOG.md",
       "versioning": "default"
     }
   }