diff --git a/src/docker/config.json b/src/docker/config.json index 253dfd4..8beeaf1 100644 --- a/src/docker/config.json +++ b/src/docker/config.json @@ -2,7 +2,11 @@ "webservice":{ "host":"0.0.0.0", "port":8022, - "ssl":false + "ssl": false, + "cors-relative-origins": [ + "chrome-extension://[a-p]{32}", + "(https|http)://.*" + ] }, "application":{ "authentication":false, diff --git a/src/main/java/net/zyclonite/nassh/MainVerticle.java b/src/main/java/net/zyclonite/nassh/MainVerticle.java index bb2e728..bb6763c 100644 --- a/src/main/java/net/zyclonite/nassh/MainVerticle.java +++ b/src/main/java/net/zyclonite/nassh/MainVerticle.java @@ -13,6 +13,7 @@ import io.vertx.core.Promise; import io.vertx.core.http.HttpServer; import io.vertx.core.http.HttpServerOptions; +import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; import io.vertx.core.net.SelfSignedCertificate; import io.vertx.ext.web.Router; @@ -42,11 +43,12 @@ public void start(final Promise startPromise) { } server = vertx.createHttpServer(options); final Router router = Router.router(vertx); - router.route().handler(CorsHandler - .create() - .addRelativeOrigin(".*") - .allowCredentials(true) - ); + CorsHandler corsHandler = CorsHandler.create().allowCredentials(true); + JsonArray relOrigins = webserviceConfig.getJsonArray("cors-relative-origins"); + for (int i = 0; i < relOrigins.size(); i++) { + corsHandler.addRelativeOrigin(relOrigins.getString(i)); + } + router.route().handler(corsHandler); router.get("/cookie").handler(new CookieHandler(config().getJsonObject("application").copy().put("auth", config().getJsonObject("google-sso")))); router.post("/cookie").handler(new CookiePostHandler(vertx, new JsonObject().put("auth", config().getJsonObject("google-sso")))); router.get("/proxy").handler(new ProxyHandler(vertx, config())); diff --git a/src/main/java/net/zyclonite/nassh/handler/ProxyHandler.java b/src/main/java/net/zyclonite/nassh/handler/ProxyHandler.java index a19d52b..020781b 100644 --- a/src/main/java/net/zyclonite/nassh/handler/ProxyHandler.java +++ b/src/main/java/net/zyclonite/nassh/handler/ProxyHandler.java @@ -14,7 +14,7 @@ import io.vertx.core.Vertx; import io.vertx.core.http.HttpServerRequest; import io.vertx.core.http.HttpServerResponse; -import io.vertx.core.impl.VertxImpl; +import io.vertx.core.impl.VertxInternal; import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; import io.vertx.core.net.NetClient; @@ -39,14 +39,16 @@ public class ProxyHandler implements Handler { private final LocalMap sessions; private final int sessionlimit; private final boolean authentication; - private final Vertx vertx; + private final VertxInternal vertx; + private final NetClient client; private final JsonObject config; private final JsonArray accessList; private final JsonArray whiteList; private final JsonArray blackList; public ProxyHandler(final Vertx vertx, final JsonObject config) { - this.vertx = vertx; + this.vertx = (VertxInternal) vertx; + this.client = vertx.createNetClient(new NetClientOptions().setRegisterWriteHandler(true).setReconnectAttempts(10).setReconnectInterval(500)); this.config = config; this.authentication = config.getJsonObject("application").getBoolean("authentication", true); this.sessions = vertx.sharedData().getLocalMap(Constants.SESSIONS); @@ -84,7 +86,7 @@ public void handle(final RoutingContext context) { logger.warn(() -> "ssh session limit of " + sessionlimit + " reached"); return; } - ((VertxImpl) vertx).resolveAddress(host, result -> { + vertx.resolveAddress(host, result -> { if (result.succeeded()) { final InetAddress address = result.result(); vertx.executeBlocking(() -> AccessHelper.isHostAllowed(accessList, whiteList, blackList, address, authSession), false) @@ -123,7 +125,6 @@ public void handle(final RoutingContext context) { private Promise connectTcpEndpoint(final UUID sid, final String host, final int port, final String clienthost) { final Promise promise = Promise.promise(); - final NetClient client = vertx.createNetClient(new NetClientOptions().setReconnectAttempts(10).setReconnectInterval(500)); client.connect(port, host, asyncResult -> { if (asyncResult.succeeded()) { logger.info(() -> "Connected to ssh server: " + host + ":" + port + " (" + clienthost + ")");