bdy 1.22.63-stage → 1.22.64-master
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/distTs/package.json
CHANGED
|
@@ -70,9 +70,6 @@ class ServerHttp2 extends events_1.default {
|
|
|
70
70
|
req.end();
|
|
71
71
|
}
|
|
72
72
|
checkHostHeader(req, res) {
|
|
73
|
-
logger_js_1.default.info('checkHostHeader');
|
|
74
|
-
logger_js_1.default.info(this.host);
|
|
75
|
-
logger_js_1.default.info(req.headers[':authority']);
|
|
76
73
|
const headerHost = (req.headers[':authority'] || '').split(':')[0];
|
|
77
74
|
if (headerHost === this.host)
|
|
78
75
|
return true;
|
|
@@ -498,107 +498,107 @@ class Tunnel extends events_1.default {
|
|
|
498
498
|
...data,
|
|
499
499
|
sshHostKey: this.sshHostKey,
|
|
500
500
|
});
|
|
501
|
-
|
|
501
|
+
const diff = (field, a, b) => {
|
|
502
|
+
logger_1.default.debug(`Tunnel '${this.id}' hasChanged: ${field} (running=${JSON.stringify(a)} incoming=${JSON.stringify(b)})`);
|
|
502
503
|
return true;
|
|
504
|
+
};
|
|
505
|
+
if (this.type !== tunnel.type)
|
|
506
|
+
return diff('type', this.type, tunnel.type);
|
|
503
507
|
if (this.target !== tunnel.target)
|
|
504
|
-
return
|
|
508
|
+
return diff('target', this.target, tunnel.target);
|
|
505
509
|
if (this.region !== tunnel.region)
|
|
506
|
-
return
|
|
510
|
+
return diff('region', this.region, tunnel.region);
|
|
507
511
|
if (this.timeout !== tunnel.timeout)
|
|
508
|
-
return
|
|
512
|
+
return diff('timeout', this.timeout, tunnel.timeout);
|
|
509
513
|
if (this.domain !== tunnel.domain)
|
|
510
|
-
return
|
|
514
|
+
return diff('domain', this.domain, tunnel.domain);
|
|
511
515
|
if (this.subdomain !== tunnel.subdomain)
|
|
512
|
-
return
|
|
516
|
+
return diff('subdomain', this.subdomain, tunnel.subdomain);
|
|
513
517
|
if (this.terminate !== tunnel.terminate)
|
|
514
|
-
return
|
|
518
|
+
return diff('terminate', this.terminate, tunnel.terminate);
|
|
515
519
|
if (this.key !== tunnel.key)
|
|
516
|
-
return
|
|
520
|
+
return diff('key', this.key, tunnel.key);
|
|
517
521
|
if (this.cert !== tunnel.cert)
|
|
518
|
-
return
|
|
522
|
+
return diff('cert', this.cert, tunnel.cert);
|
|
519
523
|
if (this.ca !== tunnel.ca)
|
|
520
|
-
return
|
|
524
|
+
return diff('ca', this.ca, tunnel.ca);
|
|
521
525
|
if (this.host !== tunnel.host)
|
|
522
|
-
return
|
|
526
|
+
return diff('host', this.host, tunnel.host);
|
|
523
527
|
if (this.login !== tunnel.login)
|
|
524
|
-
return
|
|
528
|
+
return diff('login', this.login, tunnel.login);
|
|
525
529
|
if (this.password !== tunnel.password)
|
|
526
|
-
return
|
|
530
|
+
return diff('password', this.password, tunnel.password);
|
|
527
531
|
if (this.serve !== tunnel.serve)
|
|
528
|
-
return
|
|
532
|
+
return diff('serve', this.serve, tunnel.serve);
|
|
529
533
|
if (this.circuitBreaker !== tunnel.circuitBreaker)
|
|
530
|
-
return
|
|
534
|
+
return diff('circuitBreaker', this.circuitBreaker, tunnel.circuitBreaker);
|
|
531
535
|
if (this.log !== tunnel.log)
|
|
532
|
-
return
|
|
536
|
+
return diff('log', this.log, tunnel.log);
|
|
533
537
|
if (this.verify !== tunnel.verify)
|
|
534
|
-
return
|
|
538
|
+
return diff('verify', this.verify, tunnel.verify);
|
|
535
539
|
if (this.http2 !== tunnel.http2)
|
|
536
|
-
return
|
|
540
|
+
return diff('http2', this.http2, tunnel.http2);
|
|
537
541
|
if (this.compression !== tunnel.compression)
|
|
538
|
-
return
|
|
542
|
+
return diff('compression', this.compression, tunnel.compression);
|
|
539
543
|
if (this.sshIp !== tunnel.sshIp)
|
|
540
|
-
return
|
|
544
|
+
return diff('sshIp', this.sshIp, tunnel.sshIp);
|
|
541
545
|
if (this.sshId !== tunnel.sshId)
|
|
542
|
-
return
|
|
546
|
+
return diff('sshId', this.sshId, tunnel.sshId);
|
|
543
547
|
if (this.sshPort !== tunnel.sshPort)
|
|
544
|
-
return
|
|
548
|
+
return diff('sshPort', this.sshPort, tunnel.sshPort);
|
|
545
549
|
if (this.sshUser !== tunnel.sshUser)
|
|
546
|
-
return
|
|
550
|
+
return diff('sshUser', this.sshUser, tunnel.sshUser);
|
|
547
551
|
if (this.sshPassword !== tunnel.sshPassword)
|
|
548
|
-
return
|
|
552
|
+
return diff('sshPassword', this.sshPassword, tunnel.sshPassword);
|
|
549
553
|
if (this.sshForwardPort !== tunnel.sshForwardPort)
|
|
550
|
-
return
|
|
554
|
+
return diff('sshForwardPort', this.sshForwardPort, tunnel.sshForwardPort);
|
|
551
555
|
if (this.sshClientPassword !== tunnel.sshClientPassword)
|
|
552
|
-
return
|
|
556
|
+
return diff('sshClientPassword', this.sshClientPassword, tunnel.sshClientPassword);
|
|
553
557
|
if (this.sshClientUser !== tunnel.sshClientUser)
|
|
554
|
-
return
|
|
558
|
+
return diff('sshClientUser', this.sshClientUser, tunnel.sshClientUser);
|
|
555
559
|
if (this.whitelist?.length !== tunnel.whitelist?.length)
|
|
556
|
-
return
|
|
560
|
+
return diff('whitelist.length', this.whitelist, tunnel.whitelist);
|
|
557
561
|
if (this.whitelist && tunnel.whitelist) {
|
|
558
562
|
this.whitelist.sort();
|
|
559
563
|
tunnel.whitelist.sort();
|
|
560
564
|
for (let i = 0; i < this.whitelist.length; i += 1) {
|
|
561
565
|
if (this.whitelist[i] !== tunnel.whitelist[i])
|
|
562
|
-
return
|
|
566
|
+
return diff('whitelist', this.whitelist, tunnel.whitelist);
|
|
563
567
|
}
|
|
564
568
|
}
|
|
565
569
|
if (this.useragents?.length !== tunnel.useragents?.length)
|
|
566
|
-
return
|
|
570
|
+
return diff('useragents.length', this.useragents, tunnel.useragents);
|
|
567
571
|
if (this.useragents && tunnel.useragents) {
|
|
568
572
|
this.useragents.sort();
|
|
569
573
|
tunnel.useragents.sort();
|
|
570
574
|
for (let i = 0; i < this.useragents.length; i += 1) {
|
|
571
575
|
if (this.useragents[i] !== tunnel.useragents[i])
|
|
572
|
-
return
|
|
576
|
+
return diff('useragents', this.useragents, tunnel.useragents);
|
|
573
577
|
}
|
|
574
578
|
}
|
|
575
579
|
const sortHeaders = (a, b) => a.name.localeCompare(b.name);
|
|
576
580
|
if (this.headers?.length !== tunnel.headers?.length)
|
|
577
|
-
return
|
|
581
|
+
return diff('headers.length', this.headers, tunnel.headers);
|
|
578
582
|
if (this.headers && tunnel.headers) {
|
|
579
583
|
this.headers.sort(sortHeaders);
|
|
580
584
|
tunnel.headers.sort(sortHeaders);
|
|
581
585
|
for (let i = 0; i < this.headers.length; i += 1) {
|
|
582
586
|
const thisH = this.headers[i];
|
|
583
587
|
const tunnelH = tunnel.headers[i];
|
|
584
|
-
if (thisH.name !== tunnelH.name)
|
|
585
|
-
return
|
|
586
|
-
if (thisH.value !== tunnelH.value)
|
|
587
|
-
return true;
|
|
588
|
+
if (thisH.name !== tunnelH.name || thisH.value !== tunnelH.value)
|
|
589
|
+
return diff('headers', this.headers, tunnel.headers);
|
|
588
590
|
}
|
|
589
591
|
}
|
|
590
592
|
if (this.responseHeaders?.length !== tunnel.responseHeaders?.length)
|
|
591
|
-
return
|
|
593
|
+
return diff('responseHeaders.length', this.responseHeaders, tunnel.responseHeaders);
|
|
592
594
|
if (this.responseHeaders && tunnel.responseHeaders) {
|
|
593
595
|
this.responseHeaders.sort(sortHeaders);
|
|
594
596
|
tunnel.responseHeaders.sort(sortHeaders);
|
|
595
597
|
for (let i = 0; i < this.responseHeaders.length; i += 1) {
|
|
596
598
|
const thisRH = this.responseHeaders[i];
|
|
597
599
|
const tunnelRH = tunnel.responseHeaders[i];
|
|
598
|
-
if (thisRH.name !== tunnelRH.name)
|
|
599
|
-
return
|
|
600
|
-
if (thisRH.value !== tunnelRH.value)
|
|
601
|
-
return true;
|
|
600
|
+
if (thisRH.name !== tunnelRH.name || thisRH.value !== tunnelRH.value)
|
|
601
|
+
return diff('responseHeaders', this.responseHeaders, tunnel.responseHeaders);
|
|
602
602
|
}
|
|
603
603
|
}
|
|
604
604
|
return false;
|
|
@@ -667,10 +667,14 @@ class Tunnel extends events_1.default {
|
|
|
667
667
|
if (this.authType === tunnel_1.TUNNEL_HTTP_AUTH_TYPE.BASIC) {
|
|
668
668
|
const user = require('basic-auth')(req);
|
|
669
669
|
if (user && user.name === this.login && user.pass === this.password) {
|
|
670
|
+
// tunnel consumed the credentials; don't leak them to the target
|
|
671
|
+
delete req.headers.authorization;
|
|
670
672
|
return true;
|
|
671
673
|
}
|
|
672
674
|
const authorized = await this._checkHttpPat(req, res, false);
|
|
673
675
|
if (authorized) {
|
|
676
|
+
// tunnel consumed the credentials; don't leak them to the target
|
|
677
|
+
delete req.headers.authorization;
|
|
674
678
|
return true;
|
|
675
679
|
}
|
|
676
680
|
logger_1.default.debug(texts_1.LOG_TUNNEL_HTTP_WRON_AUTH);
|