From 58a32d43b30cdc474ac82c3a5947f58718239538 Mon Sep 17 00:00:00 2001
From: schlagmichdoch <schlagmichdoch@users.noreply.github.com>
Date: Tue, 14 Feb 2023 02:41:06 +0100
Subject: [PATCH] implementing options to make PairDrop reachable on localhost
 only to prevent bypassing the proxy server on production

---
 docs/host-your-own.md | 51 ++++++++++++++++++++++++++++---------------
 index.js              |  9 ++++++--
 package.json          |  5 ++---
 3 files changed, 43 insertions(+), 22 deletions(-)

diff --git a/docs/host-your-own.md b/docs/host-your-own.md
index f364e1b..c805463 100644
--- a/docs/host-your-own.md
+++ b/docs/host-your-own.md
@@ -15,15 +15,7 @@ npm install
 Start the server with:
 
 ```bash
-npm start
-```
-
-### Public Run
-
-If you want to run in your public "sharable" IP instead of locally, you can use this command:
-
-```bash
-node index.js public
+node index.js
 ```
 or
 ```bash
@@ -36,6 +28,29 @@ npm start
 
 <br>
 
+### Environment variables
+#### Port
+On Unix based systems
+```bash
+PORT=3010 npm start
+```
+On Windows
+```bash
+$env:PORT=3010; npm start 
+```
+> Specify the port PairDrop is running on. (Default: 3000)
+
+### Options / Flags
+#### Local Run
+```bash
+npm start -- --localhost-only
+```
+> Only allow connections from localhost.
+> 
+> Use this when deploying PairDrop with node. 
+> This prevents connections to the node server from bypassing the proxy server, 
+> as you must use a server proxy to point to PairDrop (See [#HTTP-Server](#http-server)).
+
 #### Automatic restart on error
 ```bash
 npm start -- --auto-restart 
@@ -73,18 +88,15 @@ npm start -- --include-ws-fallback
 npm run start:prod
 ```
 
-#### Production (autostart, rate-limit and websocket fallback for VPN)
+#### Production (autostart, rate-limit, localhost-only and websocket fallback for VPN)
 ```bash
-npm run start:prod -- --include-ws-fallback
+npm run start:prod -- --localhost-only --include-ws-fallback
 ```
+> To prevent connections to the node server from bypassing the proxy server you should use "--localhost-only" on production.
 
 ## Deployment with Docker
 The easiest way to get PairDrop up and running is by using Docker.
 
-By default, docker listens on port 3000 for (http and https).
-
-By default, PairDrop is started with auto-start and rate-limit enabled. To run PairDrop with [the options listed above](#public-run) you have to edit the `CMD` command in the Dockerfile accordingly.
-
 ### Build the image
 ```bash
 docker build . -f Dockerfile -t pairdrop
@@ -93,9 +105,14 @@ docker build . -f Dockerfile -t pairdrop
 
 ### Run the image
 ```bash
-docker run -p 3000:3000 -it pairdrop npm run start:prod
+docker run -p 127.0.0.1:3000:3000 -it pairdrop npm run start:prod
 ```
-> To specify flags replace `npm run start:prod` according to [the documentation above.](#public-run)
+> By default, PairDrop is started with auto-start and rate-limit enabled.
+> By including "127.0.0.1" the docker container is only available on localhost (same as "--localhost-only" when deploying with node).
+> 
+> You must use a server proxy to point to PairDrop (See [#HTTP-Server](#http-server)). 
+>
+> To specify options replace `npm run start:prod` according to [the documentation above.](#options--flags)
 
 ## HTTP-Server
 When running PairDrop, the `X-Forwarded-For` header has to be set by a proxy. Otherwise, all clients will be mutually visible.
diff --git a/index.js b/index.js
index c50cc91..31e8761 100644
--- a/index.js
+++ b/index.js
@@ -54,7 +54,6 @@ const RateLimit = require('express-rate-limit');
 const http = require('http');
 
 const app = express();
-const port = process.env.PORT || 3000;
 
 if (process.argv.includes('--rate-limit')) {
     const limiter = RateLimit({
@@ -83,7 +82,13 @@ app.get('/', (req, res) => {
 });
 
 const server = http.createServer(app);
-server.listen(port);
+const port = process.env.PORT || 3000;
+
+if (process.argv.includes('--localhost-only')) {
+    server.listen(port, '127.0.0.1');
+} else {
+    server.listen(port);
+}
 
 const parser = require('ua-parser-js');
 const { uniqueNamesGenerator, animals, colors } = require('unique-names-generator');
diff --git a/package.json b/package.json
index d674521..416905c 100644
--- a/package.json
+++ b/package.json
@@ -4,9 +4,8 @@
   "description": "",
   "main": "index.js",
   "scripts": {
-    "start": "node index.js public",
-    "start:prod": "node index.js public --rate-limit --auto-restart",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "start": "node index.js",
+    "start:prod": "node index.js --rate-limit --auto-restart"
   },
   "author": "",
   "license": "ISC",