jakob/PairDrop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow selection of which network interface(s) to bind to

Browse source 
This is important for security reasons, as it allows someone to lock
down who can talk directly to the Snapdrop server. If someone wants to
run Snapdrop behind a reverse proxy (for example), it doesn't help if
someone can still talk directly to the Nodejs process.
This commit is contained in:
Matthew Gamble 2021-03-26 10:07:18 +11:00
parent bd3d13d48a
commit a4d6cfd862
No known key found for this signature in database
GPG key ID: B5D06189C3995B3B
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/index.js
View file

@ -16,9 +16,9 @@ const { uniqueNamesGenerator, animals, colors } = require('unique-names-generato
class SnapdropServer {
constructor(port) {
constructor(host, port) {
const WebSocket = require('ws');
this._wss = new WebSocket.Server({ port: port });
this._wss = new WebSocket.Server({ host: host, port: port });
this._wss.on('connection', (socket, request) => this._onConnection(new Peer(socket, request)));
this._wss.on('headers', (headers, response) => this._onHeaders(headers, response));
@ -288,4 +288,4 @@ Object.defineProperty(String.prototype, 'hashCode', {
}
});
const server = new SnapdropServer(process.env.PORT || 3000);
const server = new SnapdropServer(process.env.HOST || null, process.env.PORT || 3000);