Renamed option from --no-helmet to --bypasshelmet

6 years ago · cce60629ec
4 changed files with 12 additions and 9 deletions
--- a/index.js
+++ b/index.js
@ -94,7 +94,7 @@ if (require.main === module) {
          type: 'string',
          default: process.env.COMMAND || 'login',
        },
-        'no-helmet': {
+        bypasshelmet: {
          demand: false,
          description: 'disable helmet from placing security restrictions',
          type: 'boolean',
--- a/src/server/index.ts
+++ b/src/server/index.ts
@ -39,7 +39,7 @@ export default class Server {
    command,
    sslkey,
    sslcert,
-    disableHelmet,
+    bypasshelmet,
  }: Options): Promise<void> {
    wetty
      .on('exit', ({ code, msg }: { code: number; msg: string }) => {
@ -62,7 +62,7 @@ export default class Server {
        pass: sshpass,
        key: sshkey,
      },
-      { base, host, port, title, disableHelmet },
+      { base, host, port, title, bypasshelmet },
      command,
      { key: sslkey, cert: sslcert }
    );
--- a/src/server/interfaces.ts
+++ b/src/server/interfaces.ts
@ -21,5 +21,5 @@ export interface Server {
  port: number;
  host: string;
  base: string;
-  disableHelmet: boolean;
+  bypasshelmet: boolean;
 }
--- a/src/server/server.ts
+++ b/src/server/server.ts
@ -17,7 +17,7 @@ const distDir = path.join(__dirname, 'client');
 const trim = (str: string): string => str.replace(/\/*$/, '');

 export default function createServer(
-  { base, port, host, title, disableHelmet }: Server,
+  { base, port, host, title, bypasshelmet }: Server,
  { key, cert }: SSLBuffer
 ): SocketIO.Server {
  const basePath = trim(base);
@ -72,14 +72,17 @@ export default function createServer(
      )
        res.redirect(301, req.url.slice(0, -1));
      else next();
-    })
-    .get(basePath, html)
-    .get(`${basePath}/ssh/:user`, html);
+    });

-  if (!disableHelmet) {
+  // Allow helmet to be bypassed.
+  // Unfortunately, order matters with middleware
+  // which is why this is thrown in the middle
+  if (!bypasshelmet) {
    app.use(helmet());
  }

+  app.get(basePath, html).get(`${basePath}/ssh/:user`, html);
+
  return socket(
    !isUndefined(key) && !isUndefined(cert)
      ? https.createServer({ key, cert }, app).listen(port, host, () => {