From 981b0b2059a2858b2404912659991082e4acb9a1 Mon Sep 17 00:00:00 2001
From: Anthony Jund <antonyjund@gmail.com>
Date: Tue, 11 Jun 2019 09:02:29 -0400
Subject: [PATCH 1/4] Added startup option to disable helmet

---
 index.js                 | 6 ++++++
 src/server/index.ts      | 6 ++++--
 src/server/interfaces.ts | 1 +
 src/server/server.ts     | 9 ++++++---
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/index.js b/index.js
index 526d775..55beed2 100755
--- a/index.js
+++ b/index.js
@@ -94,6 +94,12 @@ if (require.main === module) {
           type: 'string',
           default: process.env.COMMAND || 'login',
         },
+        'no-helmet': {
+          demand: false,
+          description: 'disable helmet from placing security restrictions',
+          type: 'boolean',
+          default: false,
+        },
         help: {
           demand: false,
           alias: 'h',
diff --git a/src/server/index.ts b/src/server/index.ts
index 2274339..41dbc46 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -17,6 +17,7 @@ export interface Options {
   port: number;
   title: string;
   command?: string;
+  disableHelmet?: boolean;
 }
 
 interface CLI extends Options {
@@ -38,6 +39,7 @@ export default class Server {
     command,
     sslkey,
     sslcert,
+    disableHelmet,
   }: Options): Promise<void> {
     wetty
       .on('exit', ({ code, msg }: { code: number; msg: string }) => {
@@ -56,11 +58,11 @@ export default class Server {
         host: sshhost,
         auth: sshauth,
         port: sshport,
-        title: title,
+        title,
         pass: sshpass,
         key: sshkey,
       },
-      { base, host, port, title },
+      { base, host, port, title, disableHelmet },
       command,
       { key: sslkey, cert: sslcert }
     );
diff --git a/src/server/interfaces.ts b/src/server/interfaces.ts
index 4674ecf..adcda37 100644
--- a/src/server/interfaces.ts
+++ b/src/server/interfaces.ts
@@ -21,4 +21,5 @@ export interface Server {
   port: number;
   host: string;
   base: string;
+  disableHelmet: boolean;
 }
diff --git a/src/server/server.ts b/src/server/server.ts
index 695a3d7..f53e0c2 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -17,7 +17,7 @@ const distDir = path.join(__dirname, 'client');
 const trim = (str: string): string => str.replace(/\/*$/, '');
 
 export default function createServer(
-  { base, port, host, title }: Server,
+  { base, port, host, title, disableHelmet }: Server,
   { key, cert }: SSLBuffer
 ): SocketIO.Server {
   const basePath = trim(base);
@@ -49,7 +49,7 @@ export default function createServer(
     </div>
     <div id="options">
       <a class="toggler"
-         href="#" 
+         href="#"
          alt="Toggle options"><i class="fas fa-cogs"></i></a>
       <textarea class="editor"></textarea>
     </div>
@@ -61,7 +61,6 @@ export default function createServer(
   const app = express();
   app
     .use(morgan('combined', { stream: logger.stream }))
-    .use(helmet())
     .use(compression())
     .use(favicon(path.join(distDir, 'favicon.ico')))
     .use(`${basePath}/public`, express.static(distDir))
@@ -77,6 +76,10 @@ export default function createServer(
     .get(basePath, html)
     .get(`${basePath}/ssh/:user`, html);
 
+  if (!disableHelmet) {
+    app.use(helmet());
+  }
+
   return socket(
     !isUndefined(key) && !isUndefined(cert)
       ? https.createServer({ key, cert }, app).listen(port, host, () => {

From ca50c52674329c5e819796186cfbe7824ee8fdac Mon Sep 17 00:00:00 2001
From: Anthony Jund <antonyjund@gmail.com>
Date: Tue, 11 Jun 2019 09:03:06 -0400
Subject: [PATCH 2/4] Updated lint-staged to fix any-observable error

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 4ec2b22..bf7ce9d 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
     "eslint-plugin-typescript": "^1.0.0-rc.1",
     "file-loader": "^3.0.1",
     "husky": "^1.3.1",
-    "lint-staged": "^6.1.1",
+    "lint-staged": "~8.2.0",
     "mini-css-extract-plugin": "^0.5.0",
     "node-sass": "^4.11.0",
     "nodemon": "^1.14.10",

From cce60629ec1c8065eaeda157b969c376f5089f22 Mon Sep 17 00:00:00 2001
From: Anthony Jund <antonyjund@gmail.com>
Date: Tue, 11 Jun 2019 09:28:32 -0400
Subject: [PATCH 3/4] Renamed option from --no-helmet to --bypasshelmet

---
 index.js                 |  2 +-
 src/server/index.ts      |  4 ++--
 src/server/interfaces.ts |  2 +-
 src/server/server.ts     | 13 ++++++++-----
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/index.js b/index.js
index 55beed2..3caa5f9 100755
--- a/index.js
+++ b/index.js
@@ -94,7 +94,7 @@ if (require.main === module) {
           type: 'string',
           default: process.env.COMMAND || 'login',
         },
-        'no-helmet': {
+        bypasshelmet: {
           demand: false,
           description: 'disable helmet from placing security restrictions',
           type: 'boolean',
diff --git a/src/server/index.ts b/src/server/index.ts
index 41dbc46..af96308 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -39,7 +39,7 @@ export default class Server {
     command,
     sslkey,
     sslcert,
-    disableHelmet,
+    bypasshelmet,
   }: Options): Promise<void> {
     wetty
       .on('exit', ({ code, msg }: { code: number; msg: string }) => {
@@ -62,7 +62,7 @@ export default class Server {
         pass: sshpass,
         key: sshkey,
       },
-      { base, host, port, title, disableHelmet },
+      { base, host, port, title, bypasshelmet },
       command,
       { key: sslkey, cert: sslcert }
     );
diff --git a/src/server/interfaces.ts b/src/server/interfaces.ts
index adcda37..05b391c 100644
--- a/src/server/interfaces.ts
+++ b/src/server/interfaces.ts
@@ -21,5 +21,5 @@ export interface Server {
   port: number;
   host: string;
   base: string;
-  disableHelmet: boolean;
+  bypasshelmet: boolean;
 }
diff --git a/src/server/server.ts b/src/server/server.ts
index f53e0c2..1462586 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -17,7 +17,7 @@ const distDir = path.join(__dirname, 'client');
 const trim = (str: string): string => str.replace(/\/*$/, '');
 
 export default function createServer(
-  { base, port, host, title, disableHelmet }: Server,
+  { base, port, host, title, bypasshelmet }: Server,
   { key, cert }: SSLBuffer
 ): SocketIO.Server {
   const basePath = trim(base);
@@ -72,14 +72,17 @@ export default function createServer(
       )
         res.redirect(301, req.url.slice(0, -1));
       else next();
-    })
-    .get(basePath, html)
-    .get(`${basePath}/ssh/:user`, html);
+    });
 
-  if (!disableHelmet) {
+  // Allow helmet to be bypassed.
+  // Unfortunately, order matters with middleware
+  // which is why this is thrown in the middle
+  if (!bypasshelmet) {
     app.use(helmet());
   }
 
+  app.get(basePath, html).get(`${basePath}/ssh/:user`, html);
+
   return socket(
     !isUndefined(key) && !isUndefined(cert)
       ? https.createServer({ key, cert }, app).listen(port, host, () => {

From 681064050bc9e7415ee315f540042df9dba96a24 Mon Sep 17 00:00:00 2001
From: Anthony Jund <antonyjund@gmail.com>
Date: Tue, 11 Jun 2019 09:39:16 -0400
Subject: [PATCH 4/4] Corrected type from renaming bypassHelmet

---
 src/server/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server/index.ts b/src/server/index.ts
index af96308..408fe4c 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -17,7 +17,7 @@ export interface Options {
   port: number;
   title: string;
   command?: string;
-  disableHelmet?: boolean;
+  bypasshelmet?: boolean;
 }
 
 interface CLI extends Options {