Apply patch

3 files changed, 47 insertions, 3 deletions

diff --git a/.SRCINFO b/.SRCINFO
index c7e4767e8ace..3b44a2f8289b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,16 +1,19 @@
 pkgbase = snapdrop
 	pkgdesc = A Progressive Web App for local file sharing
 	pkgver = 2021.03.10
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/RobinLinus/snapdrop
 	arch = any
 	license = GPL3
+	license = MIT
 	makedepends = npm
 	depends = nodejs
 	source = https://github.com/RobinLinus/snapdrop/archive/fad4632eb903ea6de9ecbec90df0ac6bd7410e68.tar.gz
 	source = example-nginx.conf
+	source = customise-server-host-addr.patch
 	sha256sums = 8886ae45aa5910606c8125e27cc589ae26fe162eedc11a396ca864f4788f2c2a
 	sha256sums = a20b5daf7e2b49d0dc54e93911e22b2fea244ecf2ef3ee58960e3c2aacde586a
+	sha256sums = c91545d65af2bfd6f09e05c7263b00340a98870ee9f3ded7447891e56b296fb6
 
 pkgname = snapdrop
 
diff --git a/PKGBUILD b/PKGBUILD
index 58a3f2cadb3a..d582fe4d5cf4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 
 pkgname="snapdrop"
 pkgver=2021.03.10
-pkgrel=1
+pkgrel=2
 _githash="fad4632eb903ea6de9ecbec90df0ac6bd7410e68"
 pkgdesc="A Progressive Web App for local file sharing"
 url="https://github.com/RobinLinus/snapdrop"
@@ -13,14 +13,19 @@ makedepends=("npm")
 source=(
     "https://github.com/RobinLinus/snapdrop/archive/${_githash}.tar.gz"
     "example-nginx.conf"
+    "customise-server-host-addr.patch"
 )
 sha256sums=(
     "8886ae45aa5910606c8125e27cc589ae26fe162eedc11a396ca864f4788f2c2a"
     "a20b5daf7e2b49d0dc54e93911e22b2fea244ecf2ef3ee58960e3c2aacde586a"
+    "c91545d65af2bfd6f09e05c7263b00340a98870ee9f3ded7447891e56b296fb6"
 )
 
 prepare() {
-    cd "snapdrop-${_githash}/server"
+    cd "snapdrop-${_githash}"
+    patch -p1 < "${srcdir}/customise-server-host-addr.patch"
+
+    cd "server"
     npm ci
 }
 
diff --git a/customise-server-host-addr.patch b/customise-server-host-addr.patch
new file mode 100644
index 000000000000..15873f5d3b6a
--- /dev/null
+++ b/customise-server-host-addr.patch
@@ -0,0 +1,36 @@
+From 0bd29cad075b9345c62d16b504d4cbcaf63f7b2c Mon Sep 17 00:00:00 2001
+From: Matthew Gamble <git@matthewgamble.net>
+Date: Fri, 26 Mar 2021 10:07:18 +1100
+Subject: [PATCH] Allow selection of which network interface(s) to bind to
+
+This is important for security reasons, as it allows someone to lock
+down who can talk directly to the Snapdrop server. If someone wants to
+run Snapdrop behind a reverse proxy (for example), it doesn't help if
+someone can still talk directly to the Nodejs process.
+---
+ server/index.js | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/server/index.js b/server/index.js
+index 38fa399..b2b2c87 100644
+--- a/server/index.js
++++ b/server/index.js
+@@ -16,9 +16,9 @@ const { uniqueNamesGenerator, animals, colors } = require('unique-names-generato
+ 
+ class SnapdropServer {
+ 
+-    constructor(port) {
++    constructor(host, port) {
+         const WebSocket = require('ws');
+-        this._wss = new WebSocket.Server({ port: port });
++        this._wss = new WebSocket.Server({ host: host, port: port });
+         this._wss.on('connection', (socket, request) => this._onConnection(new Peer(socket, request)));
+         this._wss.on('headers', (headers, response) => this._onHeaders(headers, response));
+ 
+@@ -288,4 +288,4 @@ Object.defineProperty(String.prototype, 'hashCode', {
+   }
+ });
+ 
+-const server = new SnapdropServer(process.env.PORT || 3000);
+\ No newline at end of file
++const server = new SnapdropServer(process.env.HOST || null, process.env.PORT || 3000);