fix(dev): Require dev port selected is 80, 443, or between 1024-65535 (…

…#895) * Require port selected is between 1024-65535 to avoid user selecting "unsafe" or reserved ports that browsers wont allow you to send traffic to * Allow 80, 443 to be passed as a port to --port as well
architect-team · Apr 18, 2023 · c35a27b · c35a27b
1 parent 23ae62b
commit c35a27b
Showing 1 changed file with 24 additions and 6 deletions.
diff --git a/src/commands/dev/index.ts b/src/commands/dev/index.ts
@@ -58,7 +58,7 @@ export default class Dev extends BaseCommand {
   static examples = [
     'architect dev ./mycomponent/architect.yml',
     'architect dev ./mycomponent/architect.yml -a myaccount --secrets-env=myenvironment',
-    'architect dev --port=81 --browser=false --debug=true --secret-file=./mycomponent/mysecrets.yml ./mycomponent/architect.yml',
+    'architect dev --port=1234 --browser=false --debug=true --secret-file=./mycomponent/mysecrets.yml ./mycomponent/architect.yml',
   ];
 
   static flags = {
@@ -123,8 +123,9 @@ export default class Dev extends BaseCommand {
       sensitive: false,
     }),
     port: Flags.integer({
-      description: '[default: 443] Port for the gateway',
+      description: 'Port for the gateway. Defaults to 443, or 80 if --ssl=false. Allowed port numbers are 80, 443, or any port between 1024 and 66535.',
       sensitive: false,
+      max: 65535,
     }),
     // Used for proxy from deploy to dev. These will be removed once --local is deprecated
     local: booleanString({
@@ -432,15 +433,16 @@ export default class Dev extends BaseCommand {
           name: 'port',
           message: `Trying to listen on port ${port}, but something is already using it. What port would you like us to run the API gateway on (you can use the '--port' flag to skip this message in the future)?`,
           validate: (value) => {
-            if (new RegExp('^[1-9]+\\d*$').test(value)) {
-              return true;
+            const port = Number.parseInt(value);
+            if (!this.isValidPort(port)) {
+              return 'Port must be 80, 443, or any port between 1024 and 66535.';
             }
-            return `Port can only be positive number.`;
+            return true;
           },
         },
       ]);
 
-      port = answers.port;
+      port = Number.parseInt(answers.port);
     }
     return port;
   }
@@ -530,13 +532,29 @@ $ architect dev -e new_env_name_here .`));
     return env_secrets;
   }
 
+  /**
+   * Only allowed ports for architect dev are 1024-65535, or 80/443 (default http/https ports)
+   * This is to prevent users from choosing a well-known port that browers won't allow connections
+   * to (e.g. port 95 or 101).
+   */
+  private isValidPort(port: number): boolean {
+    if (Number.isNaN(port)) {
+      return false;
+    }
+
+    return (port >= 1024 && port <= 65535) || port === 443 || port === 80;
+  }
+
   private async runLocal() {
     const { args, flags } = await this.parse(Dev);
 
     const environment = flags.environment || DockerComposeUtils.DEFAULT_PROJECT;
     await this.failIfEnvironmentExists(environment);
 
     flags.port = await this.getAvailablePort(flags.port || (flags.ssl ? 443 : 80));
+    if (!this.isValidPort(flags.port)) {
+      throw new Error('Invalid port number. Port must be 80, 443, or any port between 1024 and 66535.');
+    }
 
     if (flags.ssl) {
       await this.downloadSSLCerts();