mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-27 14:43:14 -05:00
Improved IP blocking, improved relay tunnel error in meshcore.js
This commit is contained in:
Ylian Saint-Hilaire
parent
67c6c419d1
commit
0fea1990f6
@ -629,7 +629,7 @@ function createMeshCore(agent) {
|
|||||||
//sendConsoleText('TUNNEL: ' + JSON.stringify(data));
|
//sendConsoleText('TUNNEL: ' + JSON.stringify(data));
|
||||||
var tunnel = http.request(woptions);
|
var tunnel = http.request(woptions);
|
||||||
tunnel.upgrade = onTunnelUpgrade;
|
tunnel.upgrade = onTunnelUpgrade;
|
||||||
tunnel.on('error', function (e) { sendConsoleText("ERROR: " + JSON.stringify(e)); });
|
tunnel.on('error', function (e) { sendConsoleText("ERROR: Unable to connect relay tunnel to: " + this.url + ", " + JSON.stringify(e)); });
|
||||||
tunnel.sessionid = data.sessionid;
|
tunnel.sessionid = data.sessionid;
|
||||||
tunnel.rights = data.rights;
|
tunnel.rights = data.rights;
|
||||||
tunnel.consent = data.consent;
|
tunnel.consent = data.consent;
|
||||||
@ -2428,7 +2428,7 @@ function createMeshCore(agent) {
|
|||||||
} catch (e) { response = 'Invalid HTTP websocket request'; }
|
} catch (e) { response = 'Invalid HTTP websocket request'; }
|
||||||
if (httprequest != null) {
|
if (httprequest != null) {
|
||||||
httprequest.upgrade = onWebSocketUpgrade;
|
httprequest.upgrade = onWebSocketUpgrade;
|
||||||
httprequest.on('error', function (e) { sendConsoleText('ERROR: ' + JSON.stringify(e)); });
|
httprequest.on('error', function (e) { sendConsoleText("ERROR: Unable to connect to: " + this.url + ", " + JSON.stringify(e)); });
|
||||||
|
|
||||||
var index = 1;
|
var index = 1;
|
||||||
while (consoleWebSockets[index]) { index++; }
|
while (consoleWebSockets[index]) { index++; }
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.4.7-f",
|
"version": "0.4.7-h",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
|||||||
23
webserver.js
23
webserver.js
@ -85,6 +85,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
obj.dnsDomains = {};
|
obj.dnsDomains = {};
|
||||||
obj.relaySessionCount = 0;
|
obj.relaySessionCount = 0;
|
||||||
obj.relaySessionErrorCount = 0;
|
obj.relaySessionErrorCount = 0;
|
||||||
|
obj.blockedUsers = 0;
|
||||||
|
obj.blockedAgents = 0;
|
||||||
obj.renderPages = null;
|
obj.renderPages = null;
|
||||||
obj.renderLanguages = [];
|
obj.renderLanguages = [];
|
||||||
|
|
||||||
@ -247,7 +249,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
sessionsCount: Object.keys(obj.sessionsCount).length,
|
sessionsCount: Object.keys(obj.sessionsCount).length,
|
||||||
wsrelays: Object.keys(obj.wsrelays).length,
|
wsrelays: Object.keys(obj.wsrelays).length,
|
||||||
wsPeerRelays: Object.keys(obj.wsPeerRelays).length,
|
wsPeerRelays: Object.keys(obj.wsPeerRelays).length,
|
||||||
tlsSessionStore: Object.keys(tlsSessionStore).length
|
tlsSessionStore: Object.keys(tlsSessionStore).length,
|
||||||
|
blockedUsers: obj.blockedUsers,
|
||||||
|
blockedAgents: obj.blockedAgents
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -453,6 +457,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
var ip;
|
var ip;
|
||||||
if (req.connection) { // HTTP(S) request
|
if (req.connection) { // HTTP(S) request
|
||||||
ip = req.ip;
|
ip = req.ip;
|
||||||
|
|
||||||
if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { res.sendStatus(401); } return true; } } }
|
if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { res.sendStatus(401); } return true; } } }
|
||||||
if (closeIfThis === false) { res.sendStatus(401); }
|
if (closeIfThis === false) { res.sendStatus(401); }
|
||||||
} else if (req._socket) { // WebSocket request
|
} else if (req._socket) { // WebSocket request
|
||||||
@ -472,21 +477,21 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
|
|
||||||
// Check if the source IP address is allowed, return domain if allowed
|
// Check if the source IP address is allowed, return domain if allowed
|
||||||
function checkUserIpAddress(req, res) {
|
function checkUserIpAddress(req, res) {
|
||||||
if ((obj.userBlockedIp != null) && (checkIpAddressEx(req, res, obj.userBlockedIp, true) == true)) { return null; }
|
if ((parent.config.settings.userblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userblockedip, true) == true)) { obj.blockedUsers++; return null; }
|
||||||
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) == false)) { return null; }
|
if ((parent.config.settings.userallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userallowedip, false) == false)) { obj.blockedUsers++; return null; }
|
||||||
const domain = (req.url ? getDomain(req) : getDomain(res));
|
const domain = (req.url ? getDomain(req) : getDomain(res));
|
||||||
if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { return null; }
|
if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { obj.blockedUsers++; return null; }
|
||||||
if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { return null; }
|
if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { obj.blockedUsers++; return null; }
|
||||||
return domain;
|
return domain;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the source IP address is allowed, return domain if allowed
|
// Check if the source IP address is allowed, return domain if allowed
|
||||||
function checkAgentIpAddress(req, res) {
|
function checkAgentIpAddress(req, res) {
|
||||||
if ((obj.agentBlockedIp != null) && (checkIpAddressEx(req, res, obj.agentBlockedIp, null) == true)) { return null; }
|
if ((parent.config.settings.agentblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentblockedip, true) == true)) { obj.blockedAgents++; return null; }
|
||||||
if ((obj.agentAllowedIp != null) && (checkIpAddressEx(req, res, obj.agentAllowedIp, null) == false)) { return null; }
|
if ((parent.config.settings.agentallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentallowedip, false) == false)) { obj.blockedAgents++; return null; }
|
||||||
const domain = (req.url ? getDomain(req) : getDomain(res));
|
const domain = (req.url ? getDomain(req) : getDomain(res));
|
||||||
if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { return null; }
|
if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { obj.blockedAgents++; return null; }
|
||||||
if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { return null; }
|
if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { obj.blockedAgents++; return null; }
|
||||||
return domain;
|
return domain;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user