mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 22:55:52 -05:00
Added userRequiredHttpHeader support in domain section of the config.json, #4011
This commit is contained in:
parent
63f511bc5e
commit
1571ce03f0
@ -561,6 +561,7 @@
|
||||
}
|
||||
},
|
||||
"ipBlockedUserRedirect" : { "type": "string", "default": null, "description": "If set, a user from a banned IP address will be redirected to this URL." },
|
||||
"userRequiredHttpHeader": { "type": "object", "default": null, "description": "When set, requires that a browser request have set HTTP header to allow user login. Example: \"{ \"Sec-Fetch-Dest\": \"iframe\" }\"" },
|
||||
"userAllowedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, only users from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
|
||||
"userBlockedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, users from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
|
||||
"agentAllowedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, only agents from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
|
||||
|
@ -764,6 +764,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if (domain.auth == 'sspi') { parent.debug('web', 'handleLogoutRequest: failed checks.'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
|
||||
// If a HTTP header is required, check new UserRequiredHttpHeader
|
||||
if (domain.userrequiredhttpheader && (typeof domain.userrequiredhttpheader == 'object')) { var ok = false; for (var i in req.headers) { if (domain.userrequiredhttpheader[i.toLowerCase()] == req.headers[i]) { ok = true; } } if (ok == false) { res.sendStatus(404); return; } }
|
||||
|
||||
res.set({ 'Cache-Control': 'no-store' });
|
||||
// Destroy the user's session to log them out will be re-created next request
|
||||
var userid = req.session.userid;
|
||||
@ -2547,6 +2550,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (!obj.args) { parent.debug('web', 'handleRootRequest: no obj.args.'); res.sendStatus(500); return; }
|
||||
|
||||
// If a HTTP header is required, check new UserRequiredHttpHeader
|
||||
if (domain.userrequiredhttpheader && (typeof domain.userrequiredhttpheader == 'object')) { var ok = false; for (var i in req.headers) { if (domain.userrequiredhttpheader[i.toLowerCase()] == req.headers[i]) { ok = true; } } if (ok == false) { res.sendStatus(404); return; } }
|
||||
|
||||
// If the session is expired, clear it.
|
||||
if ((req.session != null) && (typeof req.session.expire == 'number') && ((req.session.expire - Date.now()) <= 0)) { for (var i in req.session) { delete req.session[i]; } }
|
||||
|
||||
@ -3074,6 +3080,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.end("Not Found"); return; } // Check 3FA URL key
|
||||
parent.debug('web', 'handleRootPostRequest, action: ' + req.body.action);
|
||||
|
||||
// If a HTTP header is required, check new UserRequiredHttpHeader
|
||||
if (domain.userrequiredhttpheader && (typeof domain.userrequiredhttpheader == 'object')) { var ok = false; for (var i in req.headers) { if (domain.userrequiredhttpheader[i.toLowerCase()] == req.headers[i]) { ok = true; } } if (ok == false) { res.sendStatus(404); return; } }
|
||||
|
||||
switch (req.body.action) {
|
||||
case 'login': { handleLoginRequest(req, res, true); break; }
|
||||
case 'tokenlogin': {
|
||||
|
Loading…
Reference in New Issue
Block a user