mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 21:55:52 -05:00
Added support for CIDR address checking in UserAllowedIP setting.
This commit is contained in:
parent
7c1812e79e
commit
9e520998bd
@ -252,6 +252,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
if (obj.args.mpsaliasport != null && (typeof obj.args.mpsaliasport != 'number')) obj.args.mpsaliasport = null;
|
||||
if (obj.args.notls == null && obj.args.redirport == null) obj.args.redirport = 80;
|
||||
if (obj.args.minifycore === 0) obj.args.minifycore = false;
|
||||
if (typeof obj.args.userallowedip == 'string') { if (obj.args.userallowedip == '') { obj.args.userallowedip = null; } else { obj.args.userallowedip = obj.userallowedip.split(','); } }
|
||||
if (typeof obj.args.debug == 'number') obj.debugLevel = obj.args.debug;
|
||||
if (obj.args.debug == true) obj.debugLevel = 1;
|
||||
obj.db = require('./db.js').CreateDB(obj);
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.5-q",
|
||||
"version": "0.2.5-r",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
@ -35,6 +35,7 @@
|
||||
"express-handlebars": "^3.0.0",
|
||||
"express-session": "^1.15.6",
|
||||
"express-ws": "^4.0.0",
|
||||
"ipcheck": "^0.1.0",
|
||||
"meshcentral": "*",
|
||||
"minimist": "^1.2.0",
|
||||
"multiparty": "^4.2.1",
|
||||
|
@ -31,6 +31,7 @@
|
||||
"NewAccounts": 1,
|
||||
"Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
|
||||
"_CertUrl": "https://192.168.2.106:443/",
|
||||
"_UserAllowedIP": "127.0.0.1,192.168.1.0/24",
|
||||
"_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1 }
|
||||
},
|
||||
"customer1": {
|
||||
|
14
webserver.js
14
webserver.js
@ -292,8 +292,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (req.connection) { type = 1; ip = req.ip; } // HTTP(S) request
|
||||
else if (req._socket) { type = 2; ip = req._socket.remoteAddress; } // WebSocket request
|
||||
if (!ip) return false;
|
||||
if (ip.startsWith('::ffff:')) { ip = ip.substring(7); } // Fix IPv4 IP's encoded in IPv6 form
|
||||
if ((ip != null) && (allowedIpList.indexOf(ip) >= 0)) { return true; }
|
||||
for (var i = 0; i < allowedIpList.length; i++) { if (require('ipcheck').match(ip, allowedIpList[i])) { return true; } }
|
||||
if (type == 1) { res.sendStatus(401); }
|
||||
else if (type == 2) { try { req.close(); } catch (e) { } }
|
||||
} catch (e) { console.log(e); }
|
||||
@ -302,15 +301,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
|
||||
// Check if the source IP address is allowed, return domain if allowed
|
||||
function checkUserIpAddress(req, res, rootonly) {
|
||||
if (obj.userAllowedIp != null) {
|
||||
if (typeof obj.userAllowedIp == 'string') { if (obj.userAllowedIp == "") { obj.userAllowedIp = null; return true; } else { obj.userAllowedIp = obj.userAllowedIp.split(','); } }
|
||||
if (checkUserIpAddressEx(req, res, obj.userAllowedIp) == false) return null;
|
||||
}
|
||||
if (rootonly == true) return;
|
||||
if ((obj.userAllowedIp != null) && (checkUserIpAddressEx(req, res, obj.userAllowedIp) == false)) { return null; }
|
||||
if (rootonly == true) { return; }
|
||||
var domain;
|
||||
if (req.url) { domain = getDomain(req); } else { domain = getDomain(res); }
|
||||
if (domain.userallowedip == null) return domain;
|
||||
if (checkUserIpAddressEx(req, res, domain.userallowedip) == false) return null;
|
||||
if (checkUserIpAddressEx(req, res, domain.userallowedip) == false) { return null; }
|
||||
return domain;
|
||||
}
|
||||
|
||||
@ -321,7 +317,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
var x = req.url.split('/');
|
||||
if (x.length < 2) return parent.config.domains[''];
|
||||
var y = parent.config.domains[x[1].toLowerCase()];
|
||||
if ((y != null) && (y.dns == null)) return parent.config.domains[x[1].toLowerCase()];
|
||||
if ((y != null) && (y.dns == null)) { return parent.config.domains[x[1].toLowerCase()]; }
|
||||
return parent.config.domains[''];
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user