Improved IP blocking, improved relay tunnel error in meshcore.js

This commit is contained in:
Ylian Saint-Hilaire 2020-01-10 11:19:23 -08:00
parent 3427f242f1
commit b907100d8b
3 changed files with 17 additions and 12 deletions

View File

@ -629,7 +629,7 @@ function createMeshCore(agent) {
//sendConsoleText('TUNNEL: ' + JSON.stringify(data));
var tunnel = http.request(woptions);
tunnel.upgrade = onTunnelUpgrade;
tunnel.on('error', function (e) { sendConsoleText("ERROR: " + JSON.stringify(e)); });
tunnel.on('error', function (e) { sendConsoleText("ERROR: Unable to connect relay tunnel to: " + this.url + ", " + JSON.stringify(e)); });
tunnel.sessionid = data.sessionid;
tunnel.rights = data.rights;
tunnel.consent = data.consent;
@ -2428,7 +2428,7 @@ function createMeshCore(agent) {
} catch (e) { response = 'Invalid HTTP websocket request'; }
if (httprequest != null) {
httprequest.upgrade = onWebSocketUpgrade;
httprequest.on('error', function (e) { sendConsoleText('ERROR: ' + JSON.stringify(e)); });
httprequest.on('error', function (e) { sendConsoleText("ERROR: Unable to connect to: " + this.url + ", " + JSON.stringify(e)); });
var index = 1;
while (consoleWebSockets[index]) { index++; }

View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.4.7-f",
"version": "0.4.7-h",
"keywords": [
"Remote Management",
"Intel AMT",

View File

@ -85,6 +85,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.dnsDomains = {};
obj.relaySessionCount = 0;
obj.relaySessionErrorCount = 0;
obj.blockedUsers = 0;
obj.blockedAgents = 0;
obj.renderPages = null;
obj.renderLanguages = [];
@ -247,7 +249,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
sessionsCount: Object.keys(obj.sessionsCount).length,
wsrelays: Object.keys(obj.wsrelays).length,
wsPeerRelays: Object.keys(obj.wsPeerRelays).length,
tlsSessionStore: Object.keys(tlsSessionStore).length
tlsSessionStore: Object.keys(tlsSessionStore).length,
blockedUsers: obj.blockedUsers,
blockedAgents: obj.blockedAgents
};
}
@ -453,6 +457,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var ip;
if (req.connection) { // HTTP(S) request
ip = req.ip;
if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { res.sendStatus(401); } return true; } } }
if (closeIfThis === false) { res.sendStatus(401); }
} else if (req._socket) { // WebSocket request
@ -472,21 +477,21 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check if the source IP address is allowed, return domain if allowed
function checkUserIpAddress(req, res) {
if ((obj.userBlockedIp != null) && (checkIpAddressEx(req, res, obj.userBlockedIp, true) == true)) { return null; }
if ((obj.userAllowedIp != null) && (checkIpAddressEx(req, res, obj.userAllowedIp, false) == false)) { return null; }
if ((parent.config.settings.userblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userblockedip, true) == true)) { obj.blockedUsers++; return null; }
if ((parent.config.settings.userallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.userallowedip, false) == false)) { obj.blockedUsers++; return null; }
const domain = (req.url ? getDomain(req) : getDomain(res));
if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { return null; }
if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { return null; }
if ((domain.userblockedip != null) && (checkIpAddressEx(req, res, domain.userblockedip, true) == true)) { obj.blockedUsers++; return null; }
if ((domain.userallowedip != null) && (checkIpAddressEx(req, res, domain.userallowedip, false) == false)) { obj.blockedUsers++; return null; }
return domain;
}
// Check if the source IP address is allowed, return domain if allowed
function checkAgentIpAddress(req, res) {
if ((obj.agentBlockedIp != null) && (checkIpAddressEx(req, res, obj.agentBlockedIp, null) == true)) { return null; }
if ((obj.agentAllowedIp != null) && (checkIpAddressEx(req, res, obj.agentAllowedIp, null) == false)) { return null; }
if ((parent.config.settings.agentblockedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentblockedip, true) == true)) { obj.blockedAgents++; return null; }
if ((parent.config.settings.agentallowedip != null) && (checkIpAddressEx(req, res, parent.config.settings.agentallowedip, false) == false)) { obj.blockedAgents++; return null; }
const domain = (req.url ? getDomain(req) : getDomain(res));
if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { return null; }
if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { return null; }
if ((domain.agentblockedip != null) && (checkIpAddressEx(req, res, domain.agentblockedip, null) == true)) { obj.blockedAgents++; return null; }
if ((domain.agentallowedip != null) && (checkIpAddressEx(req, res, domain.agentallowedip, null) == false)) { obj.blockedAgents++; return null; }
return domain;
}