mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 14:45:52 -05:00
Changed the web relay system to correctly with multiple DNS names, #4242
This commit is contained in:
parent
2107a1c5c0
commit
bd9739e106
@ -5635,7 +5635,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
ws.send(JSON.stringify({
|
||||
action: 'authcookie',
|
||||
cookie: parent.parent.encodeCookie({ userid: user._id, domainid: domain.id, ip: req.clientIp }, parent.parent.loginCookieEncryptionKey),
|
||||
rcookie: parent.parent.encodeCookie({ ruserid: user._id }, parent.parent.loginCookieEncryptionKey)
|
||||
rcookie: parent.parent.encodeCookie({ ruserid: user._id, x: req.session.x }, parent.parent.loginCookieEncryptionKey)
|
||||
}));
|
||||
} catch (ex) { }
|
||||
}
|
||||
|
@ -8119,7 +8119,7 @@
|
||||
var servername = serverinfo.name;
|
||||
if ((servername.indexOf('.') == -1) || ((features & 2) != 0)) { servername = window.location.hostname; } // If the server name is not set or it's in LAN-only mode, use the URL hostname as server name.
|
||||
if (webRelayDns != '') { servername = webRelayDns; }
|
||||
var url = 'https://' + servername + ':' + webRelayPort + '/control-redirect.ashx?n=' + nodeid + '&p=' + port + '&appid=' + protocol; // Protocol: 1 = HTTP, 2 = HTTPS
|
||||
var url = 'https://' + servername + ':' + webRelayPort + '/control-redirect.ashx?n=' + nodeid + '&p=' + port + '&appid=' + protocol + '&c=' + authRelayCookie; // Protocol: 1 = HTTP, 2 = HTTPS
|
||||
if (addr != null) { url += '&addr=' + addr; }
|
||||
if (relayid != null) { url += '&relayid=' + relayid; }
|
||||
safeNewWindow(url, 'WebRelay');
|
||||
|
@ -120,7 +120,7 @@ module.exports.CreateWebRelayServer = function (parent, db, args, certificates,
|
||||
return next();
|
||||
} else {
|
||||
// If this is a normal request (GET, POST, etc) handle it here
|
||||
if ((req.session.userid != null) && (req.session.x != null)) {
|
||||
if ((req.session.userid != null) && (req.session.x != null) && (parent.webserver.destroyedSessions[req.session.userid + '/' + req.session.x] == null)) {
|
||||
var relaySession = relaySessions[req.session.userid + '/' + req.session.x];
|
||||
if (relaySession != null) {
|
||||
// The web relay session is valid, use it
|
||||
@ -153,7 +153,7 @@ module.exports.CreateWebRelayServer = function (parent, db, args, certificates,
|
||||
|
||||
// Handle incoming web socket calls
|
||||
obj.app.ws('/*', function (ws, req) {
|
||||
if ((req.session.userid != null) && (req.session.x != null)) {
|
||||
if ((req.session.userid != null) && (req.session.x != null) && (parent.webserver.destroyedSessions[req.session.userid + '/' + req.session.x] == null)) {
|
||||
var relaySession = relaySessions[req.session.userid + '/' + req.session.x];
|
||||
if (relaySession != null) {
|
||||
// The multi-tunnel session is valid, use it
|
||||
@ -170,12 +170,21 @@ module.exports.CreateWebRelayServer = function (parent, db, args, certificates,
|
||||
|
||||
// This is the magic URL that will setup the relay session
|
||||
obj.app.get('/control-redirect.ashx', function (req, res) {
|
||||
if ((req.session == null) || (req.session.userid == null)) { res.redirect('/'); return; }
|
||||
res.set({ 'Cache-Control': 'no-store' });
|
||||
parent.debug('webrelay', 'webRelaySetup');
|
||||
|
||||
// Decode the relay cookie
|
||||
if (req.query.c != null) {
|
||||
// Decode and check if this relay cookie is valid
|
||||
const urlCookie = obj.parent.decodeCookie(req.query.c, parent.loginCookieEncryptionKey);
|
||||
if ((urlCookie != null) && (urlCookie.ruserid != null) && (urlCookie.x != null) && (parent.webserver.destroyedSessions[urlCookie.ruserid + '/' + urlCookie.x] == null)) {
|
||||
if (req.session.x != urlCookie.x) { req.session.x = urlCookie.x; } // Set the sessionid if missing
|
||||
if (req.session.userid != urlCookie.ruserid) { req.session.userid = urlCookie.ruserid; } // Set the session userid if missing
|
||||
}
|
||||
}
|
||||
|
||||
// Check that all the required arguments are present
|
||||
if ((req.session.userid == null) || (req.session.x == null) || (req.query.n == null) || (req.query.p == null) || ((req.query.appid != 1) && (req.query.appid != 2))) { res.redirect('/'); return; }
|
||||
if ((req.session.userid == null) || (req.session.x == null) || (req.query.n == null) || (req.query.p == null) || (parent.webserver.destroyedSessions[req.session.userid + '/' + req.session.x] != null) || ((req.query.appid != 1) && (req.query.appid != 2))) { res.redirect('/'); return; }
|
||||
|
||||
// Get the user and domain information
|
||||
const userid = req.session.userid;
|
||||
|
21
webserver.js
21
webserver.js
@ -84,7 +84,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
obj.blockedAgents = 0;
|
||||
obj.renderPages = null;
|
||||
obj.renderLanguages = [];
|
||||
obj.destroyedSessions = {};
|
||||
obj.destroyedSessions = {}; // userid/req.session.x --> destroyed session time
|
||||
|
||||
// Web relay sessions
|
||||
var webRelayNextSessionId = 1;
|
||||
@ -2799,7 +2799,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
|
||||
// Create a authentication cookie
|
||||
const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);
|
||||
const authRelayCookie = obj.parent.encodeCookie({ ruserid: dbGetFunc.user._id, domainid: domain.id }, obj.parent.loginCookieEncryptionKey);
|
||||
const authRelayCookie = obj.parent.encodeCookie({ ruserid: dbGetFunc.user._id, x: req.session.x }, obj.parent.loginCookieEncryptionKey);
|
||||
|
||||
// Send the main web application
|
||||
var extras = (dbGetFunc.req.query.key != null) ? ('&key=' + dbGetFunc.req.query.key) : '';
|
||||
@ -6587,12 +6587,21 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
obj.webRelayRouter.get('/control-redirect.ashx', function (req, res, next) {
|
||||
if (req.headers.host != obj.args.relaydns) { res.sendStatus(404); return; }
|
||||
if ((req.session.userid == null) && obj.args.user && obj.users['user//' + obj.args.user.toLowerCase()]) { req.session.userid = 'user//' + obj.args.user.toLowerCase(); } // Use a default user if needed
|
||||
if ((req.session == null) || (req.session.userid == null)) { res.redirect('/'); return; }
|
||||
res.set({ 'Cache-Control': 'no-store' });
|
||||
parent.debug('web', 'webRelaySetup');
|
||||
|
||||
// Decode the relay cookie
|
||||
if (req.query.c != null) {
|
||||
// Decode and check if this relay cookie is valid
|
||||
const urlCookie = obj.parent.decodeCookie(req.query.c, obj.parent.loginCookieEncryptionKey);
|
||||
if ((urlCookie != null) && (urlCookie.ruserid != null) && (urlCookie.x != null)) {
|
||||
if (req.session.x != urlCookie.x) { req.session.x = urlCookie.x; } // Set the sessionid if missing
|
||||
if (req.session.userid != urlCookie.ruserid) { req.session.userid = urlCookie.ruserid; } // Set the session userid if missing
|
||||
}
|
||||
}
|
||||
|
||||
// Check that all the required arguments are present
|
||||
if ((req.session.userid == null) || (req.session.x == null) || (req.query.n == null) || (req.query.p == null) || ((req.query.appid != 1) && (req.query.appid != 2))) { res.redirect('/'); return; }
|
||||
if ((req.session.userid == null) || (req.session.x == null) || (req.query.n == null) || (req.query.p == null) || ((obj.destroyedSessions[req.session.userid + '/' + req.session.x] != null)) || ((req.query.appid != 1) && (req.query.appid != 2))) { res.redirect('/'); return; }
|
||||
|
||||
// Get the user and domain information
|
||||
const userid = req.session.userid;
|
||||
@ -6691,7 +6700,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
|
||||
// Handle an incoming request as a web relay
|
||||
function handleWebRelayRequest(req, res) {
|
||||
if ((req.session.userid != null) && (req.session.x != null)) {
|
||||
if ((req.session.userid != null) && (req.session.x != null) && (obj.destroyedSessions[req.session.userid + '/' + req.session.x] == null)) {
|
||||
var relaySession = webRelaySessions[req.session.userid + '/' + req.session.x];
|
||||
if (relaySession != null) {
|
||||
// The web relay session is valid, use it
|
||||
@ -6708,7 +6717,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
|
||||
// Handle an incoming websocket connection as a web relay
|
||||
function handleWebRelayWebSocket(ws, req) {
|
||||
if ((req.session.userid != null) && (req.session.x != null)) {
|
||||
if ((req.session.userid != null) && (req.session.x != null) && (obj.destroyedSessions[req.session.userid + '/' + req.session.x] == null)) {
|
||||
var relaySession = webRelaySessions[req.session.userid + '/' + req.session.x];
|
||||
if (relaySession != null) {
|
||||
// The multi-tunnel session is valid, use it
|
||||
|
Loading…
Reference in New Issue
Block a user