Removed IP check for intra-server comms

2021-12-12 22:24:21 -07:00 · 2021-12-12 22:24:21 -07:00 · f8a98f3a52
parent 326ac86c8c
commit f8a98f3a52
3 changed files with 11 additions and 30 deletions
--- a/admin/add.js
+++ b/admin/add.js
@ -6,19 +6,8 @@
 const env = require(process.argv[2]||'../env.json')
 const fs = require('fs').promises

-// Get secret
-const local_secret = env.SERVERS.filter(
-	(server) => server.host === env.LOCAL_SERVER
-)[0].secret
-
 module.exports = async (req, res) => {
-	
-	// Check secret auth
-	if (req.query['secret']!==local_secret) {
-		console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
-		return res.sendStatus(403)
-	}
-	
+
 	// Add request body to wg config
 	try {
 		await fs.appendFile(env.WG_CONFIG_FILE, req.body)
--- a/admin/del.js
+++ b/admin/del.js
@ -6,23 +6,12 @@
 const env = require(process.argv[2]||'../env.json')
 const fs = require('fs').promises

-// Get secret
-const local_secret = env.SERVERS.filter(
-	(server) => server.host === env.LOCAL_SERVER
-)[0].secret
-
 module.exports = async (req, res) => {
 	console.log(`Received delete from ${req.requester} for ${req.body}`)
 	let config
-
-	// Check secret
-	if (req.query['secret']!==local_secret) {
-		console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
-		return res.sendStatus(403)
-	}
 		
 	// Read config file
-	else try {
+	try {
 		const config_file = await fs.readFile(env.WG_CONFIG_FILE)
 		config = config_file.toString()
 	}
--- a/includes/middleware.js
+++ b/includes/middleware.js
@ -16,6 +16,9 @@ for (const server of env.SERVERS) {
 }
 const DNS_SERVERS_STRING = DNS_SERVERS.join(', ')

+const local_secret = env.SERVERS.filter(
+	(server) => server.host === env.LOCAL_SERVER
+)[0].secret

 // Actual middleware
 // These functions run every request so keep them lean
@ -46,13 +49,13 @@ module.exports = {
 			next()
 		},
 	
-	// Block clients, only allow servers (for intra-server peer sharing)
+	// Authenticate servers with secret
 	allowServers: (req, res, next) => {
-		if (SERVER_IPS.includes(req.requester)) next()
-		else {
-			console.log(`Rejected request to ${req.path} from ${req.requester} not in SERVER_IPS`)
-			res.sendStatus(403)
-		}
+		// Check secret
+		if (req.query['secret']!==local_secret) {
+			console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
+			return res.sendStatus(403)
+		} else next()
 	},
 	
 }