Removed IP check for intra-server comms
parent
326ac86c8c
commit
f8a98f3a52
13
admin/add.js
13
admin/add.js
|
@ -6,19 +6,8 @@
|
|||
const env = require(process.argv[2]||'../env.json')
|
||||
const fs = require('fs').promises
|
||||
|
||||
// Get secret
|
||||
const local_secret = env.SERVERS.filter(
|
||||
(server) => server.host === env.LOCAL_SERVER
|
||||
)[0].secret
|
||||
|
||||
module.exports = async (req, res) => {
|
||||
|
||||
// Check secret auth
|
||||
if (req.query['secret']!==local_secret) {
|
||||
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
|
||||
// Add request body to wg config
|
||||
try {
|
||||
await fs.appendFile(env.WG_CONFIG_FILE, req.body)
|
||||
|
|
13
admin/del.js
13
admin/del.js
|
@ -6,23 +6,12 @@
|
|||
const env = require(process.argv[2]||'../env.json')
|
||||
const fs = require('fs').promises
|
||||
|
||||
// Get secret
|
||||
const local_secret = env.SERVERS.filter(
|
||||
(server) => server.host === env.LOCAL_SERVER
|
||||
)[0].secret
|
||||
|
||||
module.exports = async (req, res) => {
|
||||
console.log(`Received delete from ${req.requester} for ${req.body}`)
|
||||
let config
|
||||
|
||||
// Check secret
|
||||
if (req.query['secret']!==local_secret) {
|
||||
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
// Read config file
|
||||
else try {
|
||||
try {
|
||||
const config_file = await fs.readFile(env.WG_CONFIG_FILE)
|
||||
config = config_file.toString()
|
||||
}
|
||||
|
|
|
@ -16,6 +16,9 @@ for (const server of env.SERVERS) {
|
|||
}
|
||||
const DNS_SERVERS_STRING = DNS_SERVERS.join(', ')
|
||||
|
||||
const local_secret = env.SERVERS.filter(
|
||||
(server) => server.host === env.LOCAL_SERVER
|
||||
)[0].secret
|
||||
|
||||
// Actual middleware
|
||||
// These functions run every request so keep them lean
|
||||
|
@ -46,13 +49,13 @@ module.exports = {
|
|||
next()
|
||||
},
|
||||
|
||||
// Block clients, only allow servers (for intra-server peer sharing)
|
||||
// Authenticate servers with secret
|
||||
allowServers: (req, res, next) => {
|
||||
if (SERVER_IPS.includes(req.requester)) next()
|
||||
else {
|
||||
console.log(`Rejected request to ${req.path} from ${req.requester} not in SERVER_IPS`)
|
||||
res.sendStatus(403)
|
||||
}
|
||||
// Check secret
|
||||
if (req.query['secret']!==local_secret) {
|
||||
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
||||
return res.sendStatus(403)
|
||||
} else next()
|
||||
},
|
||||
|
||||
}
|
Loading…
Reference in New Issue