Removed IP check for intra-server comms
parent
326ac86c8c
commit
f8a98f3a52
13
admin/add.js
13
admin/add.js
|
@ -6,19 +6,8 @@
|
||||||
const env = require(process.argv[2]||'../env.json')
|
const env = require(process.argv[2]||'../env.json')
|
||||||
const fs = require('fs').promises
|
const fs = require('fs').promises
|
||||||
|
|
||||||
// Get secret
|
|
||||||
const local_secret = env.SERVERS.filter(
|
|
||||||
(server) => server.host === env.LOCAL_SERVER
|
|
||||||
)[0].secret
|
|
||||||
|
|
||||||
module.exports = async (req, res) => {
|
module.exports = async (req, res) => {
|
||||||
|
|
||||||
// Check secret auth
|
|
||||||
if (req.query['secret']!==local_secret) {
|
|
||||||
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
|
||||||
return res.sendStatus(403)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add request body to wg config
|
// Add request body to wg config
|
||||||
try {
|
try {
|
||||||
await fs.appendFile(env.WG_CONFIG_FILE, req.body)
|
await fs.appendFile(env.WG_CONFIG_FILE, req.body)
|
||||||
|
|
13
admin/del.js
13
admin/del.js
|
@ -6,23 +6,12 @@
|
||||||
const env = require(process.argv[2]||'../env.json')
|
const env = require(process.argv[2]||'../env.json')
|
||||||
const fs = require('fs').promises
|
const fs = require('fs').promises
|
||||||
|
|
||||||
// Get secret
|
|
||||||
const local_secret = env.SERVERS.filter(
|
|
||||||
(server) => server.host === env.LOCAL_SERVER
|
|
||||||
)[0].secret
|
|
||||||
|
|
||||||
module.exports = async (req, res) => {
|
module.exports = async (req, res) => {
|
||||||
console.log(`Received delete from ${req.requester} for ${req.body}`)
|
console.log(`Received delete from ${req.requester} for ${req.body}`)
|
||||||
let config
|
let config
|
||||||
|
|
||||||
// Check secret
|
|
||||||
if (req.query['secret']!==local_secret) {
|
|
||||||
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
|
||||||
return res.sendStatus(403)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Read config file
|
// Read config file
|
||||||
else try {
|
try {
|
||||||
const config_file = await fs.readFile(env.WG_CONFIG_FILE)
|
const config_file = await fs.readFile(env.WG_CONFIG_FILE)
|
||||||
config = config_file.toString()
|
config = config_file.toString()
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,9 @@ for (const server of env.SERVERS) {
|
||||||
}
|
}
|
||||||
const DNS_SERVERS_STRING = DNS_SERVERS.join(', ')
|
const DNS_SERVERS_STRING = DNS_SERVERS.join(', ')
|
||||||
|
|
||||||
|
const local_secret = env.SERVERS.filter(
|
||||||
|
(server) => server.host === env.LOCAL_SERVER
|
||||||
|
)[0].secret
|
||||||
|
|
||||||
// Actual middleware
|
// Actual middleware
|
||||||
// These functions run every request so keep them lean
|
// These functions run every request so keep them lean
|
||||||
|
@ -46,13 +49,13 @@ module.exports = {
|
||||||
next()
|
next()
|
||||||
},
|
},
|
||||||
|
|
||||||
// Block clients, only allow servers (for intra-server peer sharing)
|
// Authenticate servers with secret
|
||||||
allowServers: (req, res, next) => {
|
allowServers: (req, res, next) => {
|
||||||
if (SERVER_IPS.includes(req.requester)) next()
|
// Check secret
|
||||||
else {
|
if (req.query['secret']!==local_secret) {
|
||||||
console.log(`Rejected request to ${req.path} from ${req.requester} not in SERVER_IPS`)
|
console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
|
||||||
res.sendStatus(403)
|
return res.sendStatus(403)
|
||||||
}
|
} else next()
|
||||||
},
|
},
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue