From 1f105e37a2325eb596419f53b876af163b8b3597 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 7 May 2020 14:48:51 -0700 Subject: [PATCH] Router fixes, Relay Fixes, 2FA fixes, support for many trusted proxies addresses. --- agents/MeshCentralRouter.exe | Bin 1726616 -> 1726616 bytes meshcentral.js | 2 ++ meshrelay.js | 5 +++-- meshuser.js | 2 +- package.json | 2 +- public/scripts/filesaver.min.js | 3 +-- sample-config.json | 4 ++-- webserver.js | 7 ++++--- 8 files changed, 14 insertions(+), 11 deletions(-) diff --git a/agents/MeshCentralRouter.exe b/agents/MeshCentralRouter.exe index 7a1a82cefa1f2f9990249f12e66bb6c4c2ec1850..68d91120ecd7060ee35a9a6d70df23d89f264a14 100644 GIT binary patch delta 12148 zcmbVS2UrwW*S>dlci6t{F6=H#FT&Dc0Rel9MzLTlvBwfSIx1)q5f`GOMn%o2V=Rd+ zYAi_<6+2k4cS#hI5REC=O=367f9{=ui1GWLKOfIC@0@neIrrRq?hFHqw+vsrW%#@q zGW&#W^Jn?uiuqr}%J3fh{O{`F89c^eiuAoUmnd!WC$8fNm zu%kbQ3@;U3NvxA0_jiUIWQdSA7m6VH?~$>maj=-$U@ooj=FV6$-h1~IRvgdcJ)T~# z*k_9NnOqtlyCwbH_^4tsvT<=T@SBVM`98%q;5QdXYrByG zltBTQ%x?Uz#SMqjp@^A$7Gwc^TOgF#otRuACX>(A6<#Jn$8uP4#Jpga!9DYBFn07H z;hD)j;bx)3GkXyq<-|OjAlI9BFZFEE2c)5*1jc_x#`gu0WYdpm!Oc5xf7wk1bwf~e z<1e|P@;Yv)O+Vgzpn(_7t3P-`jN?<9u$agIe#n6UJb<5mAPf)WzdB%N2Z2%MyZqS$ zUY5Zm@(XNcjck-6Wr7SLqkW)D1b|tUVkU!B z+(^Qykx|WM5K3dzaHD{*#pr+<4U}cX3t1$#nzcr4Y9#~C+(5yB0yaNc9^l3hGl-}& z>Qeay2g8O^41;IQ<@%XSuFIpIr(e#?am}&|mDqks#sirU{@I_W?IPC)NeOewE@=|$Bb;@IU zr939FJpNX3mHwZ}{G&dvOGrnWp-x6&VwL_wMpBg^Bffp<2;UE2E?Mbtew!^u3paqw zOj=Y=ZX$oNbUvF6GH8ksM|?xb&f+GK5uIQJmjjee`SKtYjM;dkt!Xl7zz>PVN#oh0 zfnl#14^8CuvInCQTy#9z9#7_%9(DS;NHCI~7Aa*W%;f^FMvgqVvD}CJ&7)0l4j*ys zLsoRnZ#|amIR%uV%E{*;IE8}YZrl|9#WCxfXJ+kB;|DdCk1kGU}I`1|i|B(6~i8ktnkGt5_}{#N2fL z>Irjea=dahXB7GNOQZa)30n501Hz(JMkPx={KJV8x+NVmYFydy6#nUn1pEOXbJ7Rs zw3E?zCjY_7ASLxK=VtP&PX>eH=*h+!Qo(VP>!C5+N4()wAUqu6Pm#w;{HZ|xqf@{6 z&jNjqpAz!4&|8GLm90FyiKz$B#K<;r~3{A+C-q z@|) z5)MC6%q@IXx`-ctJ_t_u#pkDDf%m=8+D%HiaKwc{7R5haJQt1CBS?J5xE7(mH5Ru}fU5{L2X z!Z}yl%JCZh(l3KOJ_ofr60s3YU)7YAK+F#|8^|k4vN20wA>+*))XgDTubp=itJsYtq-_`A99!YDYzS=F9i1}qI>28 zvQXRjlDkpxns@tdZ@hzVdv6-x*?WGbB4YIShGDWJ1$T@+c=PXnyjmEYs9%fM|11-X2Wu!3;0sJn9<@;&B}X2R zBnWF7>} ziG<;>Y80t+l8#3J(jr96p>?DeNbV5d>p?Som|yy!k(r!wOm-}cvM||kaN|n(8xOkH z{~sM^J&?kcvAF^f*@x8sj*@FMgDWPZpkjWXAXufAz5^-o!t8Tu)1)xX~!wY2NW9x;BMA zPg=k{KYOwlpW*vFT?Y8%X-cg&mxqc+rHtK*)>y z&o4T+AY{%#cv@Jbs<3E31Z_>KA|}R_fr;AA_L#F1p70t`Xn}&lQQ~IjzTw}i?v9K3 zGu5fMc%c$6!d(}Bh7+Ry(aTN9!tMlLbvnEOkuF+TjXiNuktfCx81EOFF*wNkm6Omc zH_B^TUdUnaf9`qV4uhqphenU8X?p10|E=jsi`Q*>@&ZDe9)3B7qnkE;V?t&Ve6{Jr z{@(R3H~nkJzS8tB4;9?xxHaA(}->^mLtmCu_=Ni%5Oe?f3A%XMRX9v$!QbEWFL)(Nf2^ zfYH$LElH-Nw|mogsvA(YatEEsO@31?+It)1|b9*5%+L2JMXxUbO6fa~FY z!Vm-OgkoW{0e8exgue{f-+BfHBRH=cLM)?7!DP25Rh=R@-Eq;sJ03!W3?p8vB=2B) zIrpt#H{qdmxNu>s3CFW8Fvv0s*MY_!g0~qb;!8rh8OQjLi5L}jqoU4KK*(|>!V)u1 zrqyD(euVK6?wfJLK+zj~vr)5_C0PM56%A`$k_G1w*0Q!GSsp^V2ew)-gBS83Ccp5z z!?Kc4GVZW2*#obv$*7(uPR6-HUr*csR%fv%K90Kz11&hBaY_S(f+r)i2JTZ+fbNnt zZusb-nRHbEm(>SZw=U@L7YMn7Ft|;(wyoe^2K*%9xCNH|vY@iUtAIyQk`?!qyXWKj zzATzfF~rfrRP?Dgp2WCzYcU!XyB{z(@F1Xy;?uw*K);Pn05-3G2Jj)JyJ8~wm1;kw z^Z=?oL+MeJj%J8Wdf)}XcPKu#{l_RSF#5M)&eZ=FMu}m>kYX4yMEUhtUe80<5s>0Xrfy;7CN| z*)-p2h%C)SOl%ra6chcPTB@ms5KL_1DDI**Y4Cjqqux|Ikjh6>yic{IRO{MG)!$P^ z6~#^r2@`22;rr4;b)@UMfR=qK#on~Y%_zE26svfEY7?mkv7+M6NTS{r)5%;4Ac?+3 zY2*sEK^So>tqCNGO6uYwrAw1YD!1u?YxRhw;O7h2EI0`8J)bbZaVQEN?x3z`QyfjP zn$Er_P0LPaIhE4mP#A>SL$~LK1hPrH%E*@dn9_|DMDlV%y+d1o{gy;x(?&z^sQH1` z#i9bbd&!P{U8dzU(+_DXS7|C@x<|cRL()q_AHb;G7=nI&1Va>QAn#%z;r${zLCDz1 z9)RuiB;;5K$)W`e=?m|8Ko?p^87E=TyR@~$?B1d|me2v~D2i<+HrP`Yag-K209^kV zJsd)IWyb>ccN-6Ab^AbPL=S>{DUC=GLeLbK1M)%1d4O7W8el>6OhDHhdRyrr9l6k1 z0HQA_&cQs;J`AtxoO_RUZN8DXSOLhQ?l3=$NDXS1z>r90ET2zN<)c!3&lh9 zJb1a@KCaNk;PeQ)92{A7WY{V{GT;`S-=7q*nn*Y*_o4y1$F2nX$=+)KuSJm>h+{>2 ze+BWgQb$G+%bI0<`G6Ns!-vR4_Pj3W2$*hzjq^HF@u;a8K zcZvK)=Z+4?iCz{#Ja_b_Q{+fI6Ka$oau848!mxL0h0dc+APagIzOKmN*jD zj^39z682CS<_s0OAhZmAsU`!?xm5_w9oXBqLKj+RDh^aCnIP3w;R6SL178=49XOo% zT_@adU^|RxfO^39YvQIKs?aq;$0Y7Kst^LhX`;=L2YhuVCOY#YT?^D%;<7v|bgfW- ziL(RO8fA4BEeCp52;;+Xj;lhKhP;OpVLrMXRITfP-lAL{ih=yD5*K5u(2YPcsRlMEVFvn3 z(jA0&uF=RgT6C%a(=lk9#O-ja(2YYOV?c*~r^NLJoq*a)+(_U)L5n4B zCRi>-0h`2e7+mvFcoyvDHOPZ}5P?0m$5J6gN8>IAKmC^|<1i8Cqw3fYVQw_ETa2(P z8hdw3(r-s)@MlfXDV=PReh1QiCt6<9V^oB?ikvdit)YG=nk{infZK%*OWb9)xqdhL zOXBXa&4ut7>>b%gzZZr4AiD08+(y3-^^v$ciVphyXo18j*bV|011VJqpTI5kx%wdb z{x>m+L=%e+p=MQt%R`B#F8V{rc3sqMl=spfM#Cg7DRHpyjD#JnKaSFGP!r`^cC`Kk znnAfms9fGkaT3{Xio+cVSwizzoE({>zlh}bh%gWBvOQN{Ldzs>r)-uU{v`dosM{&y zh1IdR3tlQbf^pFDm30n@E2!WP(Q*)5A*97&Z)_2U#^Ek-L{-(Xyn(cjYb|xRkd1Qr zXb7BecWQNOgDk?IaX7rqO8xK1=Y=?+FC2*vQ5NO$(H{LqJ&a8kb<1FfJgem@Ve>sl zo8d3EWMW4=DuhAt^t_YfmriNnYCM#Dt6qhPT`pP_5b0M!e*ciTlbYjtQ!RHP?2O)w z%ivEB2rWWf$_1gN6DskY-hv;iiI7)*sk;iC0lpj)Zny3?L2%-5*B!kTFP4M`hH%Fu z4kN-nmbjZigmb_{j11ROT@Q(i3njW45|>9UcS>B9jp)cDkc>MhBOLivfp7&ucZ8-1 za9H2h3nLP+BkBn#wXnSr`W3I$z0lk6ExN|!vBx4i?)s8W*q?ywyUPv!#2m@c5!_Gn zTrJ2GvBNz}S+B0NktmI*E6oC_pTQ7=4;zUh4{d~9mWaogMQ$Q+!fvo>^IV;Rv#g@D zCrDHAyIvwUI>g7&02g|TT)&VILu35C#D#@K8=B)1__GZ0ovTk4!jo{a-x~(_Vkf0M zOw-MfUdz!5OisdfzmbMMwbEglEWkPYtw}x#N?2wX zi+`55F-aQ?6L3fn86-}1B900XIWpC3JUdk6mH{^j--nNe#F9)n2QPqcaD*cho{alP zi5!`59-bN_axmdGhG}>he1Vr{Y{s%8KV9Gu)XrQ!s>{?=M|h=7v*)dIk}fI59Iv- zyTuPymMae1M=HZX5`puW-Nr1i`2uXtD`tXy9+RMF(R`+_W0!I)voy9u8IG-vBg*+q zt3)Trr^TKI+BIBv5pDw`%aujOMgdCXOvCn{Hjs{MfuO!P!~%;w-wV(AkDlFh-1Ku7pA1Qb2Q zN0qDj-hP3sk9)+-Rm;Atq#t z+CszcP&H>AQ3qAwERn|peO7fHZS&}*{DM~T3nnOmMPD#^@mV0Lpb@hZT7qPCup5iw zNil`uw%E6&UY#nR5!r-Em6yf&s#P+VnnkJdp8|u_M%kn|2jI$}Sio}MM8GP*`N+k_ zVWZ45B~kqe?h)2R@Nb8MJ9SmJWgN*p0Sk-+)H5*&HxsW<6mVO%Z^}@0XNF4|rB0P) zBarXg`%B?RI{@tk6mth2XMA&FlblA zKUe>blo|ogmyb*u50Vl39L-F8B3S?rBMehC1LS*>1(zlRMfiLUeL!}1xU8|SfCFJm zeXAM3=+r-eYtIBX87coQ2sYSY0_w+HS0#eTiZ?+NoW_?9eWQYZY8;nH|FE_BgHcZ8r~PkTOo$L^)a6 zOf^9DscM7jnCctVHPr(ZeBf4F)veSM)CKBg>W%7M>O<<|>igDmFp@D8|xtJr|hql80%KT@3QAQEFT!4)A#0ng}81A2O01Wa}i zY#Dk9(9952AcA*;2)a``k!q(=$t@d^ACVFKm`a=p#KZnDf_LJ6C`#&xy|Ch*vYobr z(5(}W_g4CP4ulgQey+p6Z^%WGVy3XN6E-)_)Ygk8d>xgxzVEBDN!lp$KV-u1;39mI z*5COLm3A-n__Et+LUcMlY5klrC_iU>;fjPS6|OdLRTddK<9eKXOqCyQ>oY%X?w)TN zo>E*}Q`D*i7rVs_X7oO+r*Sykms;-|~KKiq?mf7mBccgCV^X+frb3&^6y!WU5r;Il)jp=)D z*P^Lm9b&v}(|wCRIWWFxWedB`6c<#r>QZWl&r3JOJk(wb)X5&$&#!v2_Rr5fM{Q{K zX#9|>L*uHuc`m&CQL))p;XAbX4xzHEeWnYCX&0QB(dP1@T``A^+Xn6WZq4KqGZHhC zB2oOA^j{Y_gHR{abAM4y5E+r{OP-6?sI=k z$Qkw*c0KosotbC7(CpTVvG44^bZn+)O4l}t1>XG7uWtAM*1A>uuz{wni!CeINGDTo&+r*Zc2uT-($+%WdvQRsNlw!P`e? zOy9RF_Q!fV<~8oLrc0vzX~t!K_250f%y0A7p5+Y?_tvW3q!lxZ@7};lAZC1 z$%)Qhalx!ABLB_&M>?#M$6MqcAt~oG#zy!)6vXJ+k)cGQUYHPv&$<>uw&rZK@-?G)lW^VD^L5@`%LN z6_Igo?`_fK*zyN^UDMa7r$6Qc500Al-uBW!?=}$$3&*ycd|dxkh)g6Nx6*Q_ zRI9o@xq5I!jPvcc_U=6N3CbUYr zkZ|tBu={0&5%*>{jJb0+rF)N$Gg{Y=-LPPD@~N=n8@T1$*LSd$j+`*=c7C#D_nUVT Wwr$YfIMf2I%vf;l9{evD{QMtywE_JA delta 12142 zcmbVS34Bb~_rLee%$t47B$>%%UnCRR7g_B4T0{|4?6og1BvlnL2@(6&ho>k}S`_V% zAhAn{*w<7^QB+mzTTzt%x%a)KqJIC+zkfdO`_6XHIrrRq?wh=s#hZpM-ZXUHG+DRu zb@OL><45z?MaeFuc+UU17B1j14p9u*WkX&=X@@9;&L7{7X6T&2w{ZK zR)pA7h5pQxZ?Ox%X2T}zQrKf-9>!bv%isCqEt|g&WN;fkXj4D0wis!+b^tKSrLLnH zP!X#x8(r$Yc6Z@dZaQ821CRuxFe_rRb|54-M`zumH?F-n=(64%6|OQzIy&&nHkX-1 zDF|DEuq6mH3R7@L{y?Dvrxe~TbSF8;w*~?_wzkAgcy8-_T_^CAO`M~QPP}g0P_P`k ztuKZQe=52XUn4{A?+iJ}5Ft-47(wzEk-3L?pqSb~u6^O{;wUoSbH^1{9M9vOZXWO0 zXNdM0TzfuhXIu?$Fo86fKu<@9!f`w6WBeh1cb7juXE)1V+-1UDfOCRuc zkL@-Ae~I#!cKh=Qdp0V%k^=F5d%Zx@U~dQ?zL$(_us0F-jeC9hw7oXqH|~wlrIG@a zLjjnKRQ|@^dV}du#7sO1GQVC;5z6RBOnxFJ6HnC?o+m=bm$2f9dCe|^dq#IKcJv_O znTa34&7BU<=t+EBAm&*FxisEX>ejRuNP|TQj9)><_Xd$<(}!rmO<%ab?WTgdAt<`> zmE2Hy4L8)L4{s@{>p}DC2c8h)SWXib6Y0+nD)Gbp`Kcu#cmV%>iJkozj4}rDCrdos z2a(9Hv4u6W;fkcOGK9o8Dd~h(edBDna1Kkum=+3%}k~d+dM9ge4OYmpl4@P31>g ztEyBG%wrUf54e6r3*%yTc~4dV7!>#;iZs#>EL5@Izv8(s;Ja zKjb~*p^21ldoZiOMTfEvu#;a}7VDEkf|2xeNF{T@TrTh$&2m#g%uVC3 z9vEO}X zfj&$@&vALiY+$l)L7uRtks(gY@qKKWURYm3As6* zz*B--N=POn9%#ohKDN9q{*uowugfk6xnl*tyWA5O6kaGVmf@9!pPwIsLH+VV{VH{X z3QwN`unhNRvQ!vK<_;eim@EvW<4fYheacTLq$QBPbci>cX@u(HO5T zoPD*89DmLK^xHt!Z$PaHLu~DaumWCSCgaxdDL1@oDm*1c&W#-1TH=scG8tLxG1F_KbSw8QkXq#!9EQ?ex%K?3TM2jr-|LZ&E5mIB)mOFbW8#BR`d76)8EykV z@OJ%}??B9O-vh#p*l<%}KJ4G5BMA6#6WD{2g;8g2mqTgS+=*lV1CoqQ{FOUh@n$~Z zZU|s+z(PL%ZWQ1)iZ>{_-y@Qi6vtBhhT=Jj?0uq50Nl(Ex=;MfxgTWM0`5`m)QmsK zLT%;u-4Dmx_`COe;v&AygDHR~ANW{{iP7I1hRF(p(s0`g&5ozbxC><2wF#L;koxQ-xqyd{7FT_Q;&y{2e0WYqjQjh?im8b? zyfc(v`?v+(!{2+{RJ)f142MvTNqoI0o>s90Hfd{kFjM;}iz~MT@@|k$?8QmX1VG(kR>s-tlKdbqZ;J zHidbv_;VLN$)~+o2KeWTq-t%_%epkGOs?P#k{p<<2&jOSJdKj)L4M+Ml&bk9FB{@h zg%@7l$7(t$GKN3>SGw$>b2umQ5*bwlBmXm}u;5_u0kph}VijcNsSW&Jv}aJI8{lY|O6eow160VTIV&?)eHdRd!^XqY)8R*Uw>TlG{YiPa6T*7+TP68LjT_<8B3}(=F+M2-YjK0>z{9jS>D?Y~ z3=u@RKO3qQ0T{UN@y$2kRF|>BVH3JUCC4$a~<8W`Gu@Tq8 zeS|?q*a`cDjYix7=LxTj*w=az1|vA4>p?8DTES#}K&qN2#F}u?zdI3vgb`-^jjA^| zG|0K11iK3!T!RZ0HoM>$HU|tcU4=@Zv76v&!SVRKkYd4+USuL>h25;EF%=N9T#2y6 zf)i=ASgsFYyo4tfT+d(h2JdM!toxEoKbVS^wJynoqX+9)+mcK-A;lG2trx%xdG?Y& z@=dU;B$SLR6(+jkl~ozla>I!@SLo%2>%!_RcEg8pSE0W7sqJ2E6pn4N_0MGMt|uImC?_B@I`X^|UKR8kbHSVFb&)Pq=2ac9(_-WJoz{NzUx z{gBeg8SD#T#I3a2pC~R<7iTG5T8E@^mk#)~7O@n3f&d!_h5~--6$v;7#R1B_3H=+j zucTGHuOYL)La`wYzlw%jP5p1CbhN*dguEl>VkcW8jJm!~UGJl4#w0*bO0S~WgeE6$ zF_I#SPFa!wf7a9o93R^laCWQ=My=Kn6fL*VMPJDAP8cT5-bv=vX zD2i|B?0e9(>~xlSlpcd3A}3o3x9JY{}0lU0*>YZzt3B@FtQww9RPhcw51bif*lVw;H#_Cie@wTl`8 zqkf4T;1%HXAiEkIS@mStS3YFG9Xh|q6tRX#I4bv`0aByZg8f9#^?<*Ie_uUT zwD(mIKP&ZQ6tS#Y*0&FM@icsjoMg}I1CE2~7T7rNGZl}TssY4)J|a&Cai6zKB*Dbg zCj=1suqVMH!y~Yn7gAImej43LO(~YsUKkk|>IC&{+Ehr!)CQ*=-~0}GUz^MD~ZmC_8A*QRta$jzwKy9D;cLH$9%A)2G$ZG3DAIsY%koCM~L zXE~tC>jI#-x`*iw?;J!{{fRfJjU|lW85`-8AXpBJ&glvLZWmPbR10_(VDvlneZ;2Vrv47jdmke@#h=Auc8O5j!ph@5W# zY<09aP~`fmD)n+S8eY;6OS!cYa+)AjT-ohH1qD~T*=~k(4j`~WR z9k`Y#vy*7q->p*kBot>mEA{P==TIWdN9O|!hW6+~%H^VP7|;RrmAHn$rJ(x5#o=!v zT@4?i5fZlqxGtzb;!XmWipnK!8*tr`>j-h&9oI_zM<_<(epNki>eH$Nra*|^sF9@n z9@e@qN|Cr`!1YJ%Mv87O0QWIUlepus4+f#F5?2l(hM)ry7ip{14?{Ak1~w?+2=q$Q z{Q&WtqmXTs=u`ow>1d0@ZBth2$Dp8eQI`y>oQcvT?k3D>ELuRhd~_|q%PDc~ zNNoc8K;j~Sn}}vhTxmcpLryh!8zM|7`{Uz4iI5JdJ`2V%#DC{Yanco zz@A;38@8fy_$m{0s#vzUVH?u@EL#3*z^Djy5jjndBcS>LnN+Fe5UY{gv~Y_Mk%+biRv3R+i(O; zque5NLEc<(6xnWz!yR#xg(gurF>IFMERsJU!d$f7CfELimPuT(Y>5HBhJGmOie+C3 ztD)3uh-&$UT`EnMVXY#M>`EW3@|oD)GdP@^0Jz{44dyS zv=P3gB@;X7S}6>Oq34|(zjaCrS7V^$B?dJnb~$K~UzpEH13XnE?x^;>!KIoz6LQI5 z!R7FE144@smvmKV77LZQWpKyOHAKj(zSBPd&Zrf+9r~w&5Q{^de;KTJu_QDyggYd0 z7!mHd#N7@coC6+W#F>ujx=UPiFwsquxLj&kEO9q&M0Zo-evlE)MyJ86<^=pDG>U`6 zT4of6#bHOd%4o$p*xm@;z~AWgMjO6E*O)x^SY*dt-qHzs;&6h=V)P~ENQMsL-ded< zkjG<(DN9wWrnJ5&g}3K#+h&5)$Hy3n515G}7p;d~7LU^{A~zm5VF%c>l53N2rd5>o z0BJJ**hAz-1%(;w;zIcTg^ceV6lZLJFG^fUP<>+)ybr#LA-WtxOChulPW0(wgg18Z zkEA?A`>`>lnxhk#SO?pE#v9YBr9-rnjeV*)YO}2lO!9N%kebqaFw*&@aRlB)Ym$!w z;?^5S;EDj1FgT$$h$KgRDN2Z#EX9bJgGT za%*LB?Obe%6S+0O6`e@HH%-nwL>7JmS{gMT%|dF&Y_tI7#ulK@WX%nym3b)6>zr}{ z($tAXBdFyFv|e#esiX2B6qopdS*KVZd|BCrYBwpG8-4?t*aV?6^9u%Sz{5Jlp6FXJ zio^=VwY~0xme6gS@_PEel-m`FTD7W;yv+QUauZdIW{CPTz|N|}3ag_wKCR%CAE_$Q z#>9TAT#ye0>>4vdbwP2!K1LM^lG-?z*-E9Q#zGnWa%> zs!(io99PX}n#ae2+&Lwx9GIc{3c&thS5$v0ehj;z!mQeHN41PrLe2U{A$291k*EL+ zQE1hnxXf%+k7nW$ugOR%uIdYlwSJ!JT;{6Y4P8(KYl4CHk9R}4%*Mb7V(C=}BpUf#u;7)GdL96U;P!adn7M%GT^16jnx*Pw zNNyB!K_Mn&3ooYOcdMJQj_||kP?pGJfIbK5ZgK6WT1Tt6jtPik(K;qKCJQ7LG-6hq zz8Q#CLC6?VOksN)?A^>wlPsSW){se-mq!O_)H0`rMalAO{-GMPY(jJt;L3mmzzg2> z0B-`$M@}{xn`LfE^)z4L?jbD%kG43_*;CVoaU}KyoMRrMnU1sKnxW}^c#3~1B?L=WFFU}?gM=xO77IgFn@SzwLREjMl)brg@?8uOZG`Jn1*PRnc|o_ zAaAPZq$Tz3uFYk?bQuIV%Vh*;3u5Hjhe)Lr@O=63Iuk%L%#f#@j*lb?;9;0?hPI!4 zXX0}02vpnaYiJL$(L-eoyantJd+d_d*^kj{u7hj0IHim%$YTgL(C7h}W|Tv6Q`E6Y zg`T5@Iu#lrTLPFVUjaByz8Y|Xd>vp8rSs(90X+fGN_6!cbjc;waWbje%}P6sR5Q1lXC%dr};LhJs``;!TIqQj}}1q&S(G ziEfxCGd#S=napGWu99#j3Ni1e^gc6@U!mydLg>a6`?@#@lS7$(6t7T379#hfSl~+N zeH07aCj*`9K_s~zS?H2!C8bwVx`fgtlx|`tHcjlrrXQvIiL^J7_wy$5p=hs3w}jcP zTL#xxaDBt<7T~8Z?K(YCda6QIiK-T=DXLcLA?mNyo75-O7uC1auhdG7UgM)_r^(hV z)U48M*6h<9(VWt})U?v})sE55)2`PZ)ZW(qrM2knx>~w;U430Q-4J0wd)(f6!idnb zxHEviP@L-^5_2NKf}nGNC-fHq-8`-VCOQZ<3%&tpVF)S^!TSLOO_YwO+9_0W$42A_ zWduK`lGr%nVNVFbd(n4_qB>v?tURK8rs|~YBDC*_W11oFxNh()fPa4 zMcJCNS`kE9Lnf4T#Fhq=b>WtGRg-m5N&l4j#{NSlm{YI?&k|~-;G@BYp?!<$@56hQb^0*|73=0QkTH0%ZswtI zlOwD$DE%00K^6?ZlEhvn24q?T0QQpmVJ}rt=pme?z$)SEE-hR-xb$!t;4;Exg3An-3tSesT;Xzq z%N;Ij(Um^7%!c9cYv10a7z|wG6G|TZ$Tx4f4Sm?TdFO$RI&PXY$keiMT0`z>?5%; z7R94T6bt|3$W?Sd+P?4~Qh|@PC;!9r=U97$o_W%sC}ytgDPGjnK010zWy8kVTN7J! z*`qkN_UNTS-}D`JenHz=>!#lg8|mtbO72%Yy)_}_%HY6U!!y(;DB+5Qu5eYQpWbpO5$O9IYpn3~$@=}Wc0#!a}~ z#Xj9RY|!}gi;91ri)DKpGmf8qJT*Lb#+Mz2_wVuS$Tggq>hv0%_F&}t)W;9TFRWLg zZq!cBB|J*>*!A<>g1q5VdPiIh`ZelCN9T)k`;D_II;~2{Ry15~{kqjyN95#3#p5z< zv5jt=>bx!N?ug%~`;;k;G}^W?^t#)Qg^Rj3wXLvED?aaBe{uA+Q>}mfwZVzf{a;L; zbIHF@XMdW8Rvl`fI2-eI<8hgNyM0_b%eg77wtQi642OsX5&p%kfVqizAL$6^NWqo#(R06UGZmN#+l~U6L$jdrM#Kc z_2rvWv3ac@F6%KiBa#_8P8ghOzvYaNO^!*9O^8qUC_0c;*UoR9|4fh7@)&oy>)KEI zb)I$O(Tu@^ubi~aOlorHKSo`&zS;<51(L(>3PLL)U#;%(`nUAG*Xrq;bvu5)>4R^L z;e|Ki%+t<%T6b}gMq_#rsGB_{+p~#g$)ZV{`(9g8-g)}a%I|t)^zZ9zl=x%X(>Buw z_kFm$-IjvTFDkcIJ`3u1X6W;Z#YtbkQLVo=u_So7rgZiv?z1Oez0~YK%YUBqa_Uio zc}nn@l~0-Cq_W3ovL(hZra0PmM=6}S8PeyRXZz>dMt?AEZ)@LSi_*Vzz1phlr0?hK zFlifp{K;tDN1$A+N^&eDqaV#b=&#>d?OVAJK!( A+yDRo diff --git a/meshcentral.js b/meshcentral.js index 34f08ece..683c092d 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -641,6 +641,8 @@ function CreateMeshCentralServer(config, args) { if (typeof obj.args.agentblockedip == 'string') { if (obj.args.agentblockedip == '') { config.settings.agentblockedip = obj.args.agentblockedip = null; } else { config.settings.agentblockedip = obj.args.agentblockedip = obj.args.agentblockedip.split(','); } } if (typeof obj.args.swarmallowedip == 'string') { if (obj.args.swarmallowedip == '') { obj.args.swarmallowedip = null; } else { obj.args.swarmallowedip = obj.args.swarmallowedip.split(','); } } if ((typeof obj.args.agentupdateblocksize == 'number') && (obj.args.agentupdateblocksize >= 1024) && (obj.args.agentupdateblocksize <= 65531)) { obj.agentUpdateBlockSize = obj.args.agentupdateblocksize; } + if (typeof obj.args.trustedproxy == 'string') { obj.args.trustedproxy = obj.args.trustedproxy.split(' ').join('').split(','); } + if (typeof obj.args.tlsoffload == 'string') { obj.args.tlsoffload = obj.args.tlsoffload.split(' ').join('').split(','); } // Local console tracing if (typeof obj.args.debug == 'string') { obj.debugSources = obj.args.debug.toLowerCase().split(','); } diff --git a/meshrelay.js b/meshrelay.js index 00c687c4..9471cb75 100644 --- a/meshrelay.js +++ b/meshrelay.js @@ -219,7 +219,7 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie // Setup session recording var sessionUser = obj.user; if (sessionUser == null) { sessionUser = obj.peer.user; } - if ((sessionUser != null) && (domain.sessionrecording == true || ((typeof domain.sessionrecording == 'object') && ((domain.sessionrecording.protocols == null) || (domain.sessionrecording.protocols.indexOf(parseInt(obj.req.query.p)) >= 0))))) { + if ((obj.req.query.p != null) && (obj.req.query.nodeid != null) && (sessionUser != null) && (domain.sessionrecording == true || ((typeof domain.sessionrecording == 'object') && ((domain.sessionrecording.protocols == null) || (domain.sessionrecording.protocols.indexOf(parseInt(obj.req.query.p)) >= 0))))) { // Get the computer name parent.db.Get(obj.req.query.nodeid, function (err, nodes) { var xusername = '', xdevicename = '', xdevicename2 = null, node = null; @@ -250,7 +250,8 @@ module.exports.CreateMeshRelay = function (parent, ws, req, domain, user, cookie var metadata = { magic: 'MeshCentralRelaySession', ver: 1, userid: sessionUser._id, username: sessionUser.name, sessionid: obj.id, ipaddr1: cleanRemoteAddr(obj.req.ip), ipaddr2: cleanRemoteAddr(obj.peer.req.ip), time: new Date().toLocaleString(), protocol: (((obj.req == null) || (obj.req.query == null)) ? null : obj.req.query.p), nodeid: (((obj.req == null) || (obj.req.query == null)) ? null : obj.req.query.nodeid ) }; if (xdevicename2 != null) { metadata.devicename = xdevicename2; } var firstBlock = JSON.stringify(metadata); - var logfile = { fd: fd, lock: false, filename: recFullFilename, startTime: Date.now(), size: 0, nodeid: node._id, meshid: node.meshid, name: node.name, icon: node.icon }; + var logfile = { fd: fd, lock: false, filename: recFullFilename, startTime: Date.now(), size: 0 }; + if (node != null) { logfile.nodeid = node._id; logfile.meshid = node.meshid; logfile.name = node.name; logfile.icon = node.icon; } recordingEntry(logfile, 1, 0, firstBlock, function () { try { relayinfo.peer1.ws.logfile = ws.logfile = logfile; } catch (ex) { try { ws.send('c'); } catch (ex) { } // Send connect to both peers, 'cr' indicates the session is being recorded. diff --git a/meshuser.js b/meshuser.js index 38162deb..0d914a5d 100644 --- a/meshuser.js +++ b/meshuser.js @@ -4336,7 +4336,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use var email2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.email2factor != false)) && (parent.parent.mailserver != null)); var sms2fa = ((parent.parent.smsserver != null) && ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.sms2factor != false))); var authFactorCount = 0; - if (user.otpsecret == 1) { authFactorCount++; } // Authenticator time factor + if (typeof user.otpsecret == 'string') { authFactorCount++; } // Authenticator time factor if (email2fa && (user.otpekey != null)) { authFactorCount++; } // EMail factor if (sms2fa && (user.phone != null)) { authFactorCount++; } // SMS factor if (user.otphkeys != null) { authFactorCount += user.otphkeys.length; } // FIDO hardware factor diff --git a/package.json b/package.json index ce6dac42..e143511c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.5.25", + "version": "0.5.26", "keywords": [ "Remote Management", "Intel AMT", diff --git a/public/scripts/filesaver.min.js b/public/scripts/filesaver.min.js index 42a040e1..d7ab06e2 100644 --- a/public/scripts/filesaver.min.js +++ b/public/scripts/filesaver.min.js @@ -1,2 +1 @@ -(function(a,b){if("function"==typeof define&&define.amd)define([],b);else if("undefined"!=typeof exports)b();else{b(),a.FileSaver={exports:{}}.exports}})(this,function(){"use strict";function b(a,b){return"undefined"==typeof b?b={autoBom:!1}:"object"!=typeof b&&(console.warn("Deprecated: Expected third argument to be a object"),b={autoBom:!b}),b.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(a.type)?new Blob(["\uFEFF",a],{type:a.type}):a}function c(b,c,d){var e=new XMLHttpRequest;e.open("GET",b),e.responseType="blob",e.onload=function(){a(e.response,c,d)},e.onerror=function(){console.error("could not download file")},e.send()}function d(a){var b=new XMLHttpRequest;b.open("HEAD",a,!1);try{b.send()}catch(a){}return 200<=b.status&&299>=b.status}function e(a){try{a.dispatchEvent(new MouseEvent("click"))}catch(c){var b=document.createEvent("MouseEvents");b.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),a.dispatchEvent(b)}}var f="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,a=f.saveAs||("object"!=typeof window||window!==f?function(){}:"download"in HTMLAnchorElement.prototype?function(b,g,h){var i=f.URL||f.webkitURL,j=document.createElement("a");g=g||b.name||"download",j.download=g,j.rel="noopener","string"==typeof b?(j.href=b,j.origin===location.origin?e(j):d(j.href)?c(b,g,h):e(j,j.target="_blank")):(j.href=i.createObjectURL(b),setTimeout(function(){i.revokeObjectURL(j.href)},4E4),setTimeout(function(){e(j)},0))}:"msSaveOrOpenBlob"in navigator?function(f,g,h){if(g=g||f.name||"download","string"!=typeof f)navigator.msSaveOrOpenBlob(b(f,h),g);else if(d(f))c(f,g,h);else{var i=document.createElement("a");i.href=f,i.target="_blank",setTimeout(function(){e(i)})}}:function(a,b,d,e){if(e=e||open("","_blank"),e&&(e.document.title=e.document.body.innerText="downloading..."),"string"==typeof a)return c(a,b,d);var g="application/octet-stream"===a.type,h=/constructor/i.test(f.HTMLElement)||f.safari,i=/CriOS\/[\d]+/.test(navigator.userAgent);if((i||g&&h)&&"object"==typeof FileReader){var j=new FileReader;j.onloadend=function(){var a=j.result;a=i?a:a.replace(/^data:[^;]*;/,"data:attachment/file;"),e?e.location.href=a:location=a,e=null},j.readAsDataURL(a)}else{var k=f.URL||f.webkitURL,l=k.createObjectURL(a);e?e.location=l:location.href=l,e=null,setTimeout(function(){k.revokeObjectURL(l)},4E4)}});f.saveAs=a.saveAs=a,"undefined"!=typeof module&&(module.exports=a)}); -//# sourceMappingURL=FileSaver.min.js.map \ No newline at end of file +(function(a,b){if("function"==typeof define&&define.amd)define([],b);else if("undefined"!=typeof exports)b();else{b(),a.FileSaver={exports:{}}.exports}})(this,function(){"use strict";function b(a,b){return"undefined"==typeof b?b={autoBom:!1}:"object"!=typeof b&&(console.warn("Deprecated: Expected third argument to be a object"),b={autoBom:!b}),b.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(a.type)?new Blob(["\uFEFF",a],{type:a.type}):a}function c(b,c,d){var e=new XMLHttpRequest;e.open("GET",b),e.responseType="blob",e.onload=function(){a(e.response,c,d)},e.onerror=function(){console.error("could not download file")},e.send()}function d(a){var b=new XMLHttpRequest;b.open("HEAD",a,!1);try{b.send()}catch(a){}return 200<=b.status&&299>=b.status}function e(a){try{a.dispatchEvent(new MouseEvent("click"))}catch(c){var b=document.createEvent("MouseEvents");b.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),a.dispatchEvent(b)}}var f="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,a=f.saveAs||("object"!=typeof window||window!==f?function(){}:"download"in HTMLAnchorElement.prototype?function(b,g,h){var i=f.URL||f.webkitURL,j=document.createElement("a");g=g||b.name||"download",j.download=g,j.rel="noopener","string"==typeof b?(j.href=b,j.origin===location.origin?e(j):d(j.href)?c(b,g,h):e(j,j.target="_blank")):(j.href=i.createObjectURL(b),setTimeout(function(){i.revokeObjectURL(j.href)},4E4),setTimeout(function(){e(j)},0))}:"msSaveOrOpenBlob"in navigator?function(f,g,h){if(g=g||f.name||"download","string"!=typeof f)navigator.msSaveOrOpenBlob(b(f,h),g);else if(d(f))c(f,g,h);else{var i=document.createElement("a");i.href=f,i.target="_blank",setTimeout(function(){e(i)})}}:function(a,b,d,e){if(e=e||open("","_blank"),e&&(e.document.title=e.document.body.innerText="downloading..."),"string"==typeof a)return c(a,b,d);var g="application/octet-stream"===a.type,h=/constructor/i.test(f.HTMLElement)||f.safari,i=/CriOS\/[\d]+/.test(navigator.userAgent);if((i||g&&h)&&"object"==typeof FileReader){var j=new FileReader;j.onloadend=function(){var a=j.result;a=i?a:a.replace(/^data:[^;]*;/,"data:attachment/file;"),e?e.location.href=a:location=a,e=null},j.readAsDataURL(a)}else{var k=f.URL||f.webkitURL,l=k.createObjectURL(a);e?e.location=l:location.href=l,e=null,setTimeout(function(){k.revokeObjectURL(l)},4E4)}});f.saveAs=a.saveAs=a,"undefined"!=typeof module&&(module.exports=a)}); \ No newline at end of file diff --git a/sample-config.json b/sample-config.json index 9273bef2..de82d8b0 100644 --- a/sample-config.json +++ b/sample-config.json @@ -54,8 +54,8 @@ "name": "Local server name", "info": "Information about this server" }, - "_TlsOffload": "127.0.0.1", - "_TrustedProxy": "127.0.0.1", + "_TlsOffload": "127.0.0.1,::1", + "_TrustedProxy": "127.0.0.1,::1", "_MpsPort": 44330, "_MpsAliasPort": 4433, "_MpsAliasHost": "mps.mydomain.com", diff --git a/webserver.js b/webserver.js index 8628ec44..ec554867 100644 --- a/webserver.js +++ b/webserver.js @@ -516,11 +516,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (closeIfThis === false) { res.sendStatus(401); } } else if (req._socket) { // WebSocket request ip = req._socket.remoteAddress; + var ipex = (ip.startsWith('::ffff:')) ? ip.substring(7) : ip; // If a trusted reverse-proxy is sending us the remote IP address, use it. // This is not done automatically for web socket like it's done for HTTP requests. - if ((obj.args.trustedproxy) && (res.headers['x-forwarded-for']) && ((obj.args.trustedproxy === true) || (obj.args.trustedproxy === ip) || (('::ffff:') + obj.args.trustedproxy === ip))) { ip = res.headers['x-forwarded-for']; } - else if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload === ip) || (('::ffff:') + obj.args.tlsoffload === ip))) { ip = res.headers['x-forwarded-for']; } + if ((obj.args.trustedproxy) && (res.headers['x-forwarded-for']) && ((obj.args.trustedproxy === true) || (obj.args.trustedproxy.indexOf(ipex) >= 0))) { ip = res.headers['x-forwarded-for']; } + else if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload.indexOf(ipex) >= 0))) { ip = res.headers['x-forwarded-for']; } if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { try { req.close(); } catch (e) { } } return true; } } } if (closeIfThis === false) { try { req.close(); } catch (e) { } } @@ -3842,7 +3843,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { obj.app.engine('handlebars', obj.exphbs({ defaultLayout: null })); // defaultLayout: 'main' obj.app.set('view engine', 'handlebars'); if (obj.args.trustedproxy) { obj.app.set('trust proxy', obj.args.trustedproxy); } // Reverse proxy should add the "X-Forwarded-*" headers - else if (obj.args.tlsoffload) { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers + else if (typeof obj.args.tlsoffload == 'string') { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers obj.app.use(obj.bodyParser.urlencoded({ extended: false })); var sessionOptions = { name: 'xid', // Recommended security practice to not use the default cookie name