external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Router fixes, Relay Fixes, 2FA fixes, support for many trusted proxies addresses.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-05-07 14:48:51 -07:00
parent 97f4f7f963
commit 1f105e37a2
8 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
webserver.js
View file

@ -516,11 +516,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (closeIfThis === false) { res.sendStatus(401); }
} else if (req._socket) { // WebSocket request
ip = req._socket.remoteAddress;
var ipex = (ip.startsWith('::ffff:')) ? ip.substring(7) : ip;
// If a trusted reverse-proxy is sending us the remote IP address, use it.
// This is not done automatically for web socket like it's done for HTTP requests.
if ((obj.args.trustedproxy) && (res.headers['x-forwarded-for']) && ((obj.args.trustedproxy === true) || (obj.args.trustedproxy === ip) || (('::ffff:') + obj.args.trustedproxy === ip))) { ip = res.headers['x-forwarded-for']; }
else if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload === ip) || (('::ffff:') + obj.args.tlsoffload === ip))) { ip = res.headers['x-forwarded-for']; }
if ((obj.args.trustedproxy) && (res.headers['x-forwarded-for']) && ((obj.args.trustedproxy === true) || (obj.args.trustedproxy.indexOf(ipex) >= 0))) { ip = res.headers['x-forwarded-for']; }
else if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload.indexOf(ipex) >= 0))) { ip = res.headers['x-forwarded-for']; }
if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { try { req.close(); } catch (e) { } } return true; } } }
if (closeIfThis === false) { try { req.close(); } catch (e) { } }
@ -3842,7 +3843,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.app.engine('handlebars', obj.exphbs({ defaultLayout: null })); // defaultLayout: 'main'
obj.app.set('view engine', 'handlebars');
if (obj.args.trustedproxy) { obj.app.set('trust proxy', obj.args.trustedproxy); } // Reverse proxy should add the "X-Forwarded-*" headers
else if (obj.args.tlsoffload) { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers
else if (typeof obj.args.tlsoffload == 'string') { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers
obj.app.use(obj.bodyParser.urlencoded({ extended: false }));
var sessionOptions = {
name: 'xid', // Recommended security practice to not use the default cookie name