optional ipfilter for array of allowed_ips in config or environment
This commit is contained in:
Tom Broughton
parent
64e86994f7
commit
77c15cda13
4 changed files with 14 additions and 2 deletions
|
|
@ -8,6 +8,9 @@
|
||||||
"path": "/ssh/socket.io",
|
"path": "/ssh/socket.io",
|
||||||
"origins": ["localhost:2222"],
|
"origins": ["localhost:2222"],
|
||||||
},
|
},
|
||||||
|
"ipfilter": {
|
||||||
|
allowed_ips: []
|
||||||
|
},
|
||||||
"user": {
|
"user": {
|
||||||
"name": null,
|
"name": null,
|
||||||
"password": null,
|
"password": null,
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,7 @@
|
||||||
"cidr-matcher": "^2.1.1",
|
"cidr-matcher": "^2.1.1",
|
||||||
"debug": "^4.3.4",
|
"debug": "^4.3.4",
|
||||||
"express": "^4.18.1",
|
"express": "^4.18.1",
|
||||||
|
"express-ipfilter": "^1.3.1",
|
||||||
"express-session": "^1.17.3",
|
"express-session": "^1.17.3",
|
||||||
"morgan": "~1.10.0",
|
"morgan": "~1.10.0",
|
||||||
"read-config-ng": "^3.0.5",
|
"read-config-ng": "^3.0.5",
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,12 @@ const server = require('http').Server(app);
|
||||||
const favicon = require('serve-favicon');
|
const favicon = require('serve-favicon');
|
||||||
const io = require('socket.io')(server, config.socketio);
|
const io = require('socket.io')(server, config.socketio);
|
||||||
const session = require('express-session')(config.express);
|
const session = require('express-session')(config.express);
|
||||||
|
const ipfilter = require('express-ipfilter').IpFilter
|
||||||
|
|
||||||
const appSocket = require('./socket');
|
const appSocket = require('./socket');
|
||||||
const { setDefaultCredentials, basicAuth } = require('./util');
|
const { setDefaultCredentials, basicAuth } = require('./util');
|
||||||
const { webssh2debug } = require('./logging');
|
const { webssh2debug } = require('./logging');
|
||||||
const { reauth, connect, notfound, handleErrors } = require('./routes');
|
const { reauth, connect, notfound, handleForbidden, handleErrors } = require('./routes');
|
||||||
|
|
||||||
setDefaultCredentials(config.user);
|
setDefaultCredentials(config.user);
|
||||||
|
|
||||||
|
|
@ -38,6 +39,7 @@ function safeShutdownGuard(req, res, next) {
|
||||||
// express
|
// express
|
||||||
app.use(safeShutdownGuard);
|
app.use(safeShutdownGuard);
|
||||||
app.use(session);
|
app.use(session);
|
||||||
|
if (config.ipfilter.allowed_ips.length > 0) app.use(ipfilter(config.ipfilter.allowed_ips, { mode: 'allow' }))
|
||||||
if (config.accesslog) app.use(logger('common'));
|
if (config.accesslog) app.use(logger('common'));
|
||||||
app.disable('x-powered-by');
|
app.disable('x-powered-by');
|
||||||
app.use(favicon(path.join(publicPath, 'favicon.ico')));
|
app.use(favicon(path.join(publicPath, 'favicon.ico')));
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,10 @@ const configDefault = {
|
||||||
setHeaders(res) {
|
setHeaders(res) {
|
||||||
res.set('x-timestamp', Date.now());
|
res.set('x-timestamp', Date.now());
|
||||||
},
|
},
|
||||||
},
|
}
|
||||||
|
},
|
||||||
|
ipfilter: {
|
||||||
|
allowed_ips: [],
|
||||||
},
|
},
|
||||||
user: {
|
user: {
|
||||||
name: null,
|
name: null,
|
||||||
|
|
@ -133,4 +136,7 @@ if (process.env.SOCKETIO_PATH) config.socketio.path = process.env.SOCKETIO_PATH;
|
||||||
if (process.env.SOCKETIO_SERVECLIENT)
|
if (process.env.SOCKETIO_SERVECLIENT)
|
||||||
config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT;
|
config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT;
|
||||||
|
|
||||||
|
if (process.env.ALLOWED_IP_ADDRESSES)
|
||||||
|
config.ipfilter.allowed_ips.push(process.env.ALLOWED_IP_ADDRESSES.split(" "))
|
||||||
|
|
||||||
module.exports = config;
|
module.exports = config;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue