[release] v0.9.15
This commit is contained in:
parent
3d8d411dd4
commit
0801799600
|
@ -1,3 +1,9 @@
|
|||
## Version 0.9.15
|
||||
- Check background extension on upload is an image
|
||||
- Update Docker for security patch
|
||||
- Check redirect target is local
|
||||
- Improve OpenID client secret generation
|
||||
|
||||
## Version 0.9.14
|
||||
- Check network mode before pruning networks
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ import * as indexDemo from './index.demo';
|
|||
import * as marketDemo from './market.demo';
|
||||
|
||||
import wrap from './wrap';
|
||||
import { redirectToLocal } from '../utils/indexs';
|
||||
|
||||
export let CPU_ARCH = 'amd64';
|
||||
export let CPU_AVX = true;
|
||||
|
@ -39,7 +40,7 @@ let getStatus = (initial) => {
|
|||
return response
|
||||
}).catch((response) => {
|
||||
const urlSearch = encodeURIComponent(window.location.search);
|
||||
const redirectTo = (window.location.pathname + urlSearch);
|
||||
const redirectToURL = (window.location.pathname + urlSearch);
|
||||
|
||||
if(response.status != 'OK') {
|
||||
if(
|
||||
|
@ -50,13 +51,13 @@ let getStatus = (initial) => {
|
|||
window.location.href.indexOf('/cosmos-ui/register') == -1 &&
|
||||
window.location.href.indexOf('/cosmos-ui/forgot-password') == -1) {
|
||||
if(response.status == 'NEW_INSTALL') {
|
||||
window.location.href = '/cosmos-ui/newInstall';
|
||||
redirectToLocal('/cosmos-ui/newInstall');
|
||||
} else if (response.status == 'error' && response.code == "HTTP004") {
|
||||
window.location.href = '/cosmos-ui/login?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/login?redirect=' + redirectToURL);
|
||||
} else if (response.status == 'error' && response.code == "HTTP006") {
|
||||
window.location.href = '/cosmos-ui/loginmfa?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/loginmfa?redirect=' + redirectToURL);
|
||||
} else if (response.status == 'error' && response.code == "HTTP007") {
|
||||
window.location.href = '/cosmos-ui/newmfa?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/newmfa?redirect=' + redirectToURL);
|
||||
}
|
||||
} else {
|
||||
return "nothing";
|
||||
|
|
|
@ -1,22 +1,23 @@
|
|||
|
||||
import * as API from './api';
|
||||
import { useEffect } from 'react';
|
||||
import { redirectToLocal } from './utils/indexs';
|
||||
|
||||
const IsLoggedIn = () => useEffect(() => {
|
||||
console.log("CHECK LOGIN")
|
||||
const urlSearch = encodeURIComponent(window.location.search);
|
||||
const redirectTo = (window.location.pathname + urlSearch);
|
||||
const redirectToURL = (window.location.pathname + urlSearch);
|
||||
|
||||
API.auth.me().then((data) => {
|
||||
if(data.status != 'OK') {
|
||||
if(data.status == 'NEW_INSTALL') {
|
||||
window.location.href = '/cosmos-ui/newInstall';
|
||||
redirectToLocal('/cosmos-ui/newInstall');
|
||||
} else if (data.status == 'error' && data.code == "HTTP004") {
|
||||
window.location.href = '/cosmos-ui/login?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/login?redirect=' + redirectToURL);
|
||||
} else if (data.status == 'error' && data.code == "HTTP006") {
|
||||
window.location.href = '/cosmos-ui/loginmfa?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/loginmfa?redirect=' + redirectToURL);
|
||||
} else if (data.status == 'error' && data.code == "HTTP007") {
|
||||
window.location.href = '/cosmos-ui/newmfa?redirect=' + redirectTo;
|
||||
redirectToLocal('/cosmos-ui/newmfa?redirect=' + redirectToURL);
|
||||
}
|
||||
}
|
||||
})
|
||||
|
|
|
@ -9,6 +9,7 @@ import AuthWrapper from './AuthWrapper';
|
|||
import { useEffect } from 'react';
|
||||
|
||||
import * as API from '../../api';
|
||||
import { redirectTo } from '../../utils/indexs';
|
||||
|
||||
// ================================|| REGISTER ||================================ //
|
||||
|
||||
|
@ -17,7 +18,7 @@ const Logout = () => {
|
|||
API.auth.logout()
|
||||
.then(() => {
|
||||
setTimeout(() => {
|
||||
window.location.href = '/cosmos-ui/login';
|
||||
redirectToLocal('/cosmos-ui/login');
|
||||
}, 2000);
|
||||
});
|
||||
},[]);
|
||||
|
|
|
@ -31,6 +31,7 @@ import AnimateButton from '../../../components/@extended/AnimateButton';
|
|||
// assets
|
||||
import { EyeOutlined, EyeInvisibleOutlined } from '@ant-design/icons';
|
||||
import { LoadingButton } from '@mui/lab';
|
||||
import { redirectToLocal } from '../../../utils/indexs';
|
||||
|
||||
// ============================|| FIREBASE - LOGIN ||============================ //
|
||||
|
||||
|
@ -53,14 +54,14 @@ const AuthLogin = () => {
|
|||
const notLogged = urlSearchParams.get('notlogged') == 1;
|
||||
const notLoggedAdmin = urlSearchParams.get('notlogged') == 2;
|
||||
const invalid = urlSearchParams.get('invalid') == 1;
|
||||
const redirectTo = urlSearchParams.get('redirect') ? urlSearchParams.get('redirect') : '/cosmos-ui';
|
||||
const redirectToURL = urlSearchParams.get('redirect') ? urlSearchParams.get('redirect') : '/cosmos-ui';
|
||||
|
||||
useEffect(() => {
|
||||
API.auth.me().then((data) => {
|
||||
if(data.status == 'OK') {
|
||||
window.location.href = redirectTo;
|
||||
redirectToLocal(redirectToURL);
|
||||
} else if(data.status == 'NEW_INSTALL') {
|
||||
window.location.href = '/cosmos-ui/newInstall';
|
||||
redirectToLocal('/cosmos-ui/newInstall');
|
||||
}
|
||||
});
|
||||
|
||||
|
@ -103,7 +104,7 @@ const AuthLogin = () => {
|
|||
return API.auth.login(values).then((data) => {
|
||||
setStatus({ success: true });
|
||||
setSubmitting(false);
|
||||
window.location.href = redirectTo;
|
||||
redirectToLocal(redirectToURL);
|
||||
}).catch((err) => {
|
||||
setStatus({ success: false });
|
||||
if(err.code == 'UL001') {
|
||||
|
|
|
@ -33,6 +33,7 @@ import { strengthColor, strengthIndicator } from '../../../utils/password-streng
|
|||
// assets
|
||||
import { EyeOutlined, EyeInvisibleOutlined } from '@ant-design/icons';
|
||||
import { LoadingButton } from '@mui/lab';
|
||||
import { redirectTo } from '../../../utils/indexs';
|
||||
|
||||
// ============================|| FIREBASE - REGISTER ||============================ //
|
||||
|
||||
|
@ -85,7 +86,7 @@ const AuthRegister = ({nickname, isRegister, isInviteLink, regkey}) => {
|
|||
}).then((res) => {
|
||||
setStatus({ success: true });
|
||||
setSubmitting(false);
|
||||
window.location.href = '/cosmos-ui/login';
|
||||
redirectToLocal('/cosmos-ui/login');
|
||||
}).catch((err) => {
|
||||
setStatus({ success: false });
|
||||
setErrors({ submit: err.message });
|
||||
|
|
|
@ -32,17 +32,18 @@ import { useTheme } from '@mui/material/styles';
|
|||
import { Formik } from 'formik';
|
||||
import { LoadingButton } from '@mui/lab';
|
||||
import { CosmosCollapse } from '../config/users/formShortcuts';
|
||||
import { redirectToLocal } from '../../utils/indexs';
|
||||
|
||||
const MFALoginForm = () => {
|
||||
const urlSearchParams = new URLSearchParams(window.location.search);
|
||||
const redirectTo = urlSearchParams.get('redirect') ? urlSearchParams.get('redirect') : '/cosmos-ui';
|
||||
const redirectToURL = urlSearchParams.get('redirect') ? urlSearchParams.get('redirect') : '/cosmos-ui';
|
||||
|
||||
useEffect(() => {
|
||||
API.auth.me().then((data) => {
|
||||
if(data.status == 'OK') {
|
||||
window.location.href = redirectTo;
|
||||
redirectToLocal(redirectToURL);
|
||||
} else if(data.status == 'NEW_INSTALL') {
|
||||
window.location.href = '/cosmos-ui/newInstall';
|
||||
redirectToLocal('/cosmos-ui/newInstall');
|
||||
}
|
||||
});
|
||||
});
|
||||
|
@ -56,7 +57,7 @@ const MFALoginForm = () => {
|
|||
})}
|
||||
onSubmit={(values, { setSubmitting, setStatus, setErrors }) => {
|
||||
API.users.check2FA(values.token).then((data) => {
|
||||
window.location.href = redirectTo;
|
||||
redirectToLocal(redirectToURL);
|
||||
}).catch((error) => {
|
||||
console.log(error)
|
||||
setStatus({ success: false });
|
||||
|
|
|
@ -8,6 +8,7 @@ import { getFaviconURL } from '../../../utils/routes';
|
|||
import * as API from '../../../api';
|
||||
import { CheckOutlined, ClockCircleOutlined, DashboardOutlined, DeleteOutlined, DownOutlined, LockOutlined, UpOutlined } from "@ant-design/icons";
|
||||
import IsLoggedIn from '../../../isLoggedIn';
|
||||
import { redirectTo } from '../../../utils/indexs';
|
||||
|
||||
const info = {
|
||||
backgroundColor: 'rgba(0, 0, 0, 0.1)',
|
||||
|
@ -22,7 +23,7 @@ const RouteOverview = ({ routeConfig }) => {
|
|||
function deleteRoute(event) {
|
||||
event.stopPropagation();
|
||||
API.config.deleteRoute(routeConfig.Name).then(() => {
|
||||
window.location.href = '/cosmos-ui/config-url';
|
||||
redirectToLocal('/cosmos-ui/config-url');
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ import { CosmosCheckbox, CosmosInputPassword, CosmosInputText, CosmosSelect } fr
|
|||
import AnimateButton from '../../components/@extended/AnimateButton';
|
||||
import { Box } from '@mui/system';
|
||||
import { pull } from 'lodash';
|
||||
import { isDomain } from '../../utils/indexs';
|
||||
import { isDomain, redirectTo } from '../../utils/indexs';
|
||||
import { DnsChallengeComp } from '../../utils/dns-challenge-comp';
|
||||
// ================================|| LOGIN ||================================ //
|
||||
|
||||
|
@ -67,7 +67,7 @@ const NewInstall = () => {
|
|||
setStatus(res.data);
|
||||
} catch(error) {
|
||||
if(error.status == 401)
|
||||
window.location.href = "/cosmos-ui/login";
|
||||
redirectToLocal("/cosmos-ui/login");
|
||||
}
|
||||
if (typeof status !== 'undefined') {
|
||||
setTimeout(() => {
|
||||
|
@ -618,7 +618,7 @@ const NewInstall = () => {
|
|||
step: "5",
|
||||
})
|
||||
setTimeout(() => {
|
||||
window.location.href = hostname + "/cosmos-ui/login";
|
||||
redirectTo(hostname + "/cosmos-ui/login");
|
||||
}, 500);
|
||||
} else {
|
||||
setActiveStep(activeStep + 1)
|
||||
|
|
|
@ -114,7 +114,11 @@ const OpenIdList = () => {
|
|||
}, []);
|
||||
|
||||
const generateNewSecret = (clientIdToUpdate) => {
|
||||
let newSecret = Math.random().toString(36).substring(2, 24) + Math.random().toString(36).substring(2, 15);
|
||||
let newSecretSeed = window.crypto.getRandomValues(new Uint32Array(4));
|
||||
let newSecret = "";
|
||||
newSecretSeed.forEach((r) => {
|
||||
newSecret += r.toString(36);
|
||||
});
|
||||
let encryptedSecret = bcrypt.hashSync(newSecret, 10);
|
||||
let index = clients.findIndex((r) => r.id === clientIdToUpdate);
|
||||
clients[index].secret = encryptedSecret;
|
||||
|
|
|
@ -34,4 +34,15 @@ export const debounce = (func, wait) => {
|
|||
clearTimeout(timeout);
|
||||
timeout = setTimeout(() => func.apply(context, args), wait);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
export const redirectTo = (url) => {
|
||||
window.location.href = url;
|
||||
}
|
||||
|
||||
export const redirectToLocal = (url) => {
|
||||
if(url.startsWith("http://") || url.startsWith("https://")) {
|
||||
throw new Error("URL must be local");
|
||||
}
|
||||
window.location.href = url;
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.9.14",
|
||||
"version": "0.9.15",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -12,6 +12,18 @@ import (
|
|||
"github.com/azukaar/cosmos-server/src/utils"
|
||||
)
|
||||
|
||||
var validExtensions = map[string]bool{
|
||||
".jpg": true,
|
||||
".jpeg": true,
|
||||
".png": true,
|
||||
".gif": true,
|
||||
".bmp": true,
|
||||
".svg": true,
|
||||
".webp": true,
|
||||
".tiff": true,
|
||||
".avif": true,
|
||||
}
|
||||
|
||||
func UploadBackground(w http.ResponseWriter, req *http.Request) {
|
||||
if utils.AdminOnly(w, req) != nil {
|
||||
return
|
||||
|
@ -32,9 +44,14 @@ func UploadBackground(w http.ResponseWriter, req *http.Request) {
|
|||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
|
||||
// get the file extension
|
||||
ext := filepath.Ext(header.Filename)
|
||||
|
||||
if !validExtensions[ext] {
|
||||
utils.HTTPError(w, "Invalid file extension " + ext, http.StatusBadRequest, "FILE001")
|
||||
return
|
||||
}
|
||||
|
||||
// create a new file in the config directory
|
||||
dst, err := os.Create("/config/background" + ext)
|
||||
|
@ -75,19 +92,7 @@ func GetBackground(w http.ResponseWriter, req *http.Request) {
|
|||
vars := mux.Vars(req)
|
||||
ext := vars["ext"]
|
||||
|
||||
validExtensions := map[string]bool{
|
||||
"jpg": true,
|
||||
"jpeg": true,
|
||||
"png": true,
|
||||
"gif": true,
|
||||
"bmp": true,
|
||||
"svg": true,
|
||||
"webp": true,
|
||||
"tiff": true,
|
||||
"avif": true,
|
||||
}
|
||||
|
||||
if !validExtensions[ext] {
|
||||
if !validExtensions["." + ext] {
|
||||
utils.HTTPError(w, "Invalid file extension", http.StatusBadRequest, "FILE001")
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue