[release] v0.10.1-unstable2
This commit is contained in:
parent
df27afb694
commit
2bdc2952d6
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.10.1-unstable",
|
||||
"version": "0.10.1-unstable2",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -428,6 +428,19 @@ func GetCertFingerprint(certPath string) (string, error) {
|
|||
func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, string, error) {
|
||||
// Run the nebula-cert command
|
||||
var cmd *exec.Cmd
|
||||
|
||||
// Read the generated certificate and key files
|
||||
certPath := fmt.Sprintf("./%s.crt", name)
|
||||
keyPath := fmt.Sprintf("./%s.key", name)
|
||||
|
||||
|
||||
// if the temp exists, delete it
|
||||
if _, err := os.Stat(certPath); err == nil {
|
||||
os.Remove(certPath)
|
||||
}
|
||||
if _, err := os.Stat(keyPath); err == nil {
|
||||
os.Remove(keyPath)
|
||||
}
|
||||
|
||||
if(PK == "") {
|
||||
cmd = exec.Command(binaryToRun() + "-cert",
|
||||
|
@ -471,9 +484,6 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
|
|||
return "", "", "", fmt.Errorf("nebula-cert exited with an error, check the Cosmos logs")
|
||||
}
|
||||
|
||||
// Read the generated certificate and key files
|
||||
certPath := fmt.Sprintf("./%s.crt", name)
|
||||
keyPath := fmt.Sprintf("./%s.key", name)
|
||||
|
||||
utils.Debug("Reading certificate from " + certPath)
|
||||
utils.Debug("Reading key from " + keyPath)
|
||||
|
@ -515,7 +525,7 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
|
|||
}
|
||||
|
||||
func generateNebulaCACert(name string) (error) {
|
||||
// if ca.key exists, delete it, remove it
|
||||
// if ca.key exists, delete it
|
||||
if _, err := os.Stat("./ca.key"); err == nil {
|
||||
os.Remove("./ca.key")
|
||||
}
|
||||
|
|
|
@ -301,22 +301,20 @@ func Restrictions(RestrictToConstellation bool, WhitelistInboundIPs []string) fu
|
|||
}
|
||||
}
|
||||
|
||||
isInConstellationPassing := !RestrictToConstellation || isInConstellation
|
||||
isWhitelistPassing := !isUsingWhiteList || isInWhitelist
|
||||
|
||||
// check if the request is coming from the constellation IP range 192.168.201.0/24
|
||||
if (!isInConstellationPassing) {
|
||||
if(!isUsingWhiteList) {
|
||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
} else if (!isInWhitelist) {
|
||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
if(RestrictToConstellation) {
|
||||
if(!isInConstellation) {
|
||||
if(!isUsingWhiteList) {
|
||||
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
} else if (!isInWhitelist) {
|
||||
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
} else if (!isWhitelistPassing) {
|
||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
||||
} else if(isUsingWhiteList && !isInWhitelist) {
|
||||
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue