[release] v0.10.1-unstable2

2023-10-07 22:18:17 +01:00 · 2023-10-07 22:18:17 +01:00 · 2bdc2952d6
parent df27afb694
commit 2bdc2952d6
3 changed files with 28 additions and 20 deletions
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "cosmos-server",
-  "version": "0.10.1-unstable",
+  "version": "0.10.1-unstable2",
  "description": "",
  "main": "test-server.js",
  "bugs": {
--- a/src/constellation/nebula.go
+++ b/src/constellation/nebula.go
@ -428,6 +428,19 @@ func GetCertFingerprint(certPath string) (string, error) {
 func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, string, error) {
 	// Run the nebula-cert command
 	var cmd *exec.Cmd
+	
+	// Read the generated certificate and key files
+	certPath := fmt.Sprintf("./%s.crt", name)
+	keyPath := fmt.Sprintf("./%s.key", name)
+
+	
+	// if the temp exists, delete it
+	if _, err := os.Stat(certPath); err == nil {
+		os.Remove(certPath)
+	}
+	if _, err := os.Stat(keyPath); err == nil {
+		os.Remove(keyPath)
+	}

 	if(PK == "") {
 		cmd = exec.Command(binaryToRun() + "-cert",
@ -471,9 +484,6 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
 		return "", "", "", fmt.Errorf("nebula-cert exited with an error, check the Cosmos logs")
 	}

-	// Read the generated certificate and key files
-	certPath := fmt.Sprintf("./%s.crt", name)
-	keyPath := fmt.Sprintf("./%s.key", name)

 	utils.Debug("Reading certificate from " + certPath)
 	utils.Debug("Reading key from " + keyPath)
@ -515,7 +525,7 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
 }

 func generateNebulaCACert(name string) (error) {
-	// if ca.key exists, delete it, remove it 
+	// if ca.key exists, delete it
 	if _, err := os.Stat("./ca.key"); err == nil {
 		os.Remove("./ca.key")
 	}
--- a/src/utils/middleware.go
+++ b/src/utils/middleware.go
@ -301,22 +301,20 @@ func Restrictions(RestrictToConstellation bool, WhitelistInboundIPs []string) fu
 			}
 		}

-		isInConstellationPassing := !RestrictToConstellation || isInConstellation
-		isWhitelistPassing := !isUsingWhiteList || isInWhitelist
-
-		// check if the request is coming from the constellation IP range 192.168.201.0/24
-		if (!isInConstellationPassing) {
-			if(!isUsingWhiteList) {
-				Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
-				http.Error(w, "Access denied", http.StatusForbidden)
-				return
-			} else if (!isInWhitelist) {
-				Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
-				http.Error(w, "Access denied", http.StatusForbidden)
-				return
+		if(RestrictToConstellation) {
+			if(!isInConstellation) {
+				if(!isUsingWhiteList) {
+					Error("Request from " + ip + " is blocked because of restrictions", nil)
+					http.Error(w, "Access denied", http.StatusForbidden)
+					return
+				} else if (!isInWhitelist) {
+					Error("Request from " + ip + " is blocked because of restrictions", nil)
+					http.Error(w, "Access denied", http.StatusForbidden)
+					return
+				}
 			}
-		} else if (!isWhitelistPassing) {
-			Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
+		} else if(isUsingWhiteList && !isInWhitelist) {
+			Error("Request from " + ip + " is blocked because of restrictions", nil)
 			http.Error(w, "Access denied", http.StatusForbidden)
 			return
 		}