From 2bdc2952d6e483fbda9acbf5a14dd8bffe808d69 Mon Sep 17 00:00:00 2001 From: Yann Stepienik Date: Sat, 7 Oct 2023 22:18:17 +0100 Subject: [PATCH] [release] v0.10.1-unstable2 --- package.json | 2 +- src/constellation/nebula.go | 18 ++++++++++++++---- src/utils/middleware.go | 28 +++++++++++++--------------- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/package.json b/package.json index 2c87103..e340239 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cosmos-server", - "version": "0.10.1-unstable", + "version": "0.10.1-unstable2", "description": "", "main": "test-server.js", "bugs": { diff --git a/src/constellation/nebula.go b/src/constellation/nebula.go index e00834a..90e3b60 100644 --- a/src/constellation/nebula.go +++ b/src/constellation/nebula.go @@ -428,6 +428,19 @@ func GetCertFingerprint(certPath string) (string, error) { func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, string, error) { // Run the nebula-cert command var cmd *exec.Cmd + + // Read the generated certificate and key files + certPath := fmt.Sprintf("./%s.crt", name) + keyPath := fmt.Sprintf("./%s.key", name) + + + // if the temp exists, delete it + if _, err := os.Stat(certPath); err == nil { + os.Remove(certPath) + } + if _, err := os.Stat(keyPath); err == nil { + os.Remove(keyPath) + } if(PK == "") { cmd = exec.Command(binaryToRun() + "-cert", @@ -471,9 +484,6 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s return "", "", "", fmt.Errorf("nebula-cert exited with an error, check the Cosmos logs") } - // Read the generated certificate and key files - certPath := fmt.Sprintf("./%s.crt", name) - keyPath := fmt.Sprintf("./%s.key", name) utils.Debug("Reading certificate from " + certPath) utils.Debug("Reading key from " + keyPath) @@ -515,7 +525,7 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s } func generateNebulaCACert(name string) (error) { - // if ca.key exists, delete it, remove it + // if ca.key exists, delete it if _, err := os.Stat("./ca.key"); err == nil { os.Remove("./ca.key") } diff --git a/src/utils/middleware.go b/src/utils/middleware.go index e998e91..75692a3 100644 --- a/src/utils/middleware.go +++ b/src/utils/middleware.go @@ -301,22 +301,20 @@ func Restrictions(RestrictToConstellation bool, WhitelistInboundIPs []string) fu } } - isInConstellationPassing := !RestrictToConstellation || isInConstellation - isWhitelistPassing := !isUsingWhiteList || isInWhitelist - - // check if the request is coming from the constellation IP range 192.168.201.0/24 - if (!isInConstellationPassing) { - if(!isUsingWhiteList) { - Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing)) - http.Error(w, "Access denied", http.StatusForbidden) - return - } else if (!isInWhitelist) { - Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing)) - http.Error(w, "Access denied", http.StatusForbidden) - return + if(RestrictToConstellation) { + if(!isInConstellation) { + if(!isUsingWhiteList) { + Error("Request from " + ip + " is blocked because of restrictions", nil) + http.Error(w, "Access denied", http.StatusForbidden) + return + } else if (!isInWhitelist) { + Error("Request from " + ip + " is blocked because of restrictions", nil) + http.Error(w, "Access denied", http.StatusForbidden) + return + } } - } else if (!isWhitelistPassing) { - Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing)) + } else if(isUsingWhiteList && !isInWhitelist) { + Error("Request from " + ip + " is blocked because of restrictions", nil) http.Error(w, "Access denied", http.StatusForbidden) return }