[release] v0.10.1-unstable2
This commit is contained in:
parent
df27afb694
commit
2bdc2952d6
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "cosmos-server",
|
"name": "cosmos-server",
|
||||||
"version": "0.10.1-unstable",
|
"version": "0.10.1-unstable2",
|
||||||
"description": "",
|
"description": "",
|
||||||
"main": "test-server.js",
|
"main": "test-server.js",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
|
|
|
@ -428,6 +428,19 @@ func GetCertFingerprint(certPath string) (string, error) {
|
||||||
func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, string, error) {
|
func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, string, error) {
|
||||||
// Run the nebula-cert command
|
// Run the nebula-cert command
|
||||||
var cmd *exec.Cmd
|
var cmd *exec.Cmd
|
||||||
|
|
||||||
|
// Read the generated certificate and key files
|
||||||
|
certPath := fmt.Sprintf("./%s.crt", name)
|
||||||
|
keyPath := fmt.Sprintf("./%s.key", name)
|
||||||
|
|
||||||
|
|
||||||
|
// if the temp exists, delete it
|
||||||
|
if _, err := os.Stat(certPath); err == nil {
|
||||||
|
os.Remove(certPath)
|
||||||
|
}
|
||||||
|
if _, err := os.Stat(keyPath); err == nil {
|
||||||
|
os.Remove(keyPath)
|
||||||
|
}
|
||||||
|
|
||||||
if(PK == "") {
|
if(PK == "") {
|
||||||
cmd = exec.Command(binaryToRun() + "-cert",
|
cmd = exec.Command(binaryToRun() + "-cert",
|
||||||
|
@ -471,9 +484,6 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
|
||||||
return "", "", "", fmt.Errorf("nebula-cert exited with an error, check the Cosmos logs")
|
return "", "", "", fmt.Errorf("nebula-cert exited with an error, check the Cosmos logs")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read the generated certificate and key files
|
|
||||||
certPath := fmt.Sprintf("./%s.crt", name)
|
|
||||||
keyPath := fmt.Sprintf("./%s.key", name)
|
|
||||||
|
|
||||||
utils.Debug("Reading certificate from " + certPath)
|
utils.Debug("Reading certificate from " + certPath)
|
||||||
utils.Debug("Reading key from " + keyPath)
|
utils.Debug("Reading key from " + keyPath)
|
||||||
|
@ -515,7 +525,7 @@ func generateNebulaCert(name, ip, PK string, saveToFile bool) (string, string, s
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateNebulaCACert(name string) (error) {
|
func generateNebulaCACert(name string) (error) {
|
||||||
// if ca.key exists, delete it, remove it
|
// if ca.key exists, delete it
|
||||||
if _, err := os.Stat("./ca.key"); err == nil {
|
if _, err := os.Stat("./ca.key"); err == nil {
|
||||||
os.Remove("./ca.key")
|
os.Remove("./ca.key")
|
||||||
}
|
}
|
||||||
|
|
|
@ -301,22 +301,20 @@ func Restrictions(RestrictToConstellation bool, WhitelistInboundIPs []string) fu
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
isInConstellationPassing := !RestrictToConstellation || isInConstellation
|
if(RestrictToConstellation) {
|
||||||
isWhitelistPassing := !isUsingWhiteList || isInWhitelist
|
if(!isInConstellation) {
|
||||||
|
if(!isUsingWhiteList) {
|
||||||
// check if the request is coming from the constellation IP range 192.168.201.0/24
|
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||||
if (!isInConstellationPassing) {
|
http.Error(w, "Access denied", http.StatusForbidden)
|
||||||
if(!isUsingWhiteList) {
|
return
|
||||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
} else if (!isInWhitelist) {
|
||||||
http.Error(w, "Access denied", http.StatusForbidden)
|
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||||
return
|
http.Error(w, "Access denied", http.StatusForbidden)
|
||||||
} else if (!isInWhitelist) {
|
return
|
||||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
}
|
||||||
http.Error(w, "Access denied", http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
} else if (!isWhitelistPassing) {
|
} else if(isUsingWhiteList && !isInWhitelist) {
|
||||||
Log("Request from " + ip + " is blocked because of restrictions isInConstellationPassing: " + fmt.Sprintf("%v", isInConstellationPassing) + " and isWhitelistPassing: " + fmt.Sprintf("%v", isWhitelistPassing))
|
Error("Request from " + ip + " is blocked because of restrictions", nil)
|
||||||
http.Error(w, "Access denied", http.StatusForbidden)
|
http.Error(w, "Access denied", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue