[release] v0.12.6-unstable
This commit is contained in:
parent
3d2932f385
commit
9644600f0d
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "cosmos-server",
|
"name": "cosmos-server",
|
||||||
"version": "0.12.5",
|
"version": "0.12.6-unstable",
|
||||||
"description": "",
|
"description": "",
|
||||||
"main": "test-server.js",
|
"main": "test-server.js",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
|
|
|
@ -343,6 +343,10 @@ func InitServer() *mux.Router {
|
||||||
|
|
||||||
|
|
||||||
srapi := router.PathPrefix("/cosmos").Subrouter()
|
srapi := router.PathPrefix("/cosmos").Subrouter()
|
||||||
|
|
||||||
|
srapi.HandleFunc("/api/login", user.UserLogin)
|
||||||
|
srapi.HandleFunc("/api/password-reset", user.ResetPassword)
|
||||||
|
srapi.HandleFunc("/api/mfa", user.API2FA)
|
||||||
|
|
||||||
srapi.HandleFunc("/api/dns", GetDNSRoute)
|
srapi.HandleFunc("/api/dns", GetDNSRoute)
|
||||||
srapi.HandleFunc("/api/dns-check", CheckDNSRoute)
|
srapi.HandleFunc("/api/dns-check", CheckDNSRoute)
|
||||||
|
@ -353,13 +357,10 @@ func InitServer() *mux.Router {
|
||||||
srapi.HandleFunc("/api/favicon", GetFavicon)
|
srapi.HandleFunc("/api/favicon", GetFavicon)
|
||||||
srapi.HandleFunc("/api/ping", PingURL)
|
srapi.HandleFunc("/api/ping", PingURL)
|
||||||
srapi.HandleFunc("/api/newInstall", NewInstallRoute)
|
srapi.HandleFunc("/api/newInstall", NewInstallRoute)
|
||||||
srapi.HandleFunc("/api/login", user.UserLogin)
|
|
||||||
srapi.HandleFunc("/api/logout", user.UserLogout)
|
srapi.HandleFunc("/api/logout", user.UserLogout)
|
||||||
srapi.HandleFunc("/api/register", user.UserRegister)
|
srapi.HandleFunc("/api/register", user.UserRegister)
|
||||||
srapi.HandleFunc("/api/invite", user.UserResendInviteLink)
|
srapi.HandleFunc("/api/invite", user.UserResendInviteLink)
|
||||||
srapi.HandleFunc("/api/me", user.Me)
|
srapi.HandleFunc("/api/me", user.Me)
|
||||||
srapi.HandleFunc("/api/mfa", user.API2FA)
|
|
||||||
srapi.HandleFunc("/api/password-reset", user.ResetPassword)
|
|
||||||
srapi.HandleFunc("/api/config", configapi.ConfigRoute)
|
srapi.HandleFunc("/api/config", configapi.ConfigRoute)
|
||||||
srapi.HandleFunc("/api/restart", configapi.ConfigApiRestart)
|
srapi.HandleFunc("/api/restart", configapi.ConfigApiRestart)
|
||||||
|
|
||||||
|
@ -416,6 +417,8 @@ func InitServer() *mux.Router {
|
||||||
if(!config.HTTPConfig.AcceptAllInsecureHostname) {
|
if(!config.HTTPConfig.AcceptAllInsecureHostname) {
|
||||||
srapi.Use(utils.EnsureHostname)
|
srapi.Use(utils.EnsureHostname)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
srapi.Use(utils.EnsureHostnameCosmosAPI)
|
||||||
|
|
||||||
SecureAPI(srapi, false, false)
|
SecureAPI(srapi, false, false)
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,12 @@ type LoginRequestJSON struct {
|
||||||
func UserLogin(w http.ResponseWriter, req *http.Request) {
|
func UserLogin(w http.ResponseWriter, req *http.Request) {
|
||||||
if(req.Method == "POST") {
|
if(req.Method == "POST") {
|
||||||
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
||||||
|
|
||||||
|
if utils.IsLoggedIn(req) {
|
||||||
|
utils.Error("UserLogin: User already logged ing", nil)
|
||||||
|
utils.HTTPError(w, "User is already logged in", http.StatusUnauthorized, "UL002")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var request LoginRequestJSON
|
var request LoginRequestJSON
|
||||||
err1 := json.NewDecoder(req.Body).Decode(&request)
|
err1 := json.NewDecoder(req.Body).Decode(&request)
|
||||||
|
|
|
@ -22,6 +22,12 @@ func ResetPassword(w http.ResponseWriter, req *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
||||||
|
|
||||||
|
if utils.IsLoggedIn(req) {
|
||||||
|
utils.Error("UserLogin: User already logged ing", nil)
|
||||||
|
utils.HTTPError(w, "User is already logged in", http.StatusUnauthorized, "UL002")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var request PasswordResetRequestJSON
|
var request PasswordResetRequestJSON
|
||||||
err1 := json.NewDecoder(req.Body).Decode(&request)
|
err1 := json.NewDecoder(req.Body).Decode(&request)
|
||||||
|
|
|
@ -74,6 +74,18 @@ func LoggedInWeakOnly(w http.ResponseWriter, req *http.Request) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func IsLoggedIn(req *http.Request) bool {
|
||||||
|
userNickname := req.Header.Get("x-cosmos-user")
|
||||||
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
||||||
|
isUserLoggedIn := role > 0
|
||||||
|
|
||||||
|
if !isUserLoggedIn || userNickname == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
func LoggedInOnly(w http.ResponseWriter, req *http.Request) error {
|
func LoggedInOnly(w http.ResponseWriter, req *http.Request) error {
|
||||||
userNickname := req.Header.Get("x-cosmos-user")
|
userNickname := req.Header.Get("x-cosmos-user")
|
||||||
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
||||||
|
|
|
@ -346,6 +346,51 @@ func EnsureHostname(next http.Handler) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func EnsureHostnameCosmosAPI(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
og := GetMainConfig().HTTPConfig.Hostname
|
||||||
|
ni := GetMainConfig().NewInstall
|
||||||
|
|
||||||
|
isLogin := !strings.HasPrefix(r.URL.Path, "/cosmos/api") ||
|
||||||
|
strings.HasPrefix(r.URL.Path, "/cosmos/api/login") ||
|
||||||
|
strings.HasPrefix(r.URL.Path, "/cosmos/api/password-reset") ||
|
||||||
|
strings.HasPrefix(r.URL.Path, "/cosmos/api/mfa")
|
||||||
|
|
||||||
|
if ni || og == "0.0.0.0" || isLogin {
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
reqHostNoPort := strings.Split(r.Host, ":")[0]
|
||||||
|
|
||||||
|
if og != reqHostNoPort {
|
||||||
|
PushShieldMetrics("hostname")
|
||||||
|
Error("Invalid Hostname " + r.Host + " for request.", nil)
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
http.Error(w, "Bad Request: Invalid hostname. Use your domain instead of your IP to access your server. Check logs if more details are needed.", http.StatusBadRequest)
|
||||||
|
|
||||||
|
ip, _, _ := net.SplitHostPort(r.RemoteAddr)
|
||||||
|
if ip != "" {
|
||||||
|
TriggerEvent(
|
||||||
|
"cosmos.proxy.shield.hostname",
|
||||||
|
"Proxy Shield hostname blocked",
|
||||||
|
"warning",
|
||||||
|
"",
|
||||||
|
map[string]interface{}{
|
||||||
|
"clientID": ip,
|
||||||
|
"hostname": r.Host,
|
||||||
|
"url": r.URL.String(),
|
||||||
|
})
|
||||||
|
IncrementIPAbuseCounter(ip)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func IsValidHostname(hostname string) bool {
|
func IsValidHostname(hostname string) bool {
|
||||||
og := GetMainConfig().HTTPConfig.Hostname
|
og := GetMainConfig().HTTPConfig.Hostname
|
||||||
ni := GetMainConfig().NewInstall
|
ni := GetMainConfig().NewInstall
|
||||||
|
|
Loading…
Reference in a new issue