[release] v0.12.6-unstable
This commit is contained in:
parent
3d2932f385
commit
9644600f0d
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.12.5",
|
||||
"version": "0.12.6-unstable",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -344,6 +344,10 @@ func InitServer() *mux.Router {
|
|||
|
||||
srapi := router.PathPrefix("/cosmos").Subrouter()
|
||||
|
||||
srapi.HandleFunc("/api/login", user.UserLogin)
|
||||
srapi.HandleFunc("/api/password-reset", user.ResetPassword)
|
||||
srapi.HandleFunc("/api/mfa", user.API2FA)
|
||||
|
||||
srapi.HandleFunc("/api/dns", GetDNSRoute)
|
||||
srapi.HandleFunc("/api/dns-check", CheckDNSRoute)
|
||||
srapi.Use(utils.SetSecurityHeaders)
|
||||
|
@ -353,13 +357,10 @@ func InitServer() *mux.Router {
|
|||
srapi.HandleFunc("/api/favicon", GetFavicon)
|
||||
srapi.HandleFunc("/api/ping", PingURL)
|
||||
srapi.HandleFunc("/api/newInstall", NewInstallRoute)
|
||||
srapi.HandleFunc("/api/login", user.UserLogin)
|
||||
srapi.HandleFunc("/api/logout", user.UserLogout)
|
||||
srapi.HandleFunc("/api/register", user.UserRegister)
|
||||
srapi.HandleFunc("/api/invite", user.UserResendInviteLink)
|
||||
srapi.HandleFunc("/api/me", user.Me)
|
||||
srapi.HandleFunc("/api/mfa", user.API2FA)
|
||||
srapi.HandleFunc("/api/password-reset", user.ResetPassword)
|
||||
srapi.HandleFunc("/api/config", configapi.ConfigRoute)
|
||||
srapi.HandleFunc("/api/restart", configapi.ConfigApiRestart)
|
||||
|
||||
|
@ -417,6 +418,8 @@ func InitServer() *mux.Router {
|
|||
srapi.Use(utils.EnsureHostname)
|
||||
}
|
||||
|
||||
srapi.Use(utils.EnsureHostnameCosmosAPI)
|
||||
|
||||
SecureAPI(srapi, false, false)
|
||||
|
||||
pwd,_ := os.Getwd()
|
||||
|
|
|
@ -21,6 +21,12 @@ func UserLogin(w http.ResponseWriter, req *http.Request) {
|
|||
if(req.Method == "POST") {
|
||||
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
||||
|
||||
if utils.IsLoggedIn(req) {
|
||||
utils.Error("UserLogin: User already logged ing", nil)
|
||||
utils.HTTPError(w, "User is already logged in", http.StatusUnauthorized, "UL002")
|
||||
return
|
||||
}
|
||||
|
||||
var request LoginRequestJSON
|
||||
err1 := json.NewDecoder(req.Body).Decode(&request)
|
||||
if err1 != nil {
|
||||
|
|
|
@ -23,6 +23,12 @@ func ResetPassword(w http.ResponseWriter, req *http.Request) {
|
|||
|
||||
time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
|
||||
|
||||
if utils.IsLoggedIn(req) {
|
||||
utils.Error("UserLogin: User already logged ing", nil)
|
||||
utils.HTTPError(w, "User is already logged in", http.StatusUnauthorized, "UL002")
|
||||
return
|
||||
}
|
||||
|
||||
var request PasswordResetRequestJSON
|
||||
err1 := json.NewDecoder(req.Body).Decode(&request)
|
||||
if err1 != nil {
|
||||
|
|
|
@ -74,6 +74,18 @@ func LoggedInWeakOnly(w http.ResponseWriter, req *http.Request) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func IsLoggedIn(req *http.Request) bool {
|
||||
userNickname := req.Header.Get("x-cosmos-user")
|
||||
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
||||
isUserLoggedIn := role > 0
|
||||
|
||||
if !isUserLoggedIn || userNickname == "" {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func LoggedInOnly(w http.ResponseWriter, req *http.Request) error {
|
||||
userNickname := req.Header.Get("x-cosmos-user")
|
||||
role, _ := strconv.Atoi(req.Header.Get("x-cosmos-role"))
|
||||
|
|
|
@ -346,6 +346,51 @@ func EnsureHostname(next http.Handler) http.Handler {
|
|||
})
|
||||
}
|
||||
|
||||
func EnsureHostnameCosmosAPI(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
og := GetMainConfig().HTTPConfig.Hostname
|
||||
ni := GetMainConfig().NewInstall
|
||||
|
||||
isLogin := !strings.HasPrefix(r.URL.Path, "/cosmos/api") ||
|
||||
strings.HasPrefix(r.URL.Path, "/cosmos/api/login") ||
|
||||
strings.HasPrefix(r.URL.Path, "/cosmos/api/password-reset") ||
|
||||
strings.HasPrefix(r.URL.Path, "/cosmos/api/mfa")
|
||||
|
||||
if ni || og == "0.0.0.0" || isLogin {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
reqHostNoPort := strings.Split(r.Host, ":")[0]
|
||||
|
||||
if og != reqHostNoPort {
|
||||
PushShieldMetrics("hostname")
|
||||
Error("Invalid Hostname " + r.Host + " for request.", nil)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
http.Error(w, "Bad Request: Invalid hostname. Use your domain instead of your IP to access your server. Check logs if more details are needed.", http.StatusBadRequest)
|
||||
|
||||
ip, _, _ := net.SplitHostPort(r.RemoteAddr)
|
||||
if ip != "" {
|
||||
TriggerEvent(
|
||||
"cosmos.proxy.shield.hostname",
|
||||
"Proxy Shield hostname blocked",
|
||||
"warning",
|
||||
"",
|
||||
map[string]interface{}{
|
||||
"clientID": ip,
|
||||
"hostname": r.Host,
|
||||
"url": r.URL.String(),
|
||||
})
|
||||
IncrementIPAbuseCounter(ip)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
func IsValidHostname(hostname string) bool {
|
||||
og := GetMainConfig().HTTPConfig.Hostname
|
||||
ni := GetMainConfig().NewInstall
|
||||
|
|
Loading…
Reference in a new issue