beenull/Cosmos-Server
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

[release] v0.9.19-unstable

Browse source
This commit is contained in:
Yann Stepienik 2023-08-11 10:18:24 +01:00
parent 60be289c76
commit f7ee52dbb3
12 changed files with 83 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
build.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash
rm -rf build
env GOARCH=arm64 go build -o build/cosmos-arm64 src/*.go
go build -o build/cosmos src/*.go
if [ $? -ne 0 ]; then
exit 1

5
changelog.md
View file

@ -1,3 +1,8 @@
## Version 0.9.19
- Add country whitelist option to geoblocker
- Fix issue with Contradictory scheme headers
- Fix issue where non-admin users cant see Servapp on the homepage
## Version 0.9.18
- Typo with x-forwarded-host

17
client/src/pages/config/users/configman.jsx
View file

@ -77,6 +77,7 @@ const ConfigManagement = () => {
LoggingLevel: config.LoggingLevel,
RequireMFA: config.RequireMFA,
GeoBlocking: config.BlockedCountries,
CountryBlacklistIsWhitelist: config.CountryBlacklistIsWhitelist,
AutoUpdate: config.AutoUpdate,
Hostname: config.HTTPConfig.Hostname,
@ -125,6 +126,7 @@ const ConfigManagement = () => {
RequireMFA: values.RequireMFA,
// AutoUpdate: values.AutoUpdate,
BlockedCountries: values.GeoBlocking,
CountryBlacklistIsWhitelist: values.CountryBlacklistIsWhitelist,
HTTPConfig: {
...config.HTTPConfig,
Hostname: values.Hostname,
@ -501,14 +503,25 @@ const ConfigManagement = () => {
<Grid container spacing={3}>
<CosmosFormDivider title='Geo-Blocking' />
<CosmosCheckbox
label={"Use list as whitelist instead of blacklist"}
name="CountryBlacklistIsWhitelist"
formik={formik}
/>
<Grid item xs={12}>
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be blocked from accessing your server)</InputLabel>
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be
{formik.values.CountryBlacklistIsWhitelist ? " allowed to access " : " blocked from accessing "}
your server)</InputLabel>
</Grid>
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block" formik={formik} />
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block or allow" formik={formik} />
<Grid item xs={12}>
<Button onClick={() => {
formik.setFieldValue("GeoBlocking", ["CN","RU","TR","BR","BD","IN","NP","PK","LK","VN","ID","IR","IQ","EG","AF","RO",])
formik.setFieldValue("CountryBlacklistIsWhitelist", false)
}} variant="outlined">Reset to default (most dangerous countries)</Button>
</Grid>

9
client/src/pages/home/index.jsx
View file

@ -337,12 +337,15 @@ const HomePage = () => {
if (route.Mode == "SERVAPP") {
containerName = route.Target.split(':')[1].slice(2);
container = servApps.find((c) => c.Names.includes('/' + containerName));
if (!container || container.State != "running") {
skip = true
}
// TOOD: rework, as it prevents users from seeing the apps
// if (!container || container.State != "running") {
// skip = true
// }
}
if (route.HideFromDashboard)
skip = true;
return !skip && coStatus && (coStatus.homepage.Expanded ?
<Grid2 item xs={12} sm={6} md={4} lg={3} xl={3} xxl={3} key={route.Name}>

14
docker.sh
View file

@ -12,12 +12,12 @@ fi
echo "Pushing azukaar/cosmos-server:$VERSION and azukaar/cosmos-server:$LATEST"
sh build.sh
# sh build.sh
docker build \
-t azukaar/cosmos-server:$VERSION \
-t azukaar/cosmos-server:$LATEST \
# Multi-architecture build
docker buildx build \
--platform linux/amd64,linux/arm64 \
--tag azukaar/cosmos-server:$VERSION \
--tag azukaar/cosmos-server:$LATEST \
--push \
.
docker push azukaar/cosmos-server:$VERSION
docker push azukaar/cosmos-server:$LATEST

21
dockerfile
View file

@ -2,6 +2,18 @@
FROM debian:11
ARG TARGETPLATFORM
ARG BINARY_NAME=cosmos
# Set BINARY_NAME based on the TARGETPLATFORM
RUN case "$TARGETPLATFORM" in \
"linux/arm64") BINARY_NAME="cosmos-arm64" ;; \
*) BINARY_NAME="cosmos" ;; \
esac && echo $BINARY_NAME > /binary_name
# This is just to log the platforms (optional)
RUN echo "I am building for $TARGETPLATFORM" > /log
EXPOSE 443 80
VOLUME /config
@ -10,7 +22,12 @@ RUN apt-get update && apt-get install -y ca-certificates openssl
WORKDIR /app
COPY build/cosmos build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
# Copy the respective binary based on the BINARY_NAME
COPY build/$BINARY_NAME ./
# Copy other resources
COPY build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
COPY static ./static
CMD ["./cosmos"]
# Run the respective binary based on the BINARY_NAME
CMD ["sh", "-c", "./$(cat /binary_name)"]

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "cosmos-server",
"version": "0.9.18",
"version": "0.9.19-unstable",
"description": "",
"main": "test-server.js",
"bugs": {

2
src/httpServer.go
View file

@ -276,7 +276,7 @@ func InitServer() *mux.Router {
router.Use(middleware.Logger)
if config.BlockedCountries != nil && len(config.BlockedCountries) > 0 {
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries))
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries, config.CountryBlacklistIsWhitelist))
}
srapi := router.PathPrefix("/cosmos").Subrouter()

5
src/proxy/routeTo.go
View file

@ -71,8 +71,11 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
}
req.Header.Set("X-Forwarded-Proto", originalScheme)
req.Header.Set("X-Forwarded-Protocol", originalScheme)
if(originalScheme == "https") {
req.Header.Set("X-Forwarded-Ssl", "on")
}
if VerboseForwardHeader {
req.Header.Set("X-Forwarded-Host", url.Host)
req.Header.Set("X-Origin-Host", url.Host)

28
src/utils/middleware.go
View file

@ -118,7 +118,7 @@ func GetIPLocation(ip string) (string, error) {
}
// BlockByCountryMiddleware returns a middleware function that blocks requests from specified countries.
func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http.Handler {
func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip, _, err := net.SplitHostPort(r.RemoteAddr)
@ -138,10 +138,28 @@ func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http
config := GetMainConfig()
for _, blockedCountry := range blockedCountries {
if config.ServerCountry != countryCode && countryCode == blockedCountry {
http.Error(w, "Access denied", http.StatusForbidden)
return
if CountryBlacklistIsWhitelist {
if countryCode != "" {
blocked := true
for _, blockedCountry := range blockedCountries {
if config.ServerCountry != countryCode && countryCode == blockedCountry {
blocked = false
}
}
if blocked {
http.Error(w, "Access denied", http.StatusForbidden)
return
}
} else {
Warn("Missing geolocation information to block IPs")
}
} else {
for _, blockedCountry := range blockedCountries {
if config.ServerCountry != countryCode && countryCode == blockedCountry {
http.Error(w, "Access denied", http.StatusForbidden)
return
}
}
}
} else {

1
src/utils/types.go
View file

@ -82,6 +82,7 @@ type Config struct {
EmailConfig EmailConfig `validate:"required,dive,required"`
DockerConfig DockerConfig
BlockedCountries []string
CountryBlacklistIsWhitelist bool
ServerCountry string
RequireMFA bool
AutoUpdate bool

34
src/utils/utils.go
View file

@ -41,41 +41,7 @@ var DefaultConfig = Config{
LoggingLevel: "INFO",
NewInstall: true,
AutoUpdate: true,
// By default we block all countries that have a high amount of attacks
// Note that Cosmos wont block the country of origin of the server even if it is in this list
BlockedCountries: []string{
// china
"CN",
// Russia
"RU",
// turkey
"TR",
// Brazil
"BR",
// Bangladesh
"BD",
// India
"IN",
// Nepal
"NP",
// Pakistan
"PK",
// Sri Lanka
"LK",
// Vietnam
"VN",
// Indonesia
"ID",
// Iran
"IR",
// Iraq
"IQ",
// Egypt
"EG",
// Afghanistan
"AF",
// Romania
"RO",
},
HTTPConfig: HTTPConfig{
HTTPSCertificateMode: "DISABLED",