From f7ee52dbb384523fc19d0ce7d13d2cabe9124974 Mon Sep 17 00:00:00 2001 From: Yann Stepienik Date: Fri, 11 Aug 2023 10:18:24 +0100 Subject: [PATCH] [release] v0.9.19-unstable --- build.sh | 1 + changelog.md | 5 +++ client/src/pages/config/users/configman.jsx | 17 +++++++++-- client/src/pages/home/index.jsx | 9 ++++-- docker.sh | 14 ++++----- dockerfile | 21 +++++++++++-- package.json | 2 +- src/httpServer.go | 2 +- src/proxy/routeTo.go | 5 ++- src/utils/middleware.go | 28 ++++++++++++++--- src/utils/types.go | 1 + src/utils/utils.go | 34 --------------------- 12 files changed, 83 insertions(+), 56 deletions(-) diff --git a/build.sh b/build.sh index 5e51280..0fb4970 100644 --- a/build.sh +++ b/build.sh @@ -1,6 +1,7 @@ #!/bin/bash rm -rf build +env GOARCH=arm64 go build -o build/cosmos-arm64 src/*.go go build -o build/cosmos src/*.go if [ $? -ne 0 ]; then exit 1 diff --git a/changelog.md b/changelog.md index 9e6c5b0..6e47e9e 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,8 @@ +## Version 0.9.19 + - Add country whitelist option to geoblocker + - Fix issue with Contradictory scheme headers + - Fix issue where non-admin users cant see Servapp on the homepage + ## Version 0.9.18 - Typo with x-forwarded-host diff --git a/client/src/pages/config/users/configman.jsx b/client/src/pages/config/users/configman.jsx index 8553e84..20e90bf 100644 --- a/client/src/pages/config/users/configman.jsx +++ b/client/src/pages/config/users/configman.jsx @@ -77,6 +77,7 @@ const ConfigManagement = () => { LoggingLevel: config.LoggingLevel, RequireMFA: config.RequireMFA, GeoBlocking: config.BlockedCountries, + CountryBlacklistIsWhitelist: config.CountryBlacklistIsWhitelist, AutoUpdate: config.AutoUpdate, Hostname: config.HTTPConfig.Hostname, @@ -125,6 +126,7 @@ const ConfigManagement = () => { RequireMFA: values.RequireMFA, // AutoUpdate: values.AutoUpdate, BlockedCountries: values.GeoBlocking, + CountryBlacklistIsWhitelist: values.CountryBlacklistIsWhitelist, HTTPConfig: { ...config.HTTPConfig, Hostname: values.Hostname, @@ -501,14 +503,25 @@ const ConfigManagement = () => { + + + - Geo-Blocking: (Those countries will be blocked from accessing your server) + Geo-Blocking: (Those countries will be + {formik.values.CountryBlacklistIsWhitelist ? " allowed to access " : " blocked from accessing "} + your server) - + + diff --git a/client/src/pages/home/index.jsx b/client/src/pages/home/index.jsx index 3b7d026..e3cee33 100644 --- a/client/src/pages/home/index.jsx +++ b/client/src/pages/home/index.jsx @@ -337,12 +337,15 @@ const HomePage = () => { if (route.Mode == "SERVAPP") { containerName = route.Target.split(':')[1].slice(2); container = servApps.find((c) => c.Names.includes('/' + containerName)); - if (!container || container.State != "running") { - skip = true - } + // TOOD: rework, as it prevents users from seeing the apps + // if (!container || container.State != "running") { + // skip = true + // } } + if (route.HideFromDashboard) skip = true; + return !skip && coStatus && (coStatus.homepage.Expanded ? diff --git a/docker.sh b/docker.sh index b46acfe..336cd21 100644 --- a/docker.sh +++ b/docker.sh @@ -12,12 +12,12 @@ fi echo "Pushing azukaar/cosmos-server:$VERSION and azukaar/cosmos-server:$LATEST" -sh build.sh +# sh build.sh -docker build \ - -t azukaar/cosmos-server:$VERSION \ - -t azukaar/cosmos-server:$LATEST \ +# Multi-architecture build +docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --tag azukaar/cosmos-server:$VERSION \ + --tag azukaar/cosmos-server:$LATEST \ + --push \ . - -docker push azukaar/cosmos-server:$VERSION -docker push azukaar/cosmos-server:$LATEST \ No newline at end of file diff --git a/dockerfile b/dockerfile index 3985fca..7aa4478 100644 --- a/dockerfile +++ b/dockerfile @@ -2,6 +2,18 @@ FROM debian:11 +ARG TARGETPLATFORM +ARG BINARY_NAME=cosmos + +# Set BINARY_NAME based on the TARGETPLATFORM +RUN case "$TARGETPLATFORM" in \ + "linux/arm64") BINARY_NAME="cosmos-arm64" ;; \ + *) BINARY_NAME="cosmos" ;; \ + esac && echo $BINARY_NAME > /binary_name + +# This is just to log the platforms (optional) +RUN echo "I am building for $TARGETPLATFORM" > /log + EXPOSE 443 80 VOLUME /config @@ -10,7 +22,12 @@ RUN apt-get update && apt-get install -y ca-certificates openssl WORKDIR /app -COPY build/cosmos build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./ +# Copy the respective binary based on the BINARY_NAME +COPY build/$BINARY_NAME ./ + +# Copy other resources +COPY build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./ COPY static ./static -CMD ["./cosmos"] +# Run the respective binary based on the BINARY_NAME +CMD ["sh", "-c", "./$(cat /binary_name)"] \ No newline at end of file diff --git a/package.json b/package.json index e491b21..08f53f7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cosmos-server", - "version": "0.9.18", + "version": "0.9.19-unstable", "description": "", "main": "test-server.js", "bugs": { diff --git a/src/httpServer.go b/src/httpServer.go index 380fb3d..1e9c2c9 100644 --- a/src/httpServer.go +++ b/src/httpServer.go @@ -276,7 +276,7 @@ func InitServer() *mux.Router { router.Use(middleware.Logger) if config.BlockedCountries != nil && len(config.BlockedCountries) > 0 { - router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries)) + router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries, config.CountryBlacklistIsWhitelist)) } srapi := router.PathPrefix("/cosmos").Subrouter() diff --git a/src/proxy/routeTo.go b/src/proxy/routeTo.go index 3a52081..3ec4c19 100644 --- a/src/proxy/routeTo.go +++ b/src/proxy/routeTo.go @@ -71,8 +71,11 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH } req.Header.Set("X-Forwarded-Proto", originalScheme) - req.Header.Set("X-Forwarded-Protocol", originalScheme) + if(originalScheme == "https") { + req.Header.Set("X-Forwarded-Ssl", "on") + } + if VerboseForwardHeader { req.Header.Set("X-Forwarded-Host", url.Host) req.Header.Set("X-Origin-Host", url.Host) diff --git a/src/utils/middleware.go b/src/utils/middleware.go index 9c987c9..cd67cec 100644 --- a/src/utils/middleware.go +++ b/src/utils/middleware.go @@ -118,7 +118,7 @@ func GetIPLocation(ip string) (string, error) { } // BlockByCountryMiddleware returns a middleware function that blocks requests from specified countries. -func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http.Handler { +func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ip, _, err := net.SplitHostPort(r.RemoteAddr) @@ -138,10 +138,28 @@ func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http config := GetMainConfig() - for _, blockedCountry := range blockedCountries { - if config.ServerCountry != countryCode && countryCode == blockedCountry { - http.Error(w, "Access denied", http.StatusForbidden) - return + if CountryBlacklistIsWhitelist { + if countryCode != "" { + blocked := true + for _, blockedCountry := range blockedCountries { + if config.ServerCountry != countryCode && countryCode == blockedCountry { + blocked = false + } + } + + if blocked { + http.Error(w, "Access denied", http.StatusForbidden) + return + } + } else { + Warn("Missing geolocation information to block IPs") + } + } else { + for _, blockedCountry := range blockedCountries { + if config.ServerCountry != countryCode && countryCode == blockedCountry { + http.Error(w, "Access denied", http.StatusForbidden) + return + } } } } else { diff --git a/src/utils/types.go b/src/utils/types.go index fa74749..1f6d9f3 100644 --- a/src/utils/types.go +++ b/src/utils/types.go @@ -82,6 +82,7 @@ type Config struct { EmailConfig EmailConfig `validate:"required,dive,required"` DockerConfig DockerConfig BlockedCountries []string + CountryBlacklistIsWhitelist bool ServerCountry string RequireMFA bool AutoUpdate bool diff --git a/src/utils/utils.go b/src/utils/utils.go index f4d04b3..6177a0c 100644 --- a/src/utils/utils.go +++ b/src/utils/utils.go @@ -41,41 +41,7 @@ var DefaultConfig = Config{ LoggingLevel: "INFO", NewInstall: true, AutoUpdate: true, - // By default we block all countries that have a high amount of attacks - // Note that Cosmos wont block the country of origin of the server even if it is in this list BlockedCountries: []string{ - // china - "CN", - // Russia - "RU", - // turkey - "TR", - // Brazil - "BR", - // Bangladesh - "BD", - // India - "IN", - // Nepal - "NP", - // Pakistan - "PK", - // Sri Lanka - "LK", - // Vietnam - "VN", - // Indonesia - "ID", - // Iran - "IR", - // Iraq - "IQ", - // Egypt - "EG", - // Afghanistan - "AF", - // Romania - "RO", }, HTTPConfig: HTTPConfig{ HTTPSCertificateMode: "DISABLED",