[release] v0.9.19-unstable
This commit is contained in:
parent
60be289c76
commit
f7ee52dbb3
1
build.sh
1
build.sh
|
@ -1,6 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
rm -rf build
|
||||
env GOARCH=arm64 go build -o build/cosmos-arm64 src/*.go
|
||||
go build -o build/cosmos src/*.go
|
||||
if [ $? -ne 0 ]; then
|
||||
exit 1
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
## Version 0.9.19
|
||||
- Add country whitelist option to geoblocker
|
||||
- Fix issue with Contradictory scheme headers
|
||||
- Fix issue where non-admin users cant see Servapp on the homepage
|
||||
|
||||
## Version 0.9.18
|
||||
- Typo with x-forwarded-host
|
||||
|
||||
|
|
|
@ -77,6 +77,7 @@ const ConfigManagement = () => {
|
|||
LoggingLevel: config.LoggingLevel,
|
||||
RequireMFA: config.RequireMFA,
|
||||
GeoBlocking: config.BlockedCountries,
|
||||
CountryBlacklistIsWhitelist: config.CountryBlacklistIsWhitelist,
|
||||
AutoUpdate: config.AutoUpdate,
|
||||
|
||||
Hostname: config.HTTPConfig.Hostname,
|
||||
|
@ -125,6 +126,7 @@ const ConfigManagement = () => {
|
|||
RequireMFA: values.RequireMFA,
|
||||
// AutoUpdate: values.AutoUpdate,
|
||||
BlockedCountries: values.GeoBlocking,
|
||||
CountryBlacklistIsWhitelist: values.CountryBlacklistIsWhitelist,
|
||||
HTTPConfig: {
|
||||
...config.HTTPConfig,
|
||||
Hostname: values.Hostname,
|
||||
|
@ -501,14 +503,25 @@ const ConfigManagement = () => {
|
|||
<Grid container spacing={3}>
|
||||
|
||||
<CosmosFormDivider title='Geo-Blocking' />
|
||||
|
||||
<CosmosCheckbox
|
||||
label={"Use list as whitelist instead of blacklist"}
|
||||
name="CountryBlacklistIsWhitelist"
|
||||
formik={formik}
|
||||
/>
|
||||
|
||||
<Grid item xs={12}>
|
||||
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be blocked from accessing your server)</InputLabel>
|
||||
<InputLabel htmlFor="GeoBlocking">Geo-Blocking: (Those countries will be
|
||||
{formik.values.CountryBlacklistIsWhitelist ? " allowed to access " : " blocked from accessing "}
|
||||
your server)</InputLabel>
|
||||
</Grid>
|
||||
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block" formik={formik} />
|
||||
|
||||
<CountrySelect name="GeoBlocking" label="Choose which countries you want to block or allow" formik={formik} />
|
||||
|
||||
<Grid item xs={12}>
|
||||
<Button onClick={() => {
|
||||
formik.setFieldValue("GeoBlocking", ["CN","RU","TR","BR","BD","IN","NP","PK","LK","VN","ID","IR","IQ","EG","AF","RO",])
|
||||
formik.setFieldValue("CountryBlacklistIsWhitelist", false)
|
||||
}} variant="outlined">Reset to default (most dangerous countries)</Button>
|
||||
</Grid>
|
||||
|
||||
|
|
|
@ -337,12 +337,15 @@ const HomePage = () => {
|
|||
if (route.Mode == "SERVAPP") {
|
||||
containerName = route.Target.split(':')[1].slice(2);
|
||||
container = servApps.find((c) => c.Names.includes('/' + containerName));
|
||||
if (!container || container.State != "running") {
|
||||
skip = true
|
||||
}
|
||||
// TOOD: rework, as it prevents users from seeing the apps
|
||||
// if (!container || container.State != "running") {
|
||||
// skip = true
|
||||
// }
|
||||
}
|
||||
|
||||
if (route.HideFromDashboard)
|
||||
skip = true;
|
||||
|
||||
return !skip && coStatus && (coStatus.homepage.Expanded ?
|
||||
|
||||
<Grid2 item xs={12} sm={6} md={4} lg={3} xl={3} xxl={3} key={route.Name}>
|
||||
|
|
14
docker.sh
14
docker.sh
|
@ -12,12 +12,12 @@ fi
|
|||
|
||||
echo "Pushing azukaar/cosmos-server:$VERSION and azukaar/cosmos-server:$LATEST"
|
||||
|
||||
sh build.sh
|
||||
# sh build.sh
|
||||
|
||||
docker build \
|
||||
-t azukaar/cosmos-server:$VERSION \
|
||||
-t azukaar/cosmos-server:$LATEST \
|
||||
# Multi-architecture build
|
||||
docker buildx build \
|
||||
--platform linux/amd64,linux/arm64 \
|
||||
--tag azukaar/cosmos-server:$VERSION \
|
||||
--tag azukaar/cosmos-server:$LATEST \
|
||||
--push \
|
||||
.
|
||||
|
||||
docker push azukaar/cosmos-server:$VERSION
|
||||
docker push azukaar/cosmos-server:$LATEST
|
21
dockerfile
21
dockerfile
|
@ -2,6 +2,18 @@
|
|||
|
||||
FROM debian:11
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
ARG BINARY_NAME=cosmos
|
||||
|
||||
# Set BINARY_NAME based on the TARGETPLATFORM
|
||||
RUN case "$TARGETPLATFORM" in \
|
||||
"linux/arm64") BINARY_NAME="cosmos-arm64" ;; \
|
||||
*) BINARY_NAME="cosmos" ;; \
|
||||
esac && echo $BINARY_NAME > /binary_name
|
||||
|
||||
# This is just to log the platforms (optional)
|
||||
RUN echo "I am building for $TARGETPLATFORM" > /log
|
||||
|
||||
EXPOSE 443 80
|
||||
|
||||
VOLUME /config
|
||||
|
@ -10,7 +22,12 @@ RUN apt-get update && apt-get install -y ca-certificates openssl
|
|||
|
||||
WORKDIR /app
|
||||
|
||||
COPY build/cosmos build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
|
||||
# Copy the respective binary based on the BINARY_NAME
|
||||
COPY build/$BINARY_NAME ./
|
||||
|
||||
# Copy other resources
|
||||
COPY build/cosmos_gray.png build/Logo.png build/GeoLite2-Country.mmdb build/meta.json ./
|
||||
COPY static ./static
|
||||
|
||||
CMD ["./cosmos"]
|
||||
# Run the respective binary based on the BINARY_NAME
|
||||
CMD ["sh", "-c", "./$(cat /binary_name)"]
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.9.18",
|
||||
"version": "0.9.19-unstable",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -276,7 +276,7 @@ func InitServer() *mux.Router {
|
|||
router.Use(middleware.Logger)
|
||||
|
||||
if config.BlockedCountries != nil && len(config.BlockedCountries) > 0 {
|
||||
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries))
|
||||
router.Use(utils.BlockByCountryMiddleware(config.BlockedCountries, config.CountryBlacklistIsWhitelist))
|
||||
}
|
||||
|
||||
srapi := router.PathPrefix("/cosmos").Subrouter()
|
||||
|
|
|
@ -71,7 +71,10 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
|
|||
}
|
||||
|
||||
req.Header.Set("X-Forwarded-Proto", originalScheme)
|
||||
req.Header.Set("X-Forwarded-Protocol", originalScheme)
|
||||
|
||||
if(originalScheme == "https") {
|
||||
req.Header.Set("X-Forwarded-Ssl", "on")
|
||||
}
|
||||
|
||||
if VerboseForwardHeader {
|
||||
req.Header.Set("X-Forwarded-Host", url.Host)
|
||||
|
|
|
@ -118,7 +118,7 @@ func GetIPLocation(ip string) (string, error) {
|
|||
}
|
||||
|
||||
// BlockByCountryMiddleware returns a middleware function that blocks requests from specified countries.
|
||||
func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http.Handler {
|
||||
func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ip, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
|
@ -138,10 +138,28 @@ func BlockByCountryMiddleware(blockedCountries []string) func(http.Handler) http
|
|||
|
||||
config := GetMainConfig()
|
||||
|
||||
for _, blockedCountry := range blockedCountries {
|
||||
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
if CountryBlacklistIsWhitelist {
|
||||
if countryCode != "" {
|
||||
blocked := true
|
||||
for _, blockedCountry := range blockedCountries {
|
||||
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
||||
blocked = false
|
||||
}
|
||||
}
|
||||
|
||||
if blocked {
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
Warn("Missing geolocation information to block IPs")
|
||||
}
|
||||
} else {
|
||||
for _, blockedCountry := range blockedCountries {
|
||||
if config.ServerCountry != countryCode && countryCode == blockedCountry {
|
||||
http.Error(w, "Access denied", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -82,6 +82,7 @@ type Config struct {
|
|||
EmailConfig EmailConfig `validate:"required,dive,required"`
|
||||
DockerConfig DockerConfig
|
||||
BlockedCountries []string
|
||||
CountryBlacklistIsWhitelist bool
|
||||
ServerCountry string
|
||||
RequireMFA bool
|
||||
AutoUpdate bool
|
||||
|
|
|
@ -41,41 +41,7 @@ var DefaultConfig = Config{
|
|||
LoggingLevel: "INFO",
|
||||
NewInstall: true,
|
||||
AutoUpdate: true,
|
||||
// By default we block all countries that have a high amount of attacks
|
||||
// Note that Cosmos wont block the country of origin of the server even if it is in this list
|
||||
BlockedCountries: []string{
|
||||
// china
|
||||
"CN",
|
||||
// Russia
|
||||
"RU",
|
||||
// turkey
|
||||
"TR",
|
||||
// Brazil
|
||||
"BR",
|
||||
// Bangladesh
|
||||
"BD",
|
||||
// India
|
||||
"IN",
|
||||
// Nepal
|
||||
"NP",
|
||||
// Pakistan
|
||||
"PK",
|
||||
// Sri Lanka
|
||||
"LK",
|
||||
// Vietnam
|
||||
"VN",
|
||||
// Indonesia
|
||||
"ID",
|
||||
// Iran
|
||||
"IR",
|
||||
// Iraq
|
||||
"IQ",
|
||||
// Egypt
|
||||
"EG",
|
||||
// Afghanistan
|
||||
"AF",
|
||||
// Romania
|
||||
"RO",
|
||||
},
|
||||
HTTPConfig: HTTPConfig{
|
||||
HTTPSCertificateMode: "DISABLED",
|
||||
|
|
Loading…
Reference in a new issue