cthrace/collabvm-1.2.ts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add (optional) Origin header check

Browse Source
This commit is contained in:
MDMCK10
2023-05-25 15:59:16 +02:00
parent c66bd6d2ee
commit ababbf57b5
3 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config.example.toml
View File

@@ -6,6 +6,10 @@ proxying = false
# IPs allowed to access the server in proxy mode. # IPs allowed to access the server in proxy mode.
# 99% of the time this will only be 127.0.0.1 # 99% of the time this will only be 127.0.0.1
proxyAllowedIps = ["127.0.0.1"] proxyAllowedIps = ["127.0.0.1"]
# Whether the Origin header check is enabled.
origin = false
# Origins to accept connections from.
originAllowedDomains = ["computernewb.com"]
[vm] [vm]
qemuArgs = "qemu-system-x86_64" qemuArgs = "qemu-system-x86_64"

2
src/IConfig.ts
View File

@@ -4,6 +4,8 @@ export default interface IConfig {
port : number; port : number;
proxying : boolean; proxying : boolean;
proxyAllowedIps : string[]; proxyAllowedIps : string[];
origin : boolean;
originAllowedDomains : string[];
}; };
vm : { vm : {
qemuArgs : string; qemuArgs : string;

30
src/WSServer.ts
View File

@@ -85,13 +85,35 @@ export default class WSServer {
socket.write("HTTP/1.1 400 Bad Request\n\n400 Bad Request"); socket.write("HTTP/1.1 400 Bad Request\n\n400 Bad Request");
socket.destroy(); socket.destroy();
} }
if (
req.headers['sec-websocket-protocol'] !== "guacamole" if (req.headers['sec-websocket-protocol'] !== "guacamole") {
// || req.headers['origin']?.toLocaleLowerCase() !== "https://computernewb.com"
) {
killConnection(); killConnection();
return; return;
} }
if (this.Config.http.origin) {
// If the client is not sending an Origin header, kill the connection.
if(!req.headers.origin) {
killConnection();
return;
}
// Try to parse the Origin header sent by the client, if it fails, kill the connection.
var _host;
try {
_host = new URL(req.headers.origin.toLowerCase()).hostname;
} catch {
killConnection();
return;
}
// If the domain name is not in the list of allowed origins, kill the connection.
if(!this.Config.http.originAllowedDomains.includes(_host)) {
killConnection();
return;
}
}
if (this.Config.http.proxying) { if (this.Config.http.proxying) {
// If the requesting IP isn't allowed to proxy, kill it // If the requesting IP isn't allowed to proxy, kill it
//@ts-ignore //@ts-ignore