@kaitranntt/ccs 7.78.0-dev.8 → 7.78.0-dev.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/web-server/index.d.ts.map +1 -1
- package/dist/web-server/index.js +47 -3
- package/dist/web-server/index.js.map +1 -1
- package/dist/web-server/middleware/auth-middleware.d.ts +5 -0
- package/dist/web-server/middleware/auth-middleware.d.ts.map +1 -1
- package/dist/web-server/middleware/auth-middleware.js +73 -1
- package/dist/web-server/middleware/auth-middleware.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC;AAerC,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;IACpB,GAAG,EAAE,eAAe,CAAC;IACrB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB;AAID;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAmLjF"}
|
package/dist/web-server/index.js
CHANGED
|
@@ -54,8 +54,7 @@ async function startServer(options) {
|
|
|
54
54
|
const app = (0, express_1.default)();
|
|
55
55
|
const server = http_1.default.createServer(app);
|
|
56
56
|
const wss = new ws_1.WebSocketServer({
|
|
57
|
-
|
|
58
|
-
path: '/ws',
|
|
57
|
+
noServer: true,
|
|
59
58
|
maxPayload: 1024 * 1024, // 1MB hard limit to prevent DoS
|
|
60
59
|
perMessageDeflate: false, // Prevent zip bomb attacks
|
|
61
60
|
});
|
|
@@ -70,7 +69,8 @@ async function startServer(options) {
|
|
|
70
69
|
});
|
|
71
70
|
app.use(request_logging_middleware_1.requestLoggingMiddleware);
|
|
72
71
|
// Session middleware (for dashboard auth)
|
|
73
|
-
|
|
72
|
+
const sessionMiddleware = (0, auth_middleware_1.createSessionMiddleware)();
|
|
73
|
+
app.use(sessionMiddleware);
|
|
74
74
|
// Auth middleware (protects API routes when enabled)
|
|
75
75
|
app.use(auth_middleware_1.authMiddleware);
|
|
76
76
|
// CLIProxy local reverse proxy (avoids cross-origin issues in Docker)
|
|
@@ -111,6 +111,33 @@ async function startServer(options) {
|
|
|
111
111
|
res.sendFile(path_1.default.join(staticDir, 'index.html'));
|
|
112
112
|
});
|
|
113
113
|
}
|
|
114
|
+
server.on('upgrade', (request, socket, head) => {
|
|
115
|
+
const pathname = getUpgradePathname(request.url);
|
|
116
|
+
if (!pathname) {
|
|
117
|
+
rejectWebSocketUpgrade(socket, 400, 'Invalid WebSocket upgrade request');
|
|
118
|
+
return;
|
|
119
|
+
}
|
|
120
|
+
if (pathname !== '/ws') {
|
|
121
|
+
if (!options.dev) {
|
|
122
|
+
rejectWebSocketUpgrade(socket, 404, 'WebSocket endpoint not found');
|
|
123
|
+
}
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
126
|
+
const response = new http_1.default.ServerResponse(request);
|
|
127
|
+
sessionMiddleware(request, response, (error) => {
|
|
128
|
+
if (error) {
|
|
129
|
+
rejectWebSocketUpgrade(socket, 500, 'WebSocket session validation failed');
|
|
130
|
+
return;
|
|
131
|
+
}
|
|
132
|
+
if (!(0, auth_middleware_1.isDashboardWebSocketUpgradeAllowed)(request)) {
|
|
133
|
+
rejectWebSocketUpgrade(socket, (0, auth_middleware_1.getDashboardWebSocketRejectionStatus)(request), 'WebSocket access denied');
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
wss.handleUpgrade(request, socket, head, (ws) => {
|
|
137
|
+
wss.emit('connection', ws, request);
|
|
138
|
+
});
|
|
139
|
+
});
|
|
140
|
+
});
|
|
114
141
|
// WebSocket connection handler + file watcher
|
|
115
142
|
const { cleanup: wsCleanup } = (0, websocket_1.setupWebSocket)(wss);
|
|
116
143
|
// Start auto-sync watcher (if enabled in config)
|
|
@@ -167,6 +194,23 @@ async function startServer(options) {
|
|
|
167
194
|
});
|
|
168
195
|
}
|
|
169
196
|
exports.startServer = startServer;
|
|
197
|
+
function getUpgradePathname(requestUrl) {
|
|
198
|
+
try {
|
|
199
|
+
return new URL(requestUrl ?? '/', 'http://localhost').pathname;
|
|
200
|
+
}
|
|
201
|
+
catch {
|
|
202
|
+
return null;
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
function rejectWebSocketUpgrade(socket, statusCode, message) {
|
|
206
|
+
socket.write(`HTTP/1.1 ${statusCode} ${message}\r\n` +
|
|
207
|
+
'Connection: close\r\n' +
|
|
208
|
+
'Content-Type: text/plain; charset=utf-8\r\n' +
|
|
209
|
+
`Content-Length: ${Buffer.byteLength(message)}\r\n` +
|
|
210
|
+
'\r\n' +
|
|
211
|
+
message);
|
|
212
|
+
socket.destroy();
|
|
213
|
+
}
|
|
170
214
|
function formatListenError(error, options) {
|
|
171
215
|
if (error.code === 'EADDRINUSE' && options.host) {
|
|
172
216
|
return `Unable to bind ${options.host}:${options.port}; the address may be unavailable or the port may already be in use`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,sDAA8B;AAC9B,gDAAwB;AACxB,gDAAwB;AACxB,2BAAqC;AACrC,2CAA6C;AAC7C,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,sDAA8B;AAC9B,gDAAwB;AACxB,gDAAwB;AACxB,2BAAqC;AACrC,2CAA6C;AAC7C,kEAKsC;AACtC,wFAAmF;AACnF,4FAA6F;AAC7F,mFAAyE;AACzE,2CAA6E;AAC7E,mDAA6D;AAC7D,iDAAmD;AAenD,MAAM,MAAM,GAAG,IAAA,sBAAY,EAAC,YAAY,CAAC,CAAC;AAE1C;;GAEG;AACI,KAAK,UAAU,WAAW,CAAC,OAAsB;IACtD,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,oBAAe,CAAC;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,IAAI,GAAG,IAAI,EAAE,gCAAgC;QACzD,iBAAiB,EAAE,KAAK,EAAE,2BAA2B;KACtD,CAAC,CAAC;IAEH,0DAA0D;IAC1D,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CACL,CACE,GAA+C,EAC/C,IAAqB,EACrB,GAAqB,EACrB,IAA0B,EAC1B,EAAE;QACF,IAAI,GAAG,YAAY,WAAW,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC,CACF,CAAC;IACF,GAAG,CAAC,GAAG,CAAC,qDAAwB,CAAC,CAAC;IAElC,0CAA0C;IAC1C,MAAM,iBAAiB,GAAG,IAAA,yCAAuB,GAAE,CAAC;IACpD,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAE3B,qDAAqD;IACrD,GAAG,CAAC,GAAG,CAAC,gCAAc,CAAC,CAAC;IAExB,sEAAsE;IACtE,MAAM,kBAAkB,GAAG,CAAC,wDAAa,+BAA+B,GAAC,CAAC,CAAC,OAAO,CAAC;IACnF,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;IAEnD,gCAAgC;IAChC,MAAM,EAAE,SAAS,EAAE,GAAG,wDAAa,gBAAgB,GAAC,CAAC;IACrD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE3B,gCAAgC;IAChC,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,iBAAiB,GAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAErC,6BAA6B;IAC7B,MAAM,EAAE,cAAc,EAAE,GAAG,wDAAa,mBAAmB,GAAC,CAAC;IAC7D,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;IAEzC,yBAAyB;IACzB,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,gBAAgB,GAAC,CAAC;IACvD,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAEnC,wCAAwC;IACxC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC;YAClC,IAAI,EAAE,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;YACtC,MAAM,EAAE;gBACN,cAAc,EAAE,IAAI;gBACpB,8DAA8D;gBAC9D,GAAG,EAAE,EAAE,MAAM,EAAE;aAChB;YACD,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,+CAA+C;QAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrE,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAEnC,0DAA0D;QAC1D,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACzB,GAAG,CAAC,QAAQ,CAAC,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;QAC7C,MAAM,QAAQ,GAAG,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;YACvB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACjB,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAC;YACtE,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,cAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,iBAAiB,CACf,OAA0B,EAC1B,QAA4B,EAC5B,CAAC,KAAe,EAAE,EAAE;YAClB,IAAI,KAAK,EAAE,CAAC;gBACV,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,qCAAqC,CAAC,CAAC;gBAC3E,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAA,oDAAkC,EAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,sBAAsB,CACpB,MAAM,EACN,IAAA,sDAAoC,EAAC,OAAO,CAAC,EAC7C,yBAAyB,CAC1B,CAAC;gBACF,OAAO;YACT,CAAC;YAED,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;gBAC9C,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC;IAEnD,iDAAiD;IACjD,IAAA,2BAAoB,GAAE,CAAC;IAEvB,IAAI,CAAC,IAAA,sCAAc,GAAE,CAAC,QAAQ,EAAE,CAAC;QAC/B,KAAK,IAAA,mDAA0B,GAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChD,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,oCAAoC,EAAE;gBAC/E,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,SAAS,EAAE,CAAC;QACZ,IAAA,0BAAmB,GAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACtC,IAAA,oCAAuB,GAAE,CAAC;IAC5B,CAAC,CAAC;IAEF,kBAAkB;IAClB,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrD,MAAM,OAAO,GAAG,CAAC,KAA4B,EAAE,EAAE;YAC/C,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,kCAAkC,EAAE;gBACvE,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,SAAS;gBAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;gBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE9B,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,4BAA4B,EAAE;gBAC5D,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,SAAS;gBAC/B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;aAC1B,CAAC,CAAC;YACH,6DAA6D;YAC7D,uEAAuE;YACvE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7B,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,KAA8B,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAnLD,kCAmLC;AAED,SAAS,kBAAkB,CAAC,UAA8B;IACxD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAAuD,EACvD,UAAuC,EACvC,OAAe;IAEf,MAAM,CAAC,KAAK,CACV,YAAY,UAAU,IAAI,OAAO,MAAM;QACrC,uBAAuB;QACvB,6CAA6C;QAC7C,mBAAmB,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM;QACnD,MAAM;QACN,OAAO,CACV,CAAC;IACF,MAAM,CAAC,OAAO,EAAE,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA4B,EAAE,OAAsB;IAC7E,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAChD,OAAO,kBAAkB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,oEAAoE,CAAC;IAC5H,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,OAAO,QAAQ,OAAO,CAAC,IAAI,oBAAoB,CAAC;IAClD,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACnD,OAAO,kBAAkB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,kBAAkB,CAAC;IAC1E,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,2CAA2C,OAAO,CAAC,IAAI,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,kBAAkB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAC;AACvB,CAAC"}
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
* Dashboard Authentication Middleware
|
|
3
3
|
* Session-based auth with httpOnly cookies for CCS dashboard.
|
|
4
4
|
*/
|
|
5
|
+
/// <reference types="node" />
|
|
6
|
+
import type { IncomingMessage } from 'http';
|
|
5
7
|
import type { NextFunction, Request, Response } from 'express';
|
|
6
8
|
declare module 'express-session' {
|
|
7
9
|
interface SessionData {
|
|
@@ -24,5 +26,8 @@ export declare function createSessionMiddleware(): (req: Request, res: Response,
|
|
|
24
26
|
*/
|
|
25
27
|
export declare function authMiddleware(req: Request, res: Response, next: NextFunction): void;
|
|
26
28
|
export declare function isLoopbackRemoteAddress(value: string | undefined): boolean;
|
|
29
|
+
export declare function isDashboardWebSocketOriginAllowed(req: IncomingMessage): boolean;
|
|
30
|
+
export declare function isDashboardWebSocketUpgradeAllowed(req: IncomingMessage): boolean;
|
|
31
|
+
export declare function getDashboardWebSocketRejectionStatus(req?: IncomingMessage): 401 | 403;
|
|
27
32
|
export declare function requireLocalAccessWhenAuthDisabled(req: Request, res: Response, error?: string): boolean;
|
|
28
33
|
//# sourceMappingURL=auth-middleware.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG
|
|
1
|
+
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAc/D,OAAO,QAAQ,iBAAiB,CAAC;IAC/B,UAAU,WAAW;QACnB,aAAa,EAAE,OAAO,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;KAClB;CACF;AAkDD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,sDAO3B,CAAC;AAEH;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,CACzC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,KACf,IAAI,CAeR;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAwBpF;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAU1E;AAiCD,wBAAgB,iCAAiC,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CA6B/E;AAED,wBAAgB,kCAAkC,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAUhF;AAED,wBAAgB,oCAAoC,CAAC,GAAG,CAAC,EAAE,eAAe,GAAG,GAAG,GAAG,GAAG,CAQrF;AAED,wBAAgB,kCAAkC,CAChD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,KAAK,SAA6E,GACjF,OAAO,CAWT"}
|
|
@@ -7,7 +7,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
7
7
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
8
8
|
};
|
|
9
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.requireLocalAccessWhenAuthDisabled = exports.isLoopbackRemoteAddress = exports.authMiddleware = exports.createSessionMiddleware = exports.loginRateLimiter = void 0;
|
|
10
|
+
exports.requireLocalAccessWhenAuthDisabled = exports.getDashboardWebSocketRejectionStatus = exports.isDashboardWebSocketUpgradeAllowed = exports.isDashboardWebSocketOriginAllowed = exports.isLoopbackRemoteAddress = exports.authMiddleware = exports.createSessionMiddleware = exports.loginRateLimiter = void 0;
|
|
11
11
|
const express_session_1 = __importDefault(require("express-session"));
|
|
12
12
|
const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
|
|
13
13
|
const crypto_1 = __importDefault(require("crypto"));
|
|
@@ -125,6 +125,78 @@ function isLoopbackRemoteAddress(value) {
|
|
|
125
125
|
normalized.startsWith('::ffff:127.'));
|
|
126
126
|
}
|
|
127
127
|
exports.isLoopbackRemoteAddress = isLoopbackRemoteAddress;
|
|
128
|
+
function isLoopbackHostname(value) {
|
|
129
|
+
if (!value)
|
|
130
|
+
return false;
|
|
131
|
+
const normalized = value
|
|
132
|
+
.trim()
|
|
133
|
+
.toLowerCase()
|
|
134
|
+
.replace(/^\[|\]$/g, '');
|
|
135
|
+
return (normalized === 'localhost' ||
|
|
136
|
+
normalized.endsWith('.localhost') ||
|
|
137
|
+
isLoopbackRemoteAddress(normalized));
|
|
138
|
+
}
|
|
139
|
+
function getSingleHeader(value) {
|
|
140
|
+
return Array.isArray(value) ? value[0] : value;
|
|
141
|
+
}
|
|
142
|
+
function parseHostHeader(value) {
|
|
143
|
+
if (!value)
|
|
144
|
+
return null;
|
|
145
|
+
try {
|
|
146
|
+
return new URL(`http://${value}`);
|
|
147
|
+
}
|
|
148
|
+
catch {
|
|
149
|
+
return null;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
function isHttpOrigin(origin) {
|
|
153
|
+
return origin.protocol === 'http:' || origin.protocol === 'https:';
|
|
154
|
+
}
|
|
155
|
+
function isDashboardWebSocketOriginAllowed(req) {
|
|
156
|
+
const originHeader = getSingleHeader(req.headers.origin);
|
|
157
|
+
if (!originHeader)
|
|
158
|
+
return true;
|
|
159
|
+
let origin;
|
|
160
|
+
try {
|
|
161
|
+
origin = new URL(originHeader);
|
|
162
|
+
}
|
|
163
|
+
catch {
|
|
164
|
+
return false;
|
|
165
|
+
}
|
|
166
|
+
if (!isHttpOrigin(origin)) {
|
|
167
|
+
return false;
|
|
168
|
+
}
|
|
169
|
+
const host = parseHostHeader(getSingleHeader(req.headers.host));
|
|
170
|
+
if (!host) {
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
if (origin.host.toLowerCase() === host.host.toLowerCase()) {
|
|
174
|
+
return true;
|
|
175
|
+
}
|
|
176
|
+
return (isLoopbackHostname(origin.hostname) &&
|
|
177
|
+
isLoopbackHostname(host.hostname) &&
|
|
178
|
+
origin.port === host.port);
|
|
179
|
+
}
|
|
180
|
+
exports.isDashboardWebSocketOriginAllowed = isDashboardWebSocketOriginAllowed;
|
|
181
|
+
function isDashboardWebSocketUpgradeAllowed(req) {
|
|
182
|
+
if (!isDashboardWebSocketOriginAllowed(req)) {
|
|
183
|
+
return false;
|
|
184
|
+
}
|
|
185
|
+
if (!(0, config_loader_facade_1.isDashboardAuthEnabled)()) {
|
|
186
|
+
return isLoopbackRemoteAddress(req.socket.remoteAddress);
|
|
187
|
+
}
|
|
188
|
+
return Boolean(req.session?.authenticated);
|
|
189
|
+
}
|
|
190
|
+
exports.isDashboardWebSocketUpgradeAllowed = isDashboardWebSocketUpgradeAllowed;
|
|
191
|
+
function getDashboardWebSocketRejectionStatus(req) {
|
|
192
|
+
if (req && !isDashboardWebSocketOriginAllowed(req)) {
|
|
193
|
+
return 403;
|
|
194
|
+
}
|
|
195
|
+
if (!(0, config_loader_facade_1.isDashboardAuthEnabled)())
|
|
196
|
+
return 403;
|
|
197
|
+
return 401;
|
|
198
|
+
}
|
|
199
|
+
exports.getDashboardWebSocketRejectionStatus = getDashboardWebSocketRejectionStatus;
|
|
128
200
|
function requireLocalAccessWhenAuthDisabled(req, res, error = 'This endpoint requires localhost access when dashboard auth is disabled.') {
|
|
129
201
|
if ((0, config_loader_facade_1.isDashboardAuthEnabled)()) {
|
|
130
202
|
return true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;
|
|
1
|
+
{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAIH,sEAAsC;AACtC,4EAA2C;AAE3C,oDAA4B;AAC5B,4CAAoB;AACpB,gDAAwB;AACxB,4EAI2C;AAU3C,8EAA8E;AAC9E,MAAM,YAAY,GAAG,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;AAE9F,6CAA6C;AAC7C,SAAS,oBAAoB;IAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,IAAA,gCAAS,GAAE,EAAE,iBAAiB,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB;IACvB,yBAAyB;IACzB,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC;QACnC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACxC,CAAC;IAED,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;IAE1C,kCAAkC;IAClC,IAAI,CAAC;QACH,IAAI,YAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACxB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;IAC5C,CAAC;IAED,4CAA4C;IAC5C,MAAM,SAAS,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACrC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,YAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,YAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,uDAAuD;QACvD,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;IAChF,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACU,QAAA,gBAAgB,GAAG,IAAA,4BAAS,EAAC;IACxC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;IACvC,GAAG,EAAE,CAAC,EAAE,aAAa;IACrB,OAAO,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE;IACtE,eAAe,EAAE,IAAI;IACrB,aAAa,EAAE,KAAK;IACpB,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,IAAA,6CAAsB,GAAE;CACtC,CAAC,CAAC;AAEH;;GAEG;AACH,SAAgB,uBAAuB;IAKrC,MAAM,UAAU,GAAG,IAAA,6CAAsB,GAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,CAAC,UAAU,CAAC,qBAAqB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAEzE,OAAO,IAAA,yBAAO,EAAC;QACb,MAAM,EAAE,gBAAgB,EAAE;QAC1B,MAAM,EAAE,KAAK;QACb,iBAAiB,EAAE,KAAK;QACxB,MAAM,EAAE;YACN,MAAM,EAAE,KAAK,EAAE,sBAAsB;YACrC,QAAQ,EAAE,IAAI;YACd,MAAM;YACN,QAAQ,EAAE,QAAQ;SACnB;KACF,CAAC,CAAC;AACL,CAAC;AAnBD,0DAmBC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC5E,wBAAwB;IACxB,IAAI,CAAC,IAAA,6CAAsB,GAAE,EAAE,CAAC;QAC9B,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,wCAAwC;IACxC,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,+CAA+C;IAC/C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,gBAAgB;IAChB,IAAI,GAAG,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;QAC/B,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,eAAe;IACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;AAC7D,CAAC;AAxBD,wCAwBC;AAED,SAAgB,uBAAuB,CAAC,KAAyB;IAC/D,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,CACL,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,WAAW;QAC1B,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC;QAC7B,UAAU,KAAK,kBAAkB;QACjC,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC,CACrC,CAAC;AACJ,CAAC;AAVD,0DAUC;AAED,SAAS,kBAAkB,CAAC,KAAyB;IACnD,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,UAAU,GAAG,KAAK;SACrB,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3B,OAAO,CACL,UAAU,KAAK,WAAW;QAC1B,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;QACjC,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAoC;IAC3D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACjD,CAAC;AAED,SAAS,eAAe,CAAC,KAAyB;IAChD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAW;IAC/B,OAAO,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACrE,CAAC;AAED,SAAgB,iCAAiC,CAAC,GAAoB;IACpE,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CACL,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC;QACnC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjC,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAC1B,CAAC;AACJ,CAAC;AA7BD,8EA6BC;AAED,SAAgB,kCAAkC,CAAC,GAAoB;IACrE,IAAI,CAAC,iCAAiC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,IAAA,6CAAsB,GAAE,EAAE,CAAC;QAC9B,OAAO,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,OAAO,CAAE,GAAe,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;AAC1D,CAAC;AAVD,gFAUC;AAED,SAAgB,oCAAoC,CAAC,GAAqB;IACxE,IAAI,GAAG,IAAI,CAAC,iCAAiC,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,CAAC,IAAA,6CAAsB,GAAE;QAAE,OAAO,GAAG,CAAC;IAE1C,OAAO,GAAG,CAAC;AACb,CAAC;AARD,oFAQC;AAED,SAAgB,kCAAkC,CAChD,GAAY,EACZ,GAAa,EACb,KAAK,GAAG,0EAA0E;IAElF,IAAI,IAAA,6CAAsB,GAAE,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC;AAfD,gFAeC"}
|