mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-10-29 18:50:39 +00:00
Merge pull request from GHSA-mj22-23ff-2hrr
* WIP * WIP * Handle parsing error * Fix matching origin issue
This commit is contained in:
parent
e1147c06aa
commit
2815cc73cf
2 changed files with 41 additions and 2 deletions
|
@ -48,8 +48,13 @@ if (! process.env.NODE_ENV) {
|
||||||
process.env.NODE_ENV = "production";
|
process.env.NODE_ENV = "production";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!process.env.UPTIME_KUMA_WS_ORIGIN_CHECK) {
|
||||||
|
process.env.UPTIME_KUMA_WS_ORIGIN_CHECK = "cors-like";
|
||||||
|
}
|
||||||
|
|
||||||
log.info("server", "Node Env: " + process.env.NODE_ENV);
|
log.info("server", "Node Env: " + process.env.NODE_ENV);
|
||||||
log.info("server", "Inside Container: " + (process.env.UPTIME_KUMA_IS_CONTAINER === "1"));
|
log.info("server", "Inside Container: " + (process.env.UPTIME_KUMA_IS_CONTAINER === "1"));
|
||||||
|
log.info("server", "WebSocket Origin Check: " + process.env.UPTIME_KUMA_WS_ORIGIN_CHECK);
|
||||||
|
|
||||||
log.info("server", "Importing Node libraries");
|
log.info("server", "Importing Node libraries");
|
||||||
const fs = require("fs");
|
const fs = require("fs");
|
||||||
|
|
|
@ -4,7 +4,7 @@ const fs = require("fs");
|
||||||
const http = require("http");
|
const http = require("http");
|
||||||
const { Server } = require("socket.io");
|
const { Server } = require("socket.io");
|
||||||
const { R } = require("redbean-node");
|
const { R } = require("redbean-node");
|
||||||
const { log } = require("../src/util");
|
const { log, isDev } = require("../src/util");
|
||||||
const Database = require("./database");
|
const Database = require("./database");
|
||||||
const util = require("util");
|
const util = require("util");
|
||||||
const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent");
|
const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent");
|
||||||
|
@ -103,7 +103,41 @@ class UptimeKumaServer {
|
||||||
UptimeKumaServer.monitorTypeList["real-browser"] = new RealBrowserMonitorType();
|
UptimeKumaServer.monitorTypeList["real-browser"] = new RealBrowserMonitorType();
|
||||||
UptimeKumaServer.monitorTypeList["tailscale-ping"] = new TailscalePing();
|
UptimeKumaServer.monitorTypeList["tailscale-ping"] = new TailscalePing();
|
||||||
|
|
||||||
this.io = new Server(this.httpServer);
|
this.io = new Server(this.httpServer, {
|
||||||
|
allowRequest: (req, callback) => {
|
||||||
|
let isOriginValid = true;
|
||||||
|
const bypass = isDev || process.env.UPTIME_KUMA_WS_ORIGIN_CHECK === "bypass";
|
||||||
|
|
||||||
|
if (!bypass) {
|
||||||
|
let host = req.headers.host;
|
||||||
|
|
||||||
|
// If this is set, it means the request is from the browser
|
||||||
|
let origin = req.headers.origin;
|
||||||
|
|
||||||
|
// If this is from the browser, check if the origin is allowed
|
||||||
|
if (origin) {
|
||||||
|
try {
|
||||||
|
let originURL = new URL(origin);
|
||||||
|
|
||||||
|
if (host !== originURL.host) {
|
||||||
|
isOriginValid = false;
|
||||||
|
log.error("auth", `Origin (${origin}) does not match host (${host}), IP: ${req.socket.remoteAddress}`);
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
// Invalid origin url, probably not from browser
|
||||||
|
isOriginValid = false;
|
||||||
|
log.error("auth", `Invalid origin url (${origin}), IP: ${req.socket.remoteAddress}`);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.info("auth", `Origin is not set, IP: ${req.socket.remoteAddress}`);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.debug("auth", "Origin check is bypassed");
|
||||||
|
}
|
||||||
|
|
||||||
|
callback(null, isOriginValid);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Initialise app after the database has been set up */
|
/** Initialise app after the database has been set up */
|
||||||
|
|
Loading…
Reference in a new issue