Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding auth to upstream servers #90

Merged
merged 4 commits into from
Jun 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions src/api/app.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,12 @@ import morgan from "morgan";
import { HttpError, BadRequestError, asyncHandler } from "./utils/asyncHandler";
import { entriesDb } from "./db";
import { reconfigureNGINX } from "./utils/nginx";
import { sanitizeExternal, sanitizeFrom, sanitizeTo } from "./utils/sanitize";
import {
sanitizeAuth,
sanitizeExternal,
sanitizeFrom,
sanitizeTo,
} from "./utils/sanitize";
import { config } from "../config";

function getHttpsApi(dappnodeDomain: string): Express {
Expand All @@ -22,6 +27,7 @@ function getHttpsApi(dappnodeDomain: string): Express {
const from = await sanitizeFrom(req.query.from as string);
const to = sanitizeTo(req.query.to as string);
const external = sanitizeExternal(req.query.external as string); //true if not set, we should swap this, but it left like this for backwards compatibility
const auth = sanitizeAuth(req.query.auth as string);

const entries = entriesDb.read();
if (entries.some((entry) => entry.from === from)) {
Expand All @@ -38,7 +44,7 @@ function getHttpsApi(dappnodeDomain: string): Express {
);
}

entries.push({ from, to, external });
entries.push({ from, to, external, auth });
entriesDb.write(entries);

const reconfigured = await reconfigureNGINX(dappnodeDomain);
Expand Down
12 changes: 12 additions & 0 deletions src/api/utils/sanitize.ts
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,18 @@ export function sanitizeExternal(external: string): boolean {
return false;
}

export function sanitizeAuth(auth: string): string {
if (!auth || typeof auth !== "string") {
return "";
}
const parts = auth.split(":");
if (parts.length !== 2 || !parts[0] || !parts[1]) {
throw new BadRequestError("Invalid auth format. Expected 'user:password'.");
}
const [user, password] = parts.map((part) => part.trim());
return `${user}:${password}`;
}

function assertIsSubdomain(subdomain: string): void {
if (subdomain.includes(".")) {
throw Error("Must not be FQDN nor contain any subdomains");
Expand Down
18 changes: 16 additions & 2 deletions src/nginx/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,16 @@ import generateNginxConf, {

async function deleteOldConfig(mappings: DomainMapping[]): Promise<void> {
const dirContent = await fs.readdirSync(config.serverConfigDir);
const allowedFiles = mappings.map((m) => `${m.from}.ssl.conf`);
// Allowed files are files generated by the current mappings
const allowedFiles = mappings
.map((m) => `${m.from}.ssl.conf`)
.concat(mappings.map((m) => `${m.from}.auth`));

// Files to delete are files that are not in the allowedFiles array
const filesToDelete = dirContent.filter(
(x) => x.endsWith(".ssl.conf") && !allowedFiles.includes(x)
(x) =>
(x.endsWith(".ssl.conf") || x.endsWith(".auth")) &&
!allowedFiles.includes(x)
);
await Promise.all(
filesToDelete.map((filename) =>
Expand Down Expand Up @@ -40,6 +47,13 @@ export async function updateServerConfigs(
await ensureValidCert(true);
checkedCert = true;
}
if (Boolean(mapping.auth)) {
console.log(` *-> Adding auth <-*`);
await fs.writeFileSync(
path.join(config.serverConfigDir, `${mapping.from}.auth`),
mapping.auth
);
}
await fs.writeFileSync(
path.join(config.serverConfigDir, filename),
await generateServerConfig(mapping, dappnodeDomain)
Expand Down
1 change: 1 addition & 0 deletions src/nginx/templater.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ export async function generateServerConfig(
domain: `${mapping.from}.${dappnodeDomain}`,
target: mapping.to,
external: mapping.external,
auth: Boolean(mapping.auth),
};
return await ejs.renderFile("./templates/default.ssl.conf.ejs", {
data: data,
Expand Down
4 changes: 4 additions & 0 deletions src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,8 @@ export interface DomainMapping {
* Indicates whether mapping should made public
*/
external?: boolean;
/**
* Optional auth string
*/
auth?: string;
}
7 changes: 7 additions & 0 deletions templates/default.ssl.conf.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,13 @@ server {

location / {

<% if(data.auth) { %>
auth_basic "Creds Required";
auth_basic_user_file conf.d/<%- data.domain.split('.')[0] %>.auth;
proxy_set_header Authorization "";

<% } %>

set $backend http://<%-data.target %>;
proxy_pass $backend;
proxy_set_header Host $host;
Expand Down
16 changes: 8 additions & 8 deletions templates/nginx.conf.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,14 @@ http {
keepalive_timeout <%- process.env.KEEPALIVE_TIMEOUT || 65 %>;

<% if(process.env.GZIP !== 'off') { %>
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
<% } %>

server_tokens <%- process.env.SERVER_TOKENS || 'off' %>;
Expand Down
Loading