sirtimbly/bewcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #27 from Raphencoder/patch-1

Browse Source 
Update to authorize local ipv4 addresses
This commit is contained in:
Bruno Bernardino
2024-12-06 06:05:23 +00:00
committed by GitHub
parent bbf8683004 5e5448a9e9
commit 63a39970fa
3 changed files with 69 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/auth.ts
View File

@@ -50,6 +50,13 @@ async function verifyAuthJwt(key: CryptoKey, jwt: string) {
throw new Error('Invalid JWT'); throw new Error('Invalid JWT');
} }
function resolveCookieDomain(request: Request) {
if (!isBaseUrlAnIp() || isRunningLocally(request)) {
return baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
}
return '';
}
export async function getDataFromRequest(request: Request) { export async function getDataFromRequest(request: Request) {
const cookies = getCookies(request.headers); const cookies = getCookies(request.headers);
const authorizationHeader = request.headers.get('authorization'); const authorizationHeader = request.headers.get('authorization');
@@ -158,14 +165,9 @@ export async function logoutUser(request: Request) {
secure: isRunningLocally(request) ? false : true, secure: isRunningLocally(request) ? false : true,
httpOnly: true, httpOnly: true,
sameSite: 'Lax', sameSite: 'Lax',
domain: resolveCookieDomain(request),
}; };
if (!isBaseUrlAnIp()) {
cookie.domain = isRunningLocally(request)
? 'localhost'
: baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
}
const response = new Response('Logged Out', { const response = new Response('Logged Out', {
status: 303, status: 303,
headers: { 'Location': '/', 'Content-Type': 'text/html; charset=utf-8' }, headers: { 'Location': '/', 'Content-Type': 'text/html; charset=utf-8' },
@@ -212,14 +214,9 @@ export async function createSessionCookie(
secure: isRunningLocally(request) ? false : true, secure: isRunningLocally(request) ? false : true,
httpOnly: true, httpOnly: true,
sameSite: 'Lax', sameSite: 'Lax',
domain: resolveCookieDomain(request),
}; };
if (!isBaseUrlAnIp()) {
cookie.domain = isRunningLocally(request)
? 'localhost'
: baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
}
setCookie(response.headers, cookie); setCookie(response.headers, cookie);
return response; return response;
@@ -241,14 +238,9 @@ export async function updateSessionCookie(
secure: isRunningLocally(request) ? false : true, secure: isRunningLocally(request) ? false : true,
httpOnly: true, httpOnly: true,
sameSite: 'Lax', sameSite: 'Lax',
domain: resolveCookieDomain(request),
}; };
if (!isBaseUrlAnIp()) {
cookie.domain = isRunningLocally(request)
? 'localhost'
: baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
}
setCookie(response.headers, cookie); setCookie(response.headers, cookie);
return response; return response;

39
lib/utils/misc.ts
View File

@@ -13,8 +13,43 @@ export const defaultTitle = 'bewCloud is a modern and simpler alternative to Nex
export const defaultDescription = `Have your files under your own control.`; export const defaultDescription = `Have your files under your own control.`;
export const helpEmail = 'help@bewcloud.com'; export const helpEmail = 'help@bewcloud.com';
export function isRunningLocally(request: Request) { export function isRunningLocally(request: Request): boolean {
return request.url.includes('localhost'); try {
const url = new URL(request.url);
const hostname = url.hostname;
// Local hostnames check
if (['localhost', '127.0.0.1', '0.0.0.0'].includes(hostname)) {
return true;
}
// Private IP ranges check
const ipParts = hostname.split('.').map(Number);
// Check if valid IP address
if (ipParts.length !== 4 || ipParts.some(part => isNaN(part) || part < 0 || part > 255)) {
return false;
}
// 10.0.0.0 - 10.255.255.255
if (ipParts[0] === 10) {
return true;
}
// 172.16.0.0 - 172.31.255.255
if (ipParts[0] === 172 && ipParts[1] >= 16 && ipParts[1] <= 31) {
return true;
}
// 192.168.0.0 - 192.168.255.255
if (ipParts[0] === 192 && ipParts[1] === 168) {
return true;
}
return false;
} catch {
return false;
}
} }
export function escapeHtml(unsafe: string) { export function escapeHtml(unsafe: string) {

22
lib/utils/misc_test.ts
View File

@@ -8,6 +8,7 @@ import {
splitArrayInChunks, splitArrayInChunks,
validateEmail, validateEmail,
validateUrl, validateUrl,
isRunningLocally,
} from './misc.ts'; } from './misc.ts';
Deno.test('that escapeHtml works', () => { Deno.test('that escapeHtml works', () => {
@@ -246,3 +247,24 @@ Deno.test('that convertObjectToFormData works', () => {
assertEquals(convertFormDataToObject(output), convertFormDataToObject(test.expected)); assertEquals(convertFormDataToObject(output), convertFormDataToObject(test.expected));
} }
}); });
Deno.test('that isRunningLocally works', () => {
const tests: { url: string; expected: boolean }[] = [
{ url: 'http://localhost:8000', expected: true },
{ url: 'http://127.0.0.1:8000', expected: true },
{ url: 'http://0.0.0.0:8000', expected: true },
{ url: 'http://10.0.0.1:8000', expected: true },
{ url: 'http://172.16.0.1:8000', expected: true },
{ url: 'http://192.168.0.1:8000', expected: true },
{ url: 'http://example.com', expected: false },
{ url: 'http://68.18.161.245:8000', expected: false },
];
for (const test of tests) {
const request = { url: test.url } as Request;
const result = isRunningLocally(request);
assertEquals(result, test.expected);
}
});