mirrors/dbgate
1
0
Fork 0
mirror of https://github.com/dbgate/dbgate synced 2024-11-07 20:26:23 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

electron check origin and host headers #91

Browse Source
This commit is contained in:
Jan Prochazka 2021-04-24 07:52:36 +02:00
parent 3a4a10985b
commit fccd550d4b
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
packages/api/src/main.js
View File

@ -33,6 +33,7 @@ const platformInfo = require('./utility/platformInfo');
const processArgs = require('./utility/processArgs');
let authorization = null;
let checkLocalhostOrigin = null;
function start() {
// console.log('process.argv', process.argv);
@ -58,6 +59,22 @@ function start() {
if (authorization && req.headers.authorization != authorization) {
return res.status(403).json({ error: 'Not authorized!' });
}
if (checkLocalhostOrigin) {
if (
req.headers.origin &&
req.headers.origin != checkLocalhostOrigin &&
req.headers.origin != `http://${checkLocalhostOrigin}`
) {
console.log('API origin check FAILED');
console.log('HEADERS', { ...req.headers, authorization: '***' });
return res.status(403).json({ error: 'Not authorized!' });
}
if (!req.headers.origin && req.headers.host != checkLocalhostOrigin) {
console.log('API host check FAILED');
console.log('HEADERS', { ...req.headers, authorization: '***' });
return res.status(403).json({ error: 'Not authorized!' });
}
}
next();
});
@ -108,6 +125,7 @@ function start() {
authorization = crypto.randomBytes(32).toString('hex');
getPort().then(port => {
checkLocalhostOrigin = `localhost:${port}`;
server.listen(port, () => {
console.log(`DbGate API listening on port ${port}`);
process.send({ msgtype: 'listening', port, authorization });