Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-09-11 08:55:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added trustedproxy setting, fixed send keys in remote desktop.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2019-10-07 11:38:01 -07:00
parent 07c6415f85
commit 08bf681afa
4 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.4.1-v",
"version": "0.4.1-w",
"keywords": [
"Remote Management",
"Intel AMT",

2
views/default-min.handlebars
View File

File diff suppressed because one or more lines are too long

4
views/default.handlebars
View File

@ -4856,9 +4856,9 @@
QV('DeskClip', (currentNode.agent) && (currentNode.agent.id != 11) && (currentNode.agent.id != 16) && ((desktop == null) || (desktop.contype != 2))); // Clipboard not supported on MacOS
QE('DeskClip', deskState == 3);
QE('DeskType', deskState == 3);
QV('DeskWD', (currentNode.agent) && (currentNode.agent.id < 5) && inputAllowed);
QV('DeskWD', inputAllowed);
QE('DeskWD', deskState == 3);
QV('deskkeys', (currentNode.agent) && (currentNode.agent.id < 5) && inputAllowed);
QV('deskkeys', inputAllowed);
QE('deskkeys', deskState == 3);
QV('DeskToolsButton', (inputAllowed) && (mesh.mtype == 2) && online);

6
webserver.js
View File

@ -447,7 +447,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// If a trusted reverse-proxy is sending us the remote IP address, use it.
// This is not done automatically for web socket like it's done for HTTP requests.
if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload === ip) || (('::ffff:') + obj.args.tlsoffload === ip))) { ip = res.headers['x-forwarded-for']; }
if ((obj.args.trustedproxy) && (res.headers['x-forwarded-for']) && ((obj.args.trustedproxy === true) || (obj.args.trustedproxy === ip) || (('::ffff:') + obj.args.trustedproxy === ip))) { ip = res.headers['x-forwarded-for']; }
else if ((obj.args.tlsoffload) && (res.headers['x-forwarded-for']) && ((obj.args.tlsoffload === true) || (obj.args.tlsoffload === ip) || (('::ffff:') + obj.args.tlsoffload === ip))) { ip = res.headers['x-forwarded-for']; }
if (ip) { for (var i = 0; i < ipList.length; i++) { if (require('ipcheck').match(ip, ipList[i])) { if (closeIfThis === true) { try { req.close(); } catch (e) { } } return true; } } }
if (closeIfThis === false) { try { req.close(); } catch (e) { } }
@ -3191,7 +3192,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Setup middleware
obj.app.engine('handlebars', obj.exphbs({ defaultLayout: null })); // defaultLayout: 'main'
obj.app.set('view engine', 'handlebars');
if (obj.args.tlsoffload) { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers
if (obj.args.trustedproxy) { obj.app.set('trust proxy', obj.args.trustedproxy); } // Reverse proxy should add the "X-Forwarded-*" headers
else if (obj.args.tlsoffload) { obj.app.set('trust proxy', obj.args.tlsoffload); } // Reverse proxy should add the "X-Forwarded-*" headers
obj.app.use(obj.bodyParser.urlencoded({ extended: false }));
var sessionOptions = {
name: 'xid', // Recommended security practice to not use the default cookie name