mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-27 02:04:30 +03:00
Fixed loginkey, allow invalid login filter to be disabled.
This commit is contained in:
parent
308b21d09e
commit
a65396358e
@ -1217,10 +1217,17 @@ function CreateMeshCentralServer(config, args) {
|
||||
obj.DispatchEvent(['*'], obj, { etype: 'server', action: 'started', msg: 'Server started' });
|
||||
|
||||
// Plugin hook. Need to run something at server startup? This is the place.
|
||||
if (obj.pluginHandler) { obj.pluginHandler.callHook("server_startup"); }
|
||||
if (obj.pluginHandler) { obj.pluginHandler.callHook('server_startup'); }
|
||||
|
||||
// Load the login cookie encryption key from the database if allowed
|
||||
if ((obj.config) && (obj.config.settings) && (obj.config.settings.allowlogintoken == true)) {
|
||||
// Setup the login cookie encryption key
|
||||
if ((obj.config) && (obj.config.settings) && (typeof obj.config.settings.logincookieencryptionkey == 'string')) {
|
||||
// We have a string, hash it and use that as a key
|
||||
try { obj.loginCookieEncryptionKey = Buffer.from(obj.config.settings.logincookieencryptionkey, 'hex'); } catch (ex) { }
|
||||
if ((obj.loginCookieEncryptionKey == null) || (obj.loginCookieEncryptionKey.length != 80)) { addServerWarning("Invalid \"LoginCookieEncryptionKey\" in config.json."); obj.loginCookieEncryptionKey = null; }
|
||||
}
|
||||
|
||||
// Login cookie encryption key not set, use one from the database
|
||||
if (obj.loginCookieEncryptionKey == null) {
|
||||
obj.db.Get('LoginCookieEncryptionKey', function (err, docs) {
|
||||
if ((docs.length > 0) && (docs[0].key != null) && (obj.args.logintokengen == null) && (docs[0].key.length >= 160)) {
|
||||
obj.loginCookieEncryptionKey = Buffer.from(docs[0].key, 'hex');
|
||||
|
32
meshuser.js
32
meshuser.js
@ -700,26 +700,30 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
break;
|
||||
}
|
||||
case 'badlogins': {
|
||||
if (typeof parent.parent.config.settings.maxinvalidlogin.coolofftime == 'number') {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s), " + parent.parent.config.settings.maxinvalidlogin.coolofftime + " minute(s) cooloff.\r\n";
|
||||
if (parent.parent.config.settings.maxinvalidlogin == false) {
|
||||
r = 'Bad login filter is disabled.';
|
||||
} else {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s).\r\n";
|
||||
}
|
||||
var badLoginCount = 0;
|
||||
parent.cleanBadLoginTable();
|
||||
for (var i in parent.badLoginTable) {
|
||||
badLoginCount++;
|
||||
if (typeof parent.badLoginTable[i] == 'number') {
|
||||
r += "Cooloff for " + Math.floor((parent.badLoginTable[i] - Date.now()) / 60000) + " minute(s)\r\n";
|
||||
if (typeof parent.parent.config.settings.maxinvalidlogin.coolofftime == 'number') {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s), " + parent.parent.config.settings.maxinvalidlogin.coolofftime + " minute(s) cooloff.\r\n";
|
||||
} else {
|
||||
if (parent.badLoginTable[i].length > 1) {
|
||||
r += (i + ' - ' + parent.badLoginTable[i].length + " records\r\n");
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s).\r\n";
|
||||
}
|
||||
var badLoginCount = 0;
|
||||
parent.cleanBadLoginTable();
|
||||
for (var i in parent.badLoginTable) {
|
||||
badLoginCount++;
|
||||
if (typeof parent.badLoginTable[i] == 'number') {
|
||||
r += "Cooloff for " + Math.floor((parent.badLoginTable[i] - Date.now()) / 60000) + " minute(s)\r\n";
|
||||
} else {
|
||||
r += (i + ' - ' + parent.badLoginTable[i].length + " record\r\n");
|
||||
if (parent.badLoginTable[i].length > 1) {
|
||||
r += (i + ' - ' + parent.badLoginTable[i].length + " records\r\n");
|
||||
} else {
|
||||
r += (i + ' - ' + parent.badLoginTable[i].length + " record\r\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
if (badLoginCount == 0) { r += 'No bad logins.'; }
|
||||
}
|
||||
if (badLoginCount == 0) { r += 'No bad logins.'; }
|
||||
break;
|
||||
}
|
||||
case 'dispatchtable': {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.9-i",
|
||||
"version": "0.4.9-j",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
17
webserver.js
17
webserver.js
@ -2676,8 +2676,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Fetch the mesh object
|
||||
ws.meshid = 'mesh/' + domain.id + '/' + req.query.id;
|
||||
const mesh = obj.meshes[ws.meshid];
|
||||
if (mesh == null) { delete ws.meshid; ws.send(JSON.stringify({ errorText: 'Invalid device group' })); ws.close(); return; }
|
||||
if (mesh.mtype != 1) { ws.send(JSON.stringify({ errorText: 'Invalid device group type' })); ws.close(); return; }
|
||||
if (mesh == null) { delete ws.meshid; ws.send(JSON.stringify({ errorText: 'Invalid device group: ' + ws.meshid })); ws.close(); return; }
|
||||
if (mesh.mtype != 1) { ws.send(JSON.stringify({ errorText: 'Invalid device group type:' + ws.meshid })); ws.close(); return; }
|
||||
|
||||
// Fetch the remote IP:Port for logging
|
||||
ws.remoteaddr = cleanRemoteAddr(req.ip);
|
||||
@ -4516,11 +4516,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
obj.badLoginTable = {};
|
||||
obj.badLoginTableLastClean = 0;
|
||||
if (parent.config.settings == null) { parent.config.settings = {}; }
|
||||
if (parent.config.settings.maxinvalidlogin == null) { parent.config.settings.maxinvalidlogin = { time: 10, count: 10 }; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.time != 'number') { parent.config.settings.maxinvalidlogin.time = 10; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.count != 'number') { parent.config.settings.maxinvalidlogin.count = 10; }
|
||||
if ((typeof parent.config.settings.maxinvalidlogin.coolofftime != 'number') || (parent.config.settings.maxinvalidlogin.coolofftime < 1)) { parent.config.settings.maxinvalidlogin.coolofftime = null; }
|
||||
if (parent.config.settings.maxinvalidlogin !== false) {
|
||||
if (typeof parent.config.settings.maxinvalidlogin != 'object') { parent.config.settings.maxinvalidlogin = { time: 10, count: 10 }; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.time != 'number') { parent.config.settings.maxinvalidlogin.time = 10; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.count != 'number') { parent.config.settings.maxinvalidlogin.count = 10; }
|
||||
if ((typeof parent.config.settings.maxinvalidlogin.coolofftime != 'number') || (parent.config.settings.maxinvalidlogin.coolofftime < 1)) { parent.config.settings.maxinvalidlogin.coolofftime = null; }
|
||||
}
|
||||
obj.setbadLogin = function (ip) { // Set an IP address that just did a bad login request
|
||||
if (parent.config.settings.maxinvalidlogin === false) return;
|
||||
if (typeof ip == 'object') { ip = cleanRemoteAddr(ip.ip); }
|
||||
var splitip = ip.split('.');
|
||||
if (splitip.length == 4) { ip = (splitip[0] + '.' + splitip[1] + '.' + splitip[2] + '.*'); }
|
||||
@ -4532,6 +4535,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
}
|
||||
obj.checkAllowLogin = function (ip) { // Check if an IP address is allowed to login
|
||||
if (parent.config.settings.maxinvalidlogin === false) return true;
|
||||
if (typeof ip == 'object') { ip = cleanRemoteAddr(ip.ip); }
|
||||
var splitip = ip.split('.');
|
||||
if (splitip.length == 4) { ip = (splitip[0] + '.' + splitip[1] + '.' + splitip[2] + '.*'); } // If this is IPv4, keep only the 3 first
|
||||
@ -4544,6 +4548,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
return (ipTable.length < parent.config.settings.maxinvalidlogin.count); // No more than x bad logins in x minutes
|
||||
}
|
||||
obj.cleanBadLoginTable = function () { // Clean up the IP address login blockage table, we do this occasionaly.
|
||||
if (parent.config.settings.maxinvalidlogin === false) return;
|
||||
var cutoffTime = Date.now() - (parent.config.settings.maxinvalidlogin.time * 60000); // Time in minutes
|
||||
for (var ip in obj.badLoginTable) {
|
||||
var ipTable = obj.badLoginTable[ip];
|
||||
|
Loading…
Reference in New Issue
Block a user