From ac772f6f4b46771b8804588d23acee93d5ace14e Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 5 Oct 2020 16:47:30 -0700 Subject: [PATCH] Allow complete removal of My Server tab for a specific domain. --- meshcentral-config-schema.json | 2 +- meshctrl.js | 19 ++++++++++++++++--- meshuser.js | 22 ++++++++++++++-------- views/default.handlebars | 2 +- webserver.js | 13 +++++++------ 5 files changed, 39 insertions(+), 19 deletions(-) diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index fa57aad9..bc65bd85 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -176,7 +176,7 @@ "description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral." }, "myServer": { - "type": "object", + "type": [ "object", "boolean" ], "additionalProperties": false, "properties": { "Backup": { "type": "boolean", "default": true, "description": "Allows administrators to backup the server from the My Server tab." }, diff --git a/meshctrl.js b/meshctrl.js index a0014f0c..916d530e 100644 --- a/meshctrl.js +++ b/meshctrl.js @@ -338,6 +338,7 @@ if (args['_'].length == 0) { console.log(" --group [groupname] - Filter by group name (or --id)."); console.log(" --count - Only return the device count."); console.log(" --json - Show result as JSON."); + console.log(" --csv - Show result as comma seperated values."); break; } case 'listusersofdevicegroup': { @@ -1442,7 +1443,19 @@ function serverConnect() { if ((data.result != null) && (data.result != 'ok')) { console.log(data.result); } else { - if (args.count) { + if (args.csv) { + // Return a flat list + var nodecount = 0; + for (var i in data.nodes) { + var devicesInMesh = data.nodes[i]; + for (var j in devicesInMesh) { + var n = devicesInMesh[j]; + nodecount++; + console.log('\"' + settings.xmeshes[i]._id.split('/')[2] + '\",\"' + settings.xmeshes[i].name.split('\"').join('') + '\",\"' + n._id.split('/')[2] + '\",\"' + n.name.split('\"').join('') + '\",' + (n.icon ? n.icon : 0) + ',' + (n.conn ? n.conn : 0) + ',' + (n.pwr ? n.pwr : 0)); + } + } + if (nodecount == 0) { console.log('None'); } + } else if (args.count) { // Return how many devices are in this group var nodes = []; for (var i in data.nodes) { var devicesInMesh = data.nodes[i]; for (var j in devicesInMesh) { nodes.push(devicesInMesh[j]); } } @@ -1457,12 +1470,12 @@ function serverConnect() { var nodecount = 0; for (var i in data.nodes) { var devicesInMesh = data.nodes[i]; - if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name + '\"'); } + if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name.split('\"').join('') + '\"'); } console.log('id, name, icon, conn, pwr, ip\r\n-----------------------------'); for (var j in devicesInMesh) { var n = devicesInMesh[j]; nodecount++; - console.log(n._id.split('/')[2] + ', \"' + n.name + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0)); + console.log('\"' + n._id.split('/')[2] + '\", \"' + n.name.split('\"', '') + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0)); } } if (nodecount == 0) { console.log('None'); } diff --git a/meshuser.js b/meshuser.js index 8ec1aab3..f7f2d313 100644 --- a/meshuser.js +++ b/meshuser.js @@ -472,7 +472,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (user.siteadmin === SITERIGHT_ADMIN) { // Check if tracing is allowed for this domain - if ((domain.myserver == null) || (domain.myserver.trace === true)) { + if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.trace === true))) { // Send server tracing information try { ws.send(JSON.stringify({ action: 'traceinfo', traceSources: parent.parent.debugRemoteSources })); } catch (ex) { } } @@ -550,6 +550,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use } case 'servertimelinestats': { + // Only accept if the "My Server" tab is allowed for this domain + if (domain.myserver === false) break; + if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this. if (common.validateInt(command.hours, 0, 24 * 30) == false) return; db.GetServerStats(command.hours, function (err, docs) { @@ -561,6 +564,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use } case 'serverstats': { + // Only accept if the "My Server" tab is allowed for this domain + if (domain.myserver === false) break; + if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this. if (common.validateInt(command.interval, 1000, 1000000) == false) { // Clear the timer @@ -839,8 +845,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use // This is a server console message, only process this if full administrator if (user.siteadmin != SITERIGHT_ADMIN) break; - // Only accept is the console is allowed for this domain - if ((domain.myserver != null) && (domain.myserver.console !== true)) break; + // Only accept if the console is allowed for this domain + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.console !== true))) break; var r = ''; var cmdargs = splitArgs(command.value); @@ -2639,7 +2645,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use { // Check the server version if ((user.siteadmin & 16) == 0) break; - if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break; + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break; //parent.parent.getLatestServerVersion(function (currentVersion, latestVersion) { try { ws.send(JSON.stringify({ action: 'serverversion', current: currentVersion, latest: latestVersion })); } catch (ex) { } }); parent.parent.getServerTags(function (tags, err) { try { ws.send(JSON.stringify({ action: 'serverversion', tags: tags })); } catch (ex) { } }); break; @@ -2648,7 +2654,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use { // Perform server update if ((user.siteadmin & 16) == 0) break; - if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break; + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break; if ((command.version != null) && (typeof command.version != 'string')) break; parent.parent.performServerUpdate(command.version); break; @@ -2657,7 +2663,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use { // Load the server error log if ((user.siteadmin & 16) == 0) break; - if ((domain.myserver != null) && (domain.myserver.errorlog !== true)) break; + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.errorlog !== true))) break; fs.readFile(parent.parent.getConfigFilePath('mesherrors.txt'), 'utf8', function (err, data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } }); break; } @@ -4555,8 +4561,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use break; } case 'traceinfo': { - // Only accept is the tracing is allowed for this domain - if ((domain.myserver != null) && (domain.myserver.trace !== true)) break; + // Only accept if the tracing tab is allowed for this domain + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.trace !== true))) break; if ((user.siteadmin === SITERIGHT_ADMIN) && (typeof command.traceSources == 'object')) { parent.parent.debugRemoteSources = command.traceSources; diff --git a/views/default.handlebars b/views/default.handlebars index b09f0b59..f2fc54bc 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -1833,7 +1833,7 @@ //QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel QV('p2AccountImage', !accountSettingsLocked) QV('p2ServerActions', (siteRights & 21) && ((serverFeatures & 15) != 0)); - QV('LeftMenuMyServer', siteRights & 21); // 16 + 4 + 1 + QV('LeftMenuMyServer', (siteRights & 21) && ((serverFeatures & 64) != 0)); // 16 + 4 + 1 QV('MainMenuMyServer', siteRights & 21); QV('p2ServerActionsBackup', (siteRights & 1) && ((serverFeatures & 1) != 0)); QV('p2ServerActionsRestore', (siteRights & 4) && ((serverFeatures & 2) != 0)); diff --git a/webserver.js b/webserver.js index 986ff417..7ce13db3 100644 --- a/webserver.js +++ b/webserver.js @@ -2371,8 +2371,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain.customui != null) { customui = encodeURIComponent(JSON.stringify(domain.customui)); } // Server features - var serverFeatures = 63; - if (domain.myserver) { + var serverFeatures = 127; + if (domain.myserver === false) { serverFeatures = 0; } // 64 = Show "My Server" tab + else if (typeof domain.myserver == 'object') { if (domain.myserver.backup !== true) { serverFeatures -= 1; } // Disallow simple server backups if (domain.myserver.restore !== true) { serverFeatures -= 2; } // Disallow simple server restore if (domain.myserver.upgrade !== true) { serverFeatures -= 4; } // Disallow server upgrade @@ -4063,7 +4064,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (domain == null) { return; } if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key if ((!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; } - if ((domain.myserver != null) && (domain.myserver.backup !== true)) { res.sendStatus(401); return; } + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.backup !== true))) { res.sendStatus(401); return; } var user = obj.users[req.session.userid]; if ((user == null) || ((user.siteadmin & 1) == 0)) { res.sendStatus(401); return; } // Check if we have server backup rights @@ -4092,7 +4093,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { const domain = checkUserIpAddress(req, res); if (domain == null) { return; } if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key - if ((domain.myserver != null) && (domain.myserver.restore !== true)) { res.sendStatus(401); return; } + if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.restore !== true))) { res.sendStatus(401); return; } var authUserid = null; if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; } @@ -4818,8 +4819,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { obj.app.get(url, handleRootRequest); obj.app.post(url, handleRootPostRequest); obj.app.get(url + 'refresh.ashx', function (req, res) { res.sendStatus(200); }); - if ((domain.myserver == null) || (domain.myserver.backup === true)) { obj.app.get(url + 'backup.zip', handleBackupRequest); } - if ((domain.myserver == null) || (domain.myserver.restore === true)) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); } + if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.backup === true))) { obj.app.get(url + 'backup.zip', handleBackupRequest); } + if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.restore === true))) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); } obj.app.get(url + 'terms', handleTermsRequest); obj.app.get(url + 'xterm', handleXTermRequest); obj.app.post(url + 'login', handleLoginRequest);