From 08d1efb4759e5fd0c81a387f88a75380be51c69e Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Tue, 3 Nov 2020 21:01:50 -0800 Subject: [PATCH] Support denying a JWT JTI via the API --- router/router.go | 1 + router/router_server.go | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/router/router.go b/router/router.go index ed3a5a9..a8bd839 100644 --- a/router/router.go +++ b/router/router.go @@ -70,6 +70,7 @@ func Configure() *gin.Engine { server.POST("/commands", postServerCommands) server.POST("/install", postServerInstall) server.POST("/reinstall", postServerReinstall) + server.POST("/ws/deny", postServerDenyWSTokens) // This archive request causes the archive to start being created // this should only be triggered by the panel. diff --git a/router/router_server.go b/router/router_server.go index 2c60ea4..8b7669b 100644 --- a/router/router_server.go +++ b/router/router_server.go @@ -6,6 +6,7 @@ import ( "github.com/apex/log" "github.com/gin-gonic/gin" "github.com/pkg/errors" + "github.com/pterodactyl/wings/router/tokens" "github.com/pterodactyl/wings/server" "net/http" "os" @@ -241,3 +242,20 @@ func deleteServer(c *gin.Context) { c.Status(http.StatusNoContent) } + +// Adds any of the JTIs passed through in the body to the deny list for the websocket +// preventing any JWT generated before the current time from being used to connect to +// the socket or send along commands. +func postServerDenyWSTokens(c *gin.Context) { + var data struct{ JTIs []string `json:"jtis"` } + + if err := c.BindJSON(&data); err != nil { + return + } + + for _, jti := range data.JTIs { + tokens.DenyJTI(jti) + } + + c.Status(http.StatusNoContent) +}