Merge pull request #43 from pterodactyl/impl/2194

Add the ability to define additional allowed origins
This commit is contained in:
Dane Everitt 2020-07-31 20:04:10 -07:00 committed by GitHub
commit 8af26ac864
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 41 additions and 8 deletions

View File

@ -81,8 +81,14 @@ type Configuration struct {
// to collect data and send events. // to collect data and send events.
PanelLocation string `json:"remote" yaml:"remote"` PanelLocation string `json:"remote" yaml:"remote"`
// AllowedMounts . // AllowedMounts is a list of allowed host-system mount points.
// This is required to have the "Server Mounts" feature work properly.
AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"` AllowedMounts []string `json:"allowed_mounts" yaml:"allowed_mounts"`
// AllowedOrigins is a list of allowed request origins.
// The Panel URL is automatically allowed, this is only needed for adding
// additional origins.
AllowedOrigins []string `json:"allowed_origins" yaml:"allowed_origins"`
} }
// Defines the configuration of the internal SFTP server. // Defines the configuration of the internal SFTP server.

View File

@ -11,8 +11,22 @@ import (
// Set the access request control headers on all of the requests. // Set the access request control headers on all of the requests.
func SetAccessControlHeaders(c *gin.Context) { func SetAccessControlHeaders(c *gin.Context) {
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization") c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
o := c.GetHeader("Origin")
if o != config.Get().PanelLocation {
for _, origin := range config.Get().AllowedOrigins {
if o != origin {
continue
}
c.Header("Access-Control-Allow-Origin", origin)
c.Next()
return
}
}
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
c.Next() c.Next()
} }

View File

@ -57,7 +57,20 @@ func GetHandler(s *server.Server, w http.ResponseWriter, r *http.Request) (*Hand
// Ensure that the websocket request is originating from the Panel itself, // Ensure that the websocket request is originating from the Panel itself,
// and not some other location. // and not some other location.
CheckOrigin: func(r *http.Request) bool { CheckOrigin: func(r *http.Request) bool {
return r.Header.Get("Origin") == config.Get().PanelLocation o := r.Header.Get("Origin")
if o == config.Get().PanelLocation {
return true
}
for _, origin := range config.Get().AllowedOrigins {
if o != origin {
continue
}
return true
}
return false
}, },
} }

View File

@ -364,7 +364,7 @@ func (d *DockerEnvironment) Restart() error {
} }
// Check if the server is currently running the restart process by checking if there is a semaphore // Check if the server is currently running the restart process by checking if there is a semaphore
// allocated, and if so, if we can aquire a lock on it. // allocated, and if so, if we can acquire a lock on it.
func (d *DockerEnvironment) IsRestarting() bool { func (d *DockerEnvironment) IsRestarting() bool {
if d.restartSem == nil { if d.restartSem == nil {
return false return false
@ -469,7 +469,7 @@ func (d *DockerEnvironment) ExitState() (uint32, bool, error) {
// //
// However, someone reported an error in Discord about this scenario happening, // However, someone reported an error in Discord about this scenario happening,
// so I guess this should prevent it? They didn't tell me how they caused it though // so I guess this should prevent it? They didn't tell me how they caused it though
// so thats a mystery that will have to go unsolved. // so that's a mystery that will have to go unsolved.
// //
// @see https://github.com/pterodactyl/panel/issues/2003 // @see https://github.com/pterodactyl/panel/issues/2003
if client.IsErrNotFound(err) { if client.IsErrNotFound(err) {
@ -928,7 +928,7 @@ func (d *DockerEnvironment) portBindings() nat.PortMap {
for ip, ports := range d.Server.Config().Allocations.Mappings { for ip, ports := range d.Server.Config().Allocations.Mappings {
for _, port := range ports { for _, port := range ports {
// Skip over invalid ports. // Skip over invalid ports.
if port < 0 || port > 65535 { if port < 1 || port > 65535 {
continue continue
} }

View File

@ -30,8 +30,8 @@ func (s *Server) UpdateDataStructure(data []byte, background bool) error {
// Grab a copy of the configuration to work on. // Grab a copy of the configuration to work on.
c := *s.Config() c := *s.Config()
// Lock our copy of the configuration since the defered unlock will end up acting upon this // Lock our copy of the configuration since the deferred unlock will end up acting upon this
// new memory address rather than the old one. If we don't lock this, the defered unlock will // new memory address rather than the old one. If we don't lock this, the deferred unlock will
// cause a panic when it goes to run. However, since we only update s.cfg at the end, if there // cause a panic when it goes to run. However, since we only update s.cfg at the end, if there
// is an error before that point we'll still properly unlock the original configuration for the // is an error before that point we'll still properly unlock the original configuration for the
// server. // server.