diff --git a/LICENCE b/LICENCE index 954fd0a..1cadf6a 100644 --- a/LICENCE +++ b/LICENCE @@ -1,31 +1,57 @@ -“Commons Clause” License Condition v1.0 - -The Software is provided to you by the Licensor under the -License, as defined below, subject to the following condition. - -Without limiting other conditions in the License, the grant -of rights under the License will not include, and the License -does not grant to you, the right to Sell the Software. - -For purposes of the foregoing, “Sell” means practicing any or -all of the rights granted to you under the License to provide -to third parties, for a fee or other consideration (including -without limitation fees for hosting or consulting/ support -services related to the Software), a product or service whose -value derives, entirely or substantially, from the functionality -of the Software. Any license notice or attribution required by -the License must also include this Commons Clause License -Condition notice. - Software: Cosmos-Server -License: Apache 2.0 with Commons Clause +License: Apache 2.0 with Commons Clause and Anti Tampering Clause Licensor: Yann Stepienik +--------------------------------------------------------------------- + + “Commons Clause” License Condition v1.0 + + The Software is provided to you by the Licensor under the + License, as defined below, subject to the following condition. + + Without limiting other conditions in the License, the grant + of rights under the License will not include, and the License + does not grant to you, the right to Sell the Software. + + For purposes of the foregoing, “Sell” means practicing any or + all of the rights granted to you under the License to provide + to third parties, for a fee or other consideration (including + without limitation fees for hosting or consulting/ support + services related to the Software), a product or service whose + value derives, entirely or substantially, from the functionality + of the Software. Any license notice or attribution required by + the License must also include this Commons Clause License + Condition notice. --------------------------------------------------------------------- + "Anti Tampering Clause” License Condition v1.0 + + Notwithstanding any provision of the Apache License 2.0, if the User + (or any party receiving or distributing derivative works, services, + or anything of value from the User related to the Software), directly + or indirectly, seeks to tamper with, alter, circumvent, or avoid + compliance with any subscription, paywall, feature restriction, or any + other licensing mechanism built into the Software or its usage, the + License granted under the Apache License 2.0 shall automatically and + immediately terminate, and access to the Software shall be withdrawn + with immediate effect. Upon such termination, any and all rights + established under the Apache License 2.0 shall be null and void. + + Tampering includes but is not limited to: (a) removing, disabling, + or circumventing any license key or other copy protection mechanism, + (b) redistributing parts or all of a feature that was intended + to be a paid feature, without keeping the restrictions, limitations, + or other licensing mechanisms with it(c) disabling, circumventing, or + avoiding any feature of the Software that is intended to enforce usage or + copy restrictions, or (d) providing or distributing any information + or code that enables disabling, circumvention, or avoidance of any + feature of the Software that is intended to enforce usage or copy + restrictions. + +--------------------------------------------------------------------- Apache License Version 2.0, January 2004 diff --git a/changelog.md b/changelog.md index 1f51c44..ad8ed2b 100644 --- a/changelog.md +++ b/changelog.md @@ -7,6 +7,8 @@ - Added Constellation - DNS Challenge is now used for all certificates when enabled - Rework headers for better compatibility + - Improve experience for non-admin users + - Fix bug with redirect on logout ## Version 0.9.20 - 0.9.21 - Add option to disable CORS hardening (with empty value) diff --git a/cla.md b/cla.md index 147f9d2..22a970d 100644 --- a/cla.md +++ b/cla.md @@ -2,7 +2,7 @@ Cosmos Software Grant and Contributor License Agreement (“Agreement”) This agreement is based on the Apache Software Foundation Contributor License Agreement. (v r190612) -Thank you for your interest in software projects stewarded by Raintank, Inc. dba Cosmos (“Cosmos”). In order to clarify the intellectual property license granted with Contributions from any person or entity, Cosmos must have a Contributor License Agreement (CLA) on file that has been agreed to by each Contributor, indicating agreement to the license terms below. This license is for your protection as a Contributor as well as the protection of Cosmos and its users; it does not change your rights to use your own Contributions for any other purpose. This Agreement allows an individual to contribute to Cosmos on that individual’s own behalf, or an entity (the “Corporation”) to submit Contributions to Cosmos, to authorize Contributions submitted by its designated employees to Cosmos, and to grant copyright and patent licenses thereto. +Thank you for your interest in dba Cosmos (“Cosmos”). In order to clarify the intellectual property license granted with Contributions from any person or entity, Cosmos must have a Contributor License Agreement (CLA) on file that has been agreed to by each Contributor, indicating agreement to the license terms below. This license is for your protection as a Contributor as well as the protection of Cosmos and its users; it does not change your rights to use your own Contributions for any other purpose. This Agreement allows an individual to contribute to Cosmos on that individual’s own behalf, or an entity (the “Corporation”) to submit Contributions to Cosmos, to authorize Contributions submitted by its designated employees to Cosmos, and to grant copyright and patent licenses thereto. You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Cosmos. Except for the license granted herein to Cosmos and recipients of software distributed by Cosmos, You reserve all right, title, and interest in and to Your Contributions. diff --git a/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavGroup.jsx b/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavGroup.jsx index 9c001af..77a1365 100644 --- a/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavGroup.jsx +++ b/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavGroup.jsx @@ -47,7 +47,7 @@ const NavGroup = ({ item }) => { } sx={{ mb: drawerOpen ? 1.5 : 0, py: 0, zIndex: 0 }} > - {navCollapse} + {navCollapse} ); }; diff --git a/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavItem.jsx b/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavItem.jsx index 77a3df0..deb2ddf 100644 --- a/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavItem.jsx +++ b/client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavItem.jsx @@ -9,6 +9,7 @@ import { Avatar, Chip, ListItemButton, ListItemIcon, ListItemText, Typography } // project import import { activeItem } from '../../../../../store/reducers/menu'; +import { useClientInfos } from '../../../../../utils/hooks'; // ==============================|| NAVIGATION - LIST ITEM ||============================== // @@ -17,6 +18,12 @@ const NavItem = ({ item, level }) => { const dispatch = useDispatch(); const menu = useSelector((state) => state.menu); const { drawerOpen, openItem } = menu; + const {role} = useClientInfos(); + const isAdmin = role === 1; + + if (item.adminOnly && !isAdmin) { + return null; + } let itemTarget = '_self'; if (item.target) { diff --git a/client/src/menu-items/pages.jsx b/client/src/menu-items/pages.jsx index a2e4068..171c841 100644 --- a/client/src/menu-items/pages.jsx +++ b/client/src/menu-items/pages.jsx @@ -20,7 +20,8 @@ const pages = { title: 'ServApps', type: 'item', url: '/cosmos-ui/servapps', - icon: AppstoreOutlined + icon: AppstoreOutlined, + adminOnly: true }, { id: 'url', @@ -43,6 +44,7 @@ const pages = { type: 'item', url: '/cosmos-ui/config-users', icon: icons.ProfileOutlined, + adminOnly: true }, { id: 'openid', @@ -50,6 +52,7 @@ const pages = { type: 'item', url: '/cosmos-ui/openid-manage', icon: PicLeftOutlined, + adminOnly: true }, { id: 'config', diff --git a/client/src/pages/authentication/Logoff.jsx b/client/src/pages/authentication/Logoff.jsx index 635efc0..3e7924f 100644 --- a/client/src/pages/authentication/Logoff.jsx +++ b/client/src/pages/authentication/Logoff.jsx @@ -9,7 +9,7 @@ import AuthWrapper from './AuthWrapper'; import { useEffect } from 'react'; import * as API from '../../api'; -import { redirectTo } from '../../utils/indexs'; +import { redirectTo, redirectToLocal } from '../../utils/indexs'; // ================================|| REGISTER ||================================ // diff --git a/client/src/pages/config/users/configman.jsx b/client/src/pages/config/users/configman.jsx index 20e90bf..e3a57af 100644 --- a/client/src/pages/config/users/configman.jsx +++ b/client/src/pages/config/users/configman.jsx @@ -31,6 +31,7 @@ import { TwitterPicker // TODO: Remove circular deps import {SetPrimaryColor, SetSecondaryColor} from '../../../App'; +import { useClientInfos } from '../../../utils/hooks'; const ConfigManagement = () => { const [config, setConfig] = React.useState(null); @@ -38,6 +39,8 @@ const ConfigManagement = () => { const [openResartModal, setOpenRestartModal] = React.useState(false); const [uploadingBackground, setUploadingBackground] = React.useState(false); const [saveLabel, setSaveLabel] = React.useState("Save"); + const {role} = useClientInfos(); + const isAdmin = role === 1; function refresh() { API.config.get().then((res) => { @@ -62,9 +65,9 @@ const ConfigManagement = () => { refresh(); }}>Refresh - + }}>Restart Server} {config && <> @@ -186,7 +189,7 @@ const ConfigManagement = () => { {(formik) => (
- + {isAdmin && {formik.errors.submit && ( {formik.errors.submit} @@ -205,7 +208,13 @@ const ConfigManagement = () => { {saveLabel} - + } + + {!isAdmin &&
+ As you are not an admin, you can't edit the configuration. + This page is only here for visibility. + +
} @@ -331,6 +340,29 @@ const ConfigManagement = () => { formik.setFieldValue('PrimaryColor', colorRGB); SetPrimaryColor(colorRGB); }} + colors={[ + '#ab47bc', + '#4527a0', + '#FF6900', + '#FCB900', + '#7BDCB5', + '#00D084', + '#8ED1FC', + '#0693E3', + '#ABB8C3', + '#EB144C', + '#F78DA7', + '#9900EF', + '#FF0000', + '#FFC0CB', + '#20B2AA', + '#FFFF00', + '#8A2BE2', + '#A52A2A', + '#5F9EA0', + '#7FFF00', + '#D2691E' + ]} /> @@ -346,6 +378,29 @@ const ConfigManagement = () => { formik.setFieldValue('SecondaryColor', colorRGB); SetSecondaryColor(colorRGB); }} + colors={[ + '#ab47bc', + '#4527a0', + '#FF6900', + '#FCB900', + '#7BDCB5', + '#00D084', + '#8ED1FC', + '#0693E3', + '#ABB8C3', + '#EB144C', + '#F78DA7', + '#9900EF', + '#FF0000', + '#FFC0CB', + '#20B2AA', + '#FFFF00', + '#8A2BE2', + '#A52A2A', + '#5F9EA0', + '#7FFF00', + '#D2691E' + ]} /> @@ -627,7 +682,7 @@ const ConfigManagement = () => { - + {isAdmin && {formik.errors.submit && ( {formik.errors.submit} @@ -646,7 +701,7 @@ const ConfigManagement = () => { {saveLabel} - + }
)} diff --git a/client/src/pages/constellation/addDevice.jsx b/client/src/pages/constellation/addDevice.jsx index ea2aea8..1000dbc 100644 --- a/client/src/pages/constellation/addDevice.jsx +++ b/client/src/pages/constellation/addDevice.jsx @@ -1,5 +1,5 @@ // material-ui -import { Alert, Button, Stack, TextField } from '@mui/material'; +import { Alert, Button, InputLabel, OutlinedInput, Stack, TextField } from '@mui/material'; import Dialog from '@mui/material/Dialog'; import DialogActions from '@mui/material/DialogActions'; import DialogContent from '@mui/material/DialogContent'; @@ -15,6 +15,7 @@ import * as API from '../../api'; import { CosmosCheckbox, CosmosFormDivider, CosmosInputText, CosmosSelect } from '../config/users/formShortcuts'; import { DownloadFile } from '../../api/downloadButton'; import QRCode from 'qrcode'; +import { useClientInfos } from '../../utils/hooks'; const getDocker = (data, isCompose) => { let lighthouses = ''; @@ -73,10 +74,12 @@ docker run -d \\ } -const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => { +const AddDeviceModal = ({ users, config, refreshConfig, devices }) => { const [openModal, setOpenModal] = useState(false); const [isDone, setIsDone] = useState(null); const canvasRef = React.useRef(null); + const {role, nickname} = useClientInfos(); + const isAdmin = role === 1; let firstIP = "192.168.201.2/24"; if (devices && devices.length > 0) { @@ -116,7 +119,7 @@ const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => { setOpenModal(false)}> { formik={formik} /> {!formik.values.isLighthouse && - { return [u.nickname, u.nickname] }) } - />} + /> : <> + Owner + + )} { }, []); return <> - {(config) ? <>
@@ -40,8 +39,6 @@ export const ConstellationDNS = () => { { }} onSubmit={(values) => { let newConfig = { ...config }; - newConfig.ConstellationConfig.DNS = values.Enabled; - newConfig.ConstellationConfig.DNSPort = values.Port; newConfig.ConstellationConfig.DNSFallback = values.Fallback; newConfig.ConstellationConfig.DNSBlockBlacklist = values.DNSBlockBlacklist; newConfig.ConstellationConfig.DNSAdditionalBlocklists = values.DNSAdditionalBlocklists; @@ -62,14 +57,19 @@ export const ConstellationDNS = () => { {(formik) => (
- - + This is a DNS that runs inside your Constellation network. It automatically + rewrites your domains DNS entries to be local to your network, and also allows you to do things like block ads + and trackers on all devices connected to your network. You can also add custom DNS entries to resolve to specific + IP addresses. This DNS server is only accessible from inside your network. + + When changing your DNS records, always use private mode on your browser and allow some times for various caches to expire. + DNS Blocklist URLs {formik.values.DNSAdditionalBlocklists.map((item, index) => ( diff --git a/client/src/pages/constellation/index.jsx b/client/src/pages/constellation/index.jsx index dea63ec..6b76c75 100644 --- a/client/src/pages/constellation/index.jsx +++ b/client/src/pages/constellation/index.jsx @@ -1,6 +1,6 @@ import * as React from 'react'; import MainCard from '../../components/MainCard'; -import { Chip, Divider, Stack, useMediaQuery } from '@mui/material'; +import { Alert, Chip, Divider, Stack, useMediaQuery } from '@mui/material'; import HostChip from '../../components/hostChip'; import { RouteMode, RouteSecurity } from '../../components/routeComponents'; import { getFaviconURL } from '../../utils/routes'; @@ -8,12 +8,16 @@ import * as API from '../../api'; import { CheckOutlined, ClockCircleOutlined, DashboardOutlined, DeleteOutlined, DownOutlined, LockOutlined, UpOutlined } from "@ant-design/icons"; import IsLoggedIn from '../../isLoggedIn'; import PrettyTabbedView from '../../components/tabbedView/tabbedView'; +import { useClientInfos } from '../../utils/hooks'; import { ConstellationVPN } from './vpn'; import { ConstellationDNS } from './dns'; const ConstellationIndex = () => { - return
+ const {role} = useClientInfos(); + const isAdmin = role === 1; + + return isAdmin ?
{ children: , path: 'dns' }, + { + title: 'Firewall', + children:
+ + Coming soon. This feature will allow you to open and close ports individually + on each device and decide who can access them. + +
, + }, + { + title: 'Unsafe Routes', + children:
+ + Coming soon. This feature will allow you to tunnel your traffic through + your devices to things outside of your constellation. + +
, + } ]}/> -
; +
: ; } export default ConstellationIndex; \ No newline at end of file diff --git a/client/src/pages/constellation/vpn.jsx b/client/src/pages/constellation/vpn.jsx index 65e7b9f..c60c0af 100644 --- a/client/src/pages/constellation/vpn.jsx +++ b/client/src/pages/constellation/vpn.jsx @@ -15,6 +15,7 @@ import ApiModal from "../../components/apiModal"; import { isDomain } from "../../utils/indexs"; import ConfirmModal from "../../components/confirmModal"; import UploadButtons from "../../components/fileUpload"; +import { useClientInfos } from "../../utils/hooks"; const getDefaultConstellationHostname = (config) => { // if domain is set, use it @@ -26,17 +27,20 @@ const getDefaultConstellationHostname = (config) => { } export const ConstellationVPN = () => { - const [isAdmin, setIsAdmin] = useState(false); const [config, setConfig] = useState(null); const [users, setUsers] = useState(null); const [devices, setDevices] = useState(null); + const {role} = useClientInfos(); + const isAdmin = role === 1; const refreshConfig = async () => { let configAsync = await API.config.get(); setConfig(configAsync.data); - setIsAdmin(configAsync.isAdmin); setDevices((await API.constellation.list()).data || []); - setUsers((await API.users.list()).data || []); + if(isAdmin) + setUsers((await API.users.list()).data || []); + else + setUsers([]); }; useEffect(() => { @@ -61,7 +65,6 @@ export const ConstellationVPN = () => { } return <> - {(devices && config && users) ? <>
@@ -160,7 +163,7 @@ export const ConstellationVPN = () => { data={devices.filter((d) => !d.blocked)} getKey={(r) => r.deviceName} buttons={[ - , + , ]} columns={[ { diff --git a/client/src/pages/home/index.jsx b/client/src/pages/home/index.jsx index 253f497..99367c8 100644 --- a/client/src/pages/home/index.jsx +++ b/client/src/pages/home/index.jsx @@ -12,6 +12,7 @@ import { getFullOrigin } from "../../utils/routes"; import IsLoggedIn from "../../isLoggedIn"; import { ServAppIcon } from "../../utils/servapp-icon"; import Chart from 'react-apexcharts'; +import { useClientInfos } from "../../utils/hooks"; export const HomeBackground = () => { @@ -87,6 +88,8 @@ const HomePage = () => { const theme = useTheme(); const isDark = theme.palette.mode === 'dark'; const isMd = useMediaQuery(theme.breakpoints.up('md')); + const {role} = useClientInfos(); + const isAdmin = role === 1; const blockStyle = { margin: 0, @@ -112,9 +115,13 @@ const HomePage = () => { } const refreshConfig = () => { - API.docker.list().then((res) => { - setServApps(res.data); - }); + if(isAdmin) { + API.docker.list().then((res) => { + setServApps(res.data); + }); + } else { + setServApps([]); + } API.config.get().then((res) => { setConfig(res.data); }); @@ -213,20 +220,20 @@ const HomePage = () => { - {coStatus && !coStatus.database && ( + {isAdmin && coStatus && !coStatus.database && ( No Database is setup for Cosmos! User Management and Authentication will not work.
You can either setup the database, or disable user management in the configuration panel.
 )} - {coStatus && coStatus.letsencrypt && ( + {isAdmin && coStatus && coStatus.letsencrypt && ( You have enabled Let's Encrypt for automatic HTTPS Certificate. You need to provide the configuration with an email address to use for Let's Encrypt in the configs. )} - {coStatus && coStatus.LetsEncryptErrors && coStatus.LetsEncryptErrors.length > 0 && ( + {isAdmin && coStatus && coStatus.LetsEncryptErrors && coStatus.LetsEncryptErrors.length > 0 && ( There are errors with your Let's Encrypt configuration or one of your routes, please fix them as soon as possible: {coStatus.LetsEncryptErrors.map((err) => { @@ -235,25 +242,25 @@ const HomePage = () => { )} - {coStatus && coStatus.newVersionAvailable && ( + {isAdmin && coStatus && coStatus.newVersionAvailable && ( A new version of Cosmos is available! Please update to the latest version to get the latest features and bug fixes. )} - {coStatus && coStatus.needsRestart && ( + {isAdmin && coStatus && coStatus.needsRestart && ( You have made changes to the configuration that require a restart to take effect. Please restart Cosmos to apply the changes. )} - {coStatus && coStatus.domain && ( + {isAdmin && coStatus && coStatus.domain && ( You are using localhost or 0.0.0.0 as a hostname in the configuration. It is recommended that you use a domain name or an IP instead. )} - {coStatus && !coStatus.docker && ( + {isAdmin && coStatus && !coStatus.docker && ( Docker is not connected! Please check your docker connection.
Did you forget to add 
-v /var/run/docker.sock:/var/run/docker.sock
to your docker run command?
diff --git a/client/src/pages/market/listing.jsx b/client/src/pages/market/listing.jsx index 6a8d6e7..df430d3 100644 --- a/client/src/pages/market/listing.jsx +++ b/client/src/pages/market/listing.jsx @@ -12,6 +12,7 @@ import { Link as LinkMUI } from '@mui/material' import DockerComposeImport from '../servapps/containers/docker-compose'; import { AppstoreAddOutlined, SearchOutlined } from "@ant-design/icons"; import ResponsiveButton from "../../components/responseiveButton"; +import { useClientInfos } from "../../utils/hooks"; function Screenshots({ screenshots }) { return screenshots.length > 1 ? ( @@ -23,17 +24,17 @@ function Screenshots({ screenshots }) { : } -function Showcases({ showcase, isDark }) { +function Showcases({ showcase, isDark, isAdmin }) { return ( { - showcase.map((item, i) => ) + showcase.map((item, i) => ) } ) } -function ShowcasesItem({ isDark, item }) { +function ShowcasesItem({ isDark, item, isAdmin }) { return (

-
+ {isAdmin &&
-
+
} @@ -110,6 +111,8 @@ const MarketPage = () => { const isDark = theme.palette.mode === 'dark'; const { appName, appStore } = useParams(); const [search, setSearch] = useState(""); + const {role} = useClientInfos(); + const isAdmin = role === 1; const backgroundStyle = isDark ? { backgroundColor: 'rgb(0,0,0)', @@ -178,7 +181,7 @@ const MarketPage = () => {
- +
@@ -202,9 +205,9 @@ const MarketPage = () => {
-
+ {isAdmin &&
-
+
} } @@ -223,7 +226,7 @@ const MarketPage = () => { size={100} /> } - {showcase && showcase.length > 0 && } + {showcase && showcase.length > 0 && } = 16.3.0" + } + }, "node_modules/react-copy-to-clipboard": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/react-copy-to-clipboard/-/react-copy-to-clipboard-5.1.0.tgz", @@ -10368,6 +10387,15 @@ "node": ">=4" } }, + "node_modules/universal-cookie": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/universal-cookie/-/universal-cookie-6.1.1.tgz", + "integrity": "sha512-33S9x3CpdUnnjwTNs2Fgc41WGve2tdLtvaK2kPSbZRc5pGpz2vQFbRWMxlATsxNNe/Cy8SzmnmbuBM85jpZPtA==", + "dependencies": { + "@types/cookie": "^0.5.1", + "cookie": "^0.5.0" + } + }, "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", diff --git a/package.json b/package.json index 6a39eec..6d59db9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cosmos-server", - "version": "0.10.0-unstable16", + "version": "0.10.0-unstable17", "description": "", "main": "test-server.js", "bugs": { @@ -36,6 +36,7 @@ "react": "^18.2.0", "react-apexcharts": "^1.4.0", "react-color": "^2.19.3", + "react-cookie": "^6.1.1", "react-copy-to-clipboard": "^5.1.0", "react-device-detect": "^2.2.2", "react-dom": "^18.2.0", diff --git a/src/constellation/DNS.go b/src/constellation/DNS.go index c7f23ac..40864cd 100644 --- a/src/constellation/DNS.go +++ b/src/constellation/DNS.go @@ -176,7 +176,7 @@ func InitDNS() { utils.Log("Loaded " + strconv.Itoa(len(DNSBlacklist)) + " domains") } - if(config.ConstellationConfig.DNS) { + if(!config.ConstellationConfig.DNSDisabled) { go (func() { dns.HandleFunc(".", handleDNSRequest) server := &dns.Server{Addr: ":" + DNSPort, Net: "udp"} diff --git a/src/constellation/api_devices_block.go b/src/constellation/api_devices_block.go index 9465c76..14568de 100644 --- a/src/constellation/api_devices_block.go +++ b/src/constellation/api_devices_block.go @@ -39,6 +39,8 @@ func DeviceBlock(w http.ResponseWriter, req *http.Request) { return } + utils.Log("ConstellationDeviceBlocking: Blocking Device " + deviceName) + c, errCo := utils.GetCollection(utils.GetRootAppId(), "devices") if errCo != nil { utils.Error("Database Connect", errCo) diff --git a/src/constellation/api_devices_config.go b/src/constellation/api_devices_config.go new file mode 100644 index 0000000..b9fe8f5 --- /dev/null +++ b/src/constellation/api_devices_config.go @@ -0,0 +1,41 @@ +package constellation + +// import ( +// "net/http" +// "encoding/json" +// "math/rand" +// "time" +// "net" + +// "github.com/azukaar/cosmos-server/src/utils" +// ) + +// func DeviceConfig(w http.ResponseWriter, req *http.Request) { +// time.Sleep(time.Duration(rand.Float64()*2)*time.Second) + +// if(req.Method == "GET") { + +// ip, _, err := net.SplitHostPort(req.RemoteAddr) +// if err != nil { +// http.Error(w, "Invalid request", http.StatusBadRequest) +// return +// } + +// // get authorization header +// auth := req.Header.Get("Authorization") +// if auth == "" { +// http.Error(w, "Unauthorized", http.StatusUnauthorized) +// return +// } + +// // remove "Bearer " from auth header +// auth = strings.Replace(auth, "Bearer ", "", 1) + + + +// } else { +// utils.Error("DeviceConfig: Method not allowed" + req.Method, nil) +// utils.HTTPError(w, "Method not allowed", http.StatusMethodNotAllowed, "HTTP001") +// return +// } +// } \ No newline at end of file diff --git a/src/constellation/api_devices_create.go b/src/constellation/api_devices_create.go index bc81754..995669b 100644 --- a/src/constellation/api_devices_create.go +++ b/src/constellation/api_devices_create.go @@ -44,11 +44,14 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) { nickname := utils.Sanitize(request.Nickname) deviceName := utils.Sanitize(request.DeviceName) + APIKey := utils.GenerateRandomString(32) if utils.AdminOrItselfOnly(w, req, nickname) != nil { return } + utils.Log("ConstellationDeviceCreation: Creating Device " + deviceName) + c, errCo := utils.GetCollection(utils.GetRootAppId(), "devices") if errCo != nil { utils.Error("Database Connect", errCo) @@ -100,6 +103,8 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) { "PublicHostname": request.PublicHostname, "Port": request.Port, "Fingerprint": fingerprint, + "APIKey": APIKey, + "Blocked": false, }) if err3 != nil { @@ -123,7 +128,7 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) { } // read configYml from config/nebula.yml - configYml, err := getYAMLClientConfig(deviceName, utils.CONFIGFOLDER + "nebula.yml", capki, cert, key, utils.ConstellationDevice{ + configYml, err := getYAMLClientConfig(deviceName, utils.CONFIGFOLDER + "nebula.yml", capki, cert, key, APIKey, utils.ConstellationDevice{ Nickname: nickname, DeviceName: deviceName, PublicKey: key, @@ -132,6 +137,7 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) { IsRelay: request.IsRelay, PublicHostname: request.PublicHostname, Port: request.Port, + APIKey: APIKey, }) if err != nil { diff --git a/src/constellation/api_nebula_connect.go b/src/constellation/api_nebula_connect.go index 8972c74..2053db4 100644 --- a/src/constellation/api_nebula_connect.go +++ b/src/constellation/api_nebula_connect.go @@ -26,7 +26,7 @@ func API_ConnectToExisting(w http.ResponseWriter, req *http.Request) { config := utils.ReadConfigFromFile() config.ConstellationConfig.Enabled = true config.ConstellationConfig.SlaveMode = true - config.ConstellationConfig.DNS = false + config.ConstellationConfig.DNSDisabled = false // ConstellationHostname = // output utils.CONFIGFOLDER + "nebula.yml" diff --git a/src/constellation/nebula.go b/src/constellation/nebula.go index e4cc6e9..fa4fa7b 100644 --- a/src/constellation/nebula.go +++ b/src/constellation/nebula.go @@ -235,7 +235,7 @@ func ExportConfigToYAML(overwriteConfig utils.ConstellationConfig, outputPath st return nil } -func getYAMLClientConfig(name, configPath, capki, cert, key string, device utils.ConstellationDevice) (string, error) { +func getYAMLClientConfig(name, configPath, capki, cert, key, APIKey string, device utils.ConstellationDevice) (string, error) { utils.Log("Exporting YAML config for " + name + " with file " + configPath) // Read the YAML config file @@ -321,9 +321,11 @@ func getYAMLClientConfig(name, configPath, capki, cert, key string, device utils return "", errors.New("listen not found in nebula.yml") } - configMap["deviceName"] = name - configMap["local_dns_overwrite"] = "192.168.201.1" - configMap["public_hostname"] = device.PublicHostname + configMap["constellation_device_name"] = name + configMap["constellation_local_dns_overwrite"] = true + configMap["constellation_local_dns_overwrite_address"] = "192.168.201.1" + configMap["constellation_public_hostname"] = device.PublicHostname + configMap["constellation_api_key"] = APIKey // export configMap as YML yamlData, err = yaml.Marshal(configMap) diff --git a/src/market/index.go b/src/market/index.go index 7081b74..ee5d4af 100644 --- a/src/market/index.go +++ b/src/market/index.go @@ -12,7 +12,7 @@ type marketGetResult struct { } func MarketGet(w http.ResponseWriter, req *http.Request) { - if utils.AdminOnly(w, req) != nil { + if utils.LoggedInOnly(w, req) != nil { return } @@ -22,7 +22,6 @@ func MarketGet(w http.ResponseWriter, req *http.Request) { return } - // return the first 10 results of each market marketGetResult := marketGetResult{ All: make(map[string]interface{}), Showcase: []appDefinition{}, diff --git a/src/user/token.go b/src/user/token.go index dd467bb..ad30ab3 100644 --- a/src/user/token.go +++ b/src/user/token.go @@ -5,6 +5,7 @@ import ( "github.com/azukaar/cosmos-server/src/utils" "github.com/golang-jwt/jwt" "errors" + "strconv" "strings" "time" "encoding/json" @@ -189,13 +190,25 @@ func logOutUser(w http.ResponseWriter, req *http.Request) { HttpOnly: true, } + clientCookie := http.Cookie{ + Name: "client-infos", + Value: "{}", + Expires: time.Now().Add(-time.Hour * 24 * 365), + Path: "/", + Secure: utils.IsHTTPS, + HttpOnly: false, + } + if reqHostNoPort == "localhost" || reqHostNoPort == "0.0.0.0" { cookie.Domain = "" + clientCookie.Domain = "" } else { cookie.Domain = "." + reqHostNoPort + clientCookie.Domain = "." + reqHostNoPort } http.SetCookie(w, &cookie) + http.SetCookie(w, &clientCookie) // TODO: logout every other device if asked by increasing passwordcycle } @@ -254,13 +267,24 @@ func SendUserToken(w http.ResponseWriter, req *http.Request, user utils.User, mf HttpOnly: true, } + clientCookie := http.Cookie{ + Name: "client-infos", + Value: user.Nickname + "," + strconv.Itoa(int(user.Role)), + Expires: expiration, + Path: "/", + Secure: utils.IsHTTPS, + HttpOnly: false, + } + utils.Log("UserLogin: Setting cookie for " + reqHostNoPort) if reqHostNoPort == "localhost" || reqHostNoPort == "0.0.0.0" { cookie.Domain = "" + clientCookie.Domain = "" } else { if utils.IsValidHostname(reqHostNoPort) { cookie.Domain = "." + reqHostNoPort + clientCookie.Domain = "." + reqHostNoPort } else { utils.Error("UserLogin: Invalid hostname", nil) utils.HTTPError(w, "User Logging Error", http.StatusInternalServerError, "UL001") @@ -269,4 +293,5 @@ func SendUserToken(w http.ResponseWriter, req *http.Request, user utils.User, mf } http.SetCookie(w, &cookie) + http.SetCookie(w, &clientCookie) } \ No newline at end of file diff --git a/src/utils/types.go b/src/utils/types.go index 0a6bcc7..0c187d8 100644 --- a/src/utils/types.go +++ b/src/utils/types.go @@ -213,7 +213,7 @@ type ConstellationConfig struct { Enabled bool SlaveMode bool PrivateNode bool - DNS bool + DNSDisabled bool DNSPort string DNSFallback string DNSBlockBlacklist bool @@ -239,6 +239,7 @@ type ConstellationDevice struct { Port string `json:"port"` Blocked bool `json:"blocked"` Fingerprint string `json:"fingerprint"` + APIKey string `json:"-"` } type NebulaFirewallRule struct { diff --git a/src/utils/utils.go b/src/utils/utils.go index 1a32bed..cf5b0b3 100644 --- a/src/utils/utils.go +++ b/src/utils/utils.go @@ -64,7 +64,7 @@ var DefaultConfig = Config{ }, ConstellationConfig: ConstellationConfig{ Enabled: false, - DNS: true, + DNSDisabled: false, DNSFallback: "8.8.8.8:53", DNSAdditionalBlocklists: []string{ "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",