[mirotalksfu] - add IP whitelist middleware
هذا الالتزام موجود في:
Miroslav Pejic
@@ -40,7 +40,7 @@ dependencies: {
|
|||||||
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
||||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
||||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||||
* @version 1.3.61
|
* @version 1.3.62
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@@ -68,6 +68,7 @@ const swaggerUi = require('swagger-ui-express');
|
|||||||
const swaggerDocument = yamlJS.load(path.join(__dirname + '/../api/swagger.yaml'));
|
const swaggerDocument = yamlJS.load(path.join(__dirname + '/../api/swagger.yaml'));
|
||||||
const Sentry = require('@sentry/node');
|
const Sentry = require('@sentry/node');
|
||||||
const { CaptureConsole } = require('@sentry/integrations');
|
const { CaptureConsole } = require('@sentry/integrations');
|
||||||
|
const restrictAccessByIP = require('./middleware/IpWhitelist.js');
|
||||||
const packageJson = require('../../package.json');
|
const packageJson = require('../../package.json');
|
||||||
|
|
||||||
// Slack API
|
// Slack API
|
||||||
@@ -205,6 +206,9 @@ function startServer() {
|
|||||||
app.use(bodyParser.urlencoded({ extended: true }));
|
app.use(bodyParser.urlencoded({ extended: true }));
|
||||||
app.use(apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument)); // api docs
|
app.use(apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument)); // api docs
|
||||||
|
|
||||||
|
// IP Whitelist check ...
|
||||||
|
app.use(restrictAccessByIP);
|
||||||
|
|
||||||
// Logs requests
|
// Logs requests
|
||||||
app.use((req, res, next) => {
|
app.use((req, res, next) => {
|
||||||
log.debug('New request:', {
|
log.debug('New request:', {
|
||||||
@@ -502,6 +506,7 @@ function startServer() {
|
|||||||
node_version: process.versions.node,
|
node_version: process.versions.node,
|
||||||
hostConfig: hostCfg,
|
hostConfig: hostCfg,
|
||||||
presenters: config.presenters,
|
presenters: config.presenters,
|
||||||
|
middleware: config.middleware,
|
||||||
announced_ip: announcedIP,
|
announced_ip: announcedIP,
|
||||||
server: host,
|
server: host,
|
||||||
server_tunnel: tunnel,
|
server_tunnel: tunnel,
|
||||||
@@ -549,6 +554,7 @@ function startServer() {
|
|||||||
node_version: process.versions.node,
|
node_version: process.versions.node,
|
||||||
hostConfig: hostCfg,
|
hostConfig: hostCfg,
|
||||||
presenters: config.presenters,
|
presenters: config.presenters,
|
||||||
|
middleware: config.middleware,
|
||||||
announced_ip: announcedIP,
|
announced_ip: announcedIP,
|
||||||
server: host,
|
server: host,
|
||||||
api_docs: api_docs,
|
api_docs: api_docs,
|
||||||
|
|||||||
@@ -67,6 +67,17 @@ module.exports = {
|
|||||||
],
|
],
|
||||||
join_first: true, // Set to true for traditional behavior, false to prioritize presenters
|
join_first: true, // Set to true for traditional behavior, false to prioritize presenters
|
||||||
},
|
},
|
||||||
|
middleware: {
|
||||||
|
/*
|
||||||
|
Middleware:
|
||||||
|
- IP Whitelist: Access to the instance is restricted to only the specified IP addresses in the allowed list. This feature is disabled by default.
|
||||||
|
- ...
|
||||||
|
*/
|
||||||
|
IpWhitelist: {
|
||||||
|
enabled: false,
|
||||||
|
allowed: ['127.0.0.1', '::1'],
|
||||||
|
},
|
||||||
|
},
|
||||||
console: {
|
console: {
|
||||||
debug: true,
|
debug: true,
|
||||||
colors: true,
|
colors: true,
|
||||||
|
|||||||
23
app/src/middleware/IpWhitelist.js
Normal file
23
app/src/middleware/IpWhitelist.js
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
const config = require('../config');
|
||||||
|
const Logger = require('../Logger');
|
||||||
|
const log = new Logger('RestrictAccessByIP');
|
||||||
|
|
||||||
|
const IpWhitelistEnabled = config.middleware ? config.middleware.IpWhitelist.enabled : false;
|
||||||
|
const allowedIPs = config.middleware ? config.middleware.IpWhitelist.allowed : [];
|
||||||
|
|
||||||
|
const restrictAccessByIP = (req, res, next) => {
|
||||||
|
if (!IpWhitelistEnabled) return next();
|
||||||
|
//
|
||||||
|
const clientIP = req.headers['x-forwarded-for'] || req.socket.remoteAddress || req.ip;
|
||||||
|
log.debug('Check IP', clientIP);
|
||||||
|
if (allowedIPs.includes(clientIP)) {
|
||||||
|
next();
|
||||||
|
} else {
|
||||||
|
log.info('Forbidden: Access denied from this IP address', { clientIP: clientIP });
|
||||||
|
res.status(403).json({ error: 'Forbidden', message: 'Access denied from this IP address.' });
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = restrictAccessByIP;
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "mirotalksfu",
|
"name": "mirotalksfu",
|
||||||
"version": "1.3.61",
|
"version": "1.3.62",
|
||||||
"description": "WebRTC SFU browser-based video calls",
|
"description": "WebRTC SFU browser-based video calls",
|
||||||
"main": "Server.js",
|
"main": "Server.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
|
|||||||
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
||||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
||||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||||
* @version 1.3.61
|
* @version 1.3.62
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,7 @@
|
|||||||
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
||||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
||||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||||
* @version 1.3.61
|
* @version 1.3.62
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|||||||
المرجع في مشكلة جديدة
حظر مستخدم