diff --git a/assets/web/config.html b/assets/web/config.html index eb15bfe2..fa9612d9 100644 --- a/assets/web/config.html +++ b/assets/web/config.html @@ -35,9 +35,9 @@
The origin of the remote endpoint address that is not denied for HTTP method /pin
diff --git a/sunshine/confighttp.cpp b/sunshine/confighttp.cpp index 2b859c29..e8fe4184 100644 --- a/sunshine/confighttp.cpp +++ b/sunshine/confighttp.cpp @@ -49,6 +49,18 @@ enum class op_e REMOVE }; +bool authenticate(resp_https_t response, req_https_t request) +{ +auto address = request->remote_endpoint_address(); + auto ip_type = net::from_address(address); + if(ip_type > http::origin_pin_allowed) { + BOOST_LOG(info) << '[' << address << "] -- denied"sv; + response->write(SimpleWeb::StatusCode::client_error_forbidden); + return false; + } + return true; +} + template void not_found(std::shared_ptr::Response> response, std::shared_ptr::Request> request) { @@ -66,6 +78,7 @@ void not_found(std::shared_ptr::Response> resp void getIndexPage(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "index.html"); response->write(header + content); @@ -74,6 +87,7 @@ void getIndexPage(resp_https_t response, req_https_t request) template void getPinPage(std::shared_ptr::Response> response, std::shared_ptr::Request> request) { + if(!authenticate(response,request))return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "pin.html"); response->write(header + content); @@ -82,6 +96,7 @@ void getPinPage(std::shared_ptr::Response> res template void getAppsPage(std::shared_ptr::Response> response, std::shared_ptr::Request> request) { + if(!authenticate(response,request))return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "apps.html"); response->write(header + content); @@ -90,6 +105,7 @@ void getAppsPage(std::shared_ptr::Response> re template void getClientsPage(std::shared_ptr::Response> response, std::shared_ptr::Request> request) { + if(!authenticate(response,request))return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "clients.html"); response->write(header + content); @@ -98,6 +114,7 @@ void getClientsPage(std::shared_ptr::Response> template void getConfigPage(std::shared_ptr::Response> response, std::shared_ptr::Request> request) { + if(!authenticate(response,request))return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "config.html"); response->write(header + content); @@ -105,12 +122,14 @@ void getConfigPage(std::shared_ptr::Response> void getApps(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; std::string content = read_file(SUNSHINE_ASSETS_DIR "/" APPS_JSON); response->write(content); } void saveApp(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; std::stringstream ss; ss << request->content.rdbuf(); pt::ptree outputTree; @@ -171,6 +190,7 @@ void saveApp(resp_https_t response, req_https_t request) void deleteApp(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; @@ -222,6 +242,7 @@ void deleteApp(resp_https_t response, req_https_t request) void getConfig(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; @@ -261,6 +282,7 @@ void getConfig(resp_https_t response, req_https_t request) void saveConfig(resp_https_t response, req_https_t request) { + if(!authenticate(response,request))return; std::stringstream ss; std::stringstream configStream; ss << request->content.rdbuf(); diff --git a/sunshine/httpcommon.cpp b/sunshine/httpcommon.cpp index 6c05dba9..53da503a 100644 --- a/sunshine/httpcommon.cpp +++ b/sunshine/httpcommon.cpp @@ -32,10 +32,12 @@ namespace http std::string read_file(const char *path); int write_file(const char *path, const std::string_view &contents); std::string unique_id; + net::net_e origin_pin_allowed; void init(std::shared_ptr shutdown_event) { bool clean_slate = config::sunshine.flags[config::flag::FRESH_STATE]; + origin_pin_allowed = net::from_enum_string(config::nvhttp.origin_pin_allowed); if (clean_slate) { unique_id = util::uuid_t::generate().string(); diff --git a/sunshine/httpcommon.h b/sunshine/httpcommon.h index 5320025a..40cc0a66 100644 --- a/sunshine/httpcommon.h +++ b/sunshine/httpcommon.h @@ -1,7 +1,9 @@ +#include "network.h" namespace http{ void init(std::shared_ptr shutdown_event); int create_creds(const std::string &pkey, const std::string &cert); std::string read_file(const char *path); int write_file(const char *path, const std::string_view &contents); extern std::string unique_id; + extern net::net_e origin_pin_allowed; } \ No newline at end of file diff --git a/sunshine/nvhttp.cpp b/sunshine/nvhttp.cpp index 8799dc1f..9261ff17 100644 --- a/sunshine/nvhttp.cpp +++ b/sunshine/nvhttp.cpp @@ -76,7 +76,6 @@ struct pair_session_t { // uniqueID, session std::unordered_map map_id_sess; std::unordered_map map_id_client; -net::net_e origin_pin_allowed; using args_t = SimpleWeb::CaseInsensitiveMultimap; using resp_https_t = std::shared_ptr::Response>; @@ -405,7 +404,7 @@ void pin(std::shared_ptr::Response> response, auto address = request->remote_endpoint_address(); auto ip_type = net::from_address(address); - if(ip_type > origin_pin_allowed) { + if(ip_type > http::origin_pin_allowed) { BOOST_LOG(info) << '[' << address << "] -- denied"sv; response->write(SimpleWeb::StatusCode::client_error_forbidden); @@ -677,7 +676,6 @@ void appasset(resp_https_t response, req_https_t request) { void start(std::shared_ptr shutdown_event) { bool clean_slate = config::sunshine.flags[config::flag::FRESH_STATE]; - origin_pin_allowed = net::from_enum_string(config::nvhttp.origin_pin_allowed); if(!clean_slate) { load_state();