From 93a65c271a161878e9876417139b5cb754971fbf Mon Sep 17 00:00:00 2001 From: monoid Date: Sun, 10 Jan 2021 16:53:54 +0900 Subject: [PATCH] add forbid remote admin login --- src/login.ts | 6 +++++- src/setting.ts | 23 ++++++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/login.ts b/src/login.ts index 27478d9..b6ff55d 100644 --- a/src/login.ts +++ b/src/login.ts @@ -15,7 +15,7 @@ export const getAdminCookieValue = ()=>{ const secretKey = setting.jwt_secretkey; return sign({ username: "admin", - permission: [] + permission: [], },secretKey,{expiresIn:'3d'}); } @@ -35,6 +35,10 @@ export const createLoginMiddleware = (knex: Knex)=>{ sendError(400,"invalid form : username or password is not string") return; } + if(setting.forbid_remote_admin_login && username === "admin"){ + sendError(403,"forbid remote admin login"); + return; + } const user = await userController.findUser(username); if(user === undefined){ sendError(401,"not authorized"); diff --git a/src/setting.ts b/src/setting.ts index feda49c..d5d44fb 100644 --- a/src/setting.ts +++ b/src/setting.ts @@ -3,22 +3,39 @@ import { randomBytes } from 'crypto'; import { existsSync, readFileSync, writeFileSync } from 'fs'; export type Setting = { - path: string[], + /** + * if true, server will bind on '127.0.0.1' rather than '0.0.0.0' + */ localmode: boolean, + guest: boolean, + /** + * JWT secret key. if you change its value, all access tokens are invalidated. + */ jwt_secretkey: string, + /** + * the port which running server is binding on. + */ port:number, + mode:"development"|"production", + /** + * if true, do not show 'electron' window and show terminal only. + */ cli:boolean, + /** forbid to login admin from remote client. but, it do not invalidate access token. + * if you want to invalidate access token, change 'jwt_secretkey'.*/ + forbid_remote_admin_login:boolean, } const default_setting:Setting = { - path:[], + localmode: true, guest:false, jwt_secretkey:"itsRandom", port:8080, mode:"production", - cli:false + cli:false, + forbid_remote_admin_login:true, } let setting: null|Setting = null;