add forbid remote admin login

This commit is contained in:
monoid 2021-01-10 16:53:54 +09:00
parent 06933699c0
commit 93a65c271a
2 changed files with 25 additions and 4 deletions

View File

@ -15,7 +15,7 @@ export const getAdminCookieValue = ()=>{
const secretKey = setting.jwt_secretkey; const secretKey = setting.jwt_secretkey;
return sign({ return sign({
username: "admin", username: "admin",
permission: [] permission: [],
},secretKey,{expiresIn:'3d'}); },secretKey,{expiresIn:'3d'});
} }
@ -35,6 +35,10 @@ export const createLoginMiddleware = (knex: Knex)=>{
sendError(400,"invalid form : username or password is not string") sendError(400,"invalid form : username or password is not string")
return; return;
} }
if(setting.forbid_remote_admin_login && username === "admin"){
sendError(403,"forbid remote admin login");
return;
}
const user = await userController.findUser(username); const user = await userController.findUser(username);
if(user === undefined){ if(user === undefined){
sendError(401,"not authorized"); sendError(401,"not authorized");

View File

@ -3,22 +3,39 @@ import { randomBytes } from 'crypto';
import { existsSync, readFileSync, writeFileSync } from 'fs'; import { existsSync, readFileSync, writeFileSync } from 'fs';
export type Setting = { export type Setting = {
path: string[], /**
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
*/
localmode: boolean, localmode: boolean,
guest: boolean, guest: boolean,
/**
* JWT secret key. if you change its value, all access tokens are invalidated.
*/
jwt_secretkey: string, jwt_secretkey: string,
/**
* the port which running server is binding on.
*/
port:number, port:number,
mode:"development"|"production", mode:"development"|"production",
/**
* if true, do not show 'electron' window and show terminal only.
*/
cli:boolean, cli:boolean,
/** forbid to login admin from remote client. but, it do not invalidate access token.
* if you want to invalidate access token, change 'jwt_secretkey'.*/
forbid_remote_admin_login:boolean,
} }
const default_setting:Setting = { const default_setting:Setting = {
path:[],
localmode: true, localmode: true,
guest:false, guest:false,
jwt_secretkey:"itsRandom", jwt_secretkey:"itsRandom",
port:8080, port:8080,
mode:"production", mode:"production",
cli:false cli:false,
forbid_remote_admin_login:true,
} }
let setting: null|Setting = null; let setting: null|Setting = null;