aljaz/cyphernode
1
0
Fork 0
mirror of https://github.com/aljazceru/cyphernode.git synced 2025-12-18 05:05:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Started IP whitelist, but defunct because of docker swarm obfuscating real IP

Browse Source
This commit is contained in:
kexkey
2018-10-16 12:55:02 -04:00
parent 2a7ca27600
commit 208d61361c
6 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api_auth_docker/auth.sh
View File

@@ -39,7 +39,14 @@ verify_sign()
if [ ${exp} -gt ${current} ]; then
trace "[verify_sign] Not expired, let's validate signature"
local id=$(echo ${payload} | jq ".id" | tr -d '"')
trace "[verify_sign] id=${id}"
trace "[verify_sign] id=${id}"
# Check for code injection
# id will usually be an int, but could be alphanum... nothing else
if ! [[ $id =~ '^[A-Za-z0-9]$']]; then
trace "[verify_sign] Potential code injection, exiting"
return 1
fi
# It is so much faster to include the keys here instead of grep'ing the file for key.
. ./keys.properties
@@ -78,6 +85,14 @@ verify_group()
local id=${1}
local action=${REQUEST_URI:1}
trace "[verify_group] action=${action}"
# Check for code injection
# action could be alphanum... nothing else
if ! [[ $action =~ '^[A-Za-z]$']]; then
trace "[verify_group] Potential code injection, exiting"
return 1
fi
# It is so much faster to include the keys here instead of grep'ing the file for key.
. ./api.properties