Added UI for WebSocket Origin Check bypass

2025-06-23 07:53:05 +02:00 · 2024-03-12 14:03:31 +08:00 · 2024-03-12 14:03:31 +08:00 · 6af047430c
commit 6af047430c
parent 200c924acd
4 changed files with 51 additions and 11 deletions
--- a/src/main.go
+++ b/src/main.go
@ -52,7 +52,7 @@ var (
 	name        = "Zoraxy"
 	version     = "3.0.1"
 	nodeUUID    = "generic"
-	development = true //Set this to false to use embedded web fs
+	development = false //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()

 	/*
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@ -215,6 +215,13 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {

 	requireBasicAuth := (rba == "true")

+	// Bypass WebSocket Origin Check
+	strbpwsorg, _ := utils.PostPara(r, "bpwsorg")
+	if strbpwsorg == "" {
+		strbpwsorg = "false"
+	}
+	bypassWebsocketOriginCheck := (strbpwsorg == "true")
+
 	//Prase the basic auth to correct structure
 	cred, _ := utils.PostPara(r, "cred")
 	basicAuthCredentials := []*dynamicproxy.BasicAuthCredentials{}
@ -256,9 +263,10 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
 			RootOrMatchingDomain: rootOrMatchingDomain,
 			Domain:               endpoint,
 			//TLS
-			RequireTLS:          useTLS,
-			BypassGlobalTLS:     useBypassGlobalTLS,
-			SkipCertValidations: skipTlsValidation,
+			RequireTLS:               useTLS,
+			BypassGlobalTLS:          useBypassGlobalTLS,
+			SkipCertValidations:      skipTlsValidation,
+			SkipWebSocketOriginCheck: bypassWebsocketOriginCheck,
 			//VDir
 			VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
 			//Custom headers
@ -305,12 +313,13 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {

 		//Write the root options to file
 		rootRoutingEndpoint := dynamicproxy.ProxyEndpoint{
-			ProxyType:            dynamicproxy.ProxyType_Root,
-			RootOrMatchingDomain: "/",
-			Domain:               endpoint,
-			RequireTLS:           useTLS,
-			BypassGlobalTLS:      false,
-			SkipCertValidations:  false,
+			ProxyType:                dynamicproxy.ProxyType_Root,
+			RootOrMatchingDomain:     "/",
+			Domain:                   endpoint,
+			RequireTLS:               useTLS,
+			BypassGlobalTLS:          false,
+			SkipCertValidations:      false,
+			SkipWebSocketOriginCheck: true,

 			DefaultSiteOption: defaultSiteOption,
 			DefaultSiteValue:  dsVal,
@ -381,6 +390,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
 	}
 	bypassGlobalTLS := (bpgtls == "true")

+	// Basic Auth
 	rba, _ := utils.PostPara(r, "bauth")
 	if rba == "" {
 		rba = "false"
@ -388,6 +398,13 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {

 	requireBasicAuth := (rba == "true")

+	// Bypass WebSocket Origin Check
+	strbpwsorg, _ := utils.PostPara(r, "bpwsorg")
+	if strbpwsorg == "" {
+		strbpwsorg = "false"
+	}
+	bypassWebsocketOriginCheck := (strbpwsorg == "true")
+
 	//Load the previous basic auth credentials from current proxy rules
 	targetProxyEntry, err := dynamicProxyRouter.LoadProxy(rootNameOrMatchingDomain)
 	if err != nil {
@ -402,6 +419,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
 	newProxyEndpoint.BypassGlobalTLS = bypassGlobalTLS
 	newProxyEndpoint.SkipCertValidations = skipTlsValidation
 	newProxyEndpoint.RequireBasicAuth = requireBasicAuth
+	newProxyEndpoint.SkipWebSocketOriginCheck = bypassWebsocketOriginCheck

 	//Prepare to replace the current routing rule
 	readyRoutingRule, err := dynamicProxyRouter.PrepareProxyRoute(newProxyEndpoint)
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@ -153,6 +153,13 @@
                if (requireBasicAuth){
                    checkstate = "checked";
                }
+
+                let skipWebSocketOriginCheck = payload.SkipWebSocketOriginCheck;
+                let wsCheckstate = "";
+                if (skipWebSocketOriginCheck){
+                    wsCheckstate = "checked";
+                }
+
                column.empty().append(`<div class="ui checkbox" style="margin-top: 0.4em;">
                    <input type="checkbox" class="RequireBasicAuth" ${checkstate}>
                    <label>Require Basic Auth</label>
@ -165,6 +172,11 @@
                                Advance Configs
                            </div>
                            <div class="content">
+                                <div class="ui checkbox" style="margin-top: 0.4em;">
+                                    <input type="checkbox" class="SkipWebSocketOriginCheck" ${wsCheckstate}>
+                                    <label>Skip WebSocket Origin Check<br>
+                                    <small>Check this to allow cross-origin websocket requests</small></label>
+                                </div>
                                <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editCustomHeaders('${uuid}');"><i class="heading icon"></i> Custom Headers</button>
                                <!-- <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editLoadBalanceOptions('${uuid}');"><i class="blue server icon"></i> Load Balance</button> -->
                            </div>
@ -215,7 +227,7 @@
        let skipCertValidations = $(row).find(".SkipCertValidations")[0].checked;
        let requireBasicAuth = $(row).find(".RequireBasicAuth")[0].checked;
        let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked;
-
+        let bypassWebsocketOrigin = $(row).find(".SkipWebSocketOriginCheck")[0].checked;
        console.log(newDomain, requireTLS, skipCertValidations, requireBasicAuth)

        $.ajax({
@ -228,6 +240,7 @@
                "bpgtls": bypassGlobalTLS,
                "tls" :requireTLS,
                "tlsval": skipCertValidations,
+                "bpwsorg" : bypassWebsocketOrigin,
                "bauth" :requireBasicAuth,
            },
            success: function(data){
--- a/src/web/components/rules.html
+++ b/src/web/components/rules.html
@ -44,6 +44,12 @@
                                        <label>Ignore TLS/SSL Verification Error<br><small>For targets that is using self-signed, expired certificate (Not Recommended)</small></label>
                                    </div>
                                </div>
+                                <div class="field">
+                                    <div class="ui checkbox">
+                                        <input type="checkbox" id="skipWebsocketOriginCheck" checked>
+                                        <label>Skip WebSocket Origin Check<br><small>Allow cross-origin websocket requests (Usually not a security concern)</small></label>
+                                    </div>
+                                </div>
                                <div class="field">
                                    <div class="ui checkbox">
                                        <input type="checkbox" id="bypassGlobalTLS">
@ -126,6 +132,7 @@
        var skipTLSValidation = $("#skipTLSValidation")[0].checked;
        var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked;
        var requireBasicAuth = $("#requireBasicAuth")[0].checked;
+        var skipWebSocketOriginCheck = $("#skipWebsocketOriginCheck")[0].checked;

        if (rootname.trim() == ""){
            $("#rootname").parent().addClass("error");
@ -150,9 +157,11 @@
                tls: useTLS, 
                ep: proxyDomain,
                tlsval: skipTLSValidation,
+                bpwsorg: skipWebSocketOriginCheck,
                bypassGlobalTLS: bypassGlobalTLS,
                bauth: requireBasicAuth,
                cred: JSON.stringify(credentials),
+                
            },
            success: function(data){
                if (data.error != undefined){