From 6af047430c9375662d878ba95c39c8c653e5d4a5 Mon Sep 17 00:00:00 2001 From: Toby Chui Date: Tue, 12 Mar 2024 14:03:31 +0800 Subject: [PATCH] Added UI for WebSocket Origin Check bypass --- src/main.go | 2 +- src/reverseproxy.go | 36 +++++++++++++++++++++++++--------- src/web/components/httprp.html | 15 +++++++++++++- src/web/components/rules.html | 9 +++++++++ 4 files changed, 51 insertions(+), 11 deletions(-) diff --git a/src/main.go b/src/main.go index 263334c..55d5274 100644 --- a/src/main.go +++ b/src/main.go @@ -52,7 +52,7 @@ var ( name = "Zoraxy" version = "3.0.1" nodeUUID = "generic" - development = true //Set this to false to use embedded web fs + development = false //Set this to false to use embedded web fs bootTime = time.Now().Unix() /* diff --git a/src/reverseproxy.go b/src/reverseproxy.go index 10e06bb..0454992 100644 --- a/src/reverseproxy.go +++ b/src/reverseproxy.go @@ -215,6 +215,13 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { requireBasicAuth := (rba == "true") + // Bypass WebSocket Origin Check + strbpwsorg, _ := utils.PostPara(r, "bpwsorg") + if strbpwsorg == "" { + strbpwsorg = "false" + } + bypassWebsocketOriginCheck := (strbpwsorg == "true") + //Prase the basic auth to correct structure cred, _ := utils.PostPara(r, "cred") basicAuthCredentials := []*dynamicproxy.BasicAuthCredentials{} @@ -256,9 +263,10 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { RootOrMatchingDomain: rootOrMatchingDomain, Domain: endpoint, //TLS - RequireTLS: useTLS, - BypassGlobalTLS: useBypassGlobalTLS, - SkipCertValidations: skipTlsValidation, + RequireTLS: useTLS, + BypassGlobalTLS: useBypassGlobalTLS, + SkipCertValidations: skipTlsValidation, + SkipWebSocketOriginCheck: bypassWebsocketOriginCheck, //VDir VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{}, //Custom headers @@ -305,12 +313,13 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { //Write the root options to file rootRoutingEndpoint := dynamicproxy.ProxyEndpoint{ - ProxyType: dynamicproxy.ProxyType_Root, - RootOrMatchingDomain: "/", - Domain: endpoint, - RequireTLS: useTLS, - BypassGlobalTLS: false, - SkipCertValidations: false, + ProxyType: dynamicproxy.ProxyType_Root, + RootOrMatchingDomain: "/", + Domain: endpoint, + RequireTLS: useTLS, + BypassGlobalTLS: false, + SkipCertValidations: false, + SkipWebSocketOriginCheck: true, DefaultSiteOption: defaultSiteOption, DefaultSiteValue: dsVal, @@ -381,6 +390,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) { } bypassGlobalTLS := (bpgtls == "true") + // Basic Auth rba, _ := utils.PostPara(r, "bauth") if rba == "" { rba = "false" @@ -388,6 +398,13 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) { requireBasicAuth := (rba == "true") + // Bypass WebSocket Origin Check + strbpwsorg, _ := utils.PostPara(r, "bpwsorg") + if strbpwsorg == "" { + strbpwsorg = "false" + } + bypassWebsocketOriginCheck := (strbpwsorg == "true") + //Load the previous basic auth credentials from current proxy rules targetProxyEntry, err := dynamicProxyRouter.LoadProxy(rootNameOrMatchingDomain) if err != nil { @@ -402,6 +419,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) { newProxyEndpoint.BypassGlobalTLS = bypassGlobalTLS newProxyEndpoint.SkipCertValidations = skipTlsValidation newProxyEndpoint.RequireBasicAuth = requireBasicAuth + newProxyEndpoint.SkipWebSocketOriginCheck = bypassWebsocketOriginCheck //Prepare to replace the current routing rule readyRoutingRule, err := dynamicProxyRouter.PrepareProxyRoute(newProxyEndpoint) diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html index ab0b896..0af8ded 100644 --- a/src/web/components/httprp.html +++ b/src/web/components/httprp.html @@ -153,6 +153,13 @@ if (requireBasicAuth){ checkstate = "checked"; } + + let skipWebSocketOriginCheck = payload.SkipWebSocketOriginCheck; + let wsCheckstate = ""; + if (skipWebSocketOriginCheck){ + wsCheckstate = "checked"; + } + column.empty().append(`
@@ -165,6 +172,11 @@ Advance Configs
+
+ + +
@@ -215,7 +227,7 @@ let skipCertValidations = $(row).find(".SkipCertValidations")[0].checked; let requireBasicAuth = $(row).find(".RequireBasicAuth")[0].checked; let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked; - + let bypassWebsocketOrigin = $(row).find(".SkipWebSocketOriginCheck")[0].checked; console.log(newDomain, requireTLS, skipCertValidations, requireBasicAuth) $.ajax({ @@ -228,6 +240,7 @@ "bpgtls": bypassGlobalTLS, "tls" :requireTLS, "tlsval": skipCertValidations, + "bpwsorg" : bypassWebsocketOrigin, "bauth" :requireBasicAuth, }, success: function(data){ diff --git a/src/web/components/rules.html b/src/web/components/rules.html index d06927b..15019bf 100644 --- a/src/web/components/rules.html +++ b/src/web/components/rules.html @@ -44,6 +44,12 @@ +
+
+ + +
+
@@ -126,6 +132,7 @@ var skipTLSValidation = $("#skipTLSValidation")[0].checked; var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked; var requireBasicAuth = $("#requireBasicAuth")[0].checked; + var skipWebSocketOriginCheck = $("#skipWebsocketOriginCheck")[0].checked; if (rootname.trim() == ""){ $("#rootname").parent().addClass("error"); @@ -150,9 +157,11 @@ tls: useTLS, ep: proxyDomain, tlsval: skipTLSValidation, + bpwsorg: skipWebSocketOriginCheck, bypassGlobalTLS: bypassGlobalTLS, bauth: requireBasicAuth, cred: JSON.stringify(credentials), + }, success: function(data){ if (data.error != undefined){