mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-06-06 15:47:19 +02:00
Added UI for WebSocket Origin Check bypass
This commit is contained in:
Toby Chui
parent
200c924acd
commit
6af047430c
@ -52,7 +52,7 @@ var (
|
|||||||
name = "Zoraxy"
|
name = "Zoraxy"
|
||||||
version = "3.0.1"
|
version = "3.0.1"
|
||||||
nodeUUID = "generic"
|
nodeUUID = "generic"
|
||||||
development = true //Set this to false to use embedded web fs
|
development = false //Set this to false to use embedded web fs
|
||||||
bootTime = time.Now().Unix()
|
bootTime = time.Now().Unix()
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -215,6 +215,13 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
requireBasicAuth := (rba == "true")
|
requireBasicAuth := (rba == "true")
|
||||||
|
|
||||||
|
// Bypass WebSocket Origin Check
|
||||||
|
strbpwsorg, _ := utils.PostPara(r, "bpwsorg")
|
||||||
|
if strbpwsorg == "" {
|
||||||
|
strbpwsorg = "false"
|
||||||
|
}
|
||||||
|
bypassWebsocketOriginCheck := (strbpwsorg == "true")
|
||||||
|
|
||||||
//Prase the basic auth to correct structure
|
//Prase the basic auth to correct structure
|
||||||
cred, _ := utils.PostPara(r, "cred")
|
cred, _ := utils.PostPara(r, "cred")
|
||||||
basicAuthCredentials := []*dynamicproxy.BasicAuthCredentials{}
|
basicAuthCredentials := []*dynamicproxy.BasicAuthCredentials{}
|
||||||
@ -259,6 +266,7 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
RequireTLS: useTLS,
|
RequireTLS: useTLS,
|
||||||
BypassGlobalTLS: useBypassGlobalTLS,
|
BypassGlobalTLS: useBypassGlobalTLS,
|
||||||
SkipCertValidations: skipTlsValidation,
|
SkipCertValidations: skipTlsValidation,
|
||||||
|
SkipWebSocketOriginCheck: bypassWebsocketOriginCheck,
|
||||||
//VDir
|
//VDir
|
||||||
VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
|
VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
|
||||||
//Custom headers
|
//Custom headers
|
||||||
@ -311,6 +319,7 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
RequireTLS: useTLS,
|
RequireTLS: useTLS,
|
||||||
BypassGlobalTLS: false,
|
BypassGlobalTLS: false,
|
||||||
SkipCertValidations: false,
|
SkipCertValidations: false,
|
||||||
|
SkipWebSocketOriginCheck: true,
|
||||||
|
|
||||||
DefaultSiteOption: defaultSiteOption,
|
DefaultSiteOption: defaultSiteOption,
|
||||||
DefaultSiteValue: dsVal,
|
DefaultSiteValue: dsVal,
|
||||||
@ -381,6 +390,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
bypassGlobalTLS := (bpgtls == "true")
|
bypassGlobalTLS := (bpgtls == "true")
|
||||||
|
|
||||||
|
// Basic Auth
|
||||||
rba, _ := utils.PostPara(r, "bauth")
|
rba, _ := utils.PostPara(r, "bauth")
|
||||||
if rba == "" {
|
if rba == "" {
|
||||||
rba = "false"
|
rba = "false"
|
||||||
@ -388,6 +398,13 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
requireBasicAuth := (rba == "true")
|
requireBasicAuth := (rba == "true")
|
||||||
|
|
||||||
|
// Bypass WebSocket Origin Check
|
||||||
|
strbpwsorg, _ := utils.PostPara(r, "bpwsorg")
|
||||||
|
if strbpwsorg == "" {
|
||||||
|
strbpwsorg = "false"
|
||||||
|
}
|
||||||
|
bypassWebsocketOriginCheck := (strbpwsorg == "true")
|
||||||
|
|
||||||
//Load the previous basic auth credentials from current proxy rules
|
//Load the previous basic auth credentials from current proxy rules
|
||||||
targetProxyEntry, err := dynamicProxyRouter.LoadProxy(rootNameOrMatchingDomain)
|
targetProxyEntry, err := dynamicProxyRouter.LoadProxy(rootNameOrMatchingDomain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -402,6 +419,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
|
|||||||
newProxyEndpoint.BypassGlobalTLS = bypassGlobalTLS
|
newProxyEndpoint.BypassGlobalTLS = bypassGlobalTLS
|
||||||
newProxyEndpoint.SkipCertValidations = skipTlsValidation
|
newProxyEndpoint.SkipCertValidations = skipTlsValidation
|
||||||
newProxyEndpoint.RequireBasicAuth = requireBasicAuth
|
newProxyEndpoint.RequireBasicAuth = requireBasicAuth
|
||||||
|
newProxyEndpoint.SkipWebSocketOriginCheck = bypassWebsocketOriginCheck
|
||||||
|
|
||||||
//Prepare to replace the current routing rule
|
//Prepare to replace the current routing rule
|
||||||
readyRoutingRule, err := dynamicProxyRouter.PrepareProxyRoute(newProxyEndpoint)
|
readyRoutingRule, err := dynamicProxyRouter.PrepareProxyRoute(newProxyEndpoint)
|
||||||
|
|||||||
@ -153,6 +153,13 @@
|
|||||||
if (requireBasicAuth){
|
if (requireBasicAuth){
|
||||||
checkstate = "checked";
|
checkstate = "checked";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let skipWebSocketOriginCheck = payload.SkipWebSocketOriginCheck;
|
||||||
|
let wsCheckstate = "";
|
||||||
|
if (skipWebSocketOriginCheck){
|
||||||
|
wsCheckstate = "checked";
|
||||||
|
}
|
||||||
|
|
||||||
column.empty().append(`<div class="ui checkbox" style="margin-top: 0.4em;">
|
column.empty().append(`<div class="ui checkbox" style="margin-top: 0.4em;">
|
||||||
<input type="checkbox" class="RequireBasicAuth" ${checkstate}>
|
<input type="checkbox" class="RequireBasicAuth" ${checkstate}>
|
||||||
<label>Require Basic Auth</label>
|
<label>Require Basic Auth</label>
|
||||||
@ -165,6 +172,11 @@
|
|||||||
Advance Configs
|
Advance Configs
|
||||||
</div>
|
</div>
|
||||||
<div class="content">
|
<div class="content">
|
||||||
|
<div class="ui checkbox" style="margin-top: 0.4em;">
|
||||||
|
<input type="checkbox" class="SkipWebSocketOriginCheck" ${wsCheckstate}>
|
||||||
|
<label>Skip WebSocket Origin Check<br>
|
||||||
|
<small>Check this to allow cross-origin websocket requests</small></label>
|
||||||
|
</div>
|
||||||
<button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editCustomHeaders('${uuid}');"><i class="heading icon"></i> Custom Headers</button>
|
<button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editCustomHeaders('${uuid}');"><i class="heading icon"></i> Custom Headers</button>
|
||||||
<!-- <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editLoadBalanceOptions('${uuid}');"><i class="blue server icon"></i> Load Balance</button> -->
|
<!-- <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editLoadBalanceOptions('${uuid}');"><i class="blue server icon"></i> Load Balance</button> -->
|
||||||
</div>
|
</div>
|
||||||
@ -215,7 +227,7 @@
|
|||||||
let skipCertValidations = $(row).find(".SkipCertValidations")[0].checked;
|
let skipCertValidations = $(row).find(".SkipCertValidations")[0].checked;
|
||||||
let requireBasicAuth = $(row).find(".RequireBasicAuth")[0].checked;
|
let requireBasicAuth = $(row).find(".RequireBasicAuth")[0].checked;
|
||||||
let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked;
|
let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked;
|
||||||
|
let bypassWebsocketOrigin = $(row).find(".SkipWebSocketOriginCheck")[0].checked;
|
||||||
console.log(newDomain, requireTLS, skipCertValidations, requireBasicAuth)
|
console.log(newDomain, requireTLS, skipCertValidations, requireBasicAuth)
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
@ -228,6 +240,7 @@
|
|||||||
"bpgtls": bypassGlobalTLS,
|
"bpgtls": bypassGlobalTLS,
|
||||||
"tls" :requireTLS,
|
"tls" :requireTLS,
|
||||||
"tlsval": skipCertValidations,
|
"tlsval": skipCertValidations,
|
||||||
|
"bpwsorg" : bypassWebsocketOrigin,
|
||||||
"bauth" :requireBasicAuth,
|
"bauth" :requireBasicAuth,
|
||||||
},
|
},
|
||||||
success: function(data){
|
success: function(data){
|
||||||
|
|||||||
@ -44,6 +44,12 @@
|
|||||||
<label>Ignore TLS/SSL Verification Error<br><small>For targets that is using self-signed, expired certificate (Not Recommended)</small></label>
|
<label>Ignore TLS/SSL Verification Error<br><small>For targets that is using self-signed, expired certificate (Not Recommended)</small></label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<input type="checkbox" id="skipWebsocketOriginCheck" checked>
|
||||||
|
<label>Skip WebSocket Origin Check<br><small>Allow cross-origin websocket requests (Usually not a security concern)</small></label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<div class="ui checkbox">
|
<div class="ui checkbox">
|
||||||
<input type="checkbox" id="bypassGlobalTLS">
|
<input type="checkbox" id="bypassGlobalTLS">
|
||||||
@ -126,6 +132,7 @@
|
|||||||
var skipTLSValidation = $("#skipTLSValidation")[0].checked;
|
var skipTLSValidation = $("#skipTLSValidation")[0].checked;
|
||||||
var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked;
|
var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked;
|
||||||
var requireBasicAuth = $("#requireBasicAuth")[0].checked;
|
var requireBasicAuth = $("#requireBasicAuth")[0].checked;
|
||||||
|
var skipWebSocketOriginCheck = $("#skipWebsocketOriginCheck")[0].checked;
|
||||||
|
|
||||||
if (rootname.trim() == ""){
|
if (rootname.trim() == ""){
|
||||||
$("#rootname").parent().addClass("error");
|
$("#rootname").parent().addClass("error");
|
||||||
@ -150,9 +157,11 @@
|
|||||||
tls: useTLS,
|
tls: useTLS,
|
||||||
ep: proxyDomain,
|
ep: proxyDomain,
|
||||||
tlsval: skipTLSValidation,
|
tlsval: skipTLSValidation,
|
||||||
|
bpwsorg: skipWebSocketOriginCheck,
|
||||||
bypassGlobalTLS: bypassGlobalTLS,
|
bypassGlobalTLS: bypassGlobalTLS,
|
||||||
bauth: requireBasicAuth,
|
bauth: requireBasicAuth,
|
||||||
cred: JSON.stringify(credentials),
|
cred: JSON.stringify(credentials),
|
||||||
|
|
||||||
},
|
},
|
||||||
success: function(data){
|
success: function(data){
|
||||||
if (data.error != undefined){
|
if (data.error != undefined){
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user