marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-11-16 05:44:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #820 from AnthonyMichaelTDM/issue819

Browse Source 
put plugin API on separate mux not protected by CSRF
This commit is contained in:
Toby Chui
2025-09-13 23:16:27 +08:00
committed by GitHub
parent c745d82cf3 e2c0fe3abf
commit 6efab48d33
3 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
example/plugins/plugin2plugin-comms-peer1/www/index.html
View File

@@ -21,12 +21,12 @@
z-index: 1000; z-index: 1000;
} }
.sent-message { .sent-message {
background-color: #d4edda; background-color: var(--theme_bg_primary);
border-left: 5px solid #155724; border-left: 5px solid #155724;
animation: fadeIn 0.5s; animation: fadeIn 0.5s;
} }
.received-message { .received-message {
background-color: #cce5ff; background-color: var(--theme_bg_secondary);
border-left: 5px solid #004085; border-left: 5px solid #004085;
animation: fadeIn 0.5s; animation: fadeIn 0.5s;
} }

4
example/plugins/plugin2plugin-comms-peer2/www/index.html
View File

@@ -21,12 +21,12 @@
z-index: 1000; z-index: 1000;
} }
.sent-message { .sent-message {
background-color: #d4edda; background-color: var(--theme_bg_primary);
border-left: 5px solid #155724; border-left: 5px solid #155724;
animation: fadeIn 0.5s; animation: fadeIn 0.5s;
} }
.received-message { .received-message {
background-color: #cce5ff; background-color: var(--theme_bg_secondary);
border-left: 5px solid #004085; border-left: 5px solid #004085;
animation: fadeIn 0.5s; animation: fadeIn 0.5s;
} }

16
src/main.go
View File

@@ -115,9 +115,19 @@ func main() {
//Initiate management interface APIs //Initiate management interface APIs
requireAuth = !(*noauth) requireAuth = !(*noauth)
initAPIs(webminPanelMux) initAPIs(webminPanelMux)
initRestAPI(webminPanelMux)
//Start the reverse proxy server in go routine // Create a new plugin API mux
pluginAPIMux := http.NewServeMux()
initRestAPI(pluginAPIMux)
// Create a parent mux to route /plugin endpoints without CSRF, others with CSRF
parentMux := http.NewServeMux()
// /plugin (rest API) endpoints: no CSRF
parentMux.Handle("/plugin/", pluginAPIMux)
// all other endpoints: with CSRF
parentMux.Handle("/", csrfMiddleware(webminPanelMux))
// Start the reverse proxy server in go routine
go func() { go func() {
ReverseProxtInit() ReverseProxtInit()
}() }()
@@ -134,7 +144,7 @@ func main() {
SystemWideLogger.Println(SYSTEM_NAME + " started. Visit control panel at http://" + *webUIPort) SystemWideLogger.Println(SYSTEM_NAME + " started. Visit control panel at http://" + *webUIPort)
} }
err = http.ListenAndServe(*webUIPort, csrfMiddleware(webminPanelMux)) err = http.ListenAndServe(*webUIPort, parentMux)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)