Skip to content

Commit

Permalink
smarter access control for RPC terminal/browser
Browse files Browse the repository at this point in the history
  • Loading branch information
@janoside
janoside committed May 11, 2018
1 parent b2dd79b commit ef44105
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 10 deletions.
5 changes: 4 additions & 1 deletion app/env.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module.exports = {
cookiePassword: "0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
debug: false,
demoSite: true,
showForkBanner: false,
coin: "BTC",

Expand Down Expand Up @@ -34,6 +34,9 @@ module.exports = {
password:"rpc-password"
},

// Edit "ipWhitelistForRpcCommands" regex to limit access to RPC Browser / Terminal to matching IPs
ipWhitelistForRpcCommands:/^(127\.0\.0\.1)?(\:\:1)?$/,

donationAddresses:{
coins:["BTC", "LTC"],

Expand Down
33 changes: 24 additions & 9 deletions routes/baseActionsRouter.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,20 +413,30 @@ router.get("/tx/:transactionId", function(req, res) {
});

router.get("/rpc-terminal", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);

return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");

return;
}
}

res.render("terminal");
});

router.post("/rpc-terminal", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);

return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");

return;
}
}

var params = req.body.cmd.split(" ");
Expand Down Expand Up @@ -476,10 +486,15 @@ router.post("/rpc-terminal", function(req, res) {
});

router.get("/rpc-browser", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);

return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");

return;
}
}

rpcApi.getHelp().then(function(result) {
Expand Down

0 comments on commit ef44105

Please sign in to comment.