bitinflow/expose
1
0
Fork 0
mirror of https://github.com/bitinflow/expose.git synced 2026-03-13 13:35:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a new flag to users to allow the specification of custom subdomains

Browse Source
This commit is contained in:
Marcel Pociot
2020-09-07 20:19:56 +02:00
parent 47b2350631
commit 0ebe6a4ce4
7 changed files with 137 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Server/Http/Controllers/Admin/StoreUsersController.php
View File

@@ -39,6 +39,7 @@ class StoreUsersController extends AdminController
$insertData = [ $insertData = [
'name' => $request->get('name'), 'name' => $request->get('name'),
'auth_token' => (string) Str::uuid(), 'auth_token' => (string) Str::uuid(),
'can_specify_subdomains' => (int) $request->get('can_specify_subdomains')
]; ];
$this->userRepository $this->userRepository

19
app/Server/Http/Controllers/ControlMessageController.php
View File

@@ -5,6 +5,7 @@ namespace App\Server\Http\Controllers;
use App\Contracts\ConnectionManager; use App\Contracts\ConnectionManager;
use App\Contracts\UserRepository; use App\Contracts\UserRepository;
use App\Http\QueryParameters; use App\Http\QueryParameters;
use Illuminate\Support\Arr;
use Ratchet\ConnectionInterface; use Ratchet\ConnectionInterface;
use Ratchet\WebSocket\MessageComponentInterface; use Ratchet\WebSocket\MessageComponentInterface;
use React\Promise\Deferred; use React\Promise\Deferred;
@@ -77,8 +78,8 @@ class ControlMessageController implements MessageComponentInterface
protected function authenticate(ConnectionInterface $connection, $data) protected function authenticate(ConnectionInterface $connection, $data)
{ {
$this->verifyAuthToken($connection) $this->verifyAuthToken($connection)
->then(function () use ($connection, $data) { ->then(function ($user) use ($connection, $data) {
if (! $this->hasValidSubdomain($connection, $data->subdomain)) { if (! $this->hasValidSubdomain($connection, $data->subdomain, $user)) {
return; return;
} }
@@ -147,8 +148,20 @@ class ControlMessageController implements MessageComponentInterface
return $deferred->promise(); return $deferred->promise();
} }
protected function hasValidSubdomain(ConnectionInterface $connection, ?string $subdomain): bool protected function hasValidSubdomain(ConnectionInterface $connection, ?string $subdomain, ?array $user): bool
{ {
if (! is_null($user) && $user['can_specify_subdomains'] === 0 && ! is_null($subdomain)) {
$connection->send(json_encode([
'event' => 'subdomainTaken',
'data' => [
'message' => config('expose.admin.messages.custom_subdomain_unauthorized'),
],
]));
$connection->close();
return false;
}
if (! is_null($subdomain)) { if (! is_null($subdomain)) {
$controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain); $controlConnection = $this->connectionManager->findControlConnectionForSubdomain($subdomain);
if (! is_null($controlConnection) || $subdomain === config('expose.admin.subdomain')) { if (! is_null($controlConnection) || $subdomain === config('expose.admin.subdomain')) {

4
app/Server/UserRepository/DatabaseUserRepository.php
View File

@@ -113,8 +113,8 @@ class DatabaseUserRepository implements UserRepository
$deferred = new Deferred(); $deferred = new Deferred();
$this->database->query(" $this->database->query("
INSERT INTO users (name, auth_token, created_at) INSERT INTO users (name, auth_token, can_specify_subdomains, created_at)
VALUES (:name, :auth_token, DATETIME('now')) VALUES (:name, :auth_token, :can_specify_subdomains, DATETIME('now'))
", $data) ", $data)
->then(function (Result $result) use ($deferred) { ->then(function (Result $result) use ($deferred) {
$this->database->query('SELECT * FROM users WHERE id = :id', ['id' => $result->insertId]) $this->database->query('SELECT * FROM users WHERE id = :id', ['id' => $result->insertId])

2
config/expose.php
View File

@@ -230,6 +230,8 @@ return [
'invalid_auth_token' => 'Authentication failed. Please check your authentication token and try again.', 'invalid_auth_token' => 'Authentication failed. Please check your authentication token and try again.',
'subdomain_taken' => 'The chosen subdomain :subdomain is already taken. Please choose a different subdomain.', 'subdomain_taken' => 'The chosen subdomain :subdomain is already taken. Please choose a different subdomain.',
'custom_subdomain_unauthorized' => 'You are not allowed to specify custom subdomains. Please upgrade to Expose Pro.',
], ],
], ],
]; ];

1
database/migrations/02_add_feature_flags_to_users_table.sql Normal file
View File

@@ -0,0 +1 @@
ALTER TABLE users ADD can_specify_subdomains BOOLEAN DEFAULT 1;

34
resources/views/server/users/index.twig
View File

@@ -24,6 +24,25 @@
</div> </div>
</div> </div>
</div> </div>
<div class="sm:grid sm:grid-cols-3 sm:gap-4 sm:items-start sm:pt-5">
<label for="can_specify_subdomains"
class="block text-sm font-medium leading-5 text-gray-700 sm:mt-px sm:pt-2">
Can specify custom subdomains
</label>
<div class="mt-1 sm:mt-0 sm:col-span-2">
<div class="mt-2 flex items-center justify-between">
<div class="flex items-center">
<input id="can_specify_subdomains"
v-model="userForm.can_specify_subdomains"
name="can_specify_subdomains"
value="1" type="checkbox" class="form-checkbox h-4 w-4 text-indigo-600 transition duration-150 ease-in-out" />
<label for="can_specify_subdomains" class="ml-2 block text-sm leading-5 text-gray-900">
Yes
</label>
</div>
</div>
</div>
</div>
</div> </div>
<div class="mt-8 border-t border-gray-200 pt-5"> <div class="mt-8 border-t border-gray-200 pt-5">
<div class="flex justify-end"> <div class="flex justify-end">
@@ -51,6 +70,9 @@
<th class="px-6 py-3 border-b border-gray-200 bg-gray-50 text-left text-xs leading-4 font-medium text-gray-500 uppercase tracking-wider"> <th class="px-6 py-3 border-b border-gray-200 bg-gray-50 text-left text-xs leading-4 font-medium text-gray-500 uppercase tracking-wider">
Auth-Token Auth-Token
</th> </th>
<th class="px-6 py-3 border-b border-gray-200 bg-gray-50 text-left text-xs leading-4 font-medium text-gray-500 uppercase tracking-wider">
Custom Subdomains
</th>
<th class="px-6 py-3 border-b border-gray-200 bg-gray-50 text-left text-xs leading-4 font-medium text-gray-500 uppercase tracking-wider"> <th class="px-6 py-3 border-b border-gray-200 bg-gray-50 text-left text-xs leading-4 font-medium text-gray-500 uppercase tracking-wider">
Created At Created At
</th> </th>
@@ -65,6 +87,14 @@
<td class="px-6 py-4 whitespace-no-wrap border-b border-gray-200 text-sm leading-5 text-gray-500"> <td class="px-6 py-4 whitespace-no-wrap border-b border-gray-200 text-sm leading-5 text-gray-500">
@{ user.auth_token } @{ user.auth_token }
</td> </td>
<td class="px-6 py-4 whitespace-no-wrap border-b border-gray-200 text-sm leading-5 text-gray-500">
<span v-if="user.can_specify_subdomains === 0">
No
</span>
<span v-else>
Yes
</span>
</td>
<td class="px-6 py-4 whitespace-no-wrap border-b border-gray-200 text-sm leading-5 text-gray-500"> <td class="px-6 py-4 whitespace-no-wrap border-b border-gray-200 text-sm leading-5 text-gray-500">
@{ user.created_at } @{ user.created_at }
</td> </td>
@@ -113,6 +143,7 @@
data: { data: {
userForm: { userForm: {
name: '', name: '',
can_specify_subdomains: true,
errors: {}, errors: {},
}, },
paginated: {{ paginated|json_encode|raw }} paginated: {{ paginated|json_encode|raw }}
@@ -140,7 +171,7 @@
}).then((response) => { }).then((response) => {
return response.json(); return response.json();
}).then((data) => { }).then((data) => {
this.users = this.users.filter(u => u.id !== user.id); this.getUsers(1)
}); });
}, },
saveUser() { saveUser() {
@@ -155,6 +186,7 @@
}).then((data) => { }).then((data) => {
if (data.user) { if (data.user) {
this.userForm.name = ''; this.userForm.name = '';
this.userForm.can_specify_subdomains = 0;
this.userForm.errors = {}; this.userForm.errors = {};
this.users.unshift(data.user); this.users.unshift(data.user);
} }

85
tests/Feature/Server/TunnelTest.php
View File

@@ -27,6 +27,9 @@ class TunnelTest extends TestCase
parent::setUp(); parent::setUp();
$this->browser = new Browser($this->loop); $this->browser = new Browser($this->loop);
$this->browser = $this->browser->withOptions([
'followRedirects' => false,
]);
$this->startServer(); $this->startServer();
} }
@@ -58,6 +61,8 @@ class TunnelTest extends TestCase
{ {
$this->createTestHttpServer(); $this->createTestHttpServer();
$this->app['config']['expose.admin.validate_auth_tokens'] = false;
/** /**
* We create an expose client that connects to our server and shares * We create an expose client that connects to our server and shares
* the created test HTTP server. * the created test HTTP server.
@@ -98,22 +103,96 @@ class TunnelTest extends TestCase
{ {
$this->app['config']['expose.admin.validate_auth_tokens'] = true; $this->app['config']['expose.admin.validate_auth_tokens'] = true;
$this->createTestHttpServer(); $response = $this->await($this->browser->post('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost',
'Authorization' => base64_encode('username:secret'),
'Content-Type' => 'application/json',
], json_encode([
'name' => 'Marcel',
'can_specify_subdomains' => 1,
])));
$this->expectException(\UnexpectedValueException::class); $user = json_decode($response->getBody()->getContents())->user;
$this->createTestHttpServer();
/** /**
* We create an expose client that connects to our server and shares * We create an expose client that connects to our server and shares
* the created test HTTP server. * the created test HTTP server.
*/ */
$client = $this->createClient(); $client = $this->createClient();
$this->await($client->connectToServer('127.0.0.1:8085', 'tunnel')); $response = $this->await($client->connectToServer('127.0.0.1:8085', 'tunnel', $user->auth_token));
$this->assertSame('tunnel', $response->subdomain);
}
/** @test */
public function it_rejects_clients_to_specify_custom_subdomains()
{
$this->app['config']['expose.admin.validate_auth_tokens'] = true;
$response = $this->await($this->browser->post('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost',
'Authorization' => base64_encode('username:secret'),
'Content-Type' => 'application/json',
], json_encode([
'name' => 'Marcel',
'can_specify_subdomains' => 0,
])));
$this->expectException(\UnexpectedValueException::class);
$user = json_decode($response->getBody()->getContents())->user;
$this->createTestHttpServer();
/**
* We create an expose client that connects to our server and shares
* the created test HTTP server.
*/
$client = $this->createClient();
$response = $this->await($client->connectToServer('127.0.0.1:8085', 'tunnel', $user->auth_token));
$this->assertSame('tunnel', $response->subdomain);
}
/** @test */
public function it_allows_clients_to_use_random_subdomains_if_custom_subdomains_are_forbidden()
{
$this->app['config']['expose.admin.validate_auth_tokens'] = true;
$response = $this->await($this->browser->post('http://127.0.0.1:8080/api/users', [
'Host' => 'expose.localhost',
'Authorization' => base64_encode('username:secret'),
'Content-Type' => 'application/json',
], json_encode([
'name' => 'Marcel',
'can_specify_subdomains' => 0,
])));
$user = json_decode($response->getBody()->getContents())->user;
$this->createTestHttpServer();
/**
* We create an expose client that connects to our server and shares
* the created test HTTP server.
*/
$client = $this->createClient();
$response = $this->await($client->connectToServer('127.0.0.1:8085', '', $user->auth_token));
$this->assertInstanceOf(\stdClass::class, $response);
} }
protected function startServer() protected function startServer()
{ {
$this->app['config']['expose.admin.subdomain'] = 'expose';
$this->app['config']['expose.admin.database'] = ':memory:'; $this->app['config']['expose.admin.database'] = ':memory:';
$this->app['config']['expose.admin.users'] = [
'username' => 'secret',
];
$this->serverFactory = new Factory(); $this->serverFactory = new Factory();
$this->serverFactory->setLoop($this->loop) $this->serverFactory->setLoop($this->loop)