add forbid remote admin login

This commit is contained in:
monoid 2021-01-10 16:53:54 +09:00
parent 06933699c0
commit 93a65c271a
2 changed files with 25 additions and 4 deletions

View File

@ -15,7 +15,7 @@ export const getAdminCookieValue = ()=>{
const secretKey = setting.jwt_secretkey;
return sign({
username: "admin",
permission: []
permission: [],
},secretKey,{expiresIn:'3d'});
}
@ -35,6 +35,10 @@ export const createLoginMiddleware = (knex: Knex)=>{
sendError(400,"invalid form : username or password is not string")
return;
}
if(setting.forbid_remote_admin_login && username === "admin"){
sendError(403,"forbid remote admin login");
return;
}
const user = await userController.findUser(username);
if(user === undefined){
sendError(401,"not authorized");

View File

@ -3,22 +3,39 @@ import { randomBytes } from 'crypto';
import { existsSync, readFileSync, writeFileSync } from 'fs';
export type Setting = {
path: string[],
/**
* if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
*/
localmode: boolean,
guest: boolean,
/**
* JWT secret key. if you change its value, all access tokens are invalidated.
*/
jwt_secretkey: string,
/**
* the port which running server is binding on.
*/
port:number,
mode:"development"|"production",
/**
* if true, do not show 'electron' window and show terminal only.
*/
cli:boolean,
/** forbid to login admin from remote client. but, it do not invalidate access token.
* if you want to invalidate access token, change 'jwt_secretkey'.*/
forbid_remote_admin_login:boolean,
}
const default_setting:Setting = {
path:[],
localmode: true,
guest:false,
jwt_secretkey:"itsRandom",
port:8080,
mode:"production",
cli:false
cli:false,
forbid_remote_admin_login:true,
}
let setting: null|Setting = null;