network: add trusted ips

This allows the user to set trusted ips to Cloudflare or some other CDN and have the logs have the correct IPs. fixes #801
2023-05-13 14:59:57 +02:00
parent 951ed4bf33
commit b26c8d20cd
13 changed files with 228 additions and 54 deletions
--- a/src/settings.js
+++ b/src/settings.js
@@ -67,6 +67,9 @@ exports = module.exports = {
    getFirewallBlocklist,
    setFirewallBlocklist,

+    getTrustedIps,
+    setTrustedIps,
+
    getGhosts,
    setGhosts,

@@ -119,6 +122,7 @@ exports = module.exports = {
    APPSTORE_API_TOKEN_KEY: 'appstore_api_token',
    APPSTORE_WEB_TOKEN_KEY: 'appstore_web_token',
    FIREWALL_BLOCKLIST_KEY: 'firewall_blocklist',
+    TRUSTED_IPS_KEY: 'trusted_ips_key',

    API_SERVER_ORIGIN_KEY: 'api_server_origin',
    WEB_SERVER_ORIGIN_KEY: 'web_server_origin',
@@ -216,6 +220,7 @@ const gDefaults = (function () {
    result[exports.MAIL_FQDN_KEY] = '';

    result[exports.FIREWALL_BLOCKLIST_KEY] = '';
+    result[exports.TRUSTED_IPS_KEY] = '';

    result[exports.API_SERVER_ORIGIN_KEY] = 'https://api.cloudron.io';
    result[exports.WEB_SERVER_ORIGIN_KEY] = 'https://cloudron.io';
@@ -636,6 +641,19 @@ async function setFirewallBlocklist(blocklist) {
    await setBlob(exports.FIREWALL_BLOCKLIST_KEY, Buffer.from(blocklist));
 }

+async function getTrustedIps() {
+    const value = await get(exports.TRUSTED_IPS_KEY);
+    if (value === null) return gDefaults[exports.TRUSTED_IPS_KEY];
+
+    return value;
+}
+
+async function setTrustedIps(trustedIps) {
+    assert.strictEqual(typeof trustedIps, 'string');
+
+    await set(exports.TRUSTED_IPS_KEY, trustedIps);
+}
+
 async function getGhosts() {
    const value = await get(exports.GHOSTS_CONFIG_KEY);
    if (value === null) return gDefaults[exports.GHOSTS_CONFIG_KEY];