-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
90 lines (74 loc) · 2.72 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
"use strict";
const express = require('express');
//const bodyParser = require('body-parser');
const { auth, requiresAuth } = require('express-openid-connect');
const { config, port, redirectee } = require("./config");
const app = express();
const fs = require('fs');
const path = require('path');
const configPath = path.join(__dirname, '../traefik/dyn-whitelist.toml');
function updateTraefikConfig(updates) {
let config = fs.readFileSync(configPath, 'utf-8');
const ipRegex = /sourceRange\s*=\s*\[(.*?)\]/s;
const commentRegex = /#\s*(.*)/g;
let currentIPs = [];
let currentComments = [];
if (ipRegex.test(config)) {
currentIPs = ipRegex.exec(config)[1].split(',').map(ip => ip.trim().replace(/["']/g, ''));
}
config.replace(commentRegex, (_, comment) => currentComments.push(comment.trim()));
const existingData = {};
currentComments.forEach((username, index) => {
existingData[username] = currentIPs[index];
});
for (const [username, ip] of updates) {
if (username) existingData[username] = ip;
}
const newIPs = [];
const newComments = [];
for (const [username, ip] of Object.entries(existingData)) {
newIPs.push(ip);
newComments.push(`# ${username}`);
}
const updatedIPList = `sourceRange = [${newIPs.map(ip => `"${ip}"`).join(', ')}]`;
const updatedComments = newComments.join('\n');
config = config.replace(ipRegex, updatedIPList);
config = updatedComments + '\n' + config.replace(/#.*\n/g, '');
fs.writeFileSync(configPath, config, 'utf-8');
}
app.use(auth(config));
//app.use(bodyParser.json());
//app.use(bodyParser.urlencoded({ extended: true }));
app.get('/', requiresAuth(), (req, res) => {
try {
if (!req?.oidc?.accessToken) return;
if (req.headers["x-real-ip"] == req.headers["x-forwarded-for"]) {
console.log(`[${req.headers["x-real-ip"]}] ${req?.oidc?.idTokenClaims?.preferred_username.toLowerCase()} visited /`);
let arr = []; arr.push([req?.oidc?.idTokenClaims?.preferred_username.toLowerCase(), req.headers["x-real-ip"]]);
updateTraefikConfig(arr);
res.redirect(redirectee);
}
} catch (e) { console.warn(e) }
});
app.get('/403', (req, res) => {
try {
if (req?.oidc?.accessToken) {
res.redirect(redirectee);
return;
};
res.send(`
<html>
<head>
<meta http-equiv="refresh" content="0; url=${config.baseURL}" />
</head>
<body>
<p><a href="${config.baseURL}">No permission, login again?</a></p>
</body>
</html>
`)
} catch (e) { console.warn(e) }
});
app.use('/', requiresAuth(), express.static('serve'));
app.listen(port, function () {
console.log(`Base is listening on ${port}.`)
});