From 5d29fa5e626c7f990d84fa81c556d824f8761d41 Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 16:34:57 +0200 Subject: [PATCH 1/6] ip address filtering --- CHANGELOG.md | 1 + config/config.js.sample | 3 +++ js/server.js | 6 ++++++ package.json | 1 + 4 files changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 326bfc49de..74cb3f7e61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - Method to overwrite the module's header. [See documentation.](https://github.com/MichMich/MagicMirror/tree/develop/modules#getheader) +- Option to limit access to certain IP addresses based on the value of `ipWhitelist` in the `config.js`, default is access from localhost only (Issue [#456](https://github.com/MichMich/MagicMirror/issues/456)) ### Updated - Modified translations for Frysk. diff --git a/config/config.js.sample b/config/config.js.sample index 04c7fba99a..b10c991555 100644 --- a/config/config.js.sample +++ b/config/config.js.sample @@ -6,6 +6,9 @@ var config = { port: 8080, + ipWhitelist: ['127.0.0.1', '::ffff:127.0.0.1'], + // you use ips with subnet mask: ['127.0.0.1', '127.0.0.1/24'] + // you use also use ip ranges: ['127.0.0.1', ['192.168.0.1', '192.168.0.100']] language: 'en', timeFormat: 24, diff --git a/js/server.js b/js/server.js index 2ab0b1b9de..b8dcec5997 100644 --- a/js/server.js +++ b/js/server.js @@ -10,11 +10,17 @@ var app = require("express")(); var server = require("http").Server(app); var io = require("socket.io")(server); var path = require("path"); +var ipfilter = require('express-ipfilter').IpFilter; var Server = function(config, callback) { console.log("Starting server op port " + config.port + " ... "); server.listen(config.port); + if (config.ipWhitelist === undefined) { + config.ipWhitelist = ['127.0.0.1', '::ffff:127.0.0.1']; + console.log("Warning: Missing value (ipWhitelist) from config.js, assuming default (localhost access only): " + config.ipWhitelist); + } + app.use(ipfilter(config.ipWhitelist, {mode: 'allow', log: false})); app.use("/js", express.static(__dirname)); app.use("/config", express.static(path.resolve(__dirname + "/../config"))); app.use("/css", express.static(path.resolve(__dirname + "/../css"))); diff --git a/package.json b/package.json index afdad5f610..cfef5f85fd 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ "dependencies": { "electron-prebuilt": "^0.37.2", "express": "^4.14.0", + "express-ipfilter": "latest", "feedme": "latest", "iconv-lite": "latest", "moment": "latest", From f378c93dd3e7a558d6835fd9f4a29e6e42405e8a Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 17:07:22 +0200 Subject: [PATCH 2/6] replace ugly error message --- js/server.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/js/server.js b/js/server.js index b8dcec5997..ddcf1dd3cf 100644 --- a/js/server.js +++ b/js/server.js @@ -20,7 +20,16 @@ var Server = function(config, callback) { config.ipWhitelist = ['127.0.0.1', '::ffff:127.0.0.1']; console.log("Warning: Missing value (ipWhitelist) from config.js, assuming default (localhost access only): " + config.ipWhitelist); } - app.use(ipfilter(config.ipWhitelist, {mode: 'allow', log: false})); + + app.use(function(req, res, next) { + var result = ipfilter(config.ipWhitelist, {mode: 'allow', log: false})(req, res, function(err) { + if (err === undefined) { + return next(); + } + res.status(403).send("This device is not allowed to access your mirror.
Please check your config.js or config.js.sample to change this."); + }); + }); + app.use("/js", express.static(__dirname)); app.use("/config", express.static(path.resolve(__dirname + "/../config"))); app.use("/css", express.static(path.resolve(__dirname + "/../css"))); From b58314007794d92e7e33dcc5e30a82cd9f2b6ab8 Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 17:26:32 +0200 Subject: [PATCH 3/6] fix double quotes and config.js.sample --- config/config.js.sample | 4 ++-- js/defaults.js | 1 + js/server.js | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/config.js.sample b/config/config.js.sample index b10c991555..933b62fd3d 100644 --- a/config/config.js.sample +++ b/config/config.js.sample @@ -7,8 +7,8 @@ var config = { port: 8080, ipWhitelist: ['127.0.0.1', '::ffff:127.0.0.1'], - // you use ips with subnet mask: ['127.0.0.1', '127.0.0.1/24'] - // you use also use ip ranges: ['127.0.0.1', ['192.168.0.1', '192.168.0.100']] + // you can use ips with subnet mask: ['127.0.0.1', '127.0.0.1/24'] + // you can also use ip ranges: ['127.0.0.1', ['192.168.0.1', '192.168.0.100']] language: 'en', timeFormat: 24, diff --git a/js/defaults.js b/js/defaults.js index 0688595c8f..d1d78bce98 100644 --- a/js/defaults.js +++ b/js/defaults.js @@ -10,6 +10,7 @@ var defaults = { port: 8080, kioskmode: false, + ipWhitelist: ['127.0.0.1', '::ffff:127.0.0.1'], language: "en", timeFormat: 24, diff --git a/js/server.js b/js/server.js index ddcf1dd3cf..edae0e12dd 100644 --- a/js/server.js +++ b/js/server.js @@ -10,19 +10,19 @@ var app = require("express")(); var server = require("http").Server(app); var io = require("socket.io")(server); var path = require("path"); -var ipfilter = require('express-ipfilter').IpFilter; +var ipfilter = require("express-ipfilter").IpFilter; var Server = function(config, callback) { console.log("Starting server op port " + config.port + " ... "); server.listen(config.port); if (config.ipWhitelist === undefined) { - config.ipWhitelist = ['127.0.0.1', '::ffff:127.0.0.1']; + config.ipWhitelist = ["127.0.0.1", "::ffff:127.0.0.1"]; console.log("Warning: Missing value (ipWhitelist) from config.js, assuming default (localhost access only): " + config.ipWhitelist); } app.use(function(req, res, next) { - var result = ipfilter(config.ipWhitelist, {mode: 'allow', log: false})(req, res, function(err) { + var result = ipfilter(config.ipWhitelist, {mode: "allow", log: false})(req, res, function(err) { if (err === undefined) { return next(); } From 66eb99e5068cd69d394946d0c635e4d8012f0b13 Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 17:49:54 +0200 Subject: [PATCH 4/6] transfer usage information to readme --- README.md | 2 ++ config/config.js.sample | 4 +--- js/defaults.js | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d86cca7ca5..986e600b5f 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,8 @@ The following properties can be configured: | **Option** | **Description** | | --- | --- | | `port` | The port on which the MagicMirror² server will run on. The default value is `8080`. | +| `ipWhitelist` | The list of IPs from which you are allowed to access the MagicMirror². The default value is `["127.0.0.1", "::ffff:127.0.0.1"]`.It is possible to specify IPs with subnet masks (`["127.0.0.1", "127.0.0.1/24"]`) or define ip ranges (`["127.0.0.1", ["192.168.0.1", "192.168.0.100"]]`). + | | `kioskmode` | This allows MagicMirror² to run in Kiosk Mode. It protects from other programs popping on top of your screen. The default value is `false`| | `language` | The language of the interface. (Note: Not all elements will be localized.) Possible values are `en`, `nl`, `ru`, `fr`, etc., but the default value is `en`. | | `timeFormat` | The form of time notation that will be used. Possible values are `12` or `24`. The default is `24`. | diff --git a/config/config.js.sample b/config/config.js.sample index 933b62fd3d..269492baa4 100644 --- a/config/config.js.sample +++ b/config/config.js.sample @@ -6,9 +6,7 @@ var config = { port: 8080, - ipWhitelist: ['127.0.0.1', '::ffff:127.0.0.1'], - // you can use ips with subnet mask: ['127.0.0.1', '127.0.0.1/24'] - // you can also use ip ranges: ['127.0.0.1', ['192.168.0.1', '192.168.0.100']] + ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1"], language: 'en', timeFormat: 24, diff --git a/js/defaults.js b/js/defaults.js index d1d78bce98..e2ee615131 100644 --- a/js/defaults.js +++ b/js/defaults.js @@ -10,7 +10,7 @@ var defaults = { port: 8080, kioskmode: false, - ipWhitelist: ['127.0.0.1', '::ffff:127.0.0.1'], + ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1"], language: "en", timeFormat: 24, From 2c758a9981a8b586639b6218c8c44f5e984fcfae Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 17:52:22 +0200 Subject: [PATCH 5/6] remove warning message --- js/server.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/js/server.js b/js/server.js index edae0e12dd..cd3d77f2d4 100644 --- a/js/server.js +++ b/js/server.js @@ -16,10 +16,6 @@ var Server = function(config, callback) { console.log("Starting server op port " + config.port + " ... "); server.listen(config.port); - if (config.ipWhitelist === undefined) { - config.ipWhitelist = ["127.0.0.1", "::ffff:127.0.0.1"]; - console.log("Warning: Missing value (ipWhitelist) from config.js, assuming default (localhost access only): " + config.ipWhitelist); - } app.use(function(req, res, next) { var result = ipfilter(config.ipWhitelist, {mode: "allow", log: false})(req, res, function(err) { From 5899497aa73bbbf1deb3297f8fe29b7c044b4671 Mon Sep 17 00:00:00 2001 From: Joseph Bethge Date: Thu, 29 Sep 2016 17:55:32 +0200 Subject: [PATCH 6/6] log denied access attempts on server --- js/server.js | 1 + 1 file changed, 1 insertion(+) diff --git a/js/server.js b/js/server.js index cd3d77f2d4..e1a909469b 100644 --- a/js/server.js +++ b/js/server.js @@ -22,6 +22,7 @@ var Server = function(config, callback) { if (err === undefined) { return next(); } + console.log(err.message); res.status(403).send("This device is not allowed to access your mirror.
Please check your config.js or config.js.sample to change this."); }); });