lukechilds
/
btc-rpc-explorer
mirror of https://github.com/lukechilds/btc-rpc-explorer.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

smarter access control for RPC terminal/browser

fix-133-memory-crash
Dan Janosik 7 years ago
parent
b2dd79b455
commit
ef44105805
2 changed files with 28 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      app/env.js
  2. 33
      routes/baseActionsRouter.js

5
app/env.js
View File

@ -1,6 +1,6 @@
module.exports = {
cookiePassword: "0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
debug: false,
demoSite: true,
showForkBanner: false,
coin: "BTC",
@ -34,6 +34,9 @@ module.exports = {
password:"rpc-password"
},
// Edit "ipWhitelistForRpcCommands" regex to limit access to RPC Browser / Terminal to matching IPs
ipWhitelistForRpcCommands:/^(127\.0\.0\.1)?(\:\:1)?$/,
donationAddresses:{
coins:["BTC", "LTC"],

33
routes/baseActionsRouter.js
View File

@ -413,20 +413,30 @@ router.get("/tx/:transactionId", function(req, res) {
});
router.get("/rpc-terminal", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);
return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");
return;
}
}
res.render("terminal");
});
router.post("/rpc-terminal", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);
return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");
return;
}
}
var params = req.body.cmd.split(" ");
@ -476,10 +486,15 @@ router.post("/rpc-terminal", function(req, res) {
});
router.get("/rpc-browser", function(req, res) {
if (!env.debug) {
res.send("Debug mode is off.");
if (!env.demoSite) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var match = env.ipWhitelistForRpcCommands.exec(ip);
return;
if (!match) {
res.send("RPC Terminal / Browser may not be accessed from '" + ip + "'. This restriction can be modified in your env.js file.");
return;
}
}
rpcApi.getHelp().then(function(result) {

Write Preview
Loading…
Cancel
Save