- Updated objection, knex, liquidjs, signale and sqlite3 packages

- Changes for objection migration - Moved common access template code to an include - Fixed access rules configuration generation
2025-06-17 17:56:27 +00:00 · 2023-03-17 14:18:51 +10:00
parent 00aeef75b6
commit fec36834f7
30 changed files with 819 additions and 316 deletions
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -0,0 +1,25 @@
+{% if access_list_id > 0 %}
+    {% if access_list.items.length > 0 %}
+    # Authorization
+    auth_basic            "Authorization required";
+    auth_basic_user_file  /data/access/{{ access_list_id }};
+
+    {% if access_list.pass_auth == 0 %}
+    proxy_set_header Authorization "";
+    {% endif %}
+
+    {% endif %}
+
+    # Access Rules: {{ access_list.clients | size }} total
+    {% for client in access_list.clients %}
+    {{client | nginxAccessRule}}
+    {% endfor %}
+    deny all;
+
+    # Access checks must...
+    {% if access_list.satisfy_any == 1 %}
+    satisfy any;
+    {% else %}
+    satisfy all;
+    {% endif %}
+{% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -6,30 +6,9 @@
    proxy_set_header X-Real-IP		$remote_addr;
    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};

-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
- 
-    {{ access_list.passauth }}
-    {% endif %}
- 
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
- 
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
- 
-    {% endif %}
-
+    {% include "_access.conf" %}
    {% include "_assets.conf" %}
    {% include "_exploits.conf" %}
-
    {% include "_forced_ssl.conf" %}
    {% include "_hsts.conf" %}

--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@ -30,27 +30,7 @@ proxy_http_version 1.1;

  location / {

-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
-
-    {{ access_list.passauth }}
-    {% endif %}
-
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
-
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
-
-    {% endif %}
-
+{% include "_access.conf" %}
 {% include "_hsts.conf" %}

    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}