ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-15 00:44:27 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: ThatGuyJack:8d7ea556eb4d4afef15a94b02a189734531e5718
Branches Tags
ThatGuyJack:develop
ThatGuyJack:dependabot/npm_and_yarn/test/brace-expansion-1.1.12
ThatGuyJack:master
ThatGuyJack:v3
ThatGuyJack:bump-freedns
ThatGuyJack:openidc
ThatGuyJack:ssl-passthrough-hosts
ThatGuyJack:static-content
ThatGuyJack:v2.12.3
ThatGuyJack:v2.12.2
ThatGuyJack:v2.12.1
ThatGuyJack:v2.12.0
ThatGuyJack:v2.11.3
ThatGuyJack:v2.11.2
ThatGuyJack:v2.11.1
ThatGuyJack:v2.11.0
ThatGuyJack:v2.10.4
ThatGuyJack:v2.10.3
ThatGuyJack:v2.10.2
ThatGuyJack:v2.10.1
ThatGuyJack:v2.10.0
ThatGuyJack:v2.9.22
ThatGuyJack:v2.9.21
ThatGuyJack:v2.9.20
ThatGuyJack:v2.9.19
ThatGuyJack:v2.9.18
ThatGuyJack:v2.9.17
ThatGuyJack:v2.9.16
ThatGuyJack:v2.9.15
ThatGuyJack:v2.9.14
ThatGuyJack:v2.9.13
ThatGuyJack:v2.9.12
ThatGuyJack:v2.9.11
ThatGuyJack:v2.9.10
ThatGuyJack:v2.9.9
ThatGuyJack:v2.9.8
ThatGuyJack:v2.9.7
ThatGuyJack:v2.9.6
ThatGuyJack:v2.9.5
ThatGuyJack:v2.9.4
ThatGuyJack:v2.9.3
ThatGuyJack:v2.9.2
ThatGuyJack:v2.9.1
ThatGuyJack:v2.9.0
ThatGuyJack:v2.8.1
ThatGuyJack:v2.8.0
ThatGuyJack:v2.7.3
ThatGuyJack:v2.7.2
ThatGuyJack:v2.7.1
ThatGuyJack:v2.7.0
ThatGuyJack:v2.6.2
ThatGuyJack:v2.6.1
ThatGuyJack:v2.6.0
ThatGuyJack:v2.5.0
ThatGuyJack:v2.4.0
ThatGuyJack:v2.3.1
ThatGuyJack:v2.3.0
ThatGuyJack:v2.2.4
ThatGuyJack:v2.2.3
ThatGuyJack:v2.2.2
ThatGuyJack:v2.2.1
ThatGuyJack:v2.2.0
ThatGuyJack:v2.1.2
ThatGuyJack:v2.1.1
ThatGuyJack:v2.1.0
ThatGuyJack:2.0.14
ThatGuyJack:2.0.13
ThatGuyJack:2.0.12
ThatGuyJack:2.0.11
ThatGuyJack:2.0.10
ThatGuyJack:2.0.9
ThatGuyJack:2.0.8
ThatGuyJack:2.0.7
ThatGuyJack:2.0.6
ThatGuyJack:2.0.5
ThatGuyJack:2.0.4
ThatGuyJack:2.0.3
ThatGuyJack:2.0.2
ThatGuyJack:2.0.0
ThatGuyJack:v2.0.0
ThatGuyJack:1.1.2
ThatGuyJack:1.1.1
ThatGuyJack:1.0.1
..
compare: ThatGuyJack:9d68c6353cc284d14c94b12e5fe452f3456f1ac0
Branches Tags
ThatGuyJack:dependabot/npm_and_yarn/test/brace-expansion-1.1.12
ThatGuyJack:develop
ThatGuyJack:master
ThatGuyJack:v3
ThatGuyJack:bump-freedns
ThatGuyJack:openidc
ThatGuyJack:ssl-passthrough-hosts
ThatGuyJack:static-content
ThatGuyJack:v2.12.3
ThatGuyJack:v2.12.2
ThatGuyJack:v2.12.1
ThatGuyJack:v2.12.0
ThatGuyJack:v2.11.3
ThatGuyJack:v2.11.2
ThatGuyJack:v2.11.1
ThatGuyJack:v2.11.0
ThatGuyJack:v2.10.4
ThatGuyJack:v2.10.3
ThatGuyJack:v2.10.2
ThatGuyJack:v2.10.1
ThatGuyJack:v2.10.0
ThatGuyJack:v2.9.22
ThatGuyJack:v2.9.21
ThatGuyJack:v2.9.20
ThatGuyJack:v2.9.19
ThatGuyJack:v2.9.18
ThatGuyJack:v2.9.17
ThatGuyJack:v2.9.16
ThatGuyJack:v2.9.15
ThatGuyJack:v2.9.14
ThatGuyJack:v2.9.13
ThatGuyJack:v2.9.12
ThatGuyJack:v2.9.11
ThatGuyJack:v2.9.10
ThatGuyJack:v2.9.9
ThatGuyJack:v2.9.8
ThatGuyJack:v2.9.7
ThatGuyJack:v2.9.6
ThatGuyJack:v2.9.5
ThatGuyJack:v2.9.4
ThatGuyJack:v2.9.3
ThatGuyJack:v2.9.2
ThatGuyJack:v2.9.1
ThatGuyJack:v2.9.0
ThatGuyJack:v2.8.1
ThatGuyJack:v2.8.0
ThatGuyJack:v2.7.3
ThatGuyJack:v2.7.2
ThatGuyJack:v2.7.1
ThatGuyJack:v2.7.0
ThatGuyJack:v2.6.2
ThatGuyJack:v2.6.1
ThatGuyJack:v2.6.0
ThatGuyJack:v2.5.0
ThatGuyJack:v2.4.0
ThatGuyJack:v2.3.1
ThatGuyJack:v2.3.0
ThatGuyJack:v2.2.4
ThatGuyJack:v2.2.3
ThatGuyJack:v2.2.2
ThatGuyJack:v2.2.1
ThatGuyJack:v2.2.0
ThatGuyJack:v2.1.2
ThatGuyJack:v2.1.1
ThatGuyJack:v2.1.0
ThatGuyJack:2.0.14
ThatGuyJack:2.0.13
ThatGuyJack:2.0.12
ThatGuyJack:2.0.11
ThatGuyJack:2.0.10
ThatGuyJack:2.0.9
ThatGuyJack:2.0.8
ThatGuyJack:2.0.7
ThatGuyJack:2.0.6
ThatGuyJack:2.0.5
ThatGuyJack:2.0.4
ThatGuyJack:2.0.3
ThatGuyJack:2.0.2
ThatGuyJack:2.0.0
ThatGuyJack:v2.0.0
ThatGuyJack:1.1.2
ThatGuyJack:1.1.1
ThatGuyJack:1.0.1

4 Commits
8d7ea556eb ... 9d68c6353c

Author SHA1 Message Date
Julian Gassner
9d68c6353c
Merge da22e0777eebd779c2b7c87e3876aad32d5d3252 into c4df89df1f11ef8cb26ab375d161f6c82e72d401 2025-02-06 18:01:51 +01:00
Julian Gassner
da22e0777e Fixed a bug that prevented the mfa to be enabled 2025-02-06 17:01:46 +00:00
Julian Gassner
0bfd2f901d Add possibility to remove mfa 2025-02-06 16:47:56 +00:00
Jamie Curnow
c4df89df1f
Fix dashboard loading loop and freezing the page 2025-02-06 13:38:47 +10:00
11 changed files with 634 additions and 522 deletions
Show Stats Expand all files Collapse all files

21
backend/internal/mfa.js
View File

@ -73,4 +73,25 @@ module.exports = {
.then(() => true); .then(() => true);
}); });
}, },
disableMfaForUser: (data, userId) => {
return authModel
.query()
.where('user_id', userId)
.first()
.then((auth) => {
if (!auth) {
throw new error.AuthError('User not found.');
}
return auth.verifyPassword(data.secret)
.then((valid) => {
if (!valid) {
throw new error.AuthError('Invalid password.');
}
return authModel
.query()
.where('user_id', userId)
.update({ mfa_enabled: false, mfa_secret: null });
});
});
},
}; };

50
backend/routes/mfa.js
View File

@ -1,12 +1,11 @@
const express = require('express'); const express = require('express');
const jwtdecode = require('../lib/express/jwt-decode'); const jwtdecode = require('../lib/express/jwt-decode');
const apiValidator = require('../lib/validator/api'); const apiValidator = require('../lib/validator/api');
const internalToken = require('../internal/token'); const schema = require('../schema');
const schema = require('../schema'); const internalMfa = require('../internal/mfa');
const internalMfa = require('../internal/mfa'); const qrcode = require('qrcode');
const qrcode = require('qrcode'); const speakeasy = require('speakeasy');
const speakeasy = require('speakeasy'); const userModel = require('../models/user');
const userModel = require('../models/user');
let router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
@ -14,24 +13,6 @@ let router = express.Router({
mergeParams: true mergeParams: true
}); });
router
.route('/')
.options((_, res) => {
res.sendStatus(204);
})
.get(async (req, res, next) => {
internalToken.getFreshToken(res.locals.access, {
expiry: (typeof req.query.expiry !== 'undefined' ? req.query.expiry : null),
scope: (typeof req.query.scope !== 'undefined' ? req.query.scope : null)
})
.then((data) => {
res.status(200)
.send(data);
})
.catch(next);
});
router router
.route('/create') .route('/create')
.post(jwtdecode(), (req, res, next) => { .post(jwtdecode(), (req, res, next) => {
@ -71,12 +52,13 @@ router
router router
.route('/enable') .route('/enable')
.post(jwtdecode(), (req, res, next) => { .post(jwtdecode(), (req, res, next) => {
apiValidator(schema.getValidationSchema('/mfa', 'post'), req.body).then((params) => { apiValidator(schema.getValidationSchema('/mfa/enable', 'post'), req.body).then((params) => {
internalMfa.enableMfaForUser(res.locals.access.token.getUserId(), params.token) internalMfa.enableMfaForUser(res.locals.access.token.getUserId(), params.token)
.then(() => res.status(200).send({ success: true })) .then(() => res.status(200).send({ success: true }))
.catch(next); .catch(next);
} }
);}); ).catch(next);
});
router router
.route('/check') .route('/check')
@ -86,4 +68,14 @@ router
.catch(next); .catch(next);
}); });
router
.route('/delete')
.delete(jwtdecode(), (req, res, next) => {
apiValidator(schema.getValidationSchema('/mfa/delete', 'delete'), req.body).then((params) => {
internalMfa.disableMfaForUser(params, res.locals.access.token.getUserId())
.then(() => res.status(200).send({ success: true }))
.catch(next);
}).catch(next);
});
module.exports = router; module.exports = router;

44
backend/schema/paths/mfa/delete/delete.json Normal file
View File

@ -0,0 +1,44 @@
{
"operationId": "disableMfa",
"summary": "Disable multi-factor authentication for a user",
"tags": [
"MFA"
],
"requestBody": {
"description": "Payload to disable MFA",
"required": true,
"content": {
"application/json": {
"schema": {
"additionalProperties": false,
"properties": {
"secret": {
"type": "string",
"minLength": 1
}
},
"required": [
"secret"
]
}
}
}
},
"responses": {
"200": {
"description": "MFA disabled successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
}
}
}
}
}
}
}
}

11
backend/schema/paths/mfa/post.json → backend/schema/paths/mfa/enable/post.json
View File

@ -1,14 +1,15 @@
{ {
"operationId": "enableMfa", "operationId": "enableMfa",
"summary": "Enable multi-factor authentication for a user", "summary": "Enable multi-factor authentication for a user",
"tags": ["MFA"], "tags": [
"MFA"
],
"requestBody": { "requestBody": {
"description": "MFA Token Payload", "description": "MFA Token Payload",
"required": true, "required": true,
"content": { "content": {
"application/json": { "application/json": {
"schema": { "schema": {
"type": "object",
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"token": { "token": {
@ -16,7 +17,9 @@
"minLength": 1 "minLength": 1
} }
}, },
"required": ["token"] "required": [
"token"
]
} }
} }
} }
@ -38,4 +41,4 @@
} }
} }
} }
} }

9
backend/schema/swagger.json
View File

@ -15,9 +15,14 @@
"$ref": "./paths/get.json" "$ref": "./paths/get.json"
} }
}, },
"/mfa": { "/mfa/enable": {
"post": { "post": {
"$ref": "./paths/mfa/post.json" "$ref": "./paths/mfa/enable/post.json"
}
},
"/mfa/delete": {
"delete": {
"$ref": "./paths/mfa/delete/delete.json"
} }
}, },
"/audit-log": { "/audit-log": {

3
frontend/js/app/api.js
View File

@ -211,6 +211,9 @@ module.exports = {
}, },
check: function () { check: function () {
return fetch('get', 'mfa/check'); return fetch('get', 'mfa/check');
},
delete: function (secret) {
return fetch('delete', 'mfa/delete', {secret: secret});
} }
}, },

806
frontend/js/app/controller.js
View File

@ -4,444 +4,438 @@ const Tokens = require('./tokens');
module.exports = { module.exports = {
/** /**
* @param {String} route * @param {String} route
* @param {Object} [options] * @param {Object} [options]
* @returns {Boolean} * @returns {Boolean}
*/ */
navigate: function (route, options) { navigate: function (route, options) {
options = options || {}; options = options || {};
Backbone.history.navigate(route.toString(), options); Backbone.history.navigate(route.toString(), options);
return true; return true;
}, },
/** /**
* Login * Login
*/ */
showLogin: function () { showLogin: function () {
window.location = '/login'; window.location = '/login';
}, },
/** /**
* Users * Users
*/ */
showUsers: function () { showUsers: function () {
let controller = this; const controller = this;
if (Cache.User.isAdmin()) { if (Cache.User.isAdmin()) {
require(['./main', './users/main'], (App, View) => { require(['./main', './users/main'], (App, View) => {
controller.navigate('/users'); controller.navigate('/users');
App.UI.showAppContent(new View()); App.UI.showAppContent(new View());
}); });
} else { } else {
this.showDashboard(); this.showDashboard();
} }
}, },
/** /**
* User Form * User Form
* *
* @param [model] * @param [model]
*/ */
showUserForm: function (model) { showUserForm: function (model) {
if (Cache.User.isAdmin()) { if (Cache.User.isAdmin()) {
require(['./main', './user/form'], function (App, View) { require(['./main', './user/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* User Permissions Form * User Permissions Form
* *
* @param model * @param model
*/ */
showUserPermissions: function (model) { showUserPermissions: function (model) {
if (Cache.User.isAdmin()) { if (Cache.User.isAdmin()) {
require(['./main', './user/permissions'], function (App, View) { require(['./main', './user/permissions'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* User Password Form * User Password Form
* *
* @param model * @param model
*/ */
showUserPasswordForm: function (model) { showUserPasswordForm: function (model) {
if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) { if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
require(['./main', './user/password'], function (App, View) { require(['./main', './user/password'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* User Delete Confirm * User Delete Confirm
* *
* @param model * @param model
*/ */
showUserDeleteConfirm: function (model) { showUserDeleteConfirm: function (model) {
if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) { if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
require(['./main', './user/delete'], function (App, View) { require(['./main', './user/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Dashboard * Dashboard
*/ */
showDashboard: function () { showDashboard: function () {
let controller = this; const controller = this;
require(['./main', './dashboard/main'], (App, View) => {
controller.navigate('/');
App.UI.showAppContent(new View());
});
},
require(['./main', './dashboard/main'], (App, View) => { /**
controller.navigate('/'); * Nginx Proxy Hosts
App.UI.showAppContent(new View()); */
}); showNginxProxy: function () {
}, if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
const controller = this;
/** require(['./main', './nginx/proxy/main'], (App, View) => {
* Nginx Proxy Hosts controller.navigate('/nginx/proxy');
*/ App.UI.showAppContent(new View());
showNginxProxy: function () { });
if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) { }
let controller = this; },
require(['./main', './nginx/proxy/main'], (App, View) => { /**
controller.navigate('/nginx/proxy'); * Nginx Proxy Host Form
App.UI.showAppContent(new View()); *
}); * @param [model]
} */
}, showNginxProxyForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
require(['./main', './nginx/proxy/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/** /**
* Nginx Proxy Host Form * Proxy Host Delete Confirm
* *
* @param [model] * @param model
*/ */
showNginxProxyForm: function (model) { showNginxProxyDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
require(['./main', './nginx/proxy/form'], function (App, View) { require(['./main', './nginx/proxy/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Proxy Host Delete Confirm * Nginx Redirection Hosts
* */
* @param model showNginxRedirection: function () {
*/ if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
showNginxProxyDeleteConfirm: function (model) { const controller = this;
if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) { require(['./main', './nginx/redirection/main'], (App, View) => {
require(['./main', './nginx/proxy/delete'], function (App, View) { controller.navigate('/nginx/redirection');
App.UI.showModalDialog(new View({model: model})); App.UI.showAppContent(new View());
}); });
} }
}, },
/** /**
* Nginx Redirection Hosts * Nginx Redirection Host Form
*/ *
showNginxRedirection: function () { * @param [model]
if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) { */
let controller = this; showNginxRedirectionForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
require(['./main', './nginx/redirection/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
require(['./main', './nginx/redirection/main'], (App, View) => { /**
controller.navigate('/nginx/redirection'); * Proxy Redirection Delete Confirm
App.UI.showAppContent(new View()); *
}); * @param model
} */
}, showNginxRedirectionDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
require(['./main', './nginx/redirection/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/** /**
* Nginx Redirection Host Form * Nginx Stream Hosts
* */
* @param [model] showNginxStream: function () {
*/ if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
showNginxRedirectionForm: function (model) { const controller = this;
if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { require(['./main', './nginx/stream/main'], (App, View) => {
require(['./main', './nginx/redirection/form'], function (App, View) { controller.navigate('/nginx/stream');
App.UI.showModalDialog(new View({model: model})); App.UI.showAppContent(new View());
}); });
} }
}, },
/** /**
* Proxy Redirection Delete Confirm * Stream Form
* *
* @param model * @param [model]
*/ */
showNginxRedirectionDeleteConfirm: function (model) { showNginxStreamForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) { if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
require(['./main', './nginx/redirection/delete'], function (App, View) { require(['./main', './nginx/stream/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Nginx Stream Hosts * Stream Delete Confirm
*/ *
showNginxStream: function () { * @param model
if (Cache.User.isAdmin() || Cache.User.canView('streams')) { */
let controller = this; showNginxStreamDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
require(['./main', './nginx/stream/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
require(['./main', './nginx/stream/main'], (App, View) => { /**
controller.navigate('/nginx/stream'); * Nginx Dead Hosts
App.UI.showAppContent(new View()); */
}); showNginxDead: function () {
} if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
}, const controller = this;
require(['./main', './nginx/dead/main'], (App, View) => {
controller.navigate('/nginx/404');
App.UI.showAppContent(new View());
});
}
},
/** /**
* Stream Form * Dead Host Form
* *
* @param [model] * @param [model]
*/ */
showNginxStreamForm: function (model) { showNginxDeadForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
require(['./main', './nginx/stream/form'], function (App, View) { require(['./main', './nginx/dead/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Stream Delete Confirm * Dead Host Delete Confirm
* *
* @param model * @param model
*/ */
showNginxStreamDeleteConfirm: function (model) { showNginxDeadDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('streams')) { if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
require(['./main', './nginx/stream/delete'], function (App, View) { require(['./main', './nginx/dead/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Nginx Dead Hosts * Help Dialog
*/ *
showNginxDead: function () { * @param {String} title
if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) { * @param {String} content
let controller = this; */
showHelp: function (title, content) {
require(['./main', './help/main'], function (App, View) {
App.UI.showModalDialog(new View({title: title, content: content}));
});
},
require(['./main', './nginx/dead/main'], (App, View) => { /**
controller.navigate('/nginx/404'); * Nginx Access
App.UI.showAppContent(new View()); */
}); showNginxAccess: function () {
} if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
}, const controller = this;
require(['./main', './nginx/access/main'], (App, View) => {
controller.navigate('/nginx/access');
App.UI.showAppContent(new View());
});
}
},
/** /**
* Dead Host Form * Nginx Access List Form
* *
* @param [model] * @param [model]
*/ */
showNginxDeadForm: function (model) { showNginxAccessListForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
require(['./main', './nginx/dead/form'], function (App, View) { require(['./main', './nginx/access/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Dead Host Delete Confirm * Access List Delete Confirm
* *
* @param model * @param model
*/ */
showNginxDeadDeleteConfirm: function (model) { showNginxAccessListDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) { if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
require(['./main', './nginx/dead/delete'], function (App, View) { require(['./main', './nginx/access/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Help Dialog * Nginx Certificates
* */
* @param {String} title showNginxCertificates: function () {
* @param {String} content if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
*/ const controller = this;
showHelp: function (title, content) { require(['./main', './nginx/certificates/main'], (App, View) => {
require(['./main', './help/main'], function (App, View) { controller.navigate('/nginx/certificates');
App.UI.showModalDialog(new View({title: title, content: content})); App.UI.showAppContent(new View());
}); });
}, }
},
/** /**
* Nginx Access * Nginx Certificate Form
*/ *
showNginxAccess: function () { * @param [model]
if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) { */
let controller = this; showNginxCertificateForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
require(['./main', './nginx/certificates/form'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
require(['./main', './nginx/access/main'], (App, View) => { /**
controller.navigate('/nginx/access'); * Certificate Renew
App.UI.showAppContent(new View()); *
}); * @param model
} */
}, showNginxCertificateRenew: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
require(['./main', './nginx/certificates/renew'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/** /**
* Nginx Access List Form * Certificate Delete Confirm
* *
* @param [model] * @param model
*/ */
showNginxAccessListForm: function (model) { showNginxCertificateDeleteConfirm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
require(['./main', './nginx/access/form'], function (App, View) { require(['./main', './nginx/certificates/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Access List Delete Confirm * Certificate Test Reachability
* *
* @param model * @param model
*/ */
showNginxAccessListDeleteConfirm: function (model) { showNginxCertificateTestReachability: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) { if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
require(['./main', './nginx/access/delete'], function (App, View) { require(['./main', './nginx/certificates/test'], function (App, View) {
App.UI.showModalDialog(new View({model: model})); App.UI.showModalDialog(new View({model: model}));
}); });
} }
}, },
/** /**
* Nginx Certificates * Audit Log
*/ */
showNginxCertificates: function () { showAuditLog: function () {
if (Cache.User.isAdmin() || Cache.User.canView('certificates')) { const controller = this;
let controller = this; if (Cache.User.isAdmin()) {
require(['./main', './audit-log/main'], (App, View) => {
controller.navigate('/audit-log');
App.UI.showAppContent(new View());
});
} else {
this.showDashboard();
}
},
require(['./main', './nginx/certificates/main'], (App, View) => { /**
controller.navigate('/nginx/certificates'); * Audit Log Metadata
App.UI.showAppContent(new View()); *
}); * @param model
} */
}, showAuditMeta: function (model) {
if (Cache.User.isAdmin()) {
require(['./main', './audit-log/meta'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/** /**
* Nginx Certificate Form * Settings
* */
* @param [model] showSettings: function () {
*/ const controller = this;
showNginxCertificateForm: function (model) { if (Cache.User.isAdmin()) {
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { require(['./main', './settings/main'], (App, View) => {
require(['./main', './nginx/certificates/form'], function (App, View) { controller.navigate('/settings');
App.UI.showModalDialog(new View({model: model})); App.UI.showAppContent(new View());
}); });
} } else {
}, this.showDashboard();
}
},
/** /**
* Certificate Renew * Settings Item Form
* *
* @param model * @param model
*/ */
showNginxCertificateRenew: function (model) { showSettingForm: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { if (Cache.User.isAdmin()) {
require(['./main', './nginx/certificates/renew'], function (App, View) { if (model.get('id') === 'default-site') {
App.UI.showModalDialog(new View({model: model})); require(['./main', './settings/default-site/main'], function (App, View) {
}); App.UI.showModalDialog(new View({model: model}));
} });
}, }
}
},
/** /**
* Certificate Delete Confirm * Logout
* */
* @param model logout: function () {
*/ Tokens.dropTopToken();
showNginxCertificateDeleteConfirm: function (model) { this.showLogin();
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) { }
require(['./main', './nginx/certificates/delete'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/**
* Certificate Test Reachability
*
* @param model
*/
showNginxCertificateTestReachability: function (model) {
if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
require(['./main', './nginx/certificates/test'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/**
* Audit Log
*/
showAuditLog: function () {
let controller = this;
if (Cache.User.isAdmin()) {
require(['./main', './audit-log/main'], (App, View) => {
controller.navigate('/audit-log');
App.UI.showAppContent(new View());
});
} else {
this.showDashboard();
}
},
/**
* Audit Log Metadata
*
* @param model
*/
showAuditMeta: function (model) {
if (Cache.User.isAdmin()) {
require(['./main', './audit-log/meta'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
},
/**
* Settings
*/
showSettings: function () {
let controller = this;
if (Cache.User.isAdmin()) {
require(['./main', './settings/main'], (App, View) => {
controller.navigate('/settings');
App.UI.showAppContent(new View());
});
} else {
this.showDashboard();
}
},
/**
* Settings Item Form
*
* @param model
*/
showSettingForm: function (model) {
if (Cache.User.isAdmin()) {
if (model.get('id') === 'default-site') {
require(['./main', './settings/default-site/main'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
}
}
},
/**
* Logout
*/
logout: function () {
Tokens.dropTopToken();
this.showLogin();
}
}; };

132
frontend/js/app/dashboard/main.js
View File

@ -6,85 +6,85 @@ const Helpers = require('../../lib/helpers');
const template = require('./main.ejs'); const template = require('./main.ejs');
module.exports = Mn.View.extend({ module.exports = Mn.View.extend({
template: template, template: template,
id: 'dashboard', id: 'dashboard',
columns: 0, columns: 0,
stats: {}, stats: {},
ui: { ui: {
links: 'a' links: 'a'
}, },
events: { events: {
'click @ui.links': function (e) { 'click @ui.links': function (e) {
e.preventDefault(); e.preventDefault();
Controller.navigate($(e.currentTarget).attr('href'), true); Controller.navigate($(e.currentTarget).attr('href'), true);
} }
}, },
templateContext: function () { templateContext: function () {
let view = this; const view = this;
return { return {
getUserName: function () { getUserName: function () {
return Cache.User.get('nickname') || Cache.User.get('name'); return Cache.User.get('nickname') || Cache.User.get('name');
}, },
getHostStat: function (type) { getHostStat: function (type) {
if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') { if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
return Helpers.niceNumber(view.stats.hosts[type]); return Helpers.niceNumber(view.stats.hosts[type]);
} }
return '-'; return '-';
}, },
canShow: function (perm) { canShow: function (perm) {
return Cache.User.isAdmin() || Cache.User.canView(perm); return Cache.User.isAdmin() || Cache.User.canView(perm);
}, },
columns: view.columns columns: view.columns
}; };
}, },
onRender: function () { onRender: function () {
let view = this; const view = this;
if (typeof view.stats.hosts === 'undefined') {
Api.Reports.getHostStats()
.then(response => {
if (!view.isDestroyed()) {
view.stats.hosts = response;
view.render();
}
})
.catch(err => {
console.log(err);
});
}
},
Api.Reports.getHostStats() /**
.then(response => { * @param {Object} [model]
if (!view.isDestroyed()) { */
view.stats.hosts = response; preRender: function (model) {
view.render(); this.columns = 0;
}
})
.catch(err => {
console.log(err);
});
},
/** // calculate the available columns based on permissions for the objects
* @param {Object} [model] // and store as a variable
*/ const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
preRender: function (model) {
this.columns = 0;
// calculate the available columns based on permissions for the objects perms.map(perm => {
// and store as a variable this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
//let view = this; });
let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
perms.map(perm => { // Prevent double rendering on initial calls
this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0; if (typeof model !== 'undefined') {
}); this.render();
}
},
// Prevent double rendering on initial calls initialize: function () {
if (typeof model !== 'undefined') { this.preRender();
this.render(); this.listenTo(Cache.User, 'change', this.preRender);
} }
},
initialize: function () {
this.preRender();
this.listenTo(Cache.User, 'change', this.preRender);
}
}); });

14
frontend/js/app/user/form.ejs
View File

@ -27,12 +27,22 @@
</div> </div>
<div class="col-sm-12 col-md-12"> <div class="col-sm-12 col-md-12">
<label class="form-label mfa-label" style="display: none;"><%- i18n('mfa', 'mfa') %></label> <label class="form-label mfa-label"><%- i18n('mfa', 'mfa') %></label>
<button type="button" class="btn btn-info add-mfa"><%- i18n('mfa', 'add-mfa') %></button> <button type="button" class="btn btn-info mfa-add"><%- i18n('mfa', 'mfa-add') %></button>
<button type="button" class="btn btn-danger mfa-remove" style="display: none;"><%- i18n('mfa', 'mfa-remove') %></button>
<div class="mfa-remove-confirm-container" style="display: none;">
<div class="form-group">
<label class="form-label"><%- i18n('mfa', 'confirm-password') %></label>
<input name="mfa_password" type="password" class="form-control mfa-remove-password-field" placeholder="<%- i18n('mfa', 'enter-password') %>">
<div class="invalid-feedback mfa-error"></div>
</div>
<button type="button" class="btn btn-danger mfa-remove-confirm"><%- i18n('mfa', 'confirm-remove-mfa') %></button>
</div>
<p class="qr-instructions" style="display: none;"><%- i18n('mfa', 'mfa-setup-instruction') %></p> <p class="qr-instructions" style="display: none;"><%- i18n('mfa', 'mfa-setup-instruction') %></p>
<div class="mfa-validation-container" style="display: none;"> <div class="mfa-validation-container" style="display: none;">
<label class="form-label"><%- i18n('mfa', 'mfa-token') %> <span class="form-required">*</span></label> <label class="form-label"><%- i18n('mfa', 'mfa-token') %> <span class="form-required">*</span></label>
<input name="mfa_validation" type="text" class="form-control" placeholder="000000" value=""> <input name="mfa_validation" type="text" class="form-control" placeholder="000000" value="">
<div class="invalid-feedback mfa-error"></div>
</div> </div>
</div> </div>

58
frontend/js/app/user/form.js
View File

@ -15,10 +15,14 @@ module.exports = Mn.View.extend({
cancel: 'button.cancel', cancel: 'button.cancel',
save: 'button.save', save: 'button.save',
error: '.secret-error', error: '.secret-error',
addMfa: '.add-mfa', mfaError: '.mfa-error',
mfaLabel: '.mfa-label', // added binding addMfa: '.mfa-add',
mfaValidation: '.mfa-validation-container', // added binding mfaValidation: '.mfa-validation-container',
qrInstructions: '.qr-instructions' // added binding for instructions qrInstructions: '.qr-instructions',
removeMfa: '.mfa-remove',
removeMfaConfirmContainer: '.mfa-remove-confirm-container',
removeMfaConfirm: '.mfa-remove-confirm',
removeMfaPassword: '.mfa-remove-password-field'
}, },
events: { events: {
@ -29,9 +33,9 @@ module.exports = Mn.View.extend({
let view = this; let view = this;
let data = this.ui.form.serializeJSON(); let data = this.ui.form.serializeJSON();
// Save "mfa_validation" value and remove it from data
let mfaToken = data.mfa_validation; let mfaToken = data.mfa_validation;
delete data.mfa_validation; delete data.mfa_validation;
delete data.mfa_password;
let show_password = this.model.get('email') === 'admin@example.com'; let show_password = this.model.get('email') === 'admin@example.com';
@ -73,9 +77,13 @@ module.exports = Mn.View.extend({
if (mfaToken) { if (mfaToken) {
return App.Api.Mfa.enable(mfaToken) return App.Api.Mfa.enable(mfaToken)
.then(() => result); .then(() => result)
.catch(err => {
view.ui.mfaError.text(err.message).show();
err.mfaHandled = true;
return Promise.reject(err);
});
} }
console.log(result);
return result; return result;
}) })
.then(result => { .then(result => {
@ -89,7 +97,9 @@ module.exports = Mn.View.extend({
}); });
}) })
.catch(err => { .catch(err => {
this.ui.error.text(err.message).show(); if (!err.mfaHandled) {
this.ui.error.text(err.message).show();
}
this.ui.buttons.prop('disabled', false).removeClass('btn-disabled'); this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
}); });
}, },
@ -106,6 +116,31 @@ module.exports = Mn.View.extend({
.catch(err => { .catch(err => {
view.ui.error.text(err.message).show(); view.ui.error.text(err.message).show();
}); });
},
'click @ui.removeMfa': function (e) {
// Show confirmation section with a password field and confirm button
this.ui.removeMfa.hide();
this.ui.removeMfaConfirmContainer.show();
},
'click @ui.removeMfaConfirm': function (e) {
let view = this;
let password = view.ui.removeMfaPassword.val();
if (!password) {
view.ui.error.text('Password required to remove MFA').show();
return;
}
App.Api.Mfa.delete(password)
.then(() => {
view.ui.addMfa.show();
view.ui.qrInstructions.hide();
view.ui.mfaValidation.hide();
view.ui.removeMfaConfirmContainer.hide();
view.ui.removeMfa.hide();
view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
})
.catch(err => {
view.ui.mfaError.text(err.message).show();
});
} }
}, },
@ -143,16 +178,17 @@ module.exports = Mn.View.extend({
.then(response => { .then(response => {
if (response.active) { if (response.active) {
view.ui.addMfa.hide(); view.ui.addMfa.hide();
view.ui.mfaLabel.hide();
view.ui.qrInstructions.hide(); view.ui.qrInstructions.hide();
view.ui.mfaValidation.hide(); view.ui.mfaValidation.hide();
// Remove required attribute if MFA is active & field is hidden view.ui.removeMfa.show();
view.ui.removeMfaConfirmContainer.hide();
view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required'); view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
} else { } else {
view.ui.addMfa.show(); view.ui.addMfa.show();
view.ui.mfaLabel.show();
view.ui.qrInstructions.hide(); view.ui.qrInstructions.hide();
view.ui.mfaValidation.hide(); view.ui.mfaValidation.hide();
view.ui.removeMfa.hide();
view.ui.removeMfaConfirmContainer.hide();
view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required'); view.ui.mfaValidation.find('input[name="mfa_validation"]').removeAttr('required');
} }
}) })

8
frontend/js/i18n/messages.json
View File

@ -39,9 +39,13 @@
}, },
"mfa": { "mfa": {
"mfa": "Multi Factor Authentication", "mfa": "Multi Factor Authentication",
"add-mfa": "Generate secret", "mfa-add": "Add Multi Factor Authentication",
"mfa-remove": "Remove Multi Factor Authentication",
"mfa-setup-instruction": "Scan this QR code in your authenticator app to set up MFA and then enter the current MFA code in the input field.", "mfa-setup-instruction": "Scan this QR code in your authenticator app to set up MFA and then enter the current MFA code in the input field.",
"mfa-token": "Multi factor authentication token" "mfa-token": "Multi factor authentication token",
"confirm-password": "Please enter your password to confirm",
"enter-password": "Enter Password",
"confirm-remove-mfa": "Confirm Multi Factor Authentication removal"
}, },
"login": { "login": {
"title": "Login to your account", "title": "Login to your account",