mirror of
https://github.com/GNS3/gns3-server.git
synced 2024-12-21 05:43:12 +00:00
Unprotected access for websocket consoles.
Ref https://github.com/GNS3/gns3-gui/issues/2883#issuecomment-580677552
This commit is contained in:
parent
c313475f68
commit
3484a7dd3d
@ -469,6 +469,7 @@ class NodeHandler:
|
|||||||
})
|
})
|
||||||
async def ws_console(request, response):
|
async def ws_console(request, response):
|
||||||
|
|
||||||
|
print("HERE!")
|
||||||
project = await Controller.instance().get_loaded_project(request.match_info["project_id"])
|
project = await Controller.instance().get_loaded_project(request.match_info["project_id"])
|
||||||
node = project.get_node(request.match_info["node_id"])
|
node = project.get_node(request.match_info["node_id"])
|
||||||
compute = node.compute
|
compute = node.compute
|
||||||
|
@ -106,7 +106,8 @@ class Route(object):
|
|||||||
:returns: Response if you need to auth the user otherwise None
|
:returns: Response if you need to auth the user otherwise None
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not server_config.getboolean("auth", False):
|
# FIXME: ugly exception to not require authentication for websocket consoles
|
||||||
|
if not server_config.getboolean("auth", False) or request.path.endswith("console/ws"):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
user = server_config.get("user", "").strip()
|
user = server_config.get("user", "").strip()
|
||||||
@ -257,7 +258,7 @@ class Route(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
#FIXME: ugly exceptions for capture and websocket console
|
#FIXME: ugly exceptions for capture and websocket console
|
||||||
if "node_id" in request.match_info and not "pcap" in request.path and not "ws" in request.path:
|
if "node_id" in request.match_info and not "pcap" in request.path and not request.path.endswith("console/ws"):
|
||||||
node_id = request.match_info.get("node_id")
|
node_id = request.match_info.get("node_id")
|
||||||
|
|
||||||
if "compute" in request.path:
|
if "compute" in request.path:
|
||||||
|
Loading…
Reference in New Issue
Block a user