bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

enforce a 'deny all' default rule

Browse Source 
this ensures that an access list is 'secure by default' and requires the user to create exceptions or holes in the proection instead of building the wall entirely. This also means that we no longer require the user to input any username/passwords or client addressses and can avoid internal errors which generate unhelpful user errors.
This commit is contained in:
Kyle Klaus
2020-04-13 19:52:44 -07:00
parent 005e64eb9f
commit e2ee2cbf2d
3 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/access-list.js
View File

@ -25,10 +25,6 @@ const internalAccessList = {
create: (access, data) => {
return access.can('access_lists:create', data)
.then((/*access_data*/) => {
if ((typeof data.items === 'undefined' || !data.items.length) && (typeof data.clients === 'undefined' || !data.clients.length)) {
throw new error.InternalValidationError('At leaste one user/pass or address must be defined');
}
return accessListModel
.query()
.omit(omissions())
@ -114,10 +110,6 @@ const internalAccessList = {
update: (access, data) => {
return access.can('access_lists:update', data.id)
.then((/*access_data*/) => {
if ((typeof data.items === 'undefined' || !data.items.length) && (typeof data.clients === 'undefined' || !data.clients.length)) {
throw new error.InternalValidationError('At leaste one user/pass or address must be defined');
}
return internalAccessList.get(access, {id: data.id});
})
.then((row) => {