Merge pull request #4 from rmmlr/develop

Security hotfix
100prznt · Oct 10, 2018 · e4a63a5 · e4a63a5
2 parents 2945c9d + bd8411f
commit e4a63a5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/HueHookServer/HookReceiver.cs b/HueHookServer/HookReceiver.cs
@@ -42,6 +42,16 @@ public override void HandleGetRequest(HttpProcessor p)
         {
             try
             {
+                var remoteIp = getRemoteIp(p);
+                Console.WriteLine("remote endpoint IP: " + remoteIp);
+
+                if (!IPAddress.Equals(Program.ServerIp, remoteIp))
+                {
+                    Console.ForegroundColor = ConsoleColor.Red;
+                    Console.WriteLine("Access denied, remote IP not allowed!");
+                    Console.ResetColor();
+                }
+
                 if (p.HttpUrl.StartsWith("/favicon.ico")) //many browsers ask for favicon.ico
                 {
                     p.WriteFailure();
@@ -127,6 +137,13 @@ public override void HandlePostRequest(HttpProcessor p, StreamReader inputData)
 
         #region Internal services
 
+        IPAddress getRemoteIp(HttpProcessor p)
+        {
+            if (p.Socket.Client.RemoteEndPoint.GetType() == typeof(IPEndPoint))
+                return ((IPEndPoint)p.Socket.Client.RemoteEndPoint).Address;
+            else
+                return null;
+        }
 
         #endregion Internal services
 
@@ -171,7 +188,7 @@ public static LightCommand ToLightCommand(this NameValueCollection parameters)
             }
             if (parameters.AllKeys.Contains("ct"))
             {
-                cmd.ColorTemperature = byte.Parse(parameters["ct"]);
+                cmd.ColorTemperature = int.Parse(parameters["ct"]);
                 Console.WriteLine("ColorTemperature: {0}", cmd.ColorTemperature);
             }
 

diff --git a/HueHookServer/Program.cs b/HueHookServer/Program.cs
@@ -8,8 +8,10 @@
 
 namespace Rca.HueHookServer
 {
-    class Program
+    public class Program
     {
+        public static IPAddress ServerIp;
+
         static int Main(string[] args)
         {
             //Default-Port (8008 HTTP-Alternativ)
@@ -129,6 +131,7 @@ static int Main(string[] args)
             Console.WriteLine();
             #endregion
 
+            ServerIp = ip;
 
             HttpServer httpServer = new HookReceiver(ip, port);