From bd8411fa2e6da6a0613cd48617b7b1b19a3e91c7 Mon Sep 17 00:00:00 2001
From: Elias Ruemmler <elias.ruemmler@de.bosch.com>
Date: Wed, 10 Oct 2018 14:35:55 +0200
Subject: [PATCH] Security hotfix

Access only from the same machine (IP based).
---
 HueHookServer/HookReceiver.cs | 19 ++++++++++++++++++-
 HueHookServer/Program.cs      |  5 ++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/HueHookServer/HookReceiver.cs b/HueHookServer/HookReceiver.cs
index 09748bc..7b34de6 100644
--- a/HueHookServer/HookReceiver.cs
+++ b/HueHookServer/HookReceiver.cs
@@ -42,6 +42,16 @@ public override void HandleGetRequest(HttpProcessor p)
         {
             try
             {
+                var remoteIp = getRemoteIp(p);
+                Console.WriteLine("remote endpoint IP: " + remoteIp);
+
+                if (!IPAddress.Equals(Program.ServerIp, remoteIp))
+                {
+                    Console.ForegroundColor = ConsoleColor.Red;
+                    Console.WriteLine("Access denied, remote IP not allowed!");
+                    Console.ResetColor();
+                }
+
                 if (p.HttpUrl.StartsWith("/favicon.ico")) //many browsers ask for favicon.ico
                 {
                     p.WriteFailure();
@@ -127,6 +137,13 @@ public override void HandlePostRequest(HttpProcessor p, StreamReader inputData)
 
         #region Internal services
         
+        IPAddress getRemoteIp(HttpProcessor p)
+        {
+            if (p.Socket.Client.RemoteEndPoint.GetType() == typeof(IPEndPoint))
+                return ((IPEndPoint)p.Socket.Client.RemoteEndPoint).Address;
+            else
+                return null;
+        }
         
         #endregion Internal services
 
@@ -171,7 +188,7 @@ public static LightCommand ToLightCommand(this NameValueCollection parameters)
             }
             if (parameters.AllKeys.Contains("ct"))
             {
-                cmd.ColorTemperature = byte.Parse(parameters["ct"]);
+                cmd.ColorTemperature = int.Parse(parameters["ct"]);
                 Console.WriteLine("ColorTemperature: {0}", cmd.ColorTemperature);
             }
 
diff --git a/HueHookServer/Program.cs b/HueHookServer/Program.cs
index 602761d..1383c37 100644
--- a/HueHookServer/Program.cs
+++ b/HueHookServer/Program.cs
@@ -8,8 +8,10 @@
 
 namespace Rca.HueHookServer
 {
-    class Program
+    public class Program
     {
+        public static IPAddress ServerIp;
+
         static int Main(string[] args)
         {
             //Default-Port (8008 HTTP-Alternativ)
@@ -129,6 +131,7 @@ static int Main(string[] args)
             Console.WriteLine();
             #endregion
 
+            ServerIp = ip;
 
             HttpServer httpServer = new HookReceiver(ip, port);