Skip to content
This repository has been archived by the owner on Feb 16, 2024. It is now read-only.

Avoid to expose settings page #238

Closed
SylvainPer opened this issue Dec 10, 2020 · 5 comments
Closed

Avoid to expose settings page #238

SylvainPer opened this issue Dec 10, 2020 · 5 comments
Labels
FAQ Freqently asked questions

Comments

@SylvainPer
Copy link

Is your feature request related to a problem? Please describe.
I don't want to expose unnecessary pages, especially settings one.

Describe the solution you'd like
Only expose the needed pages.

I've modified the auth.py file:

oauthGetMappings` = {"/gapi/oauth": OAuthReqHandler.oauth,
                    "/gapi/login": OAuthReqHandler.login,
                    "/login": OAuthReqHandler.login}

oauthPostMappings = {"/login": OAuthReqHandler.login_post,
                    "/gapi/login": OAuthReqHandler.login_post,
                     "/gapi/token": OAuthReqHandler.token_post}

This modification can be inserted with a new option in the configuration file.

I've also modified the nginx configuration:

        location ~ ^/assistant/(.*)$ {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_pass http://127.0.0.1:3030/gapi/$1$is_args$args; #Local ipno to dzga
                proxy_read_timeout  90;
        }

and for the google link, i'm using:

https://MYURL/assistant/oauth
https://MYURL/assistant/token
@SylvainPer SylvainPer added the enhancement New feature or request label Dec 10, 2020
@DewGew DewGew pinned this issue Dec 10, 2020
@SylvainPer
Copy link
Author

SylvainPer commented Dec 13, 2020
edited
Loading

I forgot the smarthome.py modification:

    smarthomeGetMappings = {"/gapi/smarthome": SmartHomeReqHandler.smarthome,
                            "/gapi/sync": SmartHomeReqHandler.syncDevices,
                            "/settings": SmartHomeReqHandler.settings,
                            "/restart": SmartHomeReqHandler.restartServer}

    smarthomePostMappings = {"/gapi/smarthome": SmartHomeReqHandler.smarthome_post,
                             "/settings": SmartHomeReqHandler.settings_post}

This config was before the latest updates, the new links are missing.

@github-actions
Copy link

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

@github-actions github-actions bot added the Stale label Jan 13, 2021
@SylvainPer
Copy link
Author

@DewGew just to avoid to close it too early.

@Catfriend1
Copy link

Hi,

I've found a workaround to this: With Sophos UTM Home free, you can use the firewall's reverse proxy - also called WAF - and set protection rules for your web server like "hardening = enabled; entry urls = /oauth, /token, /smarthome" . This prevents anyone from outside accessing the /settings point while you can still reach it from internal by going to http://server-ip-local:3030/settings. The firewall also takes care of managing letsEncrypt certificates for https including auto renewal. You only need a domain (or dyndns) for that.

@SylvainPer
Copy link
Author

Hello @Catfriend1 , thanks for your answer but this solution is not available for rpi and lots of configurations are based on it.
My proposal is to update the paths configuration.

@DewGew DewGew added FAQ Freqently asked questions and removed enhancement New feature or request Stale labels May 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FAQ Freqently asked questions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Catfriend1 @DewGew @SylvainPer