Merge branch 'master' of https://github.com/ysrc/yulong-hids

ysrc · Apr 2, 2018 · 3e43578 · 3e43578
2 parents 4807d75 + 3a57c35
commit 3e43578
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -40,4 +40,9 @@ experiments/
 .vscode/
 __pycache__
 
-.DS_Store
+.DS_Store
+
+/server/cert.pem
+/server/private.pem
+.gdb_history
+peda-session-web.txt
diff --git a/web/conf/app-config-sample.conf b/web/conf/app-config-sample.conf
@@ -17,6 +17,10 @@ perloadcount = 500
 # Debug : 7
 loglevel=6
 
+# 设置hostname, 如果没设置则不会验证
+# 如果设置了，只有该host可以访问web页面,多个host以逗号隔开
+ylhostname = ""
+
 # 后台登录用户名
 username = "yulong"
 # passwordhex为登录密码的32位md5，默认密码为(带句号): All_life_is_a_game_of_luck. 

diff --git a/web/controllers/agentapi.go b/web/controllers/agentapi.go
@@ -1,10 +1,10 @@
 package controllers
 
-import "net/url"
-
 import (
+	"net/url"
 	"strings"
 	"yulong-hids/web/models"
+	"yulong-hids/web/utils"
 
 	"github.com/astaxie/beego"
 	"gopkg.in/mgo.v2/bson"
@@ -18,6 +18,17 @@ type AgentApiController struct {
 // Get agent will get publickey content and serverlist here
 func (c *AgentApiController) Get() {
 
+	// check hostname
+	hostname := beego.AppConfig.String("ylhostname")
+	allowHosts := strings.Split(hostname, ",")
+	if hostname != "" && !utils.StringInSlice(c.Ctx.Input.Host(), allowHosts) {
+		beego.Error("Hostname not correct.")
+		c.Ctx.Output.SetStatus(403)
+		c.Data["json"] = "Forbidden"
+		c.ServeJSON()
+		return
+	}
+
 	currentURL := c.Ctx.Request.RequestURI
 
 	if strings.Contains(currentURL, "publickey") {

diff --git a/web/controllers/base.go b/web/controllers/base.go
@@ -1,6 +1,7 @@
 package controllers
 
 import (
+	"strings"
 	"yulong-hids/web/settings"
 	"yulong-hids/web/utils"
 
@@ -17,6 +18,17 @@ type BaseController struct {
 // Prepare access Control, 2FA, csrf check and other security options
 func (c *BaseController) Prepare() {
 
+	// check hostname
+	hostname := beego.AppConfig.String("ylhostname")
+	allowHosts := strings.Split(hostname, ",")
+	if hostname != "" && !utils.StringInSlice(c.Ctx.Input.Host(), allowHosts) {
+		beego.Error("Hostname not correct.")
+		c.Ctx.Output.SetStatus(403)
+		c.Data["json"] = "Forbidden"
+		c.ServeJSON()
+		return
+	}
+
 	// only https be allowed
 	HTTPSOnly, _ := beego.AppConfig.Bool("OnlyHTTPS")
 	if HTTPSOnly && c.Ctx.Input.Scheme() != "https" &&

diff --git a/web/vendor/github.com/astaxie/beego/app.go b/web/vendor/github.com/astaxie/beego/app.go
diff --git a/web/views/notice.tpl b/web/views/notice.tpl
@@ -59,7 +59,7 @@
           <div class="messaging col-lg-12 col-md-12 col-sm-12 col-xs-12" ng-repeat="notice in noticelist" ng-if="currenttab == $index" ng-hide="currenttab != $index">
             <div class="heading">
               <div class="title">
-                <b>告警详情:</b>  ({{ notice.info }})
+                <b>告警详情:</b>  ({{ notice.info | cutWords:50 }})
                 <span class="{{ style.notice.status[notice.status] }} badge-icon">
                   <i class="fa fa-circle" aria-hidden="true"></i>
                   <span>{{ langtem.notice.data.status[ notice.status ] }}</span>