sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync DNS2 production changes - removed obsolete test suite and refactored structure

Browse Source
This commit is contained in:
Krystie
2026-03-23 10:47:15 +01:00
parent 1ac50918ab
commit d76644d948
288 changed files with 8965 additions and 15731 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
dashcaddy-api/middleware.js
View File

@@ -27,7 +27,7 @@ const { CACHE_CONFIGS, createCache } = require('./cache-config');
module.exports = function configureMiddleware(app, {
siteConfig, totpConfig, tailscaleConfig,
metrics, auditLogger, authManager, log, cryptoUtils,
isValidContainerId, isTailscaleIP, getTailscaleStatus,
isValidContainerId, isTailscaleIP, getTailscaleStatus
}) {
// ── Container ID param validation ──
@@ -44,7 +44,7 @@ module.exports = function configureMiddleware(app, {
app.use(cors({
origin: corsOrigins,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
credentials: true,
credentials: true
}));
// ── Security headers with Helmet ──
@@ -54,16 +54,16 @@ module.exports = function configureMiddleware(app, {
defaultSrc: ["'self'"],
styleSrc: ["'self'"],
scriptSrc: ["'self'"],
imgSrc: ["'self'", 'data:', 'https:'],
imgSrc: ["'self'", "data:", "https:"],
connectSrc: ["'self'"],
fontSrc: ["'self'", 'data:'],
fontSrc: ["'self'", "data:"],
objectSrc: ["'none'"],
mediaSrc: ["'self'"],
frameSrc: ["'none'"],
},
frameSrc: ["'none'"]
}
},
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: { policy: 'cross-origin' },
crossOriginResourcePolicy: { policy: "cross-origin" }
}));
// ── Trust proxy (one hop — Caddy) ──
@@ -95,7 +95,7 @@ module.exports = function configureMiddleware(app, {
if (req.path !== '/health' && req.path !== '/api/health') {
const level = res.statusCode >= 500 ? 'error' : res.statusCode >= 400 ? 'warn' : 'debug';
log[level]('http', `${req.method} ${req.path} ${res.statusCode}`, {
ms: duration, ip: req.ip, id: req.id,
ms: duration, ip: req.ip, id: req.id
});
}
});
@@ -128,7 +128,7 @@ module.exports = function configureMiddleware(app, {
success: false,
error: '[DC-120] Access denied. This dashboard requires Tailscale connection.',
requiresTailscale: true,
clientIP: clientIP,
clientIP: clientIP
});
}
@@ -151,7 +151,7 @@ module.exports = function configureMiddleware(app, {
success: false,
error: '[DC-121] Access denied. Device not in allowed tailnet.',
requiresTailscale: true,
clientIP,
clientIP
});
}
}
@@ -178,7 +178,7 @@ module.exports = function configureMiddleware(app, {
'8h': 8 * 60 * 60 * 1000,
'12h': 12 * 60 * 60 * 1000,
'24h': 24 * 60 * 60 * 1000,
'never': null,
'never': null
};
// IP-based session store (solves cross-domain cookie issues with .sami TLD)
@@ -222,7 +222,7 @@ module.exports = function configureMiddleware(app, {
const key = cryptoUtils.loadOrCreateKey();
const sig = crypto.createHmac('sha256', key).update(payloadB64).digest('base64url');
res.setHeader('Set-Cookie',
`${SESSION_COOKIE_NAME}=${payloadB64}.${sig}; Max-Age=${maxAge}; Path=/; HttpOnly; Secure; SameSite=Lax`,
`${SESSION_COOKIE_NAME}=${payloadB64}.${sig}; Max-Age=${maxAge}; Path=/; HttpOnly; Secure; SameSite=Lax`
);
}
@@ -254,7 +254,7 @@ module.exports = function configureMiddleware(app, {
function clearSessionCookie(res) {
res.setHeader('Set-Cookie',
`${SESSION_COOKIE_NAME}=; Max-Age=0; Path=/; HttpOnly; SameSite=Lax`,
`${SESSION_COOKIE_NAME}=; Max-Age=0; Path=/; HttpOnly; SameSite=Lax`
);
}
@@ -324,7 +324,7 @@ module.exports = function configureMiddleware(app, {
if (req.totpSessionValid || isSessionValid(req)) {
req.auth = {
type: 'session',
scope: ['admin'],
scope: ['admin']
};
return next();
}
@@ -340,7 +340,7 @@ module.exports = function configureMiddleware(app, {
req.auth = {
type: 'jwt',
userId: jwtPayload.userId,
scope: jwtPayload.scope || [],
scope: jwtPayload.scope || []
};
return next();
}
@@ -355,7 +355,7 @@ module.exports = function configureMiddleware(app, {
type: 'apikey',
keyId: keyData.keyId,
name: keyData.name,
scope: keyData.scopes || [],
scope: keyData.scopes || []
};
return next();
}
@@ -364,7 +364,7 @@ module.exports = function configureMiddleware(app, {
if (!totpConfig.enabled || totpConfig.sessionDuration === 'never') {
req.auth = {
type: 'none',
scope: ['admin'],
scope: ['admin']
};
return next();
}
@@ -372,7 +372,7 @@ module.exports = function configureMiddleware(app, {
return res.status(401).json({
success: false,
error: '[DC-110] Authentication required - provide TOTP session, JWT token, or API key',
requiresTotp: totpConfig.enabled,
requiresTotp: totpConfig.enabled
});
};
@@ -385,7 +385,7 @@ module.exports = function configureMiddleware(app, {
standardHeaders: true,
legacyHeaders: false,
skip: (req) => isTest || req.path === '/health' || req.path === '/api/health' || req.path.startsWith('/probe/') || req.path.startsWith('/api/auth/gate/') || req.path === '/api/totp/check-session' || req.path.endsWith('/health-checks/status') || req.path.endsWith('/csrf-token') || req.path === '/api/v1/dns/logs',
message: { success: false, error: 'Too many requests, please try again later' },
message: { success: false, error: 'Too many requests, please try again later' }
});
const strictLimiter = rateLimit({
@@ -393,7 +393,7 @@ module.exports = function configureMiddleware(app, {
standardHeaders: true,
legacyHeaders: false,
skip: () => isTest,
message: { success: false, error: 'Too many requests to this endpoint, please try again later' },
message: { success: false, error: 'Too many requests to this endpoint, please try again later' }
});
app.use(generalLimiter);
@@ -407,7 +407,7 @@ module.exports = function configureMiddleware(app, {
...RATE_LIMITS.TOTP,
standardHeaders: true,
legacyHeaders: false,
message: { success: false, error: 'Too many TOTP attempts, please try again later' },
message: { success: false, error: 'Too many TOTP attempts, please try again later' }
});
app.use('/api/totp/verify', totpLimiter);
app.use('/api/totp/verify-setup', totpLimiter);
@@ -425,6 +425,6 @@ module.exports = function configureMiddleware(app, {
clearIPSession,
clearSessionCookie,
isSessionValid,
ipSessions,
ipSessions
};
};