better code: centralize admin_net check

rejetto · rejetto · commit a6385bbea021 · 2025-06-21T14:41:35.000+02:00
diff --git a/src/adminApis.ts b/src/adminApis.ts
@@ -177,8 +177,6 @@ export const adminApis = {
 
 for (const [k, was] of typedEntries(adminApis))
     (adminApis[k] as any) = ((params, ctx) => {
-        if (!allowAdmin(ctx))
-            return new ApiError(HTTP_FORBIDDEN)
         if (ctxAdminAccess(ctx))
             return was(params, ctx)
         const props = { possible: anyAccountCanLoginAdmin() }
@@ -193,8 +191,10 @@ export const favicon = defineConfig('favicon', '')
 export const title = defineConfig('title', "File server")
 
 export function ctxAdminAccess(ctx: Koa.Context) {
-    return !ctx.ips.length // we consider localhost_admin only if no proxy is being used
-        && localhostAdmin.get() && isLocalHost(ctx)
+    if (preventAdminAccess(ctx))
+        return false
+    // for extra security, skip localhost_admin via proxy, even tho this prevents using it with local proxies, which is legit in principle
+    return !ctx.ips.length && localhostAdmin.get() && isLocalHost(ctx)
         || ctx.state.account && accountCanLoginAdmin(ctx.state.account)
 }
 
@@ -213,6 +213,6 @@ export function anyAccountCanLoginAdmin() {
     return Boolean(_.find(accounts.get(), accountCanLoginAdmin))
 }
 
-export function allowAdmin(ctx: Koa.Context) {
-    return isLocalHost(ctx) || adminNet.compiled()(ctx.ip)
+export function preventAdminAccess(ctx: Koa.Context) {
+    return !isLocalHost(ctx) && !adminNet.compiled()(ctx.ip)
 }
diff --git a/src/serveGuiAndSharedFiles.ts b/src/serveGuiAndSharedFiles.ts
@@ -13,7 +13,7 @@ import { Writable } from 'stream'
 import { serveFile, serveFileNode } from './serveFile'
 import { BUILD_TIMESTAMP, DEV, MIME_AUTO, VERSION } from './const'
 import { zipStreamFromFolder } from './zip'
-import { allowAdmin, favicon } from './adminApis'
+import { preventAdminAccess, favicon } from './adminApis'
 import { serveGuiFiles } from './serveGuiFiles'
 import mount from 'koa-mount'
 import { baseUrl } from './listen'
@@ -42,8 +42,7 @@ export const serveGuiAndSharedFiles: Koa.Middleware = async (ctx, next) => {
     if (path.length === ADMIN_URI.length - 1 && ADMIN_URI.startsWith(path))
         return ctx.redirect(ctx.state.revProxyPath + ADMIN_URI)
     if (path.startsWith(ADMIN_URI))
-        return allowAdmin(ctx) ? serveAdminPrefixed(ctx,next)
-            : sendErrorPage(ctx, HTTP_FORBIDDEN)
+        return preventAdminAccess(ctx) ? sendErrorPage(ctx, HTTP_FORBIDDEN) : serveAdminPrefixed(ctx, next)
     if (path.startsWith(ICONS_URI)) {
         const a = path.substring(ICONS_URI.length).split('/')
         const iconName = a.at(-1)
