From d9d9a1a92a57d3c2a8046b205830d0d826d2463b Mon Sep 17 00:00:00 2001 From: Yasio Date: Thu, 15 Oct 2020 18:52:41 +0200 Subject: [PATCH] Allow request method restriction on domain (#174) * add limit_except generator to domain * revert package-lock.json * change from limit param to if statement in restrict methods * add response code input * fix scss --- .../generators/conf/website.conf.js | 12 + src/nginxconfig/i18n/en/common.js | 1 + .../en/templates/domain_sections/index.js | 3 +- .../en/templates/domain_sections/restrict.js | 30 ++ src/nginxconfig/scss/_fields.scss | 4 + .../templates/domain_sections/index.js | 1 + .../templates/domain_sections/restrict.vue | 294 ++++++++++++++++++ 7 files changed, 344 insertions(+), 1 deletion(-) create mode 100644 src/nginxconfig/i18n/en/templates/domain_sections/restrict.js create mode 100644 src/nginxconfig/templates/domain_sections/restrict.vue diff --git a/src/nginxconfig/generators/conf/website.conf.js b/src/nginxconfig/generators/conf/website.conf.js index f6e48da..5f44e99 100644 --- a/src/nginxconfig/generators/conf/website.conf.js +++ b/src/nginxconfig/generators/conf/website.conf.js @@ -166,6 +166,18 @@ export default (domain, domains, global) => { serverConfig.push(...securityConf(domains, global)); } + // Restrict Methods + if (Object.keys(domain.restrict).find(k => domain.restrict[k].computed && k !== 'responseCode')) { + const allowedKeys = Object.keys(domain.restrict) + .filter(k => !domain.restrict[k].computed && k !== 'responseCode') + .map(e => e.replace('Method', '').toUpperCase()); + + serverConfig.push(['# restrict methods', '']); + serverConfig.push([`if ($request_method !~ ^(${allowedKeys.join('|')})$)`, { + 'return': `'${domain.restrict.responseCode.computed}'`, + }]); + } + // Access log or error log for domain if (domain.logging.accessLog.computed || domain.logging.errorLog.computed) { serverConfig.push(['# logging', '']); diff --git a/src/nginxconfig/i18n/en/common.js b/src/nginxconfig/i18n/en/common.js index 01220a6..887536e 100644 --- a/src/nginxconfig/i18n/en/common.js +++ b/src/nginxconfig/i18n/en/common.js @@ -44,4 +44,5 @@ export default { logging: 'Logging', reverseProxy: 'Reverse proxy', reverseProxyLower: 'reverse proxy', + restrict: 'Restrict', }; diff --git a/src/nginxconfig/i18n/en/templates/domain_sections/index.js b/src/nginxconfig/i18n/en/templates/domain_sections/index.js index d004d9f..95c3f88 100644 --- a/src/nginxconfig/i18n/en/templates/domain_sections/index.js +++ b/src/nginxconfig/i18n/en/templates/domain_sections/index.js @@ -32,5 +32,6 @@ import python from './python'; import reverseProxy from './reverse_proxy'; import routing from './routing'; import server from './server'; +import restrict from './restrict'; -export default { https, logging, php, presets, python, reverseProxy, routing, server }; +export default { https, logging, php, presets, python, reverseProxy, routing, server, restrict }; diff --git a/src/nginxconfig/i18n/en/templates/domain_sections/restrict.js b/src/nginxconfig/i18n/en/templates/domain_sections/restrict.js new file mode 100644 index 0000000..c509814 --- /dev/null +++ b/src/nginxconfig/i18n/en/templates/domain_sections/restrict.js @@ -0,0 +1,30 @@ +/* +Copyright 2020 DigitalOcean + +This code is licensed under the MIT License. +You may obtain a copy of the License at +https://github.com/digitalocean/nginxconfig.io/blob/master/LICENSE or https://mit-license.org/ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions : + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +export default { + disableForThisDomain: 'disable for this domain', + responseCode: 'Response code', +}; diff --git a/src/nginxconfig/scss/_fields.scss b/src/nginxconfig/scss/_fields.scss index 7a38e87..fbfc76d 100644 --- a/src/nginxconfig/scss/_fields.scss +++ b/src/nginxconfig/scss/_fields.scss @@ -128,6 +128,10 @@ THE SOFTWARE. } } } + + input.is-danger { + border-color: $danger; + } } } diff --git a/src/nginxconfig/templates/domain_sections/index.js b/src/nginxconfig/templates/domain_sections/index.js index 3ceb5df..0ca10e6 100644 --- a/src/nginxconfig/templates/domain_sections/index.js +++ b/src/nginxconfig/templates/domain_sections/index.js @@ -31,3 +31,4 @@ export { default as Python } from './python'; export { default as ReverseProxy } from './reverse_proxy'; export { default as Routing } from './routing'; export { default as Logging } from './logging'; +export { default as Restrict } from './restrict'; diff --git a/src/nginxconfig/templates/domain_sections/restrict.vue b/src/nginxconfig/templates/domain_sections/restrict.vue new file mode 100644 index 0000000..36a4357 --- /dev/null +++ b/src/nginxconfig/templates/domain_sections/restrict.vue @@ -0,0 +1,294 @@ + + + + +