Merge pull request #1904 from TryQuiet/hotfix/registrar-access

Add middleware for registrar server
TryQuiet · Oct 3, 2023 · e238887 · e238887
2 parents 7d577cf + 8c6e345
commit e238887
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/packages/backend/src/nest/connections-manager/connections-manager.service.ts b/packages/backend/src/nest/connections-manager/connections-manager.service.ts
@@ -397,11 +397,12 @@ export class ConnectionsManagerService extends EventEmitter implements OnModuleI
       this.serverIoProvider.io.emit(SocketActionTypes.SAVED_OWNER_CERTIFICATE, payload)
     })
     this.registrationService.on(RegistrationEvents.SPAWN_HS_FOR_REGISTRAR, async payload => {
-      await this.tor.spawnHiddenService({
+      const onionAddress = await this.tor.spawnHiddenService({
         targetPort: payload.port,
         privKey: payload.privateKey,
         virtPort: payload.targetPort,
       })
+      this.registrationService.onionAddress = onionAddress
     })
     this.registrationService.on(RegistrationEvents.ERROR, payload => {
       emitError(this.serverIoProvider.io, payload)

diff --git a/packages/backend/src/nest/registration/registration.service.ts b/packages/backend/src/nest/registration/registration.service.ts
@@ -27,6 +27,7 @@ import Logger from '../common/logger'
 @Injectable()
 export class RegistrationService extends EventEmitter implements OnModuleInit {
   private readonly logger = Logger(RegistrationService.name)
+  public onionAddress: string
   private _server: Server
   private _port: number
   public registrationService: any
@@ -42,7 +43,9 @@ export class RegistrationService extends EventEmitter implements OnModuleInit {
     this.on(RegistrationEvents.SET_CERTIFICATES, certs => {
       this.setCertificates(certs)
     })
-    this.setRouting()
+    // eslint-disable-next-line
+    const self = this
+    this.setRouting(self)
   }
 
   public setCertificates(certs: string[]) {
@@ -51,8 +54,17 @@ export class RegistrationService extends EventEmitter implements OnModuleInit {
 
   private pendingPromise: Promise<RegistrarResponse> | null = null
 
-  private setRouting() {
+  private setRouting(self: any) {
     // @ts-ignore
+    const middleware = function (req, res, next) {
+      const host = req.headers['host']
+      if (host !== self.onionAddress) {
+        return res.status(403).send('Access denied')
+      }
+      next()
+    }
+
+    this._app.use(middleware)
     this._app.use(express.json())
     this._app.post('/register', async (req, res): Promise<void> => {
       if (this.pendingPromise) return

diff --git a/packages/backend/src/nest/socket/socket.service.ts b/packages/backend/src/nest/socket/socket.service.ts
@@ -150,7 +150,7 @@ export class SocketService extends EventEmitter implements OnModuleInit {
   public listen = async (port = this.configOptions.socketIOPort): Promise<void> => {
     return await new Promise(resolve => {
       if (this.serverIoProvider.server.listening) resolve()
-      this.serverIoProvider.server.listen(this.configOptions.socketIOPort, () => {
+      this.serverIoProvider.server.listen(this.configOptions.socketIOPort, 'localhost', () => {
         this.logger(`Data server running on port ${this.configOptions.socketIOPort}`)
         resolve()
       })