diff --git a/packages/backend/src/nest/connections-manager/connections-manager.service.ts b/packages/backend/src/nest/connections-manager/connections-manager.service.ts index 75f207e2bc..571d5bcaf1 100644 --- a/packages/backend/src/nest/connections-manager/connections-manager.service.ts +++ b/packages/backend/src/nest/connections-manager/connections-manager.service.ts @@ -397,11 +397,12 @@ export class ConnectionsManagerService extends EventEmitter implements OnModuleI this.serverIoProvider.io.emit(SocketActionTypes.SAVED_OWNER_CERTIFICATE, payload) }) this.registrationService.on(RegistrationEvents.SPAWN_HS_FOR_REGISTRAR, async payload => { - await this.tor.spawnHiddenService({ + const onionAddress = await this.tor.spawnHiddenService({ targetPort: payload.port, privKey: payload.privateKey, virtPort: payload.targetPort, }) + this.registrationService.onionAddress = onionAddress }) this.registrationService.on(RegistrationEvents.ERROR, payload => { emitError(this.serverIoProvider.io, payload) diff --git a/packages/backend/src/nest/registration/registration.service.ts b/packages/backend/src/nest/registration/registration.service.ts index c3d8a9b172..d92a1c8738 100644 --- a/packages/backend/src/nest/registration/registration.service.ts +++ b/packages/backend/src/nest/registration/registration.service.ts @@ -27,6 +27,7 @@ import Logger from '../common/logger' @Injectable() export class RegistrationService extends EventEmitter implements OnModuleInit { private readonly logger = Logger(RegistrationService.name) + public onionAddress: string private _server: Server private _port: number public registrationService: any @@ -42,7 +43,9 @@ export class RegistrationService extends EventEmitter implements OnModuleInit { this.on(RegistrationEvents.SET_CERTIFICATES, certs => { this.setCertificates(certs) }) - this.setRouting() + // eslint-disable-next-line + const self = this + this.setRouting(self) } public setCertificates(certs: string[]) { @@ -51,8 +54,17 @@ export class RegistrationService extends EventEmitter implements OnModuleInit { private pendingPromise: Promise | null = null - private setRouting() { + private setRouting(self: any) { // @ts-ignore + const middleware = function (req, res, next) { + const host = req.headers['host'] + if (host !== self.onionAddress) { + return res.status(403).send('Access denied') + } + next() + } + + this._app.use(middleware) this._app.use(express.json()) this._app.post('/register', async (req, res): Promise => { if (this.pendingPromise) return diff --git a/packages/backend/src/nest/socket/socket.service.ts b/packages/backend/src/nest/socket/socket.service.ts index 4936e4a32a..6b5dacaee1 100644 --- a/packages/backend/src/nest/socket/socket.service.ts +++ b/packages/backend/src/nest/socket/socket.service.ts @@ -150,7 +150,7 @@ export class SocketService extends EventEmitter implements OnModuleInit { public listen = async (port = this.configOptions.socketIOPort): Promise => { return await new Promise(resolve => { if (this.serverIoProvider.server.listening) resolve() - this.serverIoProvider.server.listen(this.configOptions.socketIOPort, () => { + this.serverIoProvider.server.listen(this.configOptions.socketIOPort, 'localhost', () => { this.logger(`Data server running on port ${this.configOptions.socketIOPort}`) resolve() })