Implement security ban theme (#4)

Co-authored-by: DblK <[email protected]>
DblK · Dec 19, 2021 · 7638137 · 7638137
1 parent d2ca7b0
commit 7638137
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -42,6 +42,7 @@ Here is the list of all main features so far:
 - [X] Display a webpage for forbidden devices
 - [X] Auto-refresh configuration on file change
 - [X] Add the possibility to whitelist or blacklist a switch
+- [X] Add the possibility to ban theme
 
 # Dev or build from source
 

diff --git a/config.example.yaml b/config.example.yaml
@@ -37,6 +37,11 @@ sources:
 
 # All security information will be stored here
 security:
+  # List of theme to be banned with security
+  # Be aware that this should be string (do not forget quotes)
+  # You can find the theme of a switch in the log upon access
+  bannedTheme:
+    - "0000000000000000000000000000000000000000000000000000000000000000"
   # List of switch uid to whitelist
   # If enabled then only switch in this area will be listed
   # You can find the uid of a switch in the log upon access

diff --git a/config/config.go b/config/config.go
@@ -19,8 +19,9 @@ type debug struct {
 }
 
 type security struct {
-	Whitelist []string `mapstructure:"whitelist"`
-	Backlist  []string `mapstructure:"backlist"`
+	Whitelist   []string `mapstructure:"whitelist"`
+	Backlist    []string `mapstructure:"backlist"`
+	BannedTheme []string `mapstructure:"bannedTheme"`
 }
 
 // File holds all config information
@@ -231,3 +232,13 @@ func (cfg *File) isInWhiteList(uid string) bool {
 	})
 	return idxWhiteList != -1
 }
+
+// IsBannedTheme tells if the theme is banned or not
+func (cfg *File) IsBannedTheme(theme string) bool {
+	fmt.Println(theme)
+	fmt.Println(cfg.Security.BannedTheme)
+	idxBannedTheme := utils.Search(len(cfg.Security.BannedTheme), func(index int) bool {
+		return cfg.Security.BannedTheme[index] == theme
+	})
+	return idxBannedTheme != -1
+}
diff --git a/config/config_test.go b/config/config_test.go
@@ -200,4 +200,24 @@ var _ = Describe("Config", func() {
 			})
 		})
 	})
+	Context("Security for theme", func() {
+		var myConfig = config.File{}
+		Describe("IsBannedTheme", func() {
+			It("should not be banned if empty config", func() {
+				Expect(myConfig.IsBannedTheme("myTheme")).To(BeFalse())
+			})
+			It("should not be banned if no corresponding config", func() {
+				var bannedThemes = make([]string, 0)
+				bannedThemes = append(bannedThemes, "banned")
+				myConfig.Security.BannedTheme = bannedThemes
+				Expect(myConfig.IsBannedTheme("myTheme")).To(BeFalse())
+			})
+			It("should not be banned if no corresponding config", func() {
+				var bannedThemes = make([]string, 0)
+				bannedThemes = append(bannedThemes, "myTheme")
+				myConfig.Security.BannedTheme = bannedThemes
+				Expect(myConfig.IsBannedTheme("myTheme")).To(BeTrue())
+			})
+		})
+	})
 })
diff --git a/mock_repository/mock_config.go b/mock_repository/mock_config.go
diff --git a/repository/interfaces.go b/repository/interfaces.go
@@ -32,6 +32,7 @@ type Config interface {
 
 	IsBlacklisted(string) bool
 	IsWhitelisted(string) bool
+	IsBannedTheme(string) bool
 }
 
 // ShopTemplate contains all variables used for shop template

diff --git a/security.go b/security.go
@@ -31,6 +31,14 @@ func tinfoilMiddleware(next http.Handler) http.Handler {
 				return
 			}
 
+			// Check for banned theme
+			var theme = strings.Join(headers["Theme"], "")
+			if config.GetConfig().IsBannedTheme(theme) {
+				log.Println("[Security] Banned theme detected...", uid, theme)
+				_ = shopTemplate.Execute(w, config.GetConfig().ShopTemplateData())
+				return
+			}
+
 			// No User-Agent for tinfoil app
 			if headers["User-Agent"] != nil {
 				log.Println("[Security] User-Agent detected...")