feat: limit unwanted access (thanks tonylu00)

sctg-development · Oct 11, 2024 · 584a356 · 584a356
1 parent 8f44bf7
commit 584a356
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 10 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "hbbs"
-version = "1.1.99-45a"
+version = "1.1.99-46"
 authors = ["sctg <[email protected]>", "rustdesk <[email protected]>"]
 edition = "2021"
 build = "build.rs"

diff --git a/README.md b/README.md
@@ -246,6 +246,11 @@ RestartSec=10
 WantedBy=multi-user.target
 ```
 
+# Limit unwanted access
+
+The `--logged-in-only` option or the `LOGGED_IN_ONLY=Y` environment setting is available for the hbbs server. This option will limit the control to logged in users only.  
+Even if this option is set users will still be able to register in the Renvez-vous server but won't be able to control another one.
+
 # RustDesk Server Program
 
 [![build](https://github.com/sctg-development/sctgdesk-server/actions/workflows/multiarch-docker-hub.yml/badge.svg)](https://github.com/sctg-development/sctgdesk-server/actions/workflows/multiarch-docker-hub.yml)

diff --git a/src/common.rs b/src/common.rs
@@ -77,6 +77,9 @@ pub fn init_args(args: &str, name: &str, about: &str) {
             }
         }
     }
+    if matches.is_present("logged-in-only") {
+        std::env::set_var("LOGGED_IN_ONLY", "Y");
+    }
     for (k, v) in matches.args {
         if let Some(v) = v.vals.first() {
             std::env::set_var(arg_name(k), v.to_string_lossy().to_string());

diff --git a/src/main.rs b/src/main.rs
@@ -77,7 +77,8 @@ fn main() -> ResultType<()> {
         -r, --relay-servers=[HOST] 'Sets the default relay servers, separated by comma'
         -M, --rmem=[NUMBER(default={RMEM})] 'Sets UDP recv buffer size, set system rmem_max first, e.g., sudo sysctl -w net.core.rmem_max=52428800. vi /etc/sysctl.conf, net.core.rmem_max=52428800, sudo sysctl –p'
         , --mask=[MASK] 'Determine if the connection comes from LAN, e.g. 192.168.0.0/16'
-        -k, --key=[KEY] 'Only allow the client with the same key'",
+        -k, --key=[KEY] 'Only allow the client with the same key'
+        , --logged-in-only 'Only allow logged in user to control'",
     );
     init_args(&args, "hbbs", "RustDesk ID/Rendezvous Server");
     let port = get_arg_or("port", RENDEZVOUS_PORT.to_string()).parse::<i32>()?;
@@ -86,7 +87,7 @@ fn main() -> ResultType<()> {
     }
     let rmem = get_arg("rmem").parse::<usize>().unwrap_or(RMEM);
     let serial: i32 = get_arg("serial").parse().unwrap_or(0);
-    
+
     std::env::set_var("MAIN_PKG_VERSION", env!("CARGO_PKG_VERSION"));
     let handle = thread::spawn(|| {
         let rt = rocket::tokio::runtime::Runtime::new().unwrap();

diff --git a/src/rendezvous_server.rs b/src/rendezvous_server.rs
@@ -813,6 +813,8 @@ impl RendezvousServer {
             });
             return Ok((msg_out, None));
         }
+        // For limiting abuse, only allow logged in users to punch hole
+        // if LOGGED_IN_ONLY=Y is set in env or --logged-in-only is passed
         if ph.token.is_empty() && std::env::var("LOGGED_IN_ONLY")
             .unwrap_or_default()
             .to_uppercase()