mirror of
https://github.com/wanderer-industries/wanderer
synced 2025-12-16 12:46:04 +00:00
feat: disable webhook/websocket by default
This commit is contained in:
guarzo
@@ -72,6 +72,11 @@ map_subscriptions_enabled =
|
|||||||
|> get_var_from_path_or_env("WANDERER_MAP_SUBSCRIPTIONS_ENABLED", "false")
|
|> get_var_from_path_or_env("WANDERER_MAP_SUBSCRIPTIONS_ENABLED", "false")
|
||||||
|> String.to_existing_atom()
|
|> String.to_existing_atom()
|
||||||
|
|
||||||
|
websocket_events_enabled =
|
||||||
|
config_dir
|
||||||
|
|> get_var_from_path_or_env("WANDERER_WEBSOCKET_EVENTS_ENABLED", "false")
|
||||||
|
|> String.to_existing_atom()
|
||||||
|
|
||||||
map_subscription_characters_limit =
|
map_subscription_characters_limit =
|
||||||
config_dir
|
config_dir
|
||||||
|> get_int_from_path_or_env("WANDERER_MAP_SUBSCRIPTION_CHARACTERS_LIMIT", 10_000)
|
|> get_int_from_path_or_env("WANDERER_MAP_SUBSCRIPTION_CHARACTERS_LIMIT", 10_000)
|
||||||
@@ -143,6 +148,7 @@ config :wanderer_app,
|
|||||||
wanderer_kills_service_enabled: wanderer_kills_service_enabled,
|
wanderer_kills_service_enabled: wanderer_kills_service_enabled,
|
||||||
wanderer_kills_base_url: wanderer_kills_base_url,
|
wanderer_kills_base_url: wanderer_kills_base_url,
|
||||||
map_subscriptions_enabled: map_subscriptions_enabled,
|
map_subscriptions_enabled: map_subscriptions_enabled,
|
||||||
|
websocket_events_enabled: websocket_events_enabled,
|
||||||
map_connection_auto_expire_hours: map_connection_auto_expire_hours,
|
map_connection_auto_expire_hours: map_connection_auto_expire_hours,
|
||||||
map_connection_auto_eol_hours: map_connection_auto_eol_hours,
|
map_connection_auto_eol_hours: map_connection_auto_eol_hours,
|
||||||
map_connection_eol_expire_timeout_mins: map_connection_eol_expire_timeout_mins,
|
map_connection_eol_expire_timeout_mins: map_connection_eol_expire_timeout_mins,
|
||||||
|
|||||||
@@ -56,13 +56,12 @@ defmodule WandererApp.Application do
|
|||||||
{WandererApp.Character.TrackerPoolSupervisor, []},
|
{WandererApp.Character.TrackerPoolSupervisor, []},
|
||||||
WandererApp.Character.TrackerManager,
|
WandererApp.Character.TrackerManager,
|
||||||
WandererApp.Map.Manager,
|
WandererApp.Map.Manager,
|
||||||
WandererApp.ExternalEvents.MapEventRelay,
|
|
||||||
WandererApp.ExternalEvents.WebhookDispatcher,
|
|
||||||
WandererAppWeb.Presence,
|
WandererAppWeb.Presence,
|
||||||
WandererAppWeb.Endpoint
|
WandererAppWeb.Endpoint
|
||||||
] ++
|
] ++
|
||||||
maybe_start_corp_wallet_tracker(WandererApp.Env.map_subscriptions_enabled?()) ++
|
maybe_start_corp_wallet_tracker(WandererApp.Env.map_subscriptions_enabled?()) ++
|
||||||
maybe_start_kills_services()
|
maybe_start_kills_services() ++
|
||||||
|
maybe_start_websocket_services(WandererApp.Env.websocket_events_enabled?())
|
||||||
|
|
||||||
opts = [strategy: :one_for_one, name: WandererApp.Supervisor]
|
opts = [strategy: :one_for_one, name: WandererApp.Supervisor]
|
||||||
|
|
||||||
@@ -106,4 +105,15 @@ defmodule WandererApp.Application do
|
|||||||
[]
|
[]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp maybe_start_websocket_services(true) do
|
||||||
|
Logger.info("Starting WebSocket/Webhook services...")
|
||||||
|
|
||||||
|
[
|
||||||
|
WandererApp.ExternalEvents.MapEventRelay,
|
||||||
|
WandererApp.ExternalEvents.WebhookDispatcher
|
||||||
|
]
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_start_websocket_services(_), do: []
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ defmodule WandererApp.Env do
|
|||||||
def custom_route_base_url, do: get_key(:custom_route_base_url, "<CUSTOM_ROUTE_BASE_URL>")
|
def custom_route_base_url, do: get_key(:custom_route_base_url, "<CUSTOM_ROUTE_BASE_URL>")
|
||||||
def invites, do: get_key(:invites, false)
|
def invites, do: get_key(:invites, false)
|
||||||
def map_subscriptions_enabled?, do: get_key(:map_subscriptions_enabled, false)
|
def map_subscriptions_enabled?, do: get_key(:map_subscriptions_enabled, false)
|
||||||
|
def websocket_events_enabled?, do: get_key(:websocket_events_enabled, false)
|
||||||
def public_api_disabled?, do: get_key(:public_api_disabled, false)
|
def public_api_disabled?, do: get_key(:public_api_disabled, false)
|
||||||
|
|
||||||
@decorate cacheable(
|
@decorate cacheable(
|
||||||
|
|||||||
@@ -1,14 +1,21 @@
|
|||||||
defmodule WandererAppWeb.UserSocket do
|
defmodule WandererAppWeb.UserSocket do
|
||||||
use Phoenix.Socket
|
use Phoenix.Socket
|
||||||
|
require Logger
|
||||||
|
|
||||||
# External events channel for webhooks/WebSocket delivery
|
# External events channel for webhooks/WebSocket delivery
|
||||||
channel "external_events:map:*", WandererAppWeb.MapEventsChannel
|
channel "external_events:map:*", WandererAppWeb.MapEventsChannel
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def connect(params, socket, connect_info) do
|
def connect(params, socket, connect_info) do
|
||||||
|
# Check if websocket events are enabled
|
||||||
|
unless WandererApp.Env.websocket_events_enabled?() do
|
||||||
|
remote_ip = get_remote_ip(connect_info)
|
||||||
|
Logger.info("WebSocket connection rejected - websocket events disabled from #{remote_ip}")
|
||||||
|
:error
|
||||||
|
else
|
||||||
|
|
||||||
# Extract API key from connection params
|
# Extract API key from connection params
|
||||||
# Client should connect with: /socket/websocket?api_key=<key>
|
# Client should connect with: /socket/websocket?api_key=<key>
|
||||||
require Logger
|
|
||||||
|
|
||||||
# Log connection attempt for security auditing
|
# Log connection attempt for security auditing
|
||||||
remote_ip = get_remote_ip(connect_info)
|
remote_ip = get_remote_ip(connect_info)
|
||||||
@@ -30,6 +37,7 @@ defmodule WandererAppWeb.UserSocket do
|
|||||||
Logger.warning("WebSocket connection rejected - missing API key from #{remote_ip}")
|
Logger.warning("WebSocket connection rejected - missing API key from #{remote_ip}")
|
||||||
:error
|
:error
|
||||||
end
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Extract remote IP from connection info
|
# Extract remote IP from connection info
|
||||||
|
|||||||
@@ -0,0 +1,15 @@
|
|||||||
|
defmodule WandererAppWeb.Plugs.CheckWebsocketDisabled do
|
||||||
|
import Plug.Conn
|
||||||
|
|
||||||
|
def init(opts), do: opts
|
||||||
|
|
||||||
|
def call(conn, _opts) do
|
||||||
|
if not WandererApp.Env.websocket_events_enabled?() do
|
||||||
|
conn
|
||||||
|
|> send_resp(403, "WebSocket events are disabled")
|
||||||
|
|> halt()
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -180,6 +180,10 @@ defmodule WandererAppWeb.Router do
|
|||||||
plug WandererAppWeb.Plugs.CheckCharacterApiDisabled
|
plug WandererAppWeb.Plugs.CheckCharacterApiDisabled
|
||||||
end
|
end
|
||||||
|
|
||||||
|
pipeline :api_websocket_events do
|
||||||
|
plug WandererAppWeb.Plugs.CheckWebsocketDisabled
|
||||||
|
end
|
||||||
|
|
||||||
pipeline :api_acl do
|
pipeline :api_acl do
|
||||||
plug WandererAppWeb.Plugs.CheckAclApiKey
|
plug WandererAppWeb.Plugs.CheckAclApiKey
|
||||||
end
|
end
|
||||||
@@ -240,6 +244,12 @@ defmodule WandererAppWeb.Router do
|
|||||||
resources "/signatures", MapSystemSignatureAPIController, except: [:new, :edit]
|
resources "/signatures", MapSystemSignatureAPIController, except: [:new, :edit]
|
||||||
get "/user-characters", MapAPIController, :show_user_characters
|
get "/user-characters", MapAPIController, :show_user_characters
|
||||||
get "/tracked-characters", MapAPIController, :show_tracked_characters
|
get "/tracked-characters", MapAPIController, :show_tracked_characters
|
||||||
|
end
|
||||||
|
|
||||||
|
# WebSocket events and webhook management endpoints (disabled by default)
|
||||||
|
scope "/api/maps/:map_identifier", WandererAppWeb do
|
||||||
|
pipe_through [:api, :api_map, :api_websocket_events]
|
||||||
|
|
||||||
get "/events", MapEventsAPIController, :list_events
|
get "/events", MapEventsAPIController, :list_events
|
||||||
|
|
||||||
# Webhook management endpoints
|
# Webhook management endpoints
|
||||||
|
|||||||
Reference in New Issue
Block a user