This commit is contained in:
ed 2024-03-14 18:37:05 +00:00
parent b377791be7
commit 66abf17bae
3 changed files with 16 additions and 4 deletions

View file

@ -908,7 +908,7 @@ def add_network(ap):
ap2.add_argument("--rproxy", metavar="DEPTH", type=int, default=1, help="which ip to associate clients with; [\033[32m0\033[0m]=tcp, [\033[32m1\033[0m]=origin (first x-fwd, unsafe), [\033[32m2\033[0m]=outermost-proxy, [\033[32m3\033[0m]=second-proxy, [\033[32m-1\033[0m]=closest-proxy")
ap2.add_argument("--xff-hdr", metavar="NAME", type=u, default="x-forwarded-for", help="if reverse-proxied, which http header to read the client's real ip from")
ap2.add_argument("--xff-src", metavar="CIDR", type=u, default="127.0.0.0/8, ::1/128", help="comma-separated list of trusted reverse-proxy CIDRs; only accept the real-ip header (\033[33m--xff-hdr\033[0m) and IdP headers if the incoming connection is from an IP within either of these subnets. Specify [\033[32mlan\033[0m] to allow all LAN / private / non-internet IPs. Can be disabled with [\033[32many\033[0m] if you are behind cloudflare (or similar) and are using \033[32m--xff-hdr=cf-connecting-ip\033[0m (or similar)")
ap2.add_argument("--ipa", metavar="CIDR", type=u, default="", help="only accept connections from IP-addresses inside \033[33mCIDR\033[0m; examples: [\033[32mlan\033[0m], [\033[32m10.89.0.0/16, 192.168.33.0/24\033[0m]")
ap2.add_argument("--ipa", metavar="CIDR", type=u, default="", help="only accept connections from IP-addresses inside \033[33mCIDR\033[0m; examples: [\033[32mlan\033[0m] or [\033[32m10.89.0.0/16, 192.168.33.0/24\033[0m]")
ap2.add_argument("--rp-loc", metavar="PATH", type=u, default="", help="if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here; example: [\033[32m/foo/bar\033[0m]")
if ANYWIN:
ap2.add_argument("--reuseaddr", action="store_true", help="set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances")

View file

@ -2006,7 +2006,13 @@ class AuthSrv(object):
for idp_vp in self.idp_vols:
parent_vp = vsplit(idp_vp)[0]
vn, _ = vfs.get(parent_vp, "*", False, False)
zs = "READABLE" if "*" in vn.axs.uread else "WRITABLE" if "*" in vn.axs.uwrite else ""
zs = (
"READABLE"
if "*" in vn.axs.uread
else "WRITABLE"
if "*" in vn.axs.uwrite
else ""
)
if zs:
t = '\nWARNING: Volume "/%s" appears below "/%s" and would be WORLD-%s'
idp_err += t % (idp_vp, vn.vpath, zs)

View file

@ -323,7 +323,9 @@ class HttpCli(object):
if "." in pip
else ":".join(pip.split(":")[:4]) + ":"
) + "0.0/16"
zs2 = ' or "--xff-src=lan"' if self.conn.hsrv.xff_lan.map(pip) else ""
zs2 = (
' or "--xff-src=lan"' if self.conn.hsrv.xff_lan.map(pip) else ""
)
self.log(t % (self.args.xff_hdr, pip, cli_ip, zso, zs, zs2), 3)
else:
self.ip = cli_ip
@ -493,7 +495,11 @@ class HttpCli(object):
if "." in pip
else ":".join(pip.split(":")[:4]) + ":"
) + "0.0/16"
zs2 = ' or "--xff-src=lan"' if self.conn.hsrv.xff_lan.map(pip) else ""
zs2 = (
' or "--xff-src=lan"'
if self.conn.hsrv.xff_lan.map(pip)
else ""
)
self.log(t % (pip, idp_usr, idp_grp, zs, zs2), 3)
idp_usr = "*"