CFC-Servers/cfc_cl_http_whitelist
1
0
Fork 0
mirror of https://github.com/CFC-Servers/cfc_cl_http_whitelist.git synced 2025-03-04 03:03:18 -05:00
Code Issues Projects Releases Activity

WIP: Serverside functionality (#57)

Browse Source 
* WIP

* Add a convar to produce an error on URL block

* Add server toggle

* Add readme

* Add other new convar
This commit is contained in:
Brandon Sturgeon 2024-12-31 00:35:15 -05:00 committed by GitHub
parent c577fc841e
commit 387c60834d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -46,6 +46,12 @@ The best way to configure this addon is using lua files.
| cfc_http_restrictions_log_allows | 1 | Should log allowed HTTP requests? | | cfc_http_restrictions_log_allows | 1 | Should log allowed HTTP requests? |
| cfc_http_restrictions_log_blocks | 1 | Should log blocked HTTP requests | | cfc_http_restrictions_log_blocks | 1 | Should log blocked HTTP requests |
| cfc_http_restrictions_log_verbose | 0 | Should the logs include verbose messages? noisy domains and full urls. | | cfc_http_restrictions_log_verbose | 0 | Should the logs include verbose messages? noisy domains and full urls. |
| cfc_http_restrictions_error_on_blocks | 0 | Should a non-halting error be thrown when a request is blocked? |
## Serverside Convars
| name | default | description |
| ---- | ------- | ----------- |
| cfc_http_restrictions_sv_enabled | 0 | Enable the whitelist for serverside? |
# Known Issues # Known Issues
- Some filetypes will not work with sound.playURL. This is intentional and will likely not be fixed. these filetypes would allow you to bypass the whitelist. - Some filetypes will not work with sound.playURL. This is intentional and will likely not be fixed. these filetypes would allow you to bypass the whitelist.

4
lua/cfc_http_restrictions/client/wrap_functions.lua
View File

@ -1,5 +1,3 @@
hook.Add( "Initialize", "CFC_HttpWhitelist_WrapHTML", function() hook.Add( "Initialize", "CFC_HttpWhitelist_WrapHTML", function()
ProtectedCall( function() ProtectedCall( include, "cfc_http_restrictions/wraps/dhtml.lua" )
include( "cfc_http_restrictions/wraps/html.lua" )
end )
end ) end )

5
lua/cfc_http_restrictions/shared/logging.lua
View File

@ -10,6 +10,7 @@ local COLORS = {
local shouldLogAllows = CreateConVar( "cfc_http_restrictions_log_allows", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log allowed HTTP requests?", 0, 1 ) local shouldLogAllows = CreateConVar( "cfc_http_restrictions_log_allows", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log allowed HTTP requests?", 0, 1 )
local shouldLogBlocks = CreateConVar( "cfc_http_restrictions_log_blocks", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log blocked HTTP requests?", 0, 1 ) local shouldLogBlocks = CreateConVar( "cfc_http_restrictions_log_blocks", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log blocked HTTP requests?", 0, 1 )
local verboseLogging = CreateConVar( "cfc_http_restrictions_log_verbose", "0", FCVAR_ARCHIVE, "Should the HTTP restrictions log include verbose messages?", 0, 1 ) local verboseLogging = CreateConVar( "cfc_http_restrictions_log_verbose", "0", FCVAR_ARCHIVE, "Should the HTTP restrictions log include verbose messages?", 0, 1 )
local errorOnBlocks = CreateConVar( "cfc_http_restrictions_error_on_blocks", "0", FCVAR_ARCHIVE, "Should the HTTP restrictions produce a Lua error on blocked HTTP requests?", 0, 1 )
local statusColors = { local statusColors = {
ALLOWED = COLORS.GREEN, ALLOWED = COLORS.GREEN,
@ -45,6 +46,10 @@ function CFCHTTP.LogRequest( input )
if not shouldLogAllows:GetBool() and requestStatus == "ALLOWED" then return end if not shouldLogAllows:GetBool() and requestStatus == "ALLOWED" then return end
if not shouldLogBlocks:GetBool() and requestStatus == "BLOCKED" then return end if not shouldLogBlocks:GetBool() and requestStatus == "BLOCKED" then return end
if requestStatus == "BLOCKED" and errorOnBlocks:GetBool() then
ErrorNoHaltWithStack( "Blocked HTTP request to: " .. url )
end
MsgC( MsgC(
requestColor, requestStatus, requestColor, requestStatus,
COLORS.GREY, ": ", COLORS.GREY, ": ",

0
lua/cfc_http_restrictions/wraps/html.lua → lua/cfc_http_restrictions/wraps/dhtml.lua
View File

20
lua/cfc_http_restrictions/wraps/http.lua
View File

@ -1,19 +1,19 @@
local function getSourceFromStack(stack) local function getSourceFromStack( stack )
local s = stack[3] local s = stack[3]
for i = 4, 5 do
if not stack[i] then break end
s = stack[i]
if not string.EndsWith(s, "/http.lua") then break end for i = 4, 5 do
end if not stack[i] then break end
s = stack[i]
return s if not string.EndsWith( s, "/http.lua" ) then break end
end
return s
end end
local function wrapHTTP() local function wrapHTTP()
_HTTP = _HTTP or HTTP _HTTP = _HTTP or HTTP
print( "HTTP wrapped, original function at '_G._HTTP'" )
HTTP = function( req ) HTTP = function( req )
local options = CFCHTTP.GetOptionsForURL( req.url ) local options = CFCHTTP.GetOptionsForURL( req.url )
@ -33,7 +33,9 @@ local function wrapHTTP()
if onFailure then onFailure( "URL is not whitelisted" ) end if onFailure then onFailure( "URL is not whitelisted" ) end
return return
end end
return _HTTP( req ) return _HTTP( req )
end end
end end
wrapHTTP() wrapHTTP()

1
lua/cfc_http_restrictions/wraps/playURL.lua
View File

@ -63,4 +63,5 @@ local function wrapPlayURL()
end ) end )
end end
end end
wrapPlayURL() wrapPlayURL()

18
lua/includes/modules/http.lua
View File

@ -7,14 +7,16 @@ originalFile:Close()
local f = CompileString( code, "lua/includes/modules/http.lua", false ) local f = CompileString( code, "lua/includes/modules/http.lua", false )
if CLIENT then if SERVER then
ProtectedCall( function() local svEnabled = CreateConVar( "cfc_http_restrictions_sv_enabled", "0", FCVAR_ARCHIVE, "Enable server-side HTTP whitelisting", 0, 1 )
include( "cfc_http_restrictions/wraps/http.lua" ) if svEnabled:GetBool() then
end ) ProtectedCall( include, "cfc_http_restrictions/wraps/http.lua" )
ProtectedCall( function() end
include( "cfc_http_restrictions/wraps/playURL.lua" ) end
end )
if CLIENT then
ProtectedCall( include, "cfc_http_restrictions/wraps/http.lua" )
ProtectedCall( include, "cfc_http_restrictions/wraps/playURL.lua" )
end end
print( "Running wrapped http.lua" )
f() f()