WIP: Serverside functionality (#57)

* WIP * Add a convar to produce an error on URL block * Add server toggle * Add readme * Add other new convar
2025-03-04 03:03:18 -05:00 · 2024-12-31 00:35:15 -05:00 · 2024-12-31 00:35:15 -05:00 · 387c60834d
commit 387c60834d
parent c577fc841e
7 changed files with 34 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -46,6 +46,12 @@ The best way to configure this addon is using lua files.
 | cfc_http_restrictions_log_allows | 1 | Should log allowed HTTP requests? |
 | cfc_http_restrictions_log_blocks | 1 | Should log blocked HTTP requests |
 | cfc_http_restrictions_log_verbose | 0 | Should the logs include verbose messages? noisy domains and full urls. |
+| cfc_http_restrictions_error_on_blocks | 0 | Should a non-halting error be thrown when a request is blocked? |
+
+## Serverside Convars
+| name | default | description |
+| ---- | ------- | ----------- |
+| cfc_http_restrictions_sv_enabled | 0 | Enable the whitelist for serverside? |

 # Known Issues
 - Some filetypes will not work with sound.playURL. This is intentional and will likely not be fixed. these filetypes would allow you to bypass the whitelist.
--- a/lua/cfc_http_restrictions/client/wrap_functions.lua
+++ b/lua/cfc_http_restrictions/client/wrap_functions.lua
@ -1,5 +1,3 @@
 hook.Add( "Initialize", "CFC_HttpWhitelist_WrapHTML", function()
-    ProtectedCall( function()
-        include( "cfc_http_restrictions/wraps/html.lua" )
-    end )
+    ProtectedCall( include, "cfc_http_restrictions/wraps/dhtml.lua" )
 end )
--- a/lua/cfc_http_restrictions/shared/logging.lua
+++ b/lua/cfc_http_restrictions/shared/logging.lua
@ -10,6 +10,7 @@ local COLORS = {
 local shouldLogAllows = CreateConVar( "cfc_http_restrictions_log_allows", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log allowed HTTP requests?", 0, 1 )
 local shouldLogBlocks = CreateConVar( "cfc_http_restrictions_log_blocks", "1", FCVAR_ARCHIVE, "Should the HTTP restrictions log blocked HTTP requests?", 0, 1 )
 local verboseLogging = CreateConVar( "cfc_http_restrictions_log_verbose", "0", FCVAR_ARCHIVE, "Should the HTTP restrictions log include verbose messages?", 0, 1 )
+local errorOnBlocks = CreateConVar( "cfc_http_restrictions_error_on_blocks", "0", FCVAR_ARCHIVE, "Should the HTTP restrictions produce a Lua error on blocked HTTP requests?", 0, 1 )

 local statusColors = {
    ALLOWED = COLORS.GREEN,
@ -45,6 +46,10 @@ function CFCHTTP.LogRequest( input )
        if not shouldLogAllows:GetBool() and requestStatus == "ALLOWED" then return end
        if not shouldLogBlocks:GetBool() and requestStatus == "BLOCKED" then return end

+        if requestStatus == "BLOCKED" and errorOnBlocks:GetBool() then
+            ErrorNoHaltWithStack( "Blocked HTTP request to: " .. url )
+        end
+
        MsgC(
            requestColor, requestStatus,
            COLORS.GREY, ": ",
--- a/lua/cfc_http_restrictions/wraps/dhtml.lua
+++ b/lua/cfc_http_restrictions/wraps/dhtml.lua
--- a/lua/cfc_http_restrictions/wraps/http.lua
+++ b/lua/cfc_http_restrictions/wraps/http.lua
@ -1,19 +1,19 @@

-local function getSourceFromStack(stack)
-   local s = stack[3]
-   for i = 4, 5 do
-      if not stack[i] then break end
-      s = stack[i]
+local function getSourceFromStack( stack )
+    local s = stack[3]

-      if not string.EndsWith(s, "/http.lua") then break end
-   end
+    for i = 4, 5 do
+        if not stack[i] then break end
+        s = stack[i]

-   return s
+        if not string.EndsWith( s, "/http.lua" ) then break end
+    end
+
+    return s
 end

 local function wrapHTTP()
    _HTTP = _HTTP or HTTP
-    print( "HTTP wrapped, original function at '_G._HTTP'" )

    HTTP = function( req )
        local options = CFCHTTP.GetOptionsForURL( req.url )
@ -33,7 +33,9 @@ local function wrapHTTP()
            if onFailure then onFailure( "URL is not whitelisted" ) end
            return
        end
+
        return _HTTP( req )
    end
 end
+
 wrapHTTP()
--- a/lua/cfc_http_restrictions/wraps/playURL.lua
+++ b/lua/cfc_http_restrictions/wraps/playURL.lua
@ -63,4 +63,5 @@ local function wrapPlayURL()
        end )
    end
 end
+
 wrapPlayURL()
--- a/lua/includes/modules/http.lua
+++ b/lua/includes/modules/http.lua
@ -7,14 +7,16 @@ originalFile:Close()

 local f = CompileString( code, "lua/includes/modules/http.lua", false )

-if CLIENT then
-    ProtectedCall( function()
-        include( "cfc_http_restrictions/wraps/http.lua" )
-    end )
-    ProtectedCall( function()
-        include( "cfc_http_restrictions/wraps/playURL.lua" )
-    end )
+if SERVER then
+    local svEnabled = CreateConVar( "cfc_http_restrictions_sv_enabled", "0", FCVAR_ARCHIVE, "Enable server-side HTTP whitelisting", 0, 1 )
+    if svEnabled:GetBool() then
+        ProtectedCall( include, "cfc_http_restrictions/wraps/http.lua" )
+    end
+end
+
+if CLIENT then
+    ProtectedCall( include, "cfc_http_restrictions/wraps/http.lua" )
+    ProtectedCall( include, "cfc_http_restrictions/wraps/playURL.lua" )
 end

-print( "Running wrapped http.lua" )
 f()