chore: secure dashboard proxy endpoint and decouple lan checks
Deploy Dashboard / deploy (push) Successful in 1m48s
Deploy Dashboard / deploy (push) Successful in 1m48s
This commit is contained in:
@@ -116,7 +116,12 @@ def _classify(method, path, status, user):
|
||||
|
||||
@router.get("/openclaw-token")
|
||||
def openclaw_token(request: Request):
|
||||
ip = request.headers.get("x-forwarded-for", "").split(",")[0].strip() or request.client.host
|
||||
if not (ip.startswith("192.168.31.") or ip.startswith("100.")):
|
||||
ip = request.client.host
|
||||
if ip in ("127.0.0.1", "::1"):
|
||||
forwarded = request.headers.get("x-forwarded-for", "").split(",")[0].strip()
|
||||
if forwarded:
|
||||
ip = forwarded
|
||||
import config
|
||||
if not config.is_lan_ip(ip):
|
||||
raise HTTPException(status_code=403, detail="Access denied")
|
||||
return {"token": OPENCLAW_GATEWAY_TOKEN}
|
||||
|
||||
Reference in New Issue
Block a user