Phase 7: Auth & Security upgrade (JWT, 2FA, Login UI)
This commit is contained in:
@@ -5,16 +5,17 @@ import signal
|
||||
import struct
|
||||
import fcntl
|
||||
import termios
|
||||
from fastapi import WebSocket, WebSocketDisconnect
|
||||
from fastapi import WebSocket, WebSocketDisconnect, Depends
|
||||
import auth
|
||||
|
||||
|
||||
async def ws_endpoint(ws: WebSocket):
|
||||
# Block non-Tailscale IPs
|
||||
client_ip = ws.client.host if ws.client else ""
|
||||
async def ws_endpoint(websocket: WebSocket, user: str = Depends(auth.get_current_user_ws)):
|
||||
# Block non-Tailscale IPs (Defense in depth)
|
||||
client_ip = websocket.client.host if websocket.client else ""
|
||||
if not client_ip.startswith("100."):
|
||||
await ws.close(code=1008, reason="Tailscale only")
|
||||
await websocket.close(code=1008, reason="Tailscale only")
|
||||
return
|
||||
|
||||
|
||||
await ws.accept()
|
||||
master_fd, slave_fd = pty.openpty()
|
||||
pid = os.fork()
|
||||
|
||||
Reference in New Issue
Block a user