swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-19 06:53:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement X-Callback-Secret for validating API requests

Browse Source
This commit is contained in:
Michael Reber
2025-12-15 23:16:48 +01:00
parent c57322e38d
commit 53bb0eb79d
14 changed files with 159 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/fail2ban/connector_agent.go
View File

@@ -61,9 +61,10 @@ func (ac *AgentConnector) Server() config.Fail2banServer {
}
func (ac *AgentConnector) ensureAction(ctx context.Context) error {
settings := config.GetSettings()
payload := map[string]any{
"name": "ui-custom-action",
"config": config.BuildFail2banActionConfig(config.GetCallbackURL(), ac.server.ID),
"config": config.BuildFail2banActionConfig(config.GetCallbackURL(), ac.server.ID, settings.CallbackSecret),
"callbackUrl": config.GetCallbackURL(),
"setDefault": true,
}

3
internal/fail2ban/connector_ssh.go
View File

@@ -244,7 +244,8 @@ func (sc *SSHConnector) FetchBanEvents(ctx context.Context, limit int) ([]BanEve
func (sc *SSHConnector) ensureAction(ctx context.Context) error {
callbackURL := config.GetCallbackURL()
actionConfig := config.BuildFail2banActionConfig(callbackURL, sc.server.ID)
settings := config.GetSettings()
actionConfig := config.BuildFail2banActionConfig(callbackURL, sc.server.ID, settings.CallbackSecret)
payload := base64.StdEncoding.EncodeToString([]byte(actionConfig))
script := strings.ReplaceAll(sshEnsureActionScript, "__PAYLOAD__", payload)
// Base64 encode the entire script to avoid shell escaping issues