summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2026-04-30 11:31:58 +0200
committerSimon Rettberg2026-04-30 11:31:58 +0200
commit6cb052b9c672cc0eff18ea077736bde319e8966d (patch)
tree156540d0169b494f6b6a68f29cd418721e386f0a
parentstyle: Fix radio/checkbox margin inside input-group-addon (diff)
downloadslx-admin-master.tar.gz
slx-admin-master.tar.xz
slx-admin-master.zip
[webinterface] Show current proxy chain in trusted proxy dialogHEADmaster
Add to list of trusted proxies with a single click.
Diffstat
-rw-r--r--modules-available/webinterface/inc/webinterface.inc.php4
-rw-r--r--modules-available/webinterface/lang/de/template-tags.json3
-rw-r--r--modules-available/webinterface/lang/en/template-tags.json3
-rw-r--r--modules-available/webinterface/page.inc.php14
-rw-r--r--modules-available/webinterface/templates/trusted-proxies.html21
5 files changed, 40 insertions, 5 deletions
diff --git a/modules-available/webinterface/inc/webinterface.inc.php b/modules-available/webinterface/inc/webinterface.inc.php
index 2541ea24..af4e0268 100644
--- a/modules-available/webinterface/inc/webinterface.inc.php
+++ b/modules-available/webinterface/inc/webinterface.inc.php
@@ -146,7 +146,7 @@ class WebInterface
*/
public static function getProxiesTrusted(): array
{
- return Property::get(self::PROP_PROXIES_TRUSTED, []);
+ return json_decode(Property::get(self::PROP_PROXIES_TRUSTED, '{}'), true);
}
/**
@@ -154,7 +154,7 @@ class WebInterface
*/
public static function setProxiesTrusted(array $proxies): void
{
- Property::set(self::PROP_PROXIES_TRUSTED, $proxies);
+ Property::set(self::PROP_PROXIES_TRUSTED, json_encode($proxies));
}
} \ No newline at end of file
diff --git a/modules-available/webinterface/lang/de/template-tags.json b/modules-available/webinterface/lang/de/template-tags.json
index 28adcdb3..5cd25d94 100644
--- a/modules-available/webinterface/lang/de/template-tags.json
+++ b/modules-available/webinterface/lang/de/template-tags.json
@@ -38,6 +38,8 @@
"lang_httpsRedirect": "Anfragen per HTTP immer auf HTTPS umleiten",
"lang_httpsSettings": "HTTPS-Konfiguration",
"lang_installAndRestart": "Zertifikat installieren und Webserver neustarten",
+ "lang_ipAddressYouQ": "Dieser Browser?",
+ "lang_ipThisServer": "Dieser Server",
"lang_logoBackground": "Hintergrundfarbe des Logos",
"lang_moduleHeading": "Web-Schnittstelle",
"lang_msgAcmeFailed": "ACME-Abruf fehlgeschlagen",
@@ -57,6 +59,7 @@
"lang_trustedProxiesSettings": "Vertrauensw\u00fcrdige Proxies",
"lang_unknownSelected": "Unbekanntes oder ung\u00fcltiges Zertifikat vorhanden. Wahrscheinlich wurde der Server von einer alten Version aktualisiert. Um diese Meldung zu entfernen, die HTTPS-Konfiguration erneut vornehmen.",
"lang_useHsts": "HSTS aktivieren (dies erh\u00f6ht die Sicherheit, kann aber bei sp\u00e4terem Deaktivieren von HTTPS zu Zugriffsproblemen f\u00fchren)",
+ "lang_yourConnectionChain": "Ihre Verbindungskette",
"lang_youreNotUsingHttps": "Sie besuchen diese Seite nicht per HTTPS (oder die HTTPS-Terminierung wird von einem vorgeschalteten Proxy \u00fcbernommen).",
"lang_youreUsingHttps": "Sie besuchen diese Seite (aus Sicht des Webservers) per HTTPS."
} \ No newline at end of file
diff --git a/modules-available/webinterface/lang/en/template-tags.json b/modules-available/webinterface/lang/en/template-tags.json
index 9c367377..9a06c5a6 100644
--- a/modules-available/webinterface/lang/en/template-tags.json
+++ b/modules-available/webinterface/lang/en/template-tags.json
@@ -38,6 +38,8 @@
"lang_httpsRedirect": "Redirect incoming HTTP requests to HTTPS",
"lang_httpsSettings": "HTTPS settings",
"lang_installAndRestart": "Installing certificate and restarting web server",
+ "lang_ipAddressYouQ": "You?",
+ "lang_ipThisServer": "this server",
"lang_logoBackground": "Logo background color",
"lang_moduleHeading": "Web Interface",
"lang_msgAcmeFailed": "ACME failed",
@@ -57,6 +59,7 @@
"lang_trustedProxiesSettings": "Trusted Proxies",
"lang_unknownSelected": "Unknown or invalid certificate in use. The server was probably updated from an old version while HTTPS was already enabled. Redo the HTTPS configuration steps to get rid of this message.",
"lang_useHsts": "Use HSTS (increases security but might lead to problems accessing the site if you disable HTTPS later)",
+ "lang_yourConnectionChain": "Your connection chain",
"lang_youreNotUsingHttps": "You're not using HTTPS to visit this website (or the HTTPS termination is done by a reverse proxy).",
"lang_youreUsingHttps": "You're visiting this server through an HTTPS connection (from the server's point of view)."
} \ No newline at end of file
diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php
index 1b082000..7bad721b 100644
--- a/modules-available/webinterface/page.inc.php
+++ b/modules-available/webinterface/page.inc.php
@@ -101,7 +101,7 @@ class Page_WebInterface extends Page
$ip = trim($line[0]);
$ipNormal = IpUtil::normalizeIp($ip);
if ($ipNormal !== null) {
- $cleaned[$ip] = $line[1] ?? '';
+ $cleaned[$ipNormal] = $line[1] ?? '';
} else {
Message::addWarning('invalid-proxy-ip', $ip);
}
@@ -205,7 +205,7 @@ class Page_WebInterface extends Page
//
// Password fields
//
- $data = array();
+ $data = [];
if (Property::getPasswordFieldType() === 'text') {
$data['selected_show'] = 'checked';
} else {
@@ -224,7 +224,15 @@ class Page_WebInterface extends Page
}
$list .= "\r\n";
}
- $data = ['trustedProxiesList' => $list];
+ $chain = preg_split('/\s*,\s*/', $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '', -1, PREG_SPLIT_NO_EMPTY);
+ $chain[] = $_SERVER['REMOTE_ADDR'] ?? '';
+ $client = array_shift($chain);
+ $data = [
+ 'trustedProxiesList' => $list,
+ 'chain' => $chain,
+ 'client' => $client,
+ 'server' => $_SERVER['SERVER_ADDR'] ?? '127.0.0.1',
+ ];
Permission::addGlobalTags($data['perms'], null, ['edit.trusted-proxies']);
Render::addTemplate('trusted-proxies', $data);
//
diff --git a/modules-available/webinterface/templates/trusted-proxies.html b/modules-available/webinterface/templates/trusted-proxies.html
index a2461edc..2ce3aa80 100644
--- a/modules-available/webinterface/templates/trusted-proxies.html
+++ b/modules-available/webinterface/templates/trusted-proxies.html
@@ -12,6 +12,27 @@
<textarea class="form-control" name="trusted-proxies-list" id="trusted-proxies-list" rows="10"
placeholder="10.0.0.1 # public proxy&#10;192.168.1.0 # VPN proxy">{{trustedProxiesList}}</textarea>
<p class="help-block">{{lang_trustedProxiesListHelp}}</p>
+ <div class="slx-space"></div>
+ {{#chain.0}}
+ <style>.proxy-addr { text-decoration: underline; cursor: pointer }</style>
+ <script>
+ document.addEventListener('DOMContentLoaded', function(e) {
+ e.preventDefault();
+ $('.proxy-addr').click(function() {
+ const ip = $(this).text();
+ const ta = $('#trusted-proxies-list');
+ if (new RegExp("(^|\r|\n|\s)" + ip.replaceAll('.', '\.') + "($|\r|\n|\s)").test(ta.val())) return;
+ ta.val((ta.val().trim() + "\r\n" + ip).trim());
+ });
+ });
+ </script>
+ <b>{{lang_yourConnectionChain}}</b>:
+ {{client}} <span class="text-muted">({{lang_ipAddressYouQ}})</span>
+ {{#chain}}
+ &rAarr; <a class="proxy-addr">{{.}}</a>
+ {{/chain}}
+ &rAarr; {{server}} <span class="text-muted">({{lang_ipThisServer}})</span>
+ {{/chain.0}}
</div>
<div class="pull-right">
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-05-07 12:51:34 +0200