[release] v0.10.0-unstable17

LICENCE

@@ -1,31 +1,57 @@
-“Commons Clause” License Condition v1.0
+Software: Cosmos-Server
 
-The Software is provided to you by the Licensor under the
-License, as defined below, subject to the following condition.
+License: Apache 2.0 with Commons Clause and Anti Tampering Clause
 
-Without limiting other conditions in the License, the grant
-of rights under the License will not include, and the License
-does not grant to you, the right to Sell the Software.
+Licensor: Yann Stepienik
 
-For purposes of the foregoing, “Sell” means practicing any or
-all of the rights granted to you under the License to provide
-to third parties, for a fee or other consideration (including
-without limitation fees for hosting or consulting/ support
-services related to the Software), a product or service whose
-value derives, entirely or substantially, from the functionality
-of the Software. Any license notice or attribution required by
-the License must also include this Commons Clause License
-Condition notice.
+---------------------------------------------------------------------
 
-Software: Cosmos-Server
+      “Commons Clause” License Condition v1.0
 
-License: Apache 2.0 with Commons Clause
+      The Software is provided to you by the Licensor under the
+      License, as defined below, subject to the following condition.
 
-Licensor: Yann Stepienik
+      Without limiting other conditions in the License, the grant
+      of rights under the License will not include, and the License
+      does not grant to you, the right to Sell the Software.
 
+      For purposes of the foregoing, “Sell” means practicing any or
+      all of the rights granted to you under the License to provide
+      to third parties, for a fee or other consideration (including
+      without limitation fees for hosting or consulting/ support
+      services related to the Software), a product or service whose
+      value derives, entirely or substantially, from the functionality
+      of the Software. Any license notice or attribution required by
+      the License must also include this Commons Clause License
+      Condition notice.
 
 ---------------------------------------------------------------------
 
+      "Anti Tampering Clause” License Condition v1.0
+   
+      Notwithstanding any provision of the Apache License 2.0, if the User
+      (or any party receiving or distributing derivative works, services,
+      or anything of value from the User related to the Software), directly 
+      or indirectly, seeks to tamper with, alter, circumvent, or avoid
+      compliance with any subscription, paywall, feature restriction, or any 
+      other licensing mechanism built into the Software or its usage, the 
+      License granted under the Apache License 2.0 shall automatically and
+      immediately terminate, and access to the Software shall be withdrawn 
+      with immediate effect. Upon such termination, any and all rights 
+      established under the Apache License 2.0 shall be null and void.
+
+      Tampering includes but is not limited to: (a) removing, disabling,
+      or circumventing any license key or other copy protection mechanism,
+      (b) redistributing parts or all of a feature that was intended
+      to be a paid feature, without keeping the restrictions, limitations,
+      or other licensing mechanisms with it(c) disabling, circumventing, or
+      avoiding any feature of the Software that is intended to enforce usage or
+      copy restrictions, or (d) providing or distributing any information
+      or code that enables disabling, circumvention, or avoidance of any
+      feature of the Software that is intended to enforce usage or copy
+      restrictions.
+
+---------------------------------------------------------------------
 
                                  Apache License
                            Version 2.0, January 2004

changelog.md

@@ -7,6 +7,8 @@
  - Added Constellation
  - DNS Challenge is now used for all certificates when enabled
  - Rework headers for better compatibility
+ - Improve experience for non-admin users
+ - Fix bug with redirect on logout
  
 ## Version 0.9.20 - 0.9.21
  - Add option to disable CORS hardening (with empty value)

cla.md

@@ -2,7 +2,7 @@ Cosmos Software Grant and Contributor License Agreement (“Agreement”)
 
 This agreement is based on the Apache Software Foundation Contributor License Agreement. (v r190612)
 
-Thank you for your interest in software projects stewarded by Raintank, Inc. dba Cosmos (“Cosmos”). In order to clarify the intellectual property license granted with Contributions from any person or entity, Cosmos must have a Contributor License Agreement (CLA) on file that has been agreed to by each Contributor, indicating agreement to the license terms below. This license is for your protection as a Contributor as well as the protection of Cosmos and its users; it does not change your rights to use your own Contributions for any other purpose. This Agreement allows an individual to contribute to Cosmos on that individual’s own behalf, or an entity (the “Corporation”) to submit Contributions to Cosmos, to authorize Contributions submitted by its designated employees to Cosmos, and to grant copyright and patent licenses thereto.
+Thank you for your interest in  dba Cosmos (“Cosmos”). In order to clarify the intellectual property license granted with Contributions from any person or entity, Cosmos must have a Contributor License Agreement (CLA) on file that has been agreed to by each Contributor, indicating agreement to the license terms below. This license is for your protection as a Contributor as well as the protection of Cosmos and its users; it does not change your rights to use your own Contributions for any other purpose. This Agreement allows an individual to contribute to Cosmos on that individual’s own behalf, or an entity (the “Corporation”) to submit Contributions to Cosmos, to authorize Contributions submitted by its designated employees to Cosmos, and to grant copyright and patent licenses thereto.
 
 You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Cosmos. Except for the license granted herein to Cosmos and recipients of software distributed by Cosmos, You reserve all right, title, and interest in and to Your Contributions.
 

client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavGroup.jsx

@@ -47,7 +47,7 @@ const NavGroup = ({ item }) => {
             }
             sx={{ mb: drawerOpen ? 1.5 : 0, py: 0, zIndex: 0 }}
         >
-            {navCollapse}
+        {navCollapse}
         </List>
     );
 };

client/src/layout/MainLayout/Drawer/DrawerContent/Navigation/NavItem.jsx

@@ -9,6 +9,7 @@ import { Avatar, Chip, ListItemButton, ListItemIcon, ListItemText, Typography }
 
 // project import
 import { activeItem } from '../../../../../store/reducers/menu';
+import { useClientInfos } from '../../../../../utils/hooks';
 
 // ==============================|| NAVIGATION - LIST ITEM ||============================== //
 
@@ -17,6 +18,12 @@ const NavItem = ({ item, level }) => {
     const dispatch = useDispatch();
     const menu = useSelector((state) => state.menu);
     const { drawerOpen, openItem } = menu;
+    const {role} = useClientInfos();
+    const isAdmin = role === 1;
+
+    if (item.adminOnly && !isAdmin) {
+        return null;
+    }
 
     let itemTarget = '_self';
     if (item.target) {

client/src/menu-items/pages.jsx

@@ -20,7 +20,8 @@ const pages = {
             title: 'ServApps',
             type: 'item',
             url: '/cosmos-ui/servapps',
-            icon: AppstoreOutlined
+            icon: AppstoreOutlined,
+            adminOnly: true
         },
         {
             id: 'url',
@@ -43,6 +44,7 @@ const pages = {
             type: 'item',
             url: '/cosmos-ui/config-users',
             icon: icons.ProfileOutlined,
+            adminOnly: true
         },
         {
             id: 'openid',
@@ -50,6 +52,7 @@ const pages = {
             type: 'item',
             url: '/cosmos-ui/openid-manage',
             icon: PicLeftOutlined,
+            adminOnly: true
         },
         {
             id: 'config',

client/src/pages/authentication/Logoff.jsx

@@ -9,7 +9,7 @@ import AuthWrapper from './AuthWrapper';
 import { useEffect } from 'react';
 
 import * as API from '../../api';
-import { redirectTo } from '../../utils/indexs';
+import { redirectTo, redirectToLocal } from '../../utils/indexs';
 
 // ================================|| REGISTER ||================================ //
 

client/src/pages/config/users/configman.jsx

@@ -31,6 +31,7 @@ import { TwitterPicker
 
  // TODO: Remove circular deps
  import {SetPrimaryColor, SetSecondaryColor} from '../../../App';
+import { useClientInfos } from '../../../utils/hooks';
 
 const ConfigManagement = () => {
   const [config, setConfig] = React.useState(null);
@@ -38,6 +39,8 @@ const ConfigManagement = () => {
   const [openResartModal, setOpenRestartModal] = React.useState(false);
   const [uploadingBackground, setUploadingBackground] = React.useState(false);
   const [saveLabel, setSaveLabel] = React.useState("Save");
+  const {role} = useClientInfos();
+  const isAdmin = role === 1;
 
   function refresh() {
     API.config.get().then((res) => {
@@ -62,9 +65,9 @@ const ConfigManagement = () => {
           refresh();
       }}>Refresh</Button>
 
-      <Button variant="outlined" color="primary" startIcon={<SyncOutlined />} onClick={() => {
+      {isAdmin && <Button variant="outlined" color="primary" startIcon={<SyncOutlined />} onClick={() => {
           setOpenRestartModal(true);
-      }}>Restart Server</Button>
+      }}>Restart Server</Button>}
     </Stack>
     
     {config && <>
@@ -186,7 +189,7 @@ const ConfigManagement = () => {
         {(formik) => (
           <form noValidate onSubmit={formik.handleSubmit}>
             <Stack spacing={3}>
-            <MainCard>
+            {isAdmin && <MainCard>
                 {formik.errors.submit && (
                   <Grid item xs={12}>
                     <FormHelperText error>{formik.errors.submit}</FormHelperText>
@@ -205,7 +208,13 @@ const ConfigManagement = () => {
                       {saveLabel}
                     </LoadingButton>
                 </Grid>
-              </MainCard>
+              </MainCard>}
+
+              {!isAdmin && <div>
+                <Alert severity="warning">As you are not an admin, you can't edit the configuration.
+                This page is only here for visibility. 
+                </Alert>
+              </div>} 
 
               <MainCard title="General">
                 <Grid container spacing={3}>
@@ -331,6 +340,29 @@ const ConfigManagement = () => {
                           formik.setFieldValue('PrimaryColor', colorRGB);
                           SetPrimaryColor(colorRGB);
                         }}
+                        colors={[
+                          '#ab47bc',
+                          '#4527a0',
+                          '#FF6900',
+                          '#FCB900',
+                          '#7BDCB5',
+                          '#00D084',
+                          '#8ED1FC',
+                          '#0693E3',
+                          '#ABB8C3',
+                          '#EB144C',
+                          '#F78DA7',
+                          '#9900EF',
+                          '#FF0000',
+                          '#FFC0CB',
+                          '#20B2AA',
+                          '#FFFF00',
+                          '#8A2BE2',
+                          '#A52A2A',
+                          '#5F9EA0',
+                          '#7FFF00',
+                          '#D2691E' 
+                        ]}
                       />
                     </Stack>
                   </Grid>
@@ -346,6 +378,29 @@ const ConfigManagement = () => {
                           formik.setFieldValue('SecondaryColor', colorRGB);
                           SetSecondaryColor(colorRGB);
                         }}
+                        colors={[
+                          '#ab47bc',
+                          '#4527a0',
+                          '#FF6900',
+                          '#FCB900',
+                          '#7BDCB5',
+                          '#00D084',
+                          '#8ED1FC',
+                          '#0693E3',
+                          '#ABB8C3',
+                          '#EB144C',
+                          '#F78DA7',
+                          '#9900EF',
+                          '#FF0000',
+                          '#FFC0CB',
+                          '#20B2AA',
+                          '#FFFF00',
+                          '#8A2BE2',
+                          '#A52A2A',
+                          '#5F9EA0',
+                          '#7FFF00',
+                          '#D2691E' 
+                        ]}
                       />
                     </Stack>
                   </Grid>
@@ -627,7 +682,7 @@ const ConfigManagement = () => {
                 </Grid>
               </MainCard>
 
-              <MainCard>
+              {isAdmin && <MainCard>
                 {formik.errors.submit && (
                   <Grid item xs={12}>
                     <FormHelperText error>{formik.errors.submit}</FormHelperText>
@@ -646,7 +701,7 @@ const ConfigManagement = () => {
                       {saveLabel}
                     </LoadingButton>
                 </Grid>
-              </MainCard>
+              </MainCard>}
             </Stack>
           </form>
         )}

client/src/pages/constellation/addDevice.jsx

@@ -1,5 +1,5 @@
 // material-ui
-import { Alert, Button, Stack, TextField } from '@mui/material';
+import { Alert, Button, InputLabel, OutlinedInput, Stack, TextField } from '@mui/material';
 import Dialog from '@mui/material/Dialog';
 import DialogActions from '@mui/material/DialogActions';
 import DialogContent from '@mui/material/DialogContent';
@@ -15,6 +15,7 @@ import * as API from '../../api';
 import { CosmosCheckbox, CosmosFormDivider, CosmosInputText, CosmosSelect } from '../config/users/formShortcuts';
 import { DownloadFile } from '../../api/downloadButton';
 import QRCode from 'qrcode';
+import { useClientInfos } from '../../utils/hooks';
 
 const getDocker = (data, isCompose) => {
   let lighthouses = '';
@@ -73,10 +74,12 @@ docker run -d \\
 }
 
 
-const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => {
+const AddDeviceModal = ({ users, config, refreshConfig, devices }) => {
   const [openModal, setOpenModal] = useState(false);
   const [isDone, setIsDone] = useState(null);
   const canvasRef = React.useRef(null);
+  const {role, nickname} = useClientInfos();
+  const isAdmin = role === 1;
 
   let firstIP = "192.168.201.2/24";
   if (devices && devices.length > 0) { 
@@ -116,7 +119,7 @@ const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => {
     <Dialog open={openModal} onClose={() => setOpenModal(false)}>
       <Formik
         initialValues={{
-          nickname: users[0].nickname,
+          nickname: nickname,
           deviceName: '',
           ip: firstIP,
           publicKey: '',
@@ -197,7 +200,7 @@ const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => {
                     formik={formik}
                   />
                   {!formik.values.isLighthouse &&
-                    <CosmosSelect
+                    (isAdmin ? <CosmosSelect
                       name="nickname"
                       label="Owner"
                       formik={formik}
@@ -207,7 +210,17 @@ const AddDeviceModal = ({ users, config, isAdmin, refreshConfig, devices }) => {
                           return [u.nickname, u.nickname]
                         })
                       }
-                    />}
+                    /> : <>
+                      <InputLabel>Owner</InputLabel>
+                      <OutlinedInput
+                        fullWidth
+                        multiline
+                        value={nickname}
+                        variant="outlined"
+                        size="small"
+                        disabled
+                      />
+                    </>)}
 
                     <CosmosInputText
                       name="deviceName"

client/src/pages/constellation/dns.jsx

@@ -31,7 +31,6 @@ export const ConstellationDNS = () => {
   }, []);
 
   return <>
-    <IsLoggedIn />
     {(config) ? <>
       <Stack spacing={2} style={{maxWidth: "1000px"}}>
       <div>
@@ -40,8 +39,6 @@ export const ConstellationDNS = () => {
 
           <Formik
             initialValues={{
-              Enabled: config.ConstellationConfig.DNS,
-              Port: config.ConstellationConfig.DNSPort,
               Fallback: config.ConstellationConfig.DNSFallback,
               DNSBlockBlacklist: config.ConstellationConfig.DNSBlockBlacklist,
               DNSAdditionalBlocklists: config.ConstellationConfig.DNSAdditionalBlocklists,
@@ -49,8 +46,6 @@ export const ConstellationDNS = () => {
             }}
             onSubmit={(values) => {
               let newConfig = { ...config };
-              newConfig.ConstellationConfig.DNS = values.Enabled;
-              newConfig.ConstellationConfig.DNSPort = values.Port;
               newConfig.ConstellationConfig.DNSFallback = values.Fallback;
               newConfig.ConstellationConfig.DNSBlockBlacklist = values.DNSBlockBlacklist;
               newConfig.ConstellationConfig.DNSAdditionalBlocklists = values.DNSAdditionalBlocklists;
@@ -62,14 +57,19 @@ export const ConstellationDNS = () => {
             {(formik) => (
               <form onSubmit={formik.handleSubmit}>
                 <Stack spacing={2}>        
-                  <CosmosCheckbox formik={formik} name="Enabled" label="Constellation DNS Server Enabled" />
-                  <CosmosInputText formik={formik} name="Port" label="DNS Port" />
+                  <Alert severity="info">This is a DNS that runs inside your Constellation network. It automatically
+                  rewrites your domains DNS entries to be local to your network, and also allows you to do things like block ads
+                  and trackers on all devices connected to your network. You can also add custom DNS entries to resolve to specific
+                  IP addresses. This DNS server is only accessible from inside your network.</Alert>
+
                   <CosmosInputText formik={formik} name="Fallback" label="DNS Fallback" placeholder={'8.8.8.8:53'} />
                   
                   <CosmosFormDivider title={"DNS Blocklists"} />
 
                   <CosmosCheckbox formik={formik} name="DNSBlockBlacklist" label="Use Blacklists to block domains" />
 
+                  <Alert severity="warning">When changing your DNS records, always use private mode on your browser and allow some times for various caches to expire.</Alert>
+
                   <InputLabel>DNS Blocklist URLs</InputLabel>
                   {formik.values.DNSAdditionalBlocklists.map((item, index) => (
                     <Stack direction={"row"} spacing={2} key={`DNSAdditionalBlocklists${item}`} width={"100%"}>

client/src/pages/constellation/index.jsx

@@ -1,6 +1,6 @@
 import * as React from 'react';
 import MainCard from '../../components/MainCard';
-import { Chip, Divider, Stack, useMediaQuery } from '@mui/material';
+import { Alert, Chip, Divider, Stack, useMediaQuery } from '@mui/material';
 import HostChip from '../../components/hostChip';
 import { RouteMode, RouteSecurity } from '../../components/routeComponents';
 import { getFaviconURL } from '../../utils/routes';
@@ -8,12 +8,16 @@ import * as API from '../../api';
 import { CheckOutlined, ClockCircleOutlined, DashboardOutlined, DeleteOutlined, DownOutlined, LockOutlined, UpOutlined } from "@ant-design/icons";
 import IsLoggedIn from '../../isLoggedIn';
 import PrettyTabbedView from '../../components/tabbedView/tabbedView';
+import { useClientInfos } from '../../utils/hooks';
 
 import { ConstellationVPN } from './vpn';
 import { ConstellationDNS } from './dns';
 
 const ConstellationIndex = () => {
-  return <div>
+  const {role} = useClientInfos();
+  const isAdmin = role === 1;
+
+  return isAdmin ? <div>
     <IsLoggedIn />
     
     <PrettyTabbedView path="/cosmos-ui/constellation/:tab" tabs={[
@@ -27,9 +31,27 @@ const ConstellationIndex = () => {
           children: <ConstellationDNS />,
           path: 'dns'
         },
+        {
+          title: 'Firewall',
+          children: <div>
+            <Alert severity="info">
+              Coming soon. This feature will allow you to open and close ports individually
+              on each device and decide who can access them.
+            </Alert>
+          </div>,
+        },
+        {
+          title: 'Unsafe Routes',
+          children: <div>
+            <Alert severity="info">
+              Coming soon. This feature will allow you to tunnel your traffic through
+              your devices to things outside of your constellation.
+            </Alert>
+          </div>,
+        }
       ]}/>
 
-  </div>;
+  </div> : <ConstellationVPN />;
 }
 
 export default ConstellationIndex;

client/src/pages/constellation/vpn.jsx

@@ -15,6 +15,7 @@ import ApiModal from "../../components/apiModal";
 import { isDomain } from "../../utils/indexs";
 import ConfirmModal from "../../components/confirmModal";
 import UploadButtons from "../../components/fileUpload";
+import { useClientInfos } from "../../utils/hooks";
 
 const getDefaultConstellationHostname = (config) => {
   // if domain is set, use it
@@ -26,17 +27,20 @@ const getDefaultConstellationHostname = (config) => {
 }
 
 export const ConstellationVPN = () => {
-  const [isAdmin, setIsAdmin] = useState(false);
   const [config, setConfig] = useState(null);
   const [users, setUsers] = useState(null);
   const [devices, setDevices] = useState(null);
+  const {role} = useClientInfos();
+  const isAdmin = role === 1;
 
   const refreshConfig = async () => {
     let configAsync = await API.config.get();
     setConfig(configAsync.data);
-    setIsAdmin(configAsync.isAdmin);
     setDevices((await API.constellation.list()).data || []);
-    setUsers((await API.users.list()).data || []);
+    if(isAdmin)
+      setUsers((await API.users.list()).data || []);
+    else 
+      setUsers([]);
   };
 
   useEffect(() => {
@@ -61,7 +65,6 @@ export const ConstellationVPN = () => {
   }
 
   return <>
-    <IsLoggedIn />
     {(devices && config && users) ? <>
       <Stack spacing={2} style={{maxWidth: "1000px"}}>
       <div>
@@ -160,7 +163,7 @@ export const ConstellationVPN = () => {
           data={devices.filter((d) => !d.blocked)}
           getKey={(r) => r.deviceName}
           buttons={[
-            <AddDeviceModal isAdmin={isAdmin} users={users} config={config} refreshConfig={refreshConfig} devices={devices} />,
+            <AddDeviceModal users={users} config={config} refreshConfig={refreshConfig} devices={devices}/>,
           ]}
           columns={[
               {

client/src/pages/home/index.jsx

@@ -12,6 +12,7 @@ import { getFullOrigin } from "../../utils/routes";
 import IsLoggedIn from "../../isLoggedIn";
 import { ServAppIcon } from "../../utils/servapp-icon";
 import Chart from 'react-apexcharts';
+import { useClientInfos } from "../../utils/hooks";
 
 
 export const HomeBackground = () => {
@@ -87,6 +88,8 @@ const HomePage = () => {
     const theme = useTheme();
     const isDark = theme.palette.mode === 'dark';
     const isMd = useMediaQuery(theme.breakpoints.up('md'));
+    const {role} = useClientInfos();
+    const isAdmin = role === 1;
 
     const blockStyle = {
         margin: 0,
@@ -112,9 +115,13 @@ const HomePage = () => {
     }
 
     const refreshConfig = () => {
-        API.docker.list().then((res) => {
-            setServApps(res.data);
-        });
+        if(isAdmin) {
+            API.docker.list().then((res) => {
+                setServApps(res.data);
+            });
+        } else {
+            setServApps([]);
+        }
         API.config.get().then((res) => {
             setConfig(res.data);
         });
@@ -213,20 +220,20 @@ const HomePage = () => {
         <HomeBackground status={coStatus} />
         <TransparentHeader />
         <Stack style={{ zIndex: 2 }} spacing={1}>
-            {coStatus && !coStatus.database && (
+            {isAdmin && coStatus && !coStatus.database && (
                 <Alert severity="error">
                     No Database is setup for Cosmos! User Management and Authentication will not work.<br />
                     You can either setup the database, or disable user management in the configuration panel.<br />
                 </Alert>
             )}
 
-            {coStatus && coStatus.letsencrypt && (
+            {isAdmin && coStatus && coStatus.letsencrypt && (
                 <Alert severity="error">
                     You have enabled Let's Encrypt for automatic HTTPS Certificate. You need to provide the configuration with an email address to use for Let's Encrypt in the configs.
                 </Alert>
             )}
 
-            {coStatus && coStatus.LetsEncryptErrors && coStatus.LetsEncryptErrors.length > 0 && (
+            {isAdmin && coStatus && coStatus.LetsEncryptErrors && coStatus.LetsEncryptErrors.length > 0 && (
                 <Alert severity="error">
                     There are errors with your Let's Encrypt configuration or one of your routes, please fix them as soon as possible:
                     {coStatus.LetsEncryptErrors.map((err) => {
@@ -235,25 +242,25 @@ const HomePage = () => {
                 </Alert>
             )}
 
-            {coStatus && coStatus.newVersionAvailable && (
+            {isAdmin && coStatus && coStatus.newVersionAvailable && (
                 <Alert severity="warning">
                     A new version of Cosmos is available! Please update to the latest version to get the latest features and bug fixes.
                 </Alert>
             )}
 
-            {coStatus && coStatus.needsRestart && (
+            {isAdmin && coStatus && coStatus.needsRestart && (
                 <Alert severity="warning">
                     You have made changes to the configuration that require a restart to take effect. Please restart Cosmos to apply the changes.
                 </Alert>
             )}
 
-            {coStatus && coStatus.domain && (
+            {isAdmin && coStatus && coStatus.domain && (
                 <Alert severity="error">
                     You are using localhost or 0.0.0.0 as a hostname in the configuration. It is recommended that you use a domain name or an IP instead.
                 </Alert>
             )}
 
-            {coStatus && !coStatus.docker && (
+            {isAdmin && coStatus && !coStatus.docker && (
                 <Alert severity="error">
                     Docker is not connected! Please check your docker connection.<br />
                     Did you forget to add <pre>-v /var/run/docker.sock:/var/run/docker.sock</pre> to your docker run command?<br />

client/src/pages/market/listing.jsx

@@ -12,6 +12,7 @@ import { Link as LinkMUI } from '@mui/material'
 import DockerComposeImport from '../servapps/containers/docker-compose';
 import { AppstoreAddOutlined, SearchOutlined } from "@ant-design/icons";
 import ResponsiveButton from "../../components/responseiveButton";
+import { useClientInfos } from "../../utils/hooks";
 
 function Screenshots({ screenshots }) {
   return screenshots.length > 1 ? (
@@ -23,17 +24,17 @@ function Screenshots({ screenshots }) {
     : <img src={screenshots[0]} style={{ maxHeight: '300px', height: '100%', maxWidth: '100%' }} />
 }
 
-function Showcases({ showcase, isDark }) {
+function Showcases({ showcase, isDark, isAdmin }) {
   return (
     <Carousel animation="slide" navButtonsAlwaysVisible={false} fullHeightHover="true" swipe={false}>
       {
-        showcase.map((item, i) => <ShowcasesItem isDark={isDark} key={i} item={item} />)
+        showcase.map((item, i) => <ShowcasesItem isDark={isDark} key={i} item={item} isAdmin={isAdmin} />)
       }
     </Carousel>
   )
 }
 
-function ShowcasesItem({ isDark, item }) {
+function ShowcasesItem({ isDark, item, isAdmin }) {
   return (
     <Paper style={{
       position: 'relative',
@@ -68,9 +69,9 @@ function ShowcasesItem({ isDark, item }) {
             overflow: 'hidden',
           }}></p>
           <Stack direction="row" spacing={2} justifyContent="flex-start">
-            <div>
+            {isAdmin && <div>
               <DockerComposeImport installerInit defaultName={item.name} dockerComposeInit={item.compose} />
-            </div>
+            </div>}
             <Link to={"/cosmos-ui/market-listing/cosmos-cloud/" + item.name} style={{
               textDecoration: 'none',
             }}>
@@ -110,6 +111,8 @@ const MarketPage = () => {
   const isDark = theme.palette.mode === 'dark';
   const { appName, appStore } = useParams();
   const [search, setSearch] = useState("");
+  const {role} = useClientInfos();
+  const isAdmin = role === 1;
 
   const backgroundStyle = isDark ? {
     backgroundColor: 'rgb(0,0,0)',
@@ -178,7 +181,7 @@ const MarketPage = () => {
           </Link>
 
           <div style={{ textAlign: 'center' }}>
-            <Screenshots screenshots={openedApp.screenshots} />
+            <Screenshots screenshots={openedApp.screenshots} isAdmin={isAdmin}/>
           </div>
 
           <Stack direction="row" spacing={2}>
@@ -202,9 +205,9 @@ const MarketPage = () => {
 
           <div dangerouslySetInnerHTML={{ __html: openedApp.longDescription }}></div>
 
-          <div>
+          {isAdmin && <div>
             <DockerComposeImport installerInit defaultName={openedApp.name} dockerComposeInit={openedApp.compose} />
-          </div>
+          </div>}
         </Stack>
       </Stack>
     </Box>}
@@ -223,7 +226,7 @@ const MarketPage = () => {
             size={100}
           />
         </Box>}
-        {showcase && showcase.length > 0 && <Showcases showcase={showcase} isDark={isDark} />}
+        {showcase && showcase.length > 0 && <Showcases showcase={showcase} isDark={isDark} isAdmin={isAdmin} />}
       </Stack>
 
       <Stack spacing={1} style={{

client/src/utils/hooks.js

@@ -0,0 +1,26 @@
+import React from 'react';
+import { useCookies } from 'react-cookie';
+import { logout } from '../api/authentication';
+
+function useClientInfos() {
+  const [cookies] = useCookies(['client-infos']);
+  
+  let clientInfos = null;
+  
+  try {
+    // Try to parse the cookie into a JavaScript object
+    clientInfos = cookies['client-infos'].split(',');
+  } catch (error) {
+    console.error('Error parsing client-infos cookie:', error);
+    logout();
+  }
+  
+  return {
+    nickname: clientInfos[0],
+    role: clientInfos[1]
+  };
+}
+
+export {
+  useClientInfos
+};

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "cosmos-server",
-  "version": "0.8.3",
+  "version": "0.10.0-unstable16",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "cosmos-server",
-      "version": "0.8.3",
+      "version": "0.10.0-unstable16",
       "dependencies": {
         "@ant-design/colors": "^6.0.0",
         "@ant-design/icons": "^4.7.0",
@@ -36,6 +36,7 @@
         "react": "^18.2.0",
         "react-apexcharts": "^1.4.0",
         "react-color": "^2.19.3",
+        "react-cookie": "^6.1.1",
         "react-copy-to-clipboard": "^5.1.0",
         "react-device-detect": "^2.2.2",
         "react-dom": "^18.2.0",
@@ -3708,6 +3709,11 @@
       "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.1.tgz",
       "integrity": "sha512-XTIieEY+gvJ39ChLcB4If5zHtPxt3Syj5rgZR+e1ctpmK8NjPf0zFqsz4JpLJT0xla9GFDKjy8Cpu331nrmE1Q=="
     },
+    "node_modules/@types/cookie": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.5.2.tgz",
+      "integrity": "sha512-DBpRoJGKJZn7RY92dPrgoMew8xCWc2P71beqsjyhEI/Ds9mOyVmBwtekyfhpwFIVt1WrxTonFifiOZ62V8CnNA=="
+    },
     "node_modules/@types/hast": {
       "version": "2.3.4",
       "resolved": "https://registry.npmjs.org/@types/hast/-/hast-2.3.4.tgz",
@@ -8900,6 +8906,19 @@
         "react": "*"
       }
     },
+    "node_modules/react-cookie": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/react-cookie/-/react-cookie-6.1.1.tgz",
+      "integrity": "sha512-fuFRpf8LH6SfmVMowDUIRywJF5jAUDUWrm0EI5VdXfTl5bPcJ7B0zWbuYpT0Tvikx7Gs18MlvAT+P+744dUz2g==",
+      "dependencies": {
+        "@types/hoist-non-react-statics": "^3.3.1",
+        "hoist-non-react-statics": "^3.3.2",
+        "universal-cookie": "^6.0.0"
+      },
+      "peerDependencies": {
+        "react": ">= 16.3.0"
+      }
+    },
     "node_modules/react-copy-to-clipboard": {
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/react-copy-to-clipboard/-/react-copy-to-clipboard-5.1.0.tgz",
@@ -10368,6 +10387,15 @@
         "node": ">=4"
       }
     },
+    "node_modules/universal-cookie": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/universal-cookie/-/universal-cookie-6.1.1.tgz",
+      "integrity": "sha512-33S9x3CpdUnnjwTNs2Fgc41WGve2tdLtvaK2kPSbZRc5pGpz2vQFbRWMxlATsxNNe/Cy8SzmnmbuBM85jpZPtA==",
+      "dependencies": {
+        "@types/cookie": "^0.5.1",
+        "cookie": "^0.5.0"
+      }
+    },
     "node_modules/unpipe": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.10.0-unstable16",
+  "version": "0.10.0-unstable17",
   "description": "",
   "main": "test-server.js",
   "bugs": {
@@ -36,6 +36,7 @@
     "react": "^18.2.0",
     "react-apexcharts": "^1.4.0",
     "react-color": "^2.19.3",
+    "react-cookie": "^6.1.1",
     "react-copy-to-clipboard": "^5.1.0",
     "react-device-detect": "^2.2.2",
     "react-dom": "^18.2.0",

src/constellation/DNS.go

@@ -176,7 +176,7 @@ func InitDNS() {
 		utils.Log("Loaded " + strconv.Itoa(len(DNSBlacklist)) + " domains")
 	}
 
-	if(config.ConstellationConfig.DNS) {
+	if(!config.ConstellationConfig.DNSDisabled) {
 		go (func() {
 			dns.HandleFunc(".", handleDNSRequest)
 			server := &dns.Server{Addr: ":" + DNSPort, Net: "udp"}

src/constellation/api_devices_block.go

@@ -39,6 +39,8 @@ func DeviceBlock(w http.ResponseWriter, req *http.Request) {
 			return
 		}
 
+		utils.Log("ConstellationDeviceBlocking: Blocking Device " + deviceName)
+
 		c, errCo := utils.GetCollection(utils.GetRootAppId(), "devices")
 		if errCo != nil {
 				utils.Error("Database Connect", errCo)

src/constellation/api_devices_config.go

@@ -0,0 +1,41 @@
+package constellation
+
+// import (
+// 	"net/http"
+// 	"encoding/json"
+// 	"math/rand"
+// 	"time"
+// 	"net"
+	
+// 	"github.com/azukaar/cosmos-server/src/utils" 
+// )
+
+// func DeviceConfig(w http.ResponseWriter, req *http.Request) {
+// 	time.Sleep(time.Duration(rand.Float64()*2)*time.Second)
+
+// 	if(req.Method == "GET") {
+
+// 		ip, _, err := net.SplitHostPort(req.RemoteAddr)
+// 		if err != nil {
+// 			http.Error(w, "Invalid request", http.StatusBadRequest)
+// 			return
+// 		}
+
+// 		// get authorization header
+// 		auth := req.Header.Get("Authorization")
+// 		if auth == "" {
+// 			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+// 			return
+// 		}
+
+// 		// remove "Bearer " from auth header
+// 		auth = strings.Replace(auth, "Bearer ", "", 1)
+
+		
+
+// 	} else {
+// 		utils.Error("DeviceConfig: Method not allowed" + req.Method, nil)
+// 		utils.HTTPError(w, "Method not allowed", http.StatusMethodNotAllowed, "HTTP001")
+// 		return
+// 	}
+// }

src/constellation/api_devices_create.go

@@ -44,11 +44,14 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) {
 		
 		nickname := utils.Sanitize(request.Nickname)
 		deviceName := utils.Sanitize(request.DeviceName)
+		APIKey := utils.GenerateRandomString(32)
 		
 		if utils.AdminOrItselfOnly(w, req, nickname) != nil {
 			return
 		}
 
+		utils.Log("ConstellationDeviceCreation: Creating Device " + deviceName)
+
 		c, errCo := utils.GetCollection(utils.GetRootAppId(), "devices")
 		if errCo != nil {
 				utils.Error("Database Connect", errCo)
@@ -100,6 +103,8 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) {
 				"PublicHostname": request.PublicHostname,
 				"Port": request.Port,
 				"Fingerprint": fingerprint,
+				"APIKey": APIKey,
+				"Blocked": false,
 			})
 
 			if err3 != nil {
@@ -123,7 +128,7 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) {
 			}
 			
 			// read configYml from config/nebula.yml
-			configYml, err := getYAMLClientConfig(deviceName, utils.CONFIGFOLDER + "nebula.yml", capki, cert, key, utils.ConstellationDevice{
+			configYml, err := getYAMLClientConfig(deviceName, utils.CONFIGFOLDER + "nebula.yml", capki, cert, key, APIKey, utils.ConstellationDevice{
 				Nickname: nickname,
 				DeviceName: deviceName,
 				PublicKey: key,
@@ -132,6 +137,7 @@ func DeviceCreate(w http.ResponseWriter, req *http.Request) {
 				IsRelay: request.IsRelay,
 				PublicHostname: request.PublicHostname,
 				Port: request.Port,
+				APIKey: APIKey,
 			})
 
 			if err != nil {

src/constellation/api_nebula_connect.go

@@ -26,7 +26,7 @@ func API_ConnectToExisting(w http.ResponseWriter, req *http.Request) {
 		config := utils.ReadConfigFromFile()
 		config.ConstellationConfig.Enabled = true
 		config.ConstellationConfig.SlaveMode = true
-		config.ConstellationConfig.DNS = false
+		config.ConstellationConfig.DNSDisabled = false
 		// ConstellationHostname = 
 
 		// output utils.CONFIGFOLDER + "nebula.yml"

src/constellation/nebula.go

@@ -235,7 +235,7 @@ func ExportConfigToYAML(overwriteConfig utils.ConstellationConfig, outputPath st
 	return nil
 }
 
-func getYAMLClientConfig(name, configPath, capki, cert, key string, device utils.ConstellationDevice) (string, error) {
+func getYAMLClientConfig(name, configPath, capki, cert, key, APIKey string, device utils.ConstellationDevice) (string, error) {
 	utils.Log("Exporting YAML config for " + name + " with file " + configPath)
 
 	// Read the YAML config file
@@ -321,9 +321,11 @@ func getYAMLClientConfig(name, configPath, capki, cert, key string, device utils
 		return "", errors.New("listen not found in nebula.yml")
 	}
 
-	configMap["deviceName"] = name
-	configMap["local_dns_overwrite"] = "192.168.201.1"
-	configMap["public_hostname"] = device.PublicHostname
+	configMap["constellation_device_name"] = name
+	configMap["constellation_local_dns_overwrite"] = true
+	configMap["constellation_local_dns_overwrite_address"] = "192.168.201.1"
+	configMap["constellation_public_hostname"] = device.PublicHostname
+	configMap["constellation_api_key"] = APIKey
 
 	// export configMap as YML
 	yamlData, err = yaml.Marshal(configMap)

src/market/index.go

@@ -12,7 +12,7 @@ type marketGetResult struct {
 }
 
 func MarketGet(w http.ResponseWriter, req *http.Request) {
-	if utils.AdminOnly(w, req) != nil {
+	if utils.LoggedInOnly(w, req) != nil {
 		return
 	}
 
@@ -22,7 +22,6 @@ func MarketGet(w http.ResponseWriter, req *http.Request) {
 			return
 		}
 		
-		// return the first 10 results of each market
 		marketGetResult := marketGetResult{
 			All: make(map[string]interface{}),
 			Showcase: []appDefinition{},

src/user/token.go

@@ -5,6 +5,7 @@ import (
 	"github.com/azukaar/cosmos-server/src/utils"
 	"github.com/golang-jwt/jwt"
 	"errors"
+	"strconv"
 	"strings"
 	"time"
 	"encoding/json"
@@ -189,13 +190,25 @@ func logOutUser(w http.ResponseWriter, req *http.Request) {
 		HttpOnly: true,
 	}
 
+	clientCookie := http.Cookie{
+		Name: "client-infos",
+		Value: "{}",
+		Expires: time.Now().Add(-time.Hour * 24 * 365),
+		Path: "/",
+		Secure: utils.IsHTTPS,
+		HttpOnly: false,
+	}
+
 	if reqHostNoPort == "localhost" || reqHostNoPort == "0.0.0.0" {
 		cookie.Domain = ""
+		clientCookie.Domain = ""
 	} else {
 		cookie.Domain = "." + reqHostNoPort
+		clientCookie.Domain = "." + reqHostNoPort
 	}
 
 	http.SetCookie(w, &cookie)
+	http.SetCookie(w, &clientCookie)
 
 	// TODO: logout every other device if asked by increasing passwordcycle
 }
@@ -254,13 +267,24 @@ func SendUserToken(w http.ResponseWriter, req *http.Request, user utils.User, mf
 		HttpOnly: true,
 	}
 
+	clientCookie := http.Cookie{
+		Name: "client-infos",
+		Value: user.Nickname + "," + strconv.Itoa(int(user.Role)),
+		Expires: expiration,
+		Path: "/",
+		Secure: utils.IsHTTPS,
+		HttpOnly: false,
+	}
+
 	utils.Log("UserLogin: Setting cookie for " + reqHostNoPort)
 
 	if reqHostNoPort == "localhost" || reqHostNoPort == "0.0.0.0" {
 		cookie.Domain = ""
+		clientCookie.Domain = ""
 	} else {
 		if utils.IsValidHostname(reqHostNoPort) {
 			cookie.Domain = "." + reqHostNoPort
+			clientCookie.Domain = "." + reqHostNoPort
 		} else {
 			utils.Error("UserLogin: Invalid hostname", nil)
 			utils.HTTPError(w, "User Logging Error", http.StatusInternalServerError, "UL001")
@@ -269,4 +293,5 @@ func SendUserToken(w http.ResponseWriter, req *http.Request, user utils.User, mf
 	}
 
 	http.SetCookie(w, &cookie)
+	http.SetCookie(w, &clientCookie)
 }

src/utils/types.go

@@ -213,7 +213,7 @@ type ConstellationConfig struct {
 	Enabled bool
 	SlaveMode bool
 	PrivateNode bool
-	DNS bool
+	DNSDisabled bool
 	DNSPort string
 	DNSFallback string
 	DNSBlockBlacklist bool
@@ -239,6 +239,7 @@ type ConstellationDevice struct {
 	Port string `json:"port"`
 	Blocked bool `json:"blocked"`
 	Fingerprint string `json:"fingerprint"`
+	APIKey string `json:"-"`
 }
 
 type NebulaFirewallRule struct {

src/utils/utils.go

@@ -64,7 +64,7 @@ var DefaultConfig = Config{
 	},
   ConstellationConfig: ConstellationConfig{
     Enabled: false,
-		DNS: true,
+		DNSDisabled: false,
 		DNSFallback: "8.8.8.8:53",
 		DNSAdditionalBlocklists: []string{
 			"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",