From dc06d8aa906c17fa959e5f1eac19b7180290de34 Mon Sep 17 00:00:00 2001 From: Robert Richter Date: Sat, 13 Jun 2020 17:31:01 +0200 Subject: [PATCH] update Sa 13. Jun 17:31:01 CEST 2020 --- server/api.js | 6 +++--- server/app_cfg.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/api.js b/server/api.js index 4e5c068..8958964 100755 --- a/server/api.js +++ b/server/api.js @@ -20,12 +20,12 @@ module.exports = function (io, sql, app_cfg, waip) { var remote_ip = socket.handshake.headers["x-real-ip"] || socket.handshake.headers['x-forwarded-for'] || socket.request.connection.remoteAddress; // FIXME zulassen, aber nichts senden, ist besser - // Remote-Verbindung nur zulassen, wenn IP in Access-List - if (!app_cfg.api.access_list.includes(remote_ip);) { + // Remote-Verbindung nur zulassen, wenn IP in Access-List, und Access-List ueberhaupt befuellt + if (!app_cfg.api.access_list.includes(remote_ip) && app_cfg.api.access_list.length > 0) { socket.close(); sql.db_log('API', 'Verbindung von ' + remote_ip + ' geschlossen, da nicht in Zugangsliste.'); }; - + //TODO API: Eingehende Verbindung nur mit passendem Geheimnis zulassen, das Ergebnis loggen // in Liste der Clients mit aufnehmen diff --git a/server/app_cfg.js b/server/app_cfg.js index 4e30eca..2bd2083 100644 --- a/server/app_cfg.js +++ b/server/app_cfg.js @@ -60,10 +60,10 @@ app_cfg.filter = { // FIXME in api rausfiltern send_missiontype: ['Brandeinsatz', 'Hilfeleistung'], send_missiondata: ['uuid', 'nummer', 'alarmzeit', 'art', 'stichwort', 'sondersignal', 'ort', 'ortsteil', 'wgs84_area'], - send_resourcedata: ['*'], + send_resourcedata: [], receive_missiontype: ['Brandeinsatz', 'Hilfeleistung'], receive_missiondata: ['uuid', 'nummer', 'alarmzeit', 'art', 'stichwort', 'sondersignal', 'ort', 'ortsteil', 'wgs84_area'], - receive_resourcedata: ['*'], + receive_resourcedata: [], }; module.exports = app_cfg; \ No newline at end of file