plugins/clnrest: Update Websocket server to dynamically add CORS sett…

…ings Changelog-Added: New configurable Cross-Origin-Resource-Sharing(CSP) header for clnrest
ElementsProject · Sep 19, 2023 · eca3a33 · eca3a33
1 parent f0edc87
commit eca3a33
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/plugins/clnrest/clnrest.py b/plugins/clnrest/clnrest.py
@@ -3,6 +3,8 @@
 try:
     import sys
     import os
+    import re
+    import ssl
     import time
     import multiprocessing
     from gunicorn import glogging  # noqa: F401
@@ -30,9 +32,25 @@
 
 multiprocessing.set_start_method('fork')
 
+
+def check_origin(origin):
+    from utilities.shared import REST_CORS_ORIGINS
+    is_whitelisted = False
+    if REST_CORS_ORIGINS[0] == "*":
+        is_whitelisted = True
+    else:
+        for whitelisted_origin in REST_CORS_ORIGINS:
+            try:
+                does_match = bool(re.compile(whitelisted_origin).match(origin))
+                is_whitelisted = is_whitelisted or does_match
+            except Exception as err:
+                plugin.log(f"Error from rest-cors-origin {whitelisted_origin} match with {origin}: {err}", "info")
+    return is_whitelisted
+
+
 jobs = {}
 app = Flask(__name__)
-socketio = SocketIO(app, async_mode="gevent", cors_allowed_origins="*")
+socketio = SocketIO(app, async_mode="gevent", cors_allowed_origins=check_origin)
 msgq = Queue()
 
 
@@ -82,7 +100,7 @@ def ws_connect():
 def create_app():
     from utilities.shared import REST_CORS_ORIGINS
     global app
-    app.config['SECRET_KEY'] = os.urandom(24).hex()
+    app.config["SECRET_KEY"] = os.urandom(24).hex()
     authorizations = {
         "rune": {"type": "apiKey", "in": "header", "name": "Rune"}
     }
@@ -124,6 +142,7 @@ def set_application_options(plugin):
             "loglevel": "warning",
             "certfile": f"{CERTS_PATH}/client.pem",
             "keyfile": f"{CERTS_PATH}/client-key.pem",
+            "ssl_version": ssl.PROTOCOL_TLSv1_2
         }
     return options
 

diff --git a/plugins/clnrest/utilities/rpc_routes.py b/plugins/clnrest/utilities/rpc_routes.py
@@ -44,7 +44,7 @@ def post(self, rpc_method):
                 raise Exception(is_valid_rune)
 
         except Exception as err:
-            return json5.loads(str(err)), 403
+            return json5.loads(str(err)), 401
 
         try:
             if request.is_json: