cosmo/XIVLauncherRemoteOTP
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add configurable firewall host IP for firewall command generation

Browse source
This commit is contained in:
CPTN Cosmo 2026-04-18 16:48:41 +02:00
parent 340f8e5bef
commit f57d2fc6be
4 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.env.example
View file

@ -8,3 +8,7 @@ ENCRYPTION_KEY=CHANGE_ME_TO_A_VALID_FERNET_KEY
# The local port that the web interface will bind to # The local port that the web interface will bind to
WEB_PORT=8814 WEB_PORT=8814
# Optional: The IP address or hostname of this Docker host to show in the Firewall Helper.
# If not set, the hostname used to access the web interface will be used.
# FIREWALL_HOST_IP=192.168.1.100

1
docker-compose.yml
View file

@ -12,4 +12,5 @@ services:
- WEB_PASSWORD=${WEB_PASSWORD:-admin} - WEB_PASSWORD=${WEB_PASSWORD:-admin}
# Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" # Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
- ENCRYPTION_KEY=${ENCRYPTION_KEY:-CHANGE_ME_TO_A_VALID_FERNET_KEY} - ENCRYPTION_KEY=${ENCRYPTION_KEY:-CHANGE_ME_TO_A_VALID_FERNET_KEY}
- FIREWALL_HOST_IP=${FIREWALL_HOST_IP:-}
restart: unless-stopped restart: unless-stopped

5
main.py
View file

@ -15,6 +15,7 @@ from cryptography.fernet import Fernet
WEB_PASSWORD = os.getenv("WEB_PASSWORD", "admin") WEB_PASSWORD = os.getenv("WEB_PASSWORD", "admin")
ENCRYPTION_KEY = os.getenv("ENCRYPTION_KEY") ENCRYPTION_KEY = os.getenv("ENCRYPTION_KEY")
FIREWALL_HOST_IP = os.getenv("FIREWALL_HOST_IP")
DB_PATH = "data/instances.db" DB_PATH = "data/instances.db"
if not ENCRYPTION_KEY or ENCRYPTION_KEY == "CHANGE_ME_TO_A_VALID_FERNET_KEY": if not ENCRYPTION_KEY or ENCRYPTION_KEY == "CHANGE_ME_TO_A_VALID_FERNET_KEY":
@ -166,6 +167,10 @@ def create_instance(inst: InstanceCreate):
conn.close() conn.close()
return {"status": "ok"} return {"status": "ok"}
@app.get("/api/config")
def get_config():
return {"firewall_host_ip": FIREWALL_HOST_IP}
@app.delete("/api/instances/{id}") @app.delete("/api/instances/{id}")
def delete_instance(id: int): def delete_instance(id: int):
conn = sqlite3.connect(DB_PATH) conn = sqlite3.connect(DB_PATH)

19
static/app.js
View file

@ -6,14 +6,31 @@ document.addEventListener('DOMContentLoaded', () => {
const ufwCmd = document.getElementById('ufw-cmd'); const ufwCmd = document.getElementById('ufw-cmd');
const iptablesCmd = document.getElementById('iptables-cmd'); const iptablesCmd = document.getElementById('iptables-cmd');
let config = { firewall_host_ip: null };
const updateFirewallCmds = () => { const updateFirewallCmds = () => {
const port = portInput.value || '4646'; const port = portInput.value || '4646';
const hostIp = window.location.hostname; const hostIp = config.firewall_host_ip || window.location.hostname;
ufwCmd.textContent = `sudo ufw allow from ${hostIp} to any port ${port} proto tcp`; ufwCmd.textContent = `sudo ufw allow from ${hostIp} to any port ${port} proto tcp`;
iptablesCmd.textContent = `sudo iptables -I INPUT -p tcp -s ${hostIp} --dport ${port} -j ACCEPT`; iptablesCmd.textContent = `sudo iptables -I INPUT -p tcp -s ${hostIp} --dport ${port} -j ACCEPT`;
}; };
const fetchConfig = async () => {
try {
const res = await fetch('/api/config');
if (res.ok) {
config = await res.json();
updateFirewallCmds();
}
} catch (e) {
console.error('Failed to fetch config:', e);
}
};
portInput.addEventListener('input', updateFirewallCmds); portInput.addEventListener('input', updateFirewallCmds);
// Initial fetch of config and instances
fetchConfig();
updateFirewallCmds(); updateFirewallCmds();
const fetchInstances = async () => { const fetchInstances = async () => {