From 48add9dc896cca14eebc8ed302266a3b2ad942a9 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 26 May 2023 18:59:54 +0500 Subject: [PATCH] Add the ability to enable request filtering agent (#628) --- README.md | 2 ++ run-document-server.sh | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 1364ab9..cfa9e46 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. +- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`. +- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`. - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true` - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`. diff --git a/run-document-server.sh b/run-document-server.sh index 967225a..9a4d174 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -92,6 +92,8 @@ JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} WOPI_ENABLED=${WOPI_ENABLED:-false} +ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false} +ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} @@ -344,6 +346,12 @@ update_ds_settings(){ ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" ${JSON} -I -e "this.wopi.enable = true" fi + + if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then + ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}" + [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true" + [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true" + fi } create_postgresql_cluster(){