Mirrors/WGDashboard
1
0
Fork 0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2026-04-11 07:16:18 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merging main branch into v4.3.2-dev
Some checks failed
Docker Build and Push / docker_build (push) Has been cancelled
Details
Docker Build and Push / docker_scan (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Donald Zou
2026-03-29 23:05:29 +08:00
parent f58226e398 0a33132d26
commit 21bea56426
2 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -1,3 +1,6 @@
> [!WARNING]
> All users running WGDashboard v4.2.x or later and hosted on the public internet are strongly advised to update to the latest release immediately. For more information: [v4.3.2 Release](https://github.com/WGDashboard/WGDashboard/releases/tag/v4.3.2)
> [!TIP] > [!TIP]
> 🎉 To help us better understand and improve WGDashboards performance, were launching the **WGDashboard Testing Program**. As part of this program, participants will receive free WireGuard VPN access to our server in Toronto, Canada, valid for **24 hours** or up to **1GB of total traffic**—whichever comes first. If youd like to join, visit [https://wg.wgdashboard.dev/](https://wg.wgdashboard.dev/) for more details! > 🎉 To help us better understand and improve WGDashboards performance, were launching the **WGDashboard Testing Program**. As part of this program, participants will receive free WireGuard VPN access to our server in Toronto, Canada, valid for **24 hours** or up to **1GB of total traffic**—whichever comes first. If youd like to join, visit [https://wg.wgdashboard.dev/](https://wg.wgdashboard.dev/) for more details!

28
src/dashboard.py
View File

@@ -251,18 +251,26 @@ def auth_req():
DashboardConfig.APIAccessed = True DashboardConfig.APIAccessed = True
else: else:
DashboardConfig.APIAccessed = False DashboardConfig.APIAccessed = False
appPrefix = APP_PREFIX if len(APP_PREFIX) > 0 else ''
whiteList = [ whiteList = [
'/static/', 'validateAuthentication', 'authenticate', 'getDashboardConfiguration', # f'/static/',
'getDashboardTheme', 'getDashboardVersion', 'sharePeer/get', 'isTotpEnabled', 'locale', f'{appPrefix}/api/validateAuthentication',
'/client', f'{appPrefix}/api/authenticate',
'/assets/', '/img/', '/json/', # f'{appPrefix}/api/getDashboardConfiguration',
'/client/assets/', '/client/img/' f'{appPrefix}/api/getDashboardTheme',
f'{appPrefix}/api/getDashboardVersion',
f'{appPrefix}/api/sharePeer/get',
f'{appPrefix}/api/isTotpEnabled',
f'{appPrefix}/api/locale',
] ]
if (("username" not in session or session.get("role") != "admin")
and (f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}/" != request.path if (
and f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}" != request.path) ("username" not in session or session.get("role") != "admin")
and len(list(filter(lambda x : x not in request.path, whiteList))) == len(whiteList) and (f"{appPrefix}/" != request.path and f"{appPrefix}" != request.path)
and not request.path.startswith(f'{appPrefix}/client')
and not request.path.startswith(f'{appPrefix}/static')
and request.path not in whiteList
): ):
response = Flask.make_response(app, { response = Flask.make_response(app, {
"status": False, "status": False,
@@ -1477,7 +1485,7 @@ def API_Locale_Update():
@app.get(f'{APP_PREFIX}/api/email/ready') @app.get(f'{APP_PREFIX}/api/email/ready')
def API_Email_Ready(): def API_Email_Ready():
return ResponseObject(EmailSender.is_ready()) return ResponseObject(EmailSender.ready())
@app.post(f'{APP_PREFIX}/api/email/send') @app.post(f'{APP_PREFIX}/api/email/send')
def API_Email_Send(): def API_Email_Send():