Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict binding to specific IP #273

Open
mgc8 opened this issue Feb 13, 2024 · 0 comments
Open

Restrict binding to specific IP #273

mgc8 opened this issue Feb 13, 2024 · 0 comments

Comments

@mgc8
Copy link

mgc8 commented Feb 13, 2024
edited
Loading

Currently, the server binds to the default of all interfaces, due to having an empty host parameter in the web.TCPSite invocation. This is insecure in case of servers spanning multiple networks, as some may have external access.

Recently, the local_ip argument was added, which specifies the correct IP for the A/C to talk to the server. We can use that as well to bind to that IP specifically with a simple change like below (this also solves the issue of people being confused by the functionality of this parameter):

--- a/aircon/__main__.py
+++ b/aircon/__main__.py
@@ -153,7 +153,8 @@ async def setup_and_run_http_server(parsed_args, devices: [Device]):
   ])
   runner = web.AppRunner(app)
   await runner.setup()
-  site = web.TCPSite(runner, port=parsed_args.port)
+  local_ip = parsed_args.local_ip if hasattr(parsed_args, 'local_ip') else ''
+  site = web.TCPSite(runner, host=local_ip, port=parsed_args.port)
   await site.start()

Alternatively, a new option can be added similar to --port, e.g. --host to specify that on startup.

Would it be possible to add this to the codebase?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mgc8