guacamole force VPN

server/passport-okta.js

@@ -5,6 +5,7 @@ const axios = require('axios');
 const qs = require('qs');
 const fs = require('qs');
 const path = require('path');
+const requestIp = require('request-ip');
 
 
 // set up database for express session
@@ -289,6 +290,18 @@ module.exports.ensureAuthenticatedDoLogin = async function(req, res, next) {
     res.redirect(`/login?redirectTo=${req.originalUrl}`);
 };
 
+module.exports.ensureAuthenticatedAndVPNDoLogin = async function(req, res, next) {
+    const ipAddress = requestIp.getClientIp(req);
+    var isVPN = ipAddress.indexOf("10.0.0") !== -1;
+    if ( !isVPN ) {
+        res.send("You do not seem connected to the VPN, please connect");
+    } else if ( await _ensureAuthenticated(req) ) {
+        return next();      
+    } else {
+        res.redirect(`/login?redirectTo=${req.originalUrl}`);
+    }   
+};
+
 module.exports.ensureAuthenticated = async function(req, res, next) {
     if ( await _ensureAuthenticated(req) ) { 
         return next(); 
@@ -296,6 +309,8 @@ module.exports.ensureAuthenticated = async function(req, res, next) {
     res.status(401).send({"error": "Unauthorized"});
 };
 
+
+
 module.exports.ensureAuthenticatedAndAdmin = async function(req, res, next) {
     if ( await _ensureAuthenticated(req) && (req.user.role === 'admin' || req.user.role === 'superadmin') ) { 
         return next(); 

server/server.js

@@ -96,7 +96,7 @@ app.use('/', express.static(__dirname + '/../dist/qmi-cloud'));
 
 passport.init(app, IS_SECURE ? true : false);
 
-app.use('/guacamole/', passport.ensureAuthenticatedDoLogin, createProxyMiddleware({
+app.use('/guacamole/', passport.ensureAuthenticatedAndVPNDoLogin, createProxyMiddleware({
   target: 'http://qmicloud-dev.qliktech.com:8080/',
   ws: true,
   changeOrigin: true,