From cd69795c5e861721c70533d33fc656a9fd26c051 Mon Sep 17 00:00:00 2001
From: Iam54r1n4 <iam54r1n40@proton.me>
Date: Wed, 5 Feb 2025 21:52:12 +0000
Subject: [PATCH] Change Caddyfile to block requests if they don't start with
 ROOT_PATH

---
 core/scripts/webpanel/webpanel_shell.sh | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/core/scripts/webpanel/webpanel_shell.sh b/core/scripts/webpanel/webpanel_shell.sh
index 1aa4d7c..3c246a6 100644
--- a/core/scripts/webpanel/webpanel_shell.sh
+++ b/core/scripts/webpanel/webpanel_shell.sh
@@ -64,10 +64,23 @@ update_caddy_file() {
     # Update the Caddyfile without the email directive
     cat <<EOL > "$config_file"
 $DOMAIN:$PORT {
+    # Define a route to handle all requests starting with ROOT_PATH('/$ROOT_PATH/')
     route /$ROOT_PATH/* {
-        uri strip_prefix /$ROOT_PATH
+        # We don't strip the ROOT_PATH('/$ROOT_PATH/') from the request
+        # uri strip_prefix /$ROOT_PATH
+
+        # We are proxying all requests under the ROOT_PATH to FastAPI at 127.0.0.1:8080
+        # FastAPI handles these requests because we set the 'root_path' parameter in the FastAPI instance.
         reverse_proxy http://127.0.0.1:8080
     }
+    
+    # Any request that doesn't start with the ROOT_PATH('/$ROOT_PATH/') will be blocked and no response will be sent to the client
+    @blocked {
+        not path /fd31b4edc70619d5d39edf3c2da97e2c/*
+    }
+    
+    # Abort the request, effectively dropping the connection without a response for invalid paths
+    abort @blocked
 }
 EOL
 }