Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

restrict setup access to localhost 

Change-Id: I889b9debfc65e25084c1e9715e7d14621f009039
This commit is contained in:
mpl 2012-04-15 20:09:51 +02:00
parent f366dfb850
commit f7448ec758
3 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/auth/auth.go
View File

@ -177,6 +177,10 @@ func localhostAuthorized(req *http.Request) bool {
return false
}
func LocalhostAuthorized(req *http.Request) bool {
return localhostAuthorized(req)
}
func (da *DevAuth) IsAuthorized(req *http.Request) bool {
// First see if the local TCP port is owned by the same
// non-root user as this server.

11
pkg/server/root.go
View File

@ -20,6 +20,7 @@ import (
"fmt"
"net/http"
"camlistore.org/pkg/auth"
"camlistore.org/pkg/blobserver"
"camlistore.org/pkg/jsonconfig"
)
@ -28,10 +29,6 @@ import (
type RootHandler struct {
// Don't advertise anything to non-authenticated clients.
Stealth bool
// Show a setup link?
// TODO: figure out details of when/how this will work
OfferSetup bool
}
func init() {
@ -44,8 +41,7 @@ func newRootFromConfig(ld blobserver.Loader, conf jsonconfig.Obj) (h http.Handle
if err = conf.Validate(); err != nil {
return
}
// TODO(mpl): figure out the condition for that
root.OfferSetup = true
return root, nil
}
@ -53,8 +49,9 @@ func (rh *RootHandler) ServeHTTP(conn http.ResponseWriter, req *http.Request) {
if rh.Stealth {
return
}
configLink := ""
if rh.OfferSetup {
if auth.LocalhostAuthorized(req) {
configLink = "<p>If you're coming from localhost, hit <a href='/setup'>/setup</a>.</p>"
}
fmt.Fprintf(conn,

10
pkg/server/wizard.go
View File

@ -18,12 +18,14 @@ package server
import (
"encoding/json"
"fmt"
"html/template"
"net/http"
"os"
"reflect"
"strconv"
"camlistore.org/pkg/auth"
"camlistore.org/pkg/blobserver"
"camlistore.org/pkg/httputil"
"camlistore.org/pkg/jsonconfig"
@ -147,7 +149,13 @@ func handleSetupChange(req *http.Request, rw http.ResponseWriter) {
}
func (sh *SetupHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
// TODO(mpl): do the auth checking. see the localtcp story
if !auth.LocalhostAuthorized(req) {
fmt.Fprintf(rw,
"<html><body>Setup only allowed from localhost"+
"<p><a href='/'>Back</a></p>"+
"</body></html>\n")
return
}
if req.Method == "POST" {
handleSetupChange(req, rw)
return