daemon: reintroduce --unrestricted-api

License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>

cmd/ipfs/daemon.go

@@ -134,7 +134,7 @@ Headers.
 		cmds.BoolOption(writableKwd, "Enable writing objects (with POST, PUT and DELETE)").Default(false),
 		cmds.StringOption(ipfsMountKwd, "Path to the mountpoint for IPFS (if using --mount). Defaults to config setting."),
 		cmds.StringOption(ipnsMountKwd, "Path to the mountpoint for IPNS (if using --mount). Defaults to config setting."),
-		cmds.BoolOption(unrestrictedApiAccessKwd, "This option has no effect since v0.4.3").Default(false),
+		cmds.BoolOption(unrestrictedApiAccessKwd, "Allow API access to unlisted hashes").Default(false),
 		cmds.BoolOption(unencryptTransportKwd, "Disable transport encryption (for debugging protocols)").Default(false),
 		cmds.BoolOption(enableGCKwd, "Enable automatic periodic repo garbage collection").Default(false),
 		cmds.BoolOption(adjustFDLimitKwd, "Check and raise file descriptor limits if needed").Default(true),
@@ -363,11 +363,24 @@ func serveHTTPApi(req cmds.Request) (error, <-chan error) {
 	apiMaddr = apiLis.Multiaddr()
 	fmt.Printf("API server listening on %s\n", apiMaddr)
 
+	// by default, we don't let you load arbitrary ipfs objects through the api,
+	// because this would open up the api to scripting vulnerabilities.
+	// only the webui objects are allowed.
+	// if you know what you're doing, go ahead and pass --unrestricted-api.
+	unrestricted, _, err := req.Option(unrestrictedApiAccessKwd).Bool()
+	if err != nil {
+		return fmt.Errorf("serveHTTPApi: Option(%s) failed: %s", unrestrictedApiAccessKwd, err), nil
+	}
+	gatewayOpt := corehttp.GatewayOption(corehttp.WebUIPaths...)
+	if unrestricted {
+		gatewayOpt = corehttp.GatewayOption("/ipfs", "/ipns")
+	}
+
 	var opts = []corehttp.ServeOption{
 		corehttp.MetricsCollectionOption("api"),
 		corehttp.CommandsOption(*req.InvocContext()),
 		corehttp.WebUIOption,
-		corehttp.GatewayOption(corehttp.WebUIPaths...),
+		gatewayOpt,
 		corehttp.VersionOption(),
 		defaultMux("/debug/vars"),
 		defaultMux("/debug/pprof/"),

test/sharness/t0110-gateway.sh

@@ -32,10 +32,6 @@ test_expect_success "GET IPFS path output looks good" '
   rm actual
 '
 
-test_expect_success "GET IPFS path on API unavailable" '
-  test_curl_resp_http_code "http://127.0.0.1:$apiport/ipfs/$HASH" "HTTP/1.1 404 Not Found"
-'
-
 test_expect_success "GET IPFS directory path succeeds" '
   mkdir dir &&
   echo "12345" >dir/test &&

test/sharness/t0400-api-security.sh

+#!/bin/sh
+#
+# Copyright (c) 2016 Lars Gierth
+# MIT Licensed; see the LICENSE file in this repository.
+#
+
+test_description="Test API security"
+
+. lib/test-lib.sh
+
+test_init_ipfs
+
+# by default, we don't let you load arbitrary ipfs objects through the api,
+# because this would open up the api to scripting vulnerabilities.
+# only the webui objects are allowed.
+# if you know what you're doing, go ahead and pass --unrestricted-api.
+
+test_launch_ipfs_daemon
+test_expect_success "Gateway on API unavailable" '
+  HASH=$(echo "testing" | ipfs add -q)
+  test_curl_resp_http_code "http://127.0.0.1:$API_PORT/ipfs/$HASH" "HTTP/1.1 404 Not Found"
+'
+test_kill_ipfs_daemon
+
+test_launch_ipfs_daemon --unrestricted-api
+test_expect_success "Gateway on --unrestricted-api API available" '
+  HASH=$(echo "testing" | ipfs add -q)
+  test_curl_resp_http_code "http://127.0.0.1:$API_PORT/ipfs/$HASH" "HTTP/1.1 200 OK"
+'
+test_kill_ipfs_daemon
+
+test_done