core/corehttp: Added gateway path whitelisting

b1ca07d6 · Matt Bell · a16e0bba · b1ca07d6 · b1ca07d6 · b1ca07d6
--- a/cmd/ipfs/daemon.go
+++ b/cmd/ipfs/daemon.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"strings"

 	ma "github.com/jbenet/go-ipfs/Godeps/_workspace/src/github.com/jbenet/go-multiaddr"
 	cmds "github.com/jbenet/go-ipfs/commands"
@@ -192,10 +193,21 @@ func daemonFunc(req cmds.Request, res cmds.Response) {
 		}()
 	}

+	blocklist := &corehttp.BlockList{}
+	blocklist.SetDecider(func(s string) bool {
+		// only allow paths that begin with the WebUI path
+		return strings.HasPrefix(s, corehttp.WebUIPath)
+	})
+	gatewayConfig := corehttp.GatewayConfig{
+		Writable:  true,
+		BlockList: blocklist,
+	}
+	gatewayOption := corehttp.NewGateway(gatewayConfig).ServeOption()
+
 	var opts = []corehttp.ServeOption{
 		corehttp.CommandsOption(*req.Context()),
 		corehttp.WebUIOption,
-		corehttp.GatewayOption(true),
+		gatewayOption,
 	}
 	if rootRedirect != nil {
 		opts = append(opts, rootRedirect)

--- a/core/corehttp/gateway.go
+++ b/core/corehttp/gateway.go
@@ -47,7 +47,6 @@ func GatewayOption(writable bool) ServeOption {
 type Decider func(string) bool

 type BlockList struct {
-
 	mu sync.RWMutex
 	d  Decider
 }

--- a/core/corehttp/gateway_handler.go
+++ b/core/corehttp/gateway_handler.go
@@ -48,15 +48,15 @@ type directoryItem struct {
 // gatewayHandler is a HTTP handler that serves IPFS objects (accessible by default at /ipfs/<path>)
 // (it serves requests like GET /ipfs/QmVRzPKPzNtSrEzBFm2UZfxmPAgnaLke4DMcerbsGGSaFe/link)
 type gatewayHandler struct {
-	node     *core.IpfsNode
-	dirList  *template.Template
-	config   GatewayConfig
+	node    *core.IpfsNode
+	dirList *template.Template
+	config  GatewayConfig
 }

 func newGatewayHandler(node *core.IpfsNode, conf GatewayConfig) (*gatewayHandler, error) {
 	i := &gatewayHandler{
-		node:     node,
-		config:   conf,
+		node:   node,
+		config: conf,
 	}
 	err := i.loadTemplate()
 	if err != nil {

--- a/core/corehttp/webui.go
+++ b/core/corehttp/webui.go
 package corehttp

 // TODO: move to IPNS
-const webuiPath = "/ipfs/QmctngrQAt9fjpQUZr7Bx3BsXUcif52eZGTizWhvcShsjz"
+const WebUIPath = "/ipfs/QmctngrQAt9fjpQUZr7Bx3BsXUcif52eZGTizWhvcShsjz"

-var WebUIOption = RedirectOption("webui", webuiPath)
+var WebUIOption = RedirectOption("webui", WebUIPath)