Skip to content

G
go-ipfs
提交 b1ca07d6 作者: Matt Bell
操作

core/corehttp: Added gateway path whitelisting

上级 a16e0bba
正在显示 包含 20 行增加9 行删除
cmd/ipfs/daemon.go
...@@ -3,6 +3,7 @@ package main ...@@ -3,6 +3,7 @@ package main
import ( import (
"fmt" "fmt"
"os" "os"
"strings"
ma "github.com/jbenet/go-ipfs/Godeps/_workspace/src/github.com/jbenet/go-multiaddr" ma "github.com/jbenet/go-ipfs/Godeps/_workspace/src/github.com/jbenet/go-multiaddr"
cmds "github.com/jbenet/go-ipfs/commands" cmds "github.com/jbenet/go-ipfs/commands"
...@@ -192,10 +193,21 @@ func daemonFunc(req cmds.Request, res cmds.Response) { ...@@ -192,10 +193,21 @@ func daemonFunc(req cmds.Request, res cmds.Response) {
}() }()
} }
blocklist := &corehttp.BlockList{}
blocklist.SetDecider(func(s string) bool {
// only allow paths that begin with the WebUI path
return strings.HasPrefix(s, corehttp.WebUIPath)
})
gatewayConfig := corehttp.GatewayConfig{
Writable: true,
BlockList: blocklist,
}
gatewayOption := corehttp.NewGateway(gatewayConfig).ServeOption()
var opts = []corehttp.ServeOption{ var opts = []corehttp.ServeOption{
corehttp.CommandsOption(*req.Context()), corehttp.CommandsOption(*req.Context()),
corehttp.WebUIOption, corehttp.WebUIOption,
corehttp.GatewayOption(true), gatewayOption,
} }
if rootRedirect != nil { if rootRedirect != nil {
opts = append(opts, rootRedirect) opts = append(opts, rootRedirect)
......
core/corehttp/gateway.go
...@@ -47,7 +47,6 @@ func GatewayOption(writable bool) ServeOption { ...@@ -47,7 +47,6 @@ func GatewayOption(writable bool) ServeOption {
type Decider func(string) bool type Decider func(string) bool
type BlockList struct { type BlockList struct {
mu sync.RWMutex mu sync.RWMutex
d Decider d Decider
} }
......
core/corehttp/gateway_handler.go
...@@ -48,15 +48,15 @@ type directoryItem struct { ...@@ -48,15 +48,15 @@ type directoryItem struct {
// gatewayHandler is a HTTP handler that serves IPFS objects (accessible by default at /ipfs/<path>) // gatewayHandler is a HTTP handler that serves IPFS objects (accessible by default at /ipfs/<path>)
// (it serves requests like GET /ipfs/QmVRzPKPzNtSrEzBFm2UZfxmPAgnaLke4DMcerbsGGSaFe/link) // (it serves requests like GET /ipfs/QmVRzPKPzNtSrEzBFm2UZfxmPAgnaLke4DMcerbsGGSaFe/link)
type gatewayHandler struct { type gatewayHandler struct {
node *core.IpfsNode node *core.IpfsNode
dirList *template.Template dirList *template.Template
config GatewayConfig config GatewayConfig
} }
func newGatewayHandler(node *core.IpfsNode, conf GatewayConfig) (*gatewayHandler, error) { func newGatewayHandler(node *core.IpfsNode, conf GatewayConfig) (*gatewayHandler, error) {
i := &gatewayHandler{ i := &gatewayHandler{
node: node, node: node,
config: conf, config: conf,
} }
err := i.loadTemplate() err := i.loadTemplate()
if err != nil { if err != nil {
......
core/corehttp/webui.go
package corehttp package corehttp
// TODO: move to IPNS // TODO: move to IPNS
const webuiPath = "/ipfs/QmctngrQAt9fjpQUZr7Bx3BsXUcif52eZGTizWhvcShsjz" const WebUIPath = "/ipfs/QmctngrQAt9fjpQUZr7Bx3BsXUcif52eZGTizWhvcShsjz"
var WebUIOption = RedirectOption("webui", webuiPath) var WebUIOption = RedirectOption("webui", WebUIPath)
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论