Adding HTTP verb whitelisting options.

weed/command/volume.go

@@ -2,6 +2,7 @@ package command
 
 import (
 	"net/http"
+	_ "net/http/pprof"
 	"os"
 	"runtime"
 	"strconv"
@@ -32,7 +33,8 @@ type VolumeServerOptions struct {
 	maxCpu                *int
 	dataCenter            *string
 	rack                  *string
-	whiteList             []string
+	readWhitelist         []string
+	writeWhitelist         []string
 	indexType             *string
 	fixJpgOrientation     *bool
 	readRedirect          *bool
@@ -67,7 +69,8 @@ var cmdVolume = &Command{
 var (
 	volumeFolders         = cmdVolume.Flag.String("dir", os.TempDir(), "directories to store data files. dir[,dir]...")
 	maxVolumeCounts       = cmdVolume.Flag.String("max", "7", "maximum numbers of volumes, count[,count]...")
-	volumeWhiteListOption = cmdVolume.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
+	volumeReadWhiteListOption = cmdVolume.Flag.String("read.whitelist", "", "comma separated Ip addresses having read permission. No limit if empty.")
+	volumeWriteWhiteListOption = cmdVolume.Flag.String("write.whitelist", "", "comma separated Ip addresses having write permission. No limit if empty.")
 )
 
 func runVolume(cmd *Command, args []string) bool {
@@ -96,8 +99,11 @@ func runVolume(cmd *Command, args []string) bool {
 	}
 
 	//security related white list configuration
-	if *volumeWhiteListOption != "" {
-		v.whiteList = strings.Split(*volumeWhiteListOption, ",")
+	if *volumeReadWhiteListOption != "" {
+		v.readWhitelist = strings.Split(*volumeReadWhiteListOption, ",")
+	}
+	if *volumeWriteWhiteListOption != "" {
+		v.writeWhitelist = strings.Split(*volumeWriteWhiteListOption, ",")
 	}
 
 	if *v.ip == "" {
@@ -130,7 +136,7 @@ func runVolume(cmd *Command, args []string) bool {
 		v.folders, v.folderMaxLimits,
 		volumeNeedleMapKind,
 		*v.master, *v.pulseSeconds, *v.dataCenter, *v.rack,
-		v.whiteList,
+		v.readWhitelist, v.writeWhitelist, nil,
 		*v.fixJpgOrientation, *v.readRedirect,
 	)