gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added write whiteList, to make it a bit easier to secure volume servers

Browse Source 
on hosting environments.
This commit is contained in:
Chris Lu
2013-08-12 21:27:47 -07:00
parent 44c4e74655
commit e0951dd44f
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
go/weed/volume.go
View File

@@ -1,10 +1,10 @@
package main package main
import ( import (
"code.google.com/p/weed-fs/go/glog"
"code.google.com/p/weed-fs/go/operation" "code.google.com/p/weed-fs/go/operation"
"code.google.com/p/weed-fs/go/replication" "code.google.com/p/weed-fs/go/replication"
"code.google.com/p/weed-fs/go/storage" "code.google.com/p/weed-fs/go/storage"
"code.google.com/p/weed-fs/go/glog"
"math/rand" "math/rand"
"mime" "mime"
"net/http" "net/http"
@@ -41,6 +41,7 @@ var (
vMaxCpu = cmdVolume.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") vMaxCpu = cmdVolume.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
dataCenter = cmdVolume.Flag.String("dataCenter", "", "current volume server's data center name") dataCenter = cmdVolume.Flag.String("dataCenter", "", "current volume server's data center name")
rack = cmdVolume.Flag.String("rack", "", "current volume server's rack name") rack = cmdVolume.Flag.String("rack", "", "current volume server's rack name")
whiteList = cmdVolume.Flag.String("whiteList", "", "Ip addresses having write permission. No limit if empty.")
store *storage.Store store *storage.Store
) )
@@ -109,9 +110,9 @@ func storeHandler(w http.ResponseWriter, r *http.Request) {
case "HEAD": case "HEAD":
GetOrHeadHandler(w, r, false) GetOrHeadHandler(w, r, false)
case "DELETE": case "DELETE":
DeleteHandler(w, r) secure(DeleteHandler)(w, r)
case "POST": case "POST":
PostHandler(w, r) secure(PostHandler)(w, r)
} }
} }
func GetOrHeadHandler(w http.ResponseWriter, r *http.Request, isGetMethod bool) { func GetOrHeadHandler(w http.ResponseWriter, r *http.Request, isGetMethod bool) {
@@ -337,13 +338,13 @@ func runVolume(cmd *Command, args []string) bool {
store = storage.NewStore(*vport, *ip, *publicUrl, folders, maxCounts) store = storage.NewStore(*vport, *ip, *publicUrl, folders, maxCounts)
defer store.Close() defer store.Close()
http.HandleFunc("/", storeHandler) http.HandleFunc("/", storeHandler)
http.HandleFunc("/submit", submitFromVolumeServerHandler) http.HandleFunc("/submit", secure(submitFromVolumeServerHandler))
http.HandleFunc("/status", statusHandler) http.HandleFunc("/status", secure(statusHandler))
http.HandleFunc("/admin/assign_volume", assignVolumeHandler) http.HandleFunc("/admin/assign_volume", secure(assignVolumeHandler))
http.HandleFunc("/admin/vacuum_volume_check", vacuumVolumeCheckHandler) http.HandleFunc("/admin/vacuum_volume_check", secure(vacuumVolumeCheckHandler))
http.HandleFunc("/admin/vacuum_volume_compact", vacuumVolumeCompactHandler) http.HandleFunc("/admin/vacuum_volume_compact", secure(vacuumVolumeCompactHandler))
http.HandleFunc("/admin/vacuum_volume_commit", vacuumVolumeCommitHandler) http.HandleFunc("/admin/vacuum_volume_commit", secure(vacuumVolumeCommitHandler))
http.HandleFunc("/admin/freeze_volume", freezeVolumeHandler) http.HandleFunc("/admin/freeze_volume", secure(freezeVolumeHandler))
go func() { go func() {
connected := true connected := true
@@ -379,3 +380,16 @@ func runVolume(cmd *Command, args []string) bool {
} }
return true return true
} }
func secure(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if *whiteList == "" {
return f(w, r)
}
ip := r.RemoteAddr[0:strings.Index(r.RemoteAddr, ":")]
if strings.Contains(*whiteList, ip) {
return f(w, r)
}
return
}
}