mirror of
https://bitbucket.org/s_l_teichmann/mtsatellite
synced 2024-12-24 01:00:18 +01:00
mtwebmapper: Only allow update requests from a white list of remote hosts. Defaults to localhost. To allow all hosts use command line option -u=''
This commit is contained in:
parent
52932b0351
commit
4ea51eb744
@ -8,13 +8,34 @@ import (
|
|||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"bitbucket.org/s_l_teichmann/mtsatellite/common"
|
"bitbucket.org/s_l_teichmann/mtsatellite/common"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func ipsFromHosts(hosts string) ([]net.IP, error) {
|
||||||
|
|
||||||
|
ips := []net.IP{}
|
||||||
|
|
||||||
|
if len(hosts) == 0 { // Empty list: allow all hosts.
|
||||||
|
return ips, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, host := range strings.Split(hosts, ";") {
|
||||||
|
if hips, err := net.LookupIP(host); err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else {
|
||||||
|
ips = append(ips, hips...)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ips, nil
|
||||||
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
var (
|
var (
|
||||||
webPort int
|
webPort int
|
||||||
@ -26,6 +47,7 @@ func main() {
|
|||||||
colorsFile string
|
colorsFile string
|
||||||
workers int
|
workers int
|
||||||
transparent bool
|
transparent bool
|
||||||
|
updateHosts string
|
||||||
)
|
)
|
||||||
flag.IntVar(&webPort, "web-port", 8808, "port of the web server")
|
flag.IntVar(&webPort, "web-port", 8808, "port of the web server")
|
||||||
flag.IntVar(&webPort, "p", 8808, "port of the web server (shorthand)")
|
flag.IntVar(&webPort, "p", 8808, "port of the web server (shorthand)")
|
||||||
@ -35,6 +57,10 @@ func main() {
|
|||||||
flag.StringVar(&webDir, "w", "web", "static served web files (shorthand)")
|
flag.StringVar(&webDir, "w", "web", "static served web files (shorthand)")
|
||||||
flag.StringVar(&mapDir, "map", "map", "directory of prerendered tiles")
|
flag.StringVar(&mapDir, "map", "map", "directory of prerendered tiles")
|
||||||
flag.StringVar(&mapDir, "m", "map", "directory of prerendered tiles (shorthand)")
|
flag.StringVar(&mapDir, "m", "map", "directory of prerendered tiles (shorthand)")
|
||||||
|
flag.StringVar(&updateHosts, "update-hosts", "localhost",
|
||||||
|
"';' separated list of hosts which are allowed to send map update requests")
|
||||||
|
flag.StringVar(&updateHosts, "u", "localhost",
|
||||||
|
"';' separated list of hosts which are allowed to send map update requests (shorthand)")
|
||||||
flag.StringVar(&redisHost, "redis-host", "", "address of the backend Redis server")
|
flag.StringVar(&redisHost, "redis-host", "", "address of the backend Redis server")
|
||||||
flag.StringVar(&redisHost, "rh", "", "address of the backend Redis server (shorthand)")
|
flag.StringVar(&redisHost, "rh", "", "address of the backend Redis server (shorthand)")
|
||||||
flag.IntVar(&redisPort, "redis-port", 6379, "port of the backend Redis server")
|
flag.IntVar(&redisPort, "redis-port", 6379, "port of the backend Redis server")
|
||||||
@ -59,7 +85,14 @@ func main() {
|
|||||||
log.Fatalf("ERROR: problem loading colors: %s", err)
|
log.Fatalf("ERROR: problem loading colors: %s", err)
|
||||||
}
|
}
|
||||||
redisAddress := fmt.Sprintf("%s:%d", redisHost, redisPort)
|
redisAddress := fmt.Sprintf("%s:%d", redisHost, redisPort)
|
||||||
tu := newTileUpdater(mapDir, redisAddress, colors, transparent, workers)
|
|
||||||
|
var allowedUpdateIps []net.IP
|
||||||
|
if allowedUpdateIps, err = ipsFromHosts(updateHosts); err != nil {
|
||||||
|
log.Fatalf("ERROR: name resolving problem: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
tu := newTileUpdater(
|
||||||
|
mapDir, redisAddress, allowedUpdateIps, colors, transparent, workers)
|
||||||
go tu.doUpdates()
|
go tu.doUpdates()
|
||||||
router.Path("/update").Methods("POST").Handler(tu)
|
router.Path("/update").Methods("POST").Handler(tu)
|
||||||
}
|
}
|
||||||
|
@ -10,13 +10,17 @@ import (
|
|||||||
"image"
|
"image"
|
||||||
"image/draw"
|
"image/draw"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/nfnt/resize"
|
"github.com/nfnt/resize"
|
||||||
|
|
||||||
|
"bytes"
|
||||||
|
|
||||||
"bitbucket.org/s_l_teichmann/mtsatellite/common"
|
"bitbucket.org/s_l_teichmann/mtsatellite/common"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -24,6 +28,7 @@ type tileUpdater struct {
|
|||||||
changes map[xz]bool
|
changes map[xz]bool
|
||||||
mapDir string
|
mapDir string
|
||||||
redisAddress string
|
redisAddress string
|
||||||
|
ips []net.IP
|
||||||
colors *common.Colors
|
colors *common.Colors
|
||||||
workers int
|
workers int
|
||||||
transparent bool
|
transparent bool
|
||||||
@ -59,6 +64,7 @@ func (c xz) parent() xzm {
|
|||||||
|
|
||||||
func newTileUpdater(
|
func newTileUpdater(
|
||||||
mapDir, redisAddress string,
|
mapDir, redisAddress string,
|
||||||
|
ips []net.IP,
|
||||||
colors *common.Colors,
|
colors *common.Colors,
|
||||||
transparent bool,
|
transparent bool,
|
||||||
workers int) *tileUpdater {
|
workers int) *tileUpdater {
|
||||||
@ -66,6 +72,7 @@ func newTileUpdater(
|
|||||||
tu := tileUpdater{
|
tu := tileUpdater{
|
||||||
mapDir: mapDir,
|
mapDir: mapDir,
|
||||||
redisAddress: redisAddress,
|
redisAddress: redisAddress,
|
||||||
|
ips: ips,
|
||||||
changes: map[xz]bool{},
|
changes: map[xz]bool{},
|
||||||
colors: colors,
|
colors: colors,
|
||||||
transparent: transparent,
|
transparent: transparent,
|
||||||
@ -74,7 +81,39 @@ func newTileUpdater(
|
|||||||
return &tu
|
return &tu
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (tu *tileUpdater) checkIP(r *http.Request) bool {
|
||||||
|
if len(tu.ips) == 0 {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
var host []string
|
||||||
|
if host = strings.SplitN(r.RemoteAddr, ":", 2); len(host) < 1 {
|
||||||
|
log.Printf("WARN: cannot extract host from '%s'\n", r.RemoteAddr)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
var ip net.IP
|
||||||
|
if ip = net.ParseIP(host[0]); ip == nil {
|
||||||
|
log.Printf("WARN: cannot get IP for host '%s'.\n", host[0])
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
for i := range tu.ips {
|
||||||
|
if bytes.Compare(tu.ips[i], ip) == 0 {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func (tu *tileUpdater) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
|
func (tu *tileUpdater) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
|
||||||
|
if !tu.checkIP(r) {
|
||||||
|
log.Printf("WARN: Unauthorized update request from '%s'", r.RemoteAddr)
|
||||||
|
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
var newChanges []xz
|
var newChanges []xz
|
||||||
decoder := json.NewDecoder(r.Body)
|
decoder := json.NewDecoder(r.Body)
|
||||||
|
Loading…
Reference in New Issue
Block a user