Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

added write whiteList, to make it a bit easier to secure volume servers 

on hosting environments.
pull/2/head
Chris Lu 12 years ago
parent
44c4e74655
commit
e0951dd44f
1 changed files with 24 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      go/weed/volume.go

34
go/weed/volume.go
View File

@ -1,10 +1,10 @@
package main package main
import ( import (
"code.google.com/p/weed-fs/go/glog"
"code.google.com/p/weed-fs/go/operation" "code.google.com/p/weed-fs/go/operation"
"code.google.com/p/weed-fs/go/replication" "code.google.com/p/weed-fs/go/replication"
"code.google.com/p/weed-fs/go/storage" "code.google.com/p/weed-fs/go/storage"
"code.google.com/p/weed-fs/go/glog"
"math/rand" "math/rand"
"mime" "mime"
"net/http" "net/http"
@ -41,6 +41,7 @@ var (
vMaxCpu = cmdVolume.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") vMaxCpu = cmdVolume.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
dataCenter = cmdVolume.Flag.String("dataCenter", "", "current volume server's data center name") dataCenter = cmdVolume.Flag.String("dataCenter", "", "current volume server's data center name")
rack = cmdVolume.Flag.String("rack", "", "current volume server's rack name") rack = cmdVolume.Flag.String("rack", "", "current volume server's rack name")
whiteList = cmdVolume.Flag.String("whiteList", "", "Ip addresses having write permission. No limit if empty.")
store *storage.Store store *storage.Store
) )
@ -109,9 +110,9 @@ func storeHandler(w http.ResponseWriter, r *http.Request) {
case "HEAD": case "HEAD":
GetOrHeadHandler(w, r, false) GetOrHeadHandler(w, r, false)
case "DELETE": case "DELETE":
DeleteHandler(w, r)
secure(DeleteHandler)(w, r)
case "POST": case "POST":
PostHandler(w, r)
secure(PostHandler)(w, r)
} }
} }
func GetOrHeadHandler(w http.ResponseWriter, r *http.Request, isGetMethod bool) { func GetOrHeadHandler(w http.ResponseWriter, r *http.Request, isGetMethod bool) {
@ -337,13 +338,13 @@ func runVolume(cmd *Command, args []string) bool {
store = storage.NewStore(*vport, *ip, *publicUrl, folders, maxCounts) store = storage.NewStore(*vport, *ip, *publicUrl, folders, maxCounts)
defer store.Close() defer store.Close()
http.HandleFunc("/", storeHandler) http.HandleFunc("/", storeHandler)
http.HandleFunc("/submit", submitFromVolumeServerHandler)
http.HandleFunc("/status", statusHandler)
http.HandleFunc("/admin/assign_volume", assignVolumeHandler)
http.HandleFunc("/admin/vacuum_volume_check", vacuumVolumeCheckHandler)
http.HandleFunc("/admin/vacuum_volume_compact", vacuumVolumeCompactHandler)
http.HandleFunc("/admin/vacuum_volume_commit", vacuumVolumeCommitHandler)
http.HandleFunc("/admin/freeze_volume", freezeVolumeHandler)
http.HandleFunc("/submit", secure(submitFromVolumeServerHandler))
http.HandleFunc("/status", secure(statusHandler))
http.HandleFunc("/admin/assign_volume", secure(assignVolumeHandler))
http.HandleFunc("/admin/vacuum_volume_check", secure(vacuumVolumeCheckHandler))
http.HandleFunc("/admin/vacuum_volume_compact", secure(vacuumVolumeCompactHandler))
http.HandleFunc("/admin/vacuum_volume_commit", secure(vacuumVolumeCommitHandler))
http.HandleFunc("/admin/freeze_volume", secure(freezeVolumeHandler))
go func() { go func() {
connected := true connected := true
@ -379,3 +380,16 @@ func runVolume(cmd *Command, args []string) bool {
} }
return true return true
} }
func secure(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if *whiteList == "" {
return f(w, r)
}
ip := r.RemoteAddr[0:strings.Index(r.RemoteAddr, ":")]
if strings.Contains(*whiteList, ip) {
return f(w, r)
}
return
}
}
Write Preview
Loading…
Cancel
Save