Skip to content

Commit 9a28495

Browse files
author
olevole
committed
ACL is optional
1 parent a2c383b commit 9a28495

File tree

1 file changed

+55
-83
lines changed

1 file changed

+55
-83
lines changed

main.go

+55-83
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66
"encoding/json"
77
"flag"
88
"fmt"
9+
"io"
910
"io/ioutil"
1011
"log"
1112
"net/http"
@@ -16,7 +17,6 @@ import (
1617
"strconv"
1718
"strings"
1819
"sync"
19-
"io"
2020

2121
"github.com/gorilla/mux"
2222
"golang.org/x/crypto/ssh"
@@ -27,6 +27,7 @@ var config Config
2727
var runscript string
2828
var workdir string
2929
var server_url string
30+
var acl_enable bool
3031

3132
type Response struct {
3233
Message string
@@ -62,21 +63,21 @@ var (
6263
stopScript = flag.String("stop_script", "control-api", "CBSD target run script")
6364
serverUrl = flag.String("server_url", "http://127.0.0.1:65532", "Server URL for external requests")
6465
dbDir = flag.String("dbdir", "/var/db/cbsd-api", "db root dir")
65-
allowListFile = flag.String("allowlist", "/usr/local/etc/cbsd-mq-api.allow", "Path to PubKey whitelist")
66+
allowListFile = flag.String("allowlist", "", "Path to PubKey whitelist, e.g: -allowlist /usr/local/etc/cbsd-mq-api.allow")
6667
)
6768

6869
type AllowList struct {
69-
keyType string
70-
key string
71-
comment string
72-
cid string
73-
next *AllowList // link to the next records
70+
keyType string
71+
key string
72+
comment string
73+
cid string
74+
next *AllowList // link to the next records
7475
}
7576

7677
// linked struct
7778
type Feed struct {
78-
length int
79-
start *AllowList
79+
length int
80+
start *AllowList
8081
}
8182

8283
type MyFeeds struct {
@@ -105,12 +106,11 @@ func newAllow(keyType string, key string, comment string) *AllowList {
105106
cidString := fmt.Sprintf("%x", cid)
106107

107108
np := AllowList{keyType: keyType, key: key, comment: comment, cid: cidString}
108-
// np.Response = ""
109-
// np.Time = 0
109+
// np.Response = ""
110+
// np.Time = 0
110111
return &np
111112
}
112113

113-
114114
// we need overwrite Content-Type here
115115
// https://stackoverflow.com/questions/59763852/can-you-return-json-in-golang-http-error
116116
func JSONError(w http.ResponseWriter, message string, code int) {
@@ -119,8 +119,8 @@ func JSONError(w http.ResponseWriter, message string, code int) {
119119
// write header is mandatory to overwrite header
120120
w.WriteHeader(code)
121121

122-
if len(message)>0 {
123-
response := Response{ message }
122+
if len(message) > 0 {
123+
response := Response{message}
124124
js, err := json.Marshal(response)
125125
if err != nil {
126126
fmt.Fprintln(w, "{\"Message\":\"Marshal error\"}", http.StatusInternalServerError)
@@ -175,84 +175,62 @@ func main() {
175175
}
176176

177177
if !fileExists(*dbDir) {
178-
fmt.Printf("db dir created: %s\n", *dbDir)
178+
fmt.Printf("* db dir created: %s\n", *dbDir)
179179
os.MkdirAll(*dbDir, 0770)
180180
}
181181

182-
183-
// WhiteList
184-
if !fileExists(*allowListFile) {
185-
fmt.Printf("no such allowList file, please check config/path: %s\n", allowListFile)
186-
os.Exit(1)
187-
}
188182
f := &Feed{}
189-
// var p *AllowList
190-
// loadconfig
191-
fd, err := os.Open(*allowListFile)
192-
if err != nil {
193-
panic(err)
194-
}
195-
defer fd.Close()
196-
197-
var keyType string
198-
var key string
199-
var comment string
200-
201183

202-
203-
for {
204-
_, err := fmt.Fscanf(fd,"%s %s %s",&keyType,&key,&comment)
184+
// WhiteList
185+
if (*allowListFile == "") || (!fileExists(*allowListFile)) {
186+
fmt.Println("* no such allowList file ( -allowlist <path> )")
187+
fmt.Println("* ACL disabled: fully open system, all queries are permit!")
188+
acl_enable = false
189+
} else {
190+
fmt.Printf("* ACL enabled: %s\n", *allowListFile)
191+
acl_enable = true
192+
// loadconfig
193+
fd, err := os.Open(*allowListFile)
205194
if err != nil {
206-
if err != io.EOF {
207-
//log.Fatal(err)
208-
break
195+
panic(err)
196+
}
197+
defer fd.Close()
198+
199+
var keyType string
200+
var key string
201+
var comment string
202+
203+
for {
204+
// todo: input validation
205+
// todo: auto-reload, signal
206+
_, err := fmt.Fscanf(fd, "%s %s %s", &keyType, &key, &comment)
207+
if err != nil {
208+
if err != io.EOF {
209+
//log.Fatal(err)
210+
break
211+
}
209212
}
213+
fmt.Printf("* ACL loaded: [%s %s %s]\n", keyType, key, comment)
214+
p := newAllow(keyType, key, comment)
215+
f.Append(p)
210216
}
211-
fmt.Printf("loaded: [%s %s %s]\n", keyType, key, comment)
212-
p := newAllow(keyType,key,comment)
213-
f.Append(p)
214-
}
215-
216-
fd.Close()
217-
218-
fmt.Printf("AllowList Length: %v\n", f.length)
219-
// currentAllow := f.start
220217

221-
var p *AllowList
222-
for i := 0; i < f.length; i++ {
223-
currentAllow := f.start
224-
p = currentAllow
225-
currentAllow = currentAllow.next
226-
ResultKeyType := (string(p.keyType))
227-
fmt.Println("ResultType: ", ResultKeyType)
228-
// if len(ResultAlias) < 1 {
229-
// ResultNameserver := (string(p.NameServer))
230-
// ResultNameserver = strings.Replace(ResultNameserver, ".", "_", -1)
231-
// ResultAlias = strings.Replace(ResultNameserver, ":", "_", -1)
232-
// }
233-
//
234-
// Result := fmt.Sprintf("check_dns_%s_%s: %d",ResultHost,ResultAlias,p.Time)
235-
// fmt.Println(Result)
218+
fd.Close()
219+
fmt.Printf("* AllowList Length: %v\n", f.length)
236220
}
237221

238222
// setup: we need to pass Feed into handler function
239-
feeds := &MyFeeds{ f: f }
223+
feeds := &MyFeeds{f: f}
240224

241225
router := mux.NewRouter()
242-
// router.HandleFunc("/api/v1/create/{InstanceId}", HandleClusterCreate).Methods("POST")
243226
router.HandleFunc("/api/v1/create/{InstanceId}", feeds.HandleClusterCreate).Methods("POST")
244-
// router.HandleFunc("/api/v1/status/{InstanceId}", HandleClusterStatus).Methods("GET")
245227
router.HandleFunc("/api/v1/status/{InstanceId}", feeds.HandleClusterStatus).Methods("GET")
246-
// router.HandleFunc("/api/v1/start/{InstanceId}", HandleClusterStart).Methods("GET")
247228
router.HandleFunc("/api/v1/start/{InstanceId}", feeds.HandleClusterStart).Methods("GET")
248-
// router.HandleFunc("/api/v1/stop/{InstanceId}", HandleClusterStop).Methods("GET")
249229
router.HandleFunc("/api/v1/stop/{InstanceId}", feeds.HandleClusterStop).Methods("GET")
250-
// router.HandleFunc("/api/v1/cluster", HandleClusterCluster).Methods("GET")
251230
router.HandleFunc("/api/v1/cluster", feeds.HandleClusterCluster).Methods("GET")
252-
// router.HandleFunc("/api/v1/destroy/{InstanceId}", HandleClusterDestroy).Methods("GET")
253231
router.HandleFunc("/api/v1/destroy/{InstanceId}", feeds.HandleClusterDestroy).Methods("GET")
254-
fmt.Println("Listen", *listen)
255-
fmt.Println("Server URL", server_url)
232+
fmt.Println("* Listen", *listen)
233+
fmt.Println("* Server URL", server_url)
256234
log.Fatal(http.ListenAndServe(*listen, router))
257235
}
258236

@@ -296,7 +274,6 @@ func validateVmType(VmType string) bool {
296274
}
297275
}
298276

299-
300277
func isPubKeyAllowed(feeds *MyFeeds, PubKey string) bool {
301278
//ALLOWED?
302279
var p *AllowList
@@ -309,7 +286,7 @@ func isPubKeyAllowed(feeds *MyFeeds, PubKey string) bool {
309286
ResultKey := (string(p.key))
310287
ResultKeyComment := (string(p.comment))
311288
//fmt.Println("ResultType: ", ResultKeyType)
312-
KeyInList := fmt.Sprintf("%s %s %s", ResultKeyType, ResultKey,ResultKeyComment)
289+
KeyInList := fmt.Sprintf("%s %s %s", ResultKeyType, ResultKey, ResultKeyComment)
313290
fmt.Printf("[%s][%s]\n", PubKey, KeyInList)
314291

315292
if len(PubKey) == len(KeyInList) {
@@ -341,7 +318,6 @@ func isCidAllowed(feeds *MyFeeds, Cid string) bool {
341318
return false
342319
}
343320

344-
345321
//func HandleClusterStatus(w http.ResponseWriter, r *http.Request) {
346322
func (feeds *MyFeeds) HandleClusterStatus(w http.ResponseWriter, r *http.Request) {
347323
var InstanceId string
@@ -695,7 +671,7 @@ func (feeds *MyFeeds) HandleClusterCreate(w http.ResponseWriter, r *http.Request
695671
}
696672

697673
Jname := getJname()
698-
if len(Jname)<1 {
674+
if len(Jname) < 1 {
699675
log.Fatal("unable to get jname")
700676
return
701677
}
@@ -755,12 +731,11 @@ func (feeds *MyFeeds) HandleClusterCreate(w http.ResponseWriter, r *http.Request
755731
continue
756732
}
757733

758-
759734
if !regexpParamName.MatchString(jconf_param) {
760-
fmt.Printf("Error: wrong paramname: [%s]\n",jconf_param)
735+
fmt.Printf("Error: wrong paramname: [%s]\n", jconf_param)
761736
continue
762737
} else {
763-
fmt.Printf("paramname test passed: [%s]\n",jconf_param)
738+
fmt.Printf("paramname test passed: [%s]\n", jconf_param)
764739
}
765740

766741
// validate unknown data values
@@ -774,7 +749,7 @@ func (feeds *MyFeeds) HandleClusterCreate(w http.ResponseWriter, r *http.Request
774749
case "host_hostname":
775750
default:
776751
if !regexpParamVal.MatchString(tmpval) {
777-
fmt.Printf("Error: wrong paramval for %s: [%s]\n",jconf_param,tmpval)
752+
fmt.Printf("Error: wrong paramval for %s: [%s]\n", jconf_param, tmpval)
778753
continue
779754
}
780755
}
@@ -852,7 +827,6 @@ func (feeds *MyFeeds) HandleClusterDestroy(w http.ResponseWriter, r *http.Reques
852827
return
853828
}
854829

855-
856830
HomePath := fmt.Sprintf("%s/%s/vms", *dbDir, Cid)
857831
if _, err := os.Stat(HomePath); os.IsNotExist(err) {
858832
fmt.Println("path not found:", HomePath)
@@ -972,7 +946,6 @@ func (feeds *MyFeeds) HandleClusterStop(w http.ResponseWriter, r *http.Request)
972946
return
973947
}
974948

975-
976949
HomePath := fmt.Sprintf("%s/%s/vms", *dbDir, Cid)
977950
if _, err := os.Stat(HomePath); os.IsNotExist(err) {
978951
return
@@ -1072,7 +1045,6 @@ func (feeds *MyFeeds) HandleClusterStart(w http.ResponseWriter, r *http.Request)
10721045
return
10731046
}
10741047

1075-
10761048
HomePath := fmt.Sprintf("%s/%s/vms", *dbDir, Cid)
10771049
if _, err := os.Stat(HomePath); os.IsNotExist(err) {
10781050
return

0 commit comments

Comments
 (0)