From 01cec584baa7e759b2de73ac5a2dae143283995d Mon Sep 17 00:00:00 2001 From: olevole Date: Thu, 2 Dec 2021 12:21:14 +0300 Subject: [PATCH] sync with 0.2 --- config.go | 2 ++ main.go | 79 +++++++++++++++++++++++++++++++++++++----------- rc.d/cbsd-mq-api | 2 ++ 3 files changed, 66 insertions(+), 17 deletions(-) diff --git a/config.go b/config.go index 170bebb..8fe525f 100644 --- a/config.go +++ b/config.go @@ -13,6 +13,8 @@ type Config struct { ImageList string `json:"imagelist"` Recomendation string `json:"recomendation"` Freejname string `json:"freejname"` + Cloud_images_list string `json:"cloud_images_list"` + Iso_images_list string `json:"iso_images_list"` BeanstalkConfig `json:"beanstalkd"` } diff --git a/main.go b/main.go index 5020d5c..9f97524 100644 --- a/main.go +++ b/main.go @@ -2,11 +2,11 @@ package main import ( + "bufio" "crypto/md5" "encoding/json" "flag" "fmt" - "io" "io/ioutil" "log" "net/http" @@ -196,26 +196,34 @@ func main() { } defer fd.Close() + scanner := bufio.NewScanner(fd) + var keyType string var key string var comment string - for { + scanner.Split(bufio.ScanLines) + var txtlines []string + + for scanner.Scan() { + txtlines = append(txtlines, scanner.Text()) + } + + fd.Close() + + for _, eachline := range txtlines { + fmt.Println(eachline) // todo: input validation // todo: auto-reload, signal - _, err := fmt.Fscanf(fd, "%s %s %s", &keyType, &key, &comment) + _, err := fmt.Sscanf(eachline, "%s %s %s", &keyType, &key, &comment) if err != nil { - if err != io.EOF { - //log.Fatal(err) + log.Fatal(err) break } - } fmt.Printf("* ACL loaded: [%s %s %s]\n", keyType, key, comment) p := newAllow(keyType, key, comment) f.Append(p) - } - - fd.Close() + } fmt.Printf("* AllowList Length: %v\n", f.length) } @@ -228,6 +236,7 @@ func main() { router.HandleFunc("/api/v1/start/{InstanceId}", feeds.HandleClusterStart).Methods("GET") router.HandleFunc("/api/v1/stop/{InstanceId}", feeds.HandleClusterStop).Methods("GET") router.HandleFunc("/api/v1/cluster", feeds.HandleClusterCluster).Methods("GET") + router.HandleFunc("/images", HandleClusterImages).Methods("GET") router.HandleFunc("/api/v1/destroy/{InstanceId}", feeds.HandleClusterDestroy).Methods("GET") fmt.Println("* Listen", *listen) fmt.Println("* Server URL", server_url) @@ -279,6 +288,10 @@ func isPubKeyAllowed(feeds *MyFeeds, PubKey string) bool { var p *AllowList currentAllow := feeds.f.start + if !acl_enable { + return true + } + for i := 0; i < feeds.f.length; i++ { p = currentAllow currentAllow = currentAllow.next @@ -291,7 +304,7 @@ func isPubKeyAllowed(feeds *MyFeeds, PubKey string) bool { if len(PubKey) == len(KeyInList) { if strings.Compare(PubKey, KeyInList) == 0 { - fmt.Printf("MAAAATCHED\n") + fmt.Printf("pubkey matched\n") return true } } @@ -305,12 +318,16 @@ func isCidAllowed(feeds *MyFeeds, Cid string) bool { var p *AllowList currentAllow := feeds.f.start + if !acl_enable { + return true + } + for i := 0; i < feeds.f.length; i++ { p = currentAllow currentAllow = currentAllow.next CidInList := (string(p.cid)) if strings.Compare(Cid, CidInList) == 0 { - fmt.Printf("MAAAATCHED\n") + fmt.Printf("Cid ACL matched: %s\n", Cid) return true } } @@ -336,7 +353,8 @@ func (feeds *MyFeeds) HandleClusterStatus(w http.ResponseWriter, r *http.Request } if !isCidAllowed(feeds, Cid) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("CID not in ACL: %s\n", Cid) + JSONError(w, "not allowed", http.StatusInternalServerError) return } @@ -388,7 +406,8 @@ func (feeds *MyFeeds) HandleClusterCluster(w http.ResponseWriter, r *http.Reques } if !isCidAllowed(feeds, Cid) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("CID not in ACL: %s\n", Cid) + JSONError(w, "not allowed", http.StatusInternalServerError) return } @@ -419,6 +438,28 @@ func (feeds *MyFeeds) HandleClusterCluster(w http.ResponseWriter, r *http.Reques } } +func HandleClusterImages(w http.ResponseWriter, r *http.Request) { + + if fileExists(config.Cloud_images_list) { + b, err := ioutil.ReadFile(config.Cloud_images_list) // just pass the file name + if err != nil { + JSONError(w, "", http.StatusNotFound) + return + } else { + // already in json - send as-is + w.Header().Set("Content-Type", "application/json; charset=utf-8") + w.Header().Set("X-Content-Type-Options", "nosniff") + w.WriteHeader(200) + http.Error(w, string(b), 200) + return + } + } else { + JSONError(w, "", http.StatusNotFound) + return + } +} + + func realInstanceCreate(body string) { a := &body @@ -566,7 +607,8 @@ func (feeds *MyFeeds) HandleClusterCreate(w http.ResponseWriter, r *http.Request cid := md5.Sum(uid) if !isPubKeyAllowed(feeds, vm.Pubkey) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("Pubkey not in ACL: %s\n", vm.Pubkey) + JSONError(w, "not allowed", http.StatusInternalServerError) return } @@ -823,7 +865,8 @@ func (feeds *MyFeeds) HandleClusterDestroy(w http.ResponseWriter, r *http.Reques } if !isCidAllowed(feeds, Cid) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("CID not in ACL: %s\n", Cid) + JSONError(w, "not allowed", http.StatusInternalServerError) return } @@ -942,7 +985,8 @@ func (feeds *MyFeeds) HandleClusterStop(w http.ResponseWriter, r *http.Request) } if !isCidAllowed(feeds, Cid) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("CID not in ACL: %s\n", Cid) + JSONError(w, "not allowed", http.StatusInternalServerError) return } @@ -1041,7 +1085,8 @@ func (feeds *MyFeeds) HandleClusterStart(w http.ResponseWriter, r *http.Request) } if !isCidAllowed(feeds, Cid) { - JSONError(w, "Not allowed", http.StatusInternalServerError) + fmt.Printf("CID not in ACL: %s\n", Cid) + JSONError(w, "not allowed", http.StatusInternalServerError) return } diff --git a/rc.d/cbsd-mq-api b/rc.d/cbsd-mq-api index dffdfa8..c85d9f9 100755 --- a/rc.d/cbsd-mq-api +++ b/rc.d/cbsd-mq-api @@ -20,6 +20,8 @@ cbsd_mq_api_config=${cbsd_mq_api_config-"/usr/local/etc/cbsd-mq-api.json"} required_files="${cbsd_mq_api_config}" cbsd_mq_api_args=${cbsd_mq_api_args-"-config ${cbsd_mq_api_config}"} +# ACL flags sample: +#cbsd_mq_api_flags="-listen 127.0.0.1:65531 -allowlist /usr/local/etc/cbsd-mq-api.allow" cbsd_mq_api_flags=${cbsd_mq_api_flags="-listen 127.0.0.1:65531"} load_rc_config ${name}