Commit 3b7b9880 authored by Rafael Monnerat's avatar Rafael Monnerat

registry: Allow include safe origins to restricted url

  Include restrict origin for getIPv6Address getIPv4Information getIPv4Prefix methods
parent 4b2b4efc
...@@ -104,6 +104,8 @@ def main(): ...@@ -104,6 +104,8 @@ def main():
help="Reject nodes that are too old. Current is %s." % version.protocol) help="Reject nodes that are too old. Current is %s." % version.protocol)
_('--disable-token-by-mail', action='store_false', _('--disable-token-by-mail', action='store_false',
help="Disable send new tokens by Mail.") help="Disable send new tokens by Mail.")
_('--authorized-origin', action='append', default=['127.0.0.1', '::1'],
help="Authorized origin to access origin restricted API. ")
_ = parser.add_argument_group('routing').add_argument _ = parser.add_argument_group('routing').add_argument
_('--hello', type=int, default=15, _('--hello', type=int, default=15,
help="Hello interval in seconds, for both wired and wireless" help="Hello interval in seconds, for both wired and wireless"
......
...@@ -235,16 +235,14 @@ class RegistryServer(object): ...@@ -235,16 +235,14 @@ class RegistryServer(object):
self.timeout = not_after and not_after + GRACE_PERIOD self.timeout = not_after and not_after + GRACE_PERIOD
def handle_request(self, request, method, kw, def handle_request(self, request, method, kw,
_localhost=('127.0.0.1', '::1')): _localhost=[]):
m = getattr(self, method) m = getattr(self, method)
authorized_origin = ["10.0.228.20"] + list(_localhost) authorized_origin = self.config.authorized_origin + list(_localhost)
if method in ('revoke', 'versions', 'topology', 'requestAddToken'): if method in ('revoke', 'versions', 'topology', 'requestAddToken',
'getIPv6Address', 'getIPv4Information', 'getIPv4Prefix'):
x_forwarded_for = request.headers.get('X-Forwarded-For') x_forwarded_for = request.headers.get('X-Forwarded-For')
if request.client_address[0] not in authorized_origin or \ if request.client_address[0] not in authorized_origin or \
x_forwarded_for and x_forwarded_for not in authorized_origin: x_forwarded_for and x_forwarded_for not in authorized_origin:
logging.warning("X-Forward-For %s " % x_forwarded_for)
logging.warning("request.client_address[0] %s " % request.client_address[0])
return request.send_error(httplib.FORBIDDEN) return request.send_error(httplib.FORBIDDEN)
key = m.getcallargs(**kw).get('cn') key = m.getcallargs(**kw).get('cn')
if key: if key:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment