Merge branch 'localhost-only-option' into 'master'

Added an engine option to limit webserver connections to localhost (on by default) See merge request !245

Merge branch 'localhost-only-option' into 'master'
Added an engine option to limit webserver connections to localhost (on by default) See merge request !245
d350142a · Mart Lubbers · 6362be43 · a0aea21f · d350142a · d350142a
Commit d350142a authored Apr 12, 2019 by Mart Lubbers
4 changed files
--- a/Libraries/iTasks/Engine.dcl
+++ b/Libraries/iTasks/Engine.dcl
@@ -63,6 +63,7 @@ instance Startable (a,b) | Startable a & Startable b
 	, appVersion    :: String
 	, serverPort    :: Int
 	, serverUrl     :: String
+	, allowedHosts  :: [String] // Only allow connections from these hosts (default ["127.0.0.1"])
 	, keepaliveTime :: Timespec
 	, sessionTime   :: Timespec
 	, persistTasks  :: Bool

--- a/Libraries/iTasks/Engine.icl
+++ b/Libraries/iTasks/Engine.icl
@@ -108,6 +108,9 @@ where
 			("Specify the HTTP port (default: " +++ toString defaults.serverPort +++ ")")
 		, Option [] ["timeout"] (OptArg (\mp->fmap \o->{o & timeout=fmap toInt mp}) "MILLISECONDS")
 			"Specify the timeout in ms (default: 500)\nIf not given, use an indefinite timeout."
+		, Option [] ["allowed-hosts"] (ReqArg (\p->fmap \o->{o & allowedHosts = split "," p}) "IPADRESSES")
+			("Specify a comma separated white list of hosts that are allowed to connected to this application\ndefault: "
+			 +++ join "," defaults.allowedHosts)
 		, Option [] ["keepalive"] (ReqArg (\p->fmap \o->{o & keepaliveTime={tv_sec=toInt p,tv_nsec=0}}) "SECONDS")
 			"Specify the keepalive time in seconds (default: 300)"
 		, Option [] ["maxevents"] (ReqArg (\p->fmap \o->{o & maxEvents=toInt p}) "NUM")
@@ -203,6 +206,7 @@ defaultEngineOptions world
 		, appVersion     = appVersion
 		, serverPort     = IF_POSIX_OR_WINDOWS 8080 80
 		, serverUrl      = "http://localhost/"
+		, allowedHosts   = ["127.0.0.1"]
 		, keepaliveTime  = {tv_sec=300,tv_nsec=0} // 5 minutes
 		, sessionTime    = {tv_sec=60,tv_nsec=0}  // 1 minute, (the client pings every 10 seconds by default)
 		, persistTasks   = False

--- a/Libraries/iTasks/Internal/Client/RunOnClient.icl
+++ b/Libraries/iTasks/Internal/Client/RunOnClient.icl
@@ -126,6 +126,7 @@ createClientIWorld serverURL currentInstance
 	                    , appVersion = locundef "appVersion"
 	                    , serverPort = 80
                        , serverUrl = locundef "serverUrl"
+						, allowedHosts = []
 	                    , keepaliveTime = locundef "keepaliveTime"
                        , sessionTime = locundef "sessionTime"
                        , persistTasks = False

--- a/Libraries/iTasks/Internal/WebService.icl
+++ b/Libraries/iTasks/Internal/WebService.icl
@@ -133,8 +133,12 @@ httpServer :: !Int !Timespec ![WebService r w] (sds () r w) -> ConnectionTask |
 httpServer port keepAliveTime requestProcessHandlers sds
    = wrapIWorldConnectionTask {ConnectionHandlersIWorld|onConnect=onConnect, onData=onData, onShareChange=onShareChange, onTick=onTick, onDisconnect=onDisconnect, onDestroy=onDestroy} sds
 where
-    onConnect connId host r iworld=:{IWorld|world,clock}
-        = (Ok (NTIdle host clock),Nothing,[],False,{IWorld|iworld & world = world})
+    onConnect connId host r iworld=:{IWorld|world,clock,options={allowedHosts}}
+		| allowedHosts =: [] || isMember host allowedHosts
+			= (Ok (NTIdle host clock),Nothing,[],False,{IWorld|iworld & world = world})
+		| otherwise
+			//Close the connection immediately if the remote host is not in the whitelist
+			= (Ok (NTIdle host clock),Nothing,[],True,{IWorld|iworld & world = world})

    onData data connState=:(NTProcessingRequest request localState) r env
        //Select handler based on request path