Skip to content

R
re6stnet
Commit 47d1bb85 authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

registry: limit access to request and delete token, authorize registry ipv4 address

parent a2dc2837
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 2 deletions
re6st/registry.py
View file @ 47d1bb85
...@@ -40,7 +40,6 @@ def rpc(f): ...@@ -40,7 +40,6 @@ def rpc(f):
f.getcallargs = eval("lambda %s: locals()" % ','.join(args[1:])) f.getcallargs = eval("lambda %s: locals()" % ','.join(args[1:]))
return f return f
class RegistryServer(object): class RegistryServer(object):
peers = 0, () peers = 0, ()
...@@ -236,8 +235,11 @@ class RegistryServer(object): ...@@ -236,8 +235,11 @@ class RegistryServer(object):
def handle_request(self, request, method, kw, def handle_request(self, request, method, kw,
_localhost=('127.0.0.1', '::1')): _localhost=('127.0.0.1', '::1')):
if self.config.bind4:
_localhost += (self.config.bind4,)
m = getattr(self, method) m = getattr(self, method)
if method in ('revoke', 'versions', 'topology'): if method in ('revoke', 'versions', 'topology', 'requestAddToken',
'requestDeleteToken'):
x_forwarded_for = request.headers.get('X-Forwarded-For') x_forwarded_for = request.headers.get('X-Forwarded-For')
if request.client_address[0] not in _localhost or \ if request.client_address[0] not in _localhost or \
x_forwarded_for and x_forwarded_for not in _localhost: x_forwarded_for and x_forwarded_for not in _localhost:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7