implement access control lists for gateway

whyrusleeping · whyrusleeping · commit 21e5e32bf5c8 · 2015-07-28T18:10:11.000-07:00
License: MIT
Signed-off-by: Jeromy &lt;jeromyj@gmail.com&gt;
diff --git a/blocks/key/key_set.go b/blocks/key/key_set.go
@@ -6,41 +6,73 @@ import (
 
 type KeySet interface {
 	Add(Key)
+	Has(Key) bool
 	Remove(Key)
 	Keys() []Key
 }
 
-type ks struct {
-	lock sync.RWMutex
-	data map[Key]struct{}
+type keySet struct {
+	keys map[Key]struct{}
 }
 
-func NewKeySet() KeySet {
-	return &ks{
-		data: make(map[Key]struct{}),
+func NewKeySet() *keySet {
+	return &keySet{make(map[Key]struct{})}
+}
+
+func (gcs *keySet) Add(k Key) {
+	gcs.keys[k] = struct{}{}
+}
+
+func (gcs *keySet) Has(k Key) bool {
+	_, has := gcs.keys[k]
+	return has
+}
+
+func (ks *keySet) Keys() []Key {
+	var out []Key
+	for k, _ := range ks.keys {
+		out = append(out, k)
 	}
+	return out
+}
+
+func (ks *keySet) Remove(k Key) {
+	delete(ks.keys, k)
 }
 
-func (wl *ks) Add(k Key) {
-	wl.lock.Lock()
-	defer wl.lock.Unlock()
+// TODO: implement disk-backed keyset for working with massive DAGs
 
-	wl.data[k] = struct{}{}
+type threadsafe struct {
+	lk sync.Mutex
+	ks KeySet
 }
 
-func (wl *ks) Remove(k Key) {
-	wl.lock.Lock()
-	defer wl.lock.Unlock()
+func Threadsafe(ks KeySet) *threadsafe {
+	return &threadsafe{ks: ks}
+}
 
-	delete(wl.data, k)
+func (ts *threadsafe) Has(k Key) bool {
+	ts.lk.Lock()
+	out := ts.ks.Has(k)
+	ts.lk.Unlock() //defer is slow
+	return out
 }
 
-func (wl *ks) Keys() []Key {
-	wl.lock.RLock()
-	defer wl.lock.RUnlock()
-	keys := make([]Key, 0)
-	for k := range wl.data {
-		keys = append(keys, k)
-	}
+func (ts *threadsafe) Remove(k Key) {
+	ts.lk.Lock()
+	ts.ks.Remove(k)
+	ts.lk.Unlock() //defer is slow
+}
+
+func (ts *threadsafe) Add(k Key) {
+	ts.lk.Lock()
+	ts.ks.Add(k)
+	ts.lk.Unlock() //defer is slow
+}
+
+func (ts *threadsafe) Keys() []Key {
+	ts.lk.Lock()
+	keys := ts.ks.Keys()
+	ts.lk.Unlock() //defer is slow
 	return keys
 }
diff --git a/cmd/ipfs/daemon.go b/cmd/ipfs/daemon.go
@@ -1,19 +1,20 @@
 package main
 
 import (
+	"bufio"
 	_ "expvar"
 	"fmt"
 	"net/http"
 	_ "net/http/pprof"
 	"os"
 	"sort"
-	"strings"
 	"sync"
 
 	_ "github.com/ipfs/go-ipfs/Godeps/_workspace/src/github.com/codahale/metrics/runtime"
 	ma "github.com/ipfs/go-ipfs/Godeps/_workspace/src/github.com/jbenet/go-multiaddr"
 	"github.com/ipfs/go-ipfs/Godeps/_workspace/src/github.com/jbenet/go-multiaddr-net"
 
+	key "github.com/ipfs/go-ipfs/blocks/key"
 	cmds "github.com/ipfs/go-ipfs/commands"
 	"github.com/ipfs/go-ipfs/core"
 	commands "github.com/ipfs/go-ipfs/core/commands"
@@ -281,23 +282,20 @@ func serveHTTPApi(req cmds.Request) (error, <-chan error) {
 		return fmt.Errorf("serveHTTPApi: Option(%s) failed: %s", unrestrictedApiAccessKwd, err), nil
 	}
 
+	var whitelist key.KeySet
+	if !unrestricted {
+		whitelist = key.Threadsafe(key.NewKeySet())
+		for _, webuipath := range corehttp.WebUIPaths {
+			// extract the key
+			whitelist.Add(key.B58KeyDecode(webuipath[6:]))
+		}
+	}
+
 	apiGw := corehttp.NewGateway(corehttp.GatewayConfig{
-		Writable: true,
-		BlockList: &corehttp.BlockList{
-			Decider: func(s string) bool {
-				if unrestricted {
-					return true
-				}
-				// for now, only allow paths in the WebUI path
-				for _, webuipath := range corehttp.WebUIPaths {
-					if strings.HasPrefix(s, webuipath) {
-						return true
-					}
-				}
-				return false
-			},
-		},
+		Writable:  true,
+		WhiteList: whitelist,
 	})
+
 	var opts = []corehttp.ServeOption{
 		corehttp.CommandsOption(*req.InvocContext()),
 		corehttp.WebUIOption,
@@ -372,10 +370,35 @@ func serveHTTPGateway(req cmds.Request) (error, <-chan error) {
 		fmt.Printf("Gateway (readonly) server listening on %s\n", gatewayMaddr)
 	}
 
+	var blacklist key.KeySet
+	var whitelist key.KeySet
+	if cfg.Gateway.BlackList != "" {
+		l, err := loadKeySetFromURL(cfg.Gateway.BlackList)
+		if err != nil {
+			return err, nil
+		}
+		blacklist = l
+	}
+
+	if cfg.Gateway.WhiteList != "" {
+		l, err := loadKeySetFromURL(cfg.Gateway.WhiteList)
+		if err != nil {
+			return err, nil
+		}
+		whitelist = l
+	}
+
+	gateway := corehttp.Gateway{
+		Config: corehttp.GatewayConfig{
+			BlackList: blacklist,
+			WhiteList: whitelist,
+		},
+	}
+
 	var opts = []corehttp.ServeOption{
 		corehttp.VersionOption(),
 		corehttp.IPNSHostnameOption(),
-		corehttp.GatewayOption(writable),
+		gateway.ServeOption(),
 	}
 
 	if len(cfg.Gateway.RootRedirect) > 0 {
@@ -395,6 +418,24 @@ func serveHTTPGateway(req cmds.Request) (error, <-chan error) {
 	return nil, errc
 }
 
+func loadKeySetFromURL(url string) (key.KeySet, error) {
+	resp, err := http.Get(url)
+	if err != nil {
+		return nil, err
+	}
+
+	ks := key.NewKeySet()
+	scan := bufio.NewScanner(resp.Body)
+	for scan.Scan() {
+		k := key.B58KeyDecode(scan.Text())
+		if k == "" {
+			return nil, fmt.Errorf("invalid key in set")
+		}
+		ks.Add(k)
+	}
+	return key.Threadsafe(ks), nil
+}
+
 //collects options and opens the fuse mountpoint
 func mountFuse(req cmds.Request) error {
 	cfg, err := req.InvocContext().GetConfig()
diff --git a/core/corehttp/gateway.go b/core/corehttp/gateway.go
@@ -3,8 +3,8 @@ package corehttp
 import (
 	"fmt"
 	"net/http"
-	"sync"
 
+	key "github.com/ipfs/go-ipfs/blocks/key"
 	core "github.com/ipfs/go-ipfs/core"
 	id "github.com/ipfs/go-ipfs/p2p/protocol/identify"
 )
@@ -15,8 +15,10 @@ type Gateway struct {
 }
 
 type GatewayConfig struct {
-	BlockList *BlockList
-	Writable  bool
+	BlackList key.KeySet
+	WhiteList key.KeySet
+
+	Writable bool
 }
 
 func NewGateway(conf GatewayConfig) *Gateway {
@@ -39,8 +41,7 @@ func (g *Gateway) ServeOption() ServeOption {
 
 func GatewayOption(writable bool) ServeOption {
 	g := NewGateway(GatewayConfig{
-		Writable:  writable,
-		BlockList: &BlockList{},
+		Writable: writable,
 	})
 	return g.ServeOption()
 }
@@ -54,33 +55,3 @@ func VersionOption() ServeOption {
 		return mux, nil
 	}
 }
-
-// Decider decides whether to Allow string
-type Decider func(string) bool
-
-type BlockList struct {
-	mu      sync.RWMutex
-	Decider Decider
-}
-
-func (b *BlockList) ShouldAllow(s string) bool {
-	b.mu.RLock()
-	d := b.Decider
-	b.mu.RUnlock()
-	if d == nil {
-		return true
-	}
-	return d(s)
-}
-
-// SetDecider atomically swaps the blocklist's decider. This method is
-// thread-safe.
-func (b *BlockList) SetDecider(d Decider) {
-	b.mu.Lock()
-	b.Decider = d
-	b.mu.Unlock()
-}
-
-func (b *BlockList) ShouldBlock(s string) bool {
-	return !b.ShouldAllow(s)
-}
diff --git a/core/corehttp/gateway_handler.go b/core/corehttp/gateway_handler.go
@@ -88,15 +88,28 @@ func (i *gatewayHandler) getOrHeadHandler(w http.ResponseWriter, r *http.Request
 
 	urlPath := r.URL.Path
 
-	if i.config.BlockList != nil && i.config.BlockList.ShouldBlock(urlPath) {
-		w.WriteHeader(http.StatusForbidden)
-		w.Write([]byte("403 - Forbidden"))
+	nd, err := core.Resolve(ctx, i.node, path.Path(urlPath))
+	if err != nil {
+		webError(w, "Path Resolve error", err, http.StatusBadRequest)
 		return
 	}
 
-	nd, err := core.Resolve(ctx, i.node, path.Path(urlPath))
+	k, err := nd.Key()
 	if err != nil {
-		webError(w, "Path Resolve error", err, http.StatusBadRequest)
+		log.Error("failed to get key from node: %s", err)
+		webError(w, "Marshaling Error", err, http.StatusInternalServerError)
+		return
+	}
+
+	if i.config.BlackList != nil && i.config.BlackList.Has(k) {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte("403 - Forbidden (content on blacklist)"))
+		return
+	}
+
+	if i.config.WhiteList != nil && !i.config.WhiteList.Has(k) {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte("403 - Forbidden (content on blacklist)"))
 		return
 	}
 
diff --git a/repo/config/gateway.go b/repo/config/gateway.go
@@ -4,4 +4,10 @@ package config
 type Gateway struct {
 	RootRedirect string
 	Writable     bool
+
+	// The url of a newline delimited list of keys that the gateway should not serve
+	BlackList string
+
+	// The url of a newline delimited list of keys that the gateway should only serve
+	WhiteList string
 }
