Navigation Menu

Skip to content

Commit

Permalink
Accept multiple priviledged IP ranges
Browse files Browse the repository at this point in the history
  • Loading branch information
piroor committed Aug 2, 2012
1 parent 8510cd6 commit 62858e6
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 7 deletions.
11 changes: 6 additions & 5 deletions bin/gcs
Expand Up @@ -4,7 +4,7 @@ var gcsServer = require(__dirname + '/../lib/server');
var program = require('commander');

var defaultDatabasePath = process.env.HOME + '/.gcs/database/gcs';
var defaultPrivilegedRange = '127.0.0.0/8';
var defaultPrivilegedRanges = '127.0.0.0/8';

program
.version(require('../package').version)
Expand All @@ -18,16 +18,17 @@ program
String,
defaultDatabasePath)
.option('--privilege <ip range>',
'IP range for privileged clients [' + defaultPrivilegedRange + ']',
'list of IP ranges for privileged client '+
'[' + defaultPrivilegedRanges + ']',
String,
defaultPrivilegedRange)
defaultPrivilegedRanges)
.parse(process.argv);

var server;

server = gcsServer.createServer({
databasePath: program.databasePath,
privilegedRange: program.privilege
databasePath: program.databasePath,
privilegedRanges: program.privilege
});

server.listen(program.port, function() {
Expand Down
7 changes: 5 additions & 2 deletions lib/api/2011-02-01/configuration.js
Expand Up @@ -330,14 +330,17 @@ function getClientIp(request) {


exports.createHandler = function(context, config) {
var privilegedRange = config && config.privilegedRange;
var privilegedRanges = config && config.privilegedRanges;
privilegedRanges = privilegedRanges.split(/[,\| ]/);
return function(request, response, next) {
var message, body;

// GCS specific behaviour: prevent to access this API from specific IP
// range.
if (privilegedRange) {
if (!ipv4.isInRange(getClientIp(request), privilegedRange)) {
if (!privilegedRanges.some(function(privilegedRange) {
return ipv4.isInRange(getClientIp(request), privilegedRange);
})) {
message = 'Permission denied.';
body = createCommonErrorResponse('InvalidClientIpRange', message);
response.contentType('application/xml');
Expand Down

0 comments on commit 62858e6

Please sign in to comment.