diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-12-17 20:43:14 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-12-17 20:43:14 +0100 |
commit | 3132deca5808905ce3956b40a6175b7714e11819 (patch) | |
tree | ee36a836a4a8db5d11222478539e3a752fb8165f /src/web | |
parent | 011ff87b5fd7cd1eea8713c7e21fcd827b69c149 (diff) | |
download | garage-3132deca5808905ce3956b40a6175b7714e11819.tar.gz garage-3132deca5808905ce3956b40a6175b7714e11819.zip |
Web server access control
Diffstat (limited to 'src/web')
-rw-r--r-- | src/web/web_server.rs | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/web/web_server.rs b/src/web/web_server.rs index f8a5cd14..9effa86c 100644 --- a/src/web/web_server.rs +++ b/src/web/web_server.rs @@ -13,6 +13,8 @@ use idna::domain_to_unicode; use crate::error::*; use garage_api::s3_get::{handle_get, handle_head}; +use garage_table::*; +use garage_model::bucket_table::*; use garage_model::garage::Garage; use garage_util::error::Error as GarageError; @@ -76,6 +78,20 @@ async fn serve_file(garage: Arc<Garage>, req: Request<Body>) -> Result<Response< let root = &garage.config.s3_web.root_domain; let bucket = host_to_bucket(&host, root); + // Check bucket is exposed as a website + let bucket_desc = garage + .bucket_table + .get(&EmptyKey, &bucket.to_string()) + .await? + .filter(|b| !b.is_deleted()) + .ok_or(Error::NotFound)?; + + match bucket_desc.state.get() { + BucketState::Deleted => Err(Error::NotFound), + BucketState::Present(params) if !params.website.get() => Err(Error::NotFound), + _ => Ok(()), + }?; + // Get path let path = req.uri().path().to_string(); let index = &garage.config.s3_web.index; |