aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2020-12-17 20:43:14 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2020-12-17 20:43:14 +0100
commit3132deca5808905ce3956b40a6175b7714e11819 (patch)
treeee36a836a4a8db5d11222478539e3a752fb8165f /src
parent011ff87b5fd7cd1eea8713c7e21fcd827b69c149 (diff)
downloadgarage-3132deca5808905ce3956b40a6175b7714e11819.tar.gz
garage-3132deca5808905ce3956b40a6175b7714e11819.zip
Web server access control
Diffstat (limited to 'src')
-rw-r--r--src/web/web_server.rs16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/web/web_server.rs b/src/web/web_server.rs
index f8a5cd14..9effa86c 100644
--- a/src/web/web_server.rs
+++ b/src/web/web_server.rs
@@ -13,6 +13,8 @@ use idna::domain_to_unicode;
use crate::error::*;
use garage_api::s3_get::{handle_get, handle_head};
+use garage_table::*;
+use garage_model::bucket_table::*;
use garage_model::garage::Garage;
use garage_util::error::Error as GarageError;
@@ -76,6 +78,20 @@ async fn serve_file(garage: Arc<Garage>, req: Request<Body>) -> Result<Response<
let root = &garage.config.s3_web.root_domain;
let bucket = host_to_bucket(&host, root);
+ // Check bucket is exposed as a website
+ let bucket_desc = garage
+ .bucket_table
+ .get(&EmptyKey, &bucket.to_string())
+ .await?
+ .filter(|b| !b.is_deleted())
+ .ok_or(Error::NotFound)?;
+
+ match bucket_desc.state.get() {
+ BucketState::Deleted => Err(Error::NotFound),
+ BucketState::Present(params) if !params.website.get() => Err(Error::NotFound),
+ _ => Ok(()),
+ }?;
+
// Get path
let path = req.uri().path().to_string();
let index = &garage.config.s3_web.index;