rename RemoteHosts to AllowHosts

This is what I probably should have called this when I renamed it back
in 70276f36, since this makes it more obvious that it's a list of
allowed hosts.  Renaming now to make room for a `DenyHosts` variable as
part of #85.
This commit is contained in:
Will Norris 2019-03-17 03:05:13 +00:00
parent 4acc0b24ce
commit 5eab3024c6
3 changed files with 37 additions and 37 deletions

View file

@ -42,8 +42,8 @@ import (
const defaultMemorySize = 100 const defaultMemorySize = 100
var addr = flag.String("addr", "localhost:8080", "TCP address to listen on") var addr = flag.String("addr", "localhost:8080", "TCP address to listen on")
var remoteHosts = flag.String("remoteHosts", "", "comma separated list of allowed remote hosts") var allowHosts = flag.String("allowHosts", "", "comma separated list of allowed remote hosts")
var whitelist = flag.String("whitelist", "", "deprecated. use 'remoteHosts' instead") var whitelist = flag.String("whitelist", "", "deprecated. use 'allowHosts' instead")
var referrers = flag.String("referrers", "", "comma separated list of allowed referring hosts") var referrers = flag.String("referrers", "", "comma separated list of allowed referring hosts")
var baseURL = flag.String("baseURL", "", "default base URL for relative remote URLs") var baseURL = flag.String("baseURL", "", "default base URL for relative remote URLs")
var cache tieredCache var cache tieredCache
@ -61,14 +61,14 @@ func init() {
func main() { func main() {
flag.Parse() flag.Parse()
if *remoteHosts == "" { if *allowHosts == "" {
// backwards compatible with old naming of the flag // backwards compatible with old naming of the flag
*remoteHosts = *whitelist *allowHosts = *whitelist
} }
p := imageproxy.NewProxy(nil, cache.Cache) p := imageproxy.NewProxy(nil, cache.Cache)
if *remoteHosts != "" { if *allowHosts != "" {
p.RemoteHosts = strings.Split(*remoteHosts, ",") p.AllowHosts = strings.Split(*allowHosts, ",")
} }
if *referrers != "" { if *referrers != "" {
p.Referrers = strings.Split(*referrers, ",") p.Referrers = strings.Split(*referrers, ",")

View file

@ -42,11 +42,11 @@ type Proxy struct {
Client *http.Client // client used to fetch remote URLs Client *http.Client // client used to fetch remote URLs
Cache Cache // cache used to cache responses Cache Cache // cache used to cache responses
// RemoteHosts specifies a list of remote hosts that images can be // AllowHosts specifies a list of remote hosts that images can be
// proxied from. An empty list means all hosts are allowed. // proxied from. An empty list means all hosts are allowed.
RemoteHosts []string AllowHosts []string
// Whitelist should no longer be used. Use "RemoteHosts" instead. // Whitelist should no longer be used. Use "AllowHosts" instead.
Whitelist []string Whitelist []string
// Referrers, when given, requires that requests to the image // Referrers, when given, requires that requests to the image
@ -217,19 +217,19 @@ func copyHeader(dst, src http.Header, keys ...string) {
// referrer, host, and signature. It returns an error if the request is not // referrer, host, and signature. It returns an error if the request is not
// allowed. // allowed.
func (p *Proxy) allowed(r *Request) error { func (p *Proxy) allowed(r *Request) error {
if p.RemoteHosts == nil { if p.AllowHosts == nil {
// backwards compatible with old naming of the field // backwards compatible with old naming of the field
p.RemoteHosts = p.Whitelist p.AllowHosts = p.Whitelist
} }
if len(p.Referrers) > 0 && !validReferrer(p.Referrers, r.Original) { if len(p.Referrers) > 0 && !validReferrer(p.Referrers, r.Original) {
return fmt.Errorf("request does not contain an allowed referrer: %v", r) return fmt.Errorf("request does not contain an allowed referrer: %v", r)
} }
if len(p.RemoteHosts) == 0 && len(p.SignatureKey) == 0 { if len(p.AllowHosts) == 0 && len(p.SignatureKey) == 0 {
return nil // no allowed hosts or signature key, all requests accepted return nil // no allowed hosts or signature key, all requests accepted
} }
if len(p.RemoteHosts) > 0 && validHost(p.RemoteHosts, r.URL) { if len(p.AllowHosts) > 0 && validHost(p.AllowHosts, r.URL) {
return nil return nil
} }

View file

@ -97,7 +97,7 @@ func TestCopyHeader(t *testing.T) {
} }
func TestAllowed(t *testing.T) { func TestAllowed(t *testing.T) {
remoteHosts := []string{"good"} allowHosts := []string{"good"}
key := []byte("c0ffee") key := []byte("c0ffee")
genRequest := func(headers map[string]string) *http.Request { genRequest := func(headers map[string]string) *http.Request {
@ -109,41 +109,41 @@ func TestAllowed(t *testing.T) {
} }
tests := []struct { tests := []struct {
url string url string
options Options options Options
remoteHosts []string allowHosts []string
referrers []string referrers []string
key []byte key []byte
request *http.Request request *http.Request
allowed bool allowed bool
}{ }{
// no remoteHosts or signature key // no allowHosts or signature key
{"http://test/image", emptyOptions, nil, nil, nil, nil, true}, {"http://test/image", emptyOptions, nil, nil, nil, nil, true},
// remoteHosts // allowHosts
{"http://good/image", emptyOptions, remoteHosts, nil, nil, nil, true}, {"http://good/image", emptyOptions, allowHosts, nil, nil, nil, true},
{"http://bad/image", emptyOptions, remoteHosts, nil, nil, nil, false}, {"http://bad/image", emptyOptions, allowHosts, nil, nil, nil, false},
// referrer // referrer
{"http://test/image", emptyOptions, nil, remoteHosts, nil, genRequest(map[string]string{"Referer": "http://good/foo"}), true}, {"http://test/image", emptyOptions, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://good/foo"}), true},
{"http://test/image", emptyOptions, nil, remoteHosts, nil, genRequest(map[string]string{"Referer": "http://bad/foo"}), false}, {"http://test/image", emptyOptions, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "http://bad/foo"}), false},
{"http://test/image", emptyOptions, nil, remoteHosts, nil, genRequest(map[string]string{"Referer": "MALFORMED!!"}), false}, {"http://test/image", emptyOptions, nil, allowHosts, nil, genRequest(map[string]string{"Referer": "MALFORMED!!"}), false},
{"http://test/image", emptyOptions, nil, remoteHosts, nil, genRequest(map[string]string{}), false}, {"http://test/image", emptyOptions, nil, allowHosts, nil, genRequest(map[string]string{}), false},
// signature key // signature key
{"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, key, nil, true}, {"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, key, nil, true},
{"http://test/image", Options{Signature: "deadbeef"}, nil, nil, key, nil, false}, {"http://test/image", Options{Signature: "deadbeef"}, nil, nil, key, nil, false},
{"http://test/image", emptyOptions, nil, nil, key, nil, false}, {"http://test/image", emptyOptions, nil, nil, key, nil, false},
// remoteHosts and signature // allowHosts and signature
{"http://good/image", emptyOptions, remoteHosts, nil, key, nil, true}, {"http://good/image", emptyOptions, allowHosts, nil, key, nil, true},
{"http://bad/image", Options{Signature: "gWivrPhXBbsYEwpmWAKjbJEiAEgZwbXbltg95O2tgNI="}, nil, nil, key, nil, true}, {"http://bad/image", Options{Signature: "gWivrPhXBbsYEwpmWAKjbJEiAEgZwbXbltg95O2tgNI="}, nil, nil, key, nil, true},
{"http://bad/image", emptyOptions, remoteHosts, nil, key, nil, false}, {"http://bad/image", emptyOptions, allowHosts, nil, key, nil, false},
} }
for _, tt := range tests { for _, tt := range tests {
p := NewProxy(nil, nil) p := NewProxy(nil, nil)
p.RemoteHosts = tt.remoteHosts p.AllowHosts = tt.allowHosts
p.SignatureKey = tt.key p.SignatureKey = tt.key
p.Referrers = tt.referrers p.Referrers = tt.referrers
@ -159,7 +159,7 @@ func TestAllowed(t *testing.T) {
} }
func TestValidHost(t *testing.T) { func TestValidHost(t *testing.T) {
remoteHosts := []string{"a.test", "*.b.test", "*c.test"} allowHosts := []string{"a.test", "*.b.test", "*c.test"}
tests := []struct { tests := []struct {
url string url string
@ -182,8 +182,8 @@ func TestValidHost(t *testing.T) {
if err != nil { if err != nil {
t.Errorf("error parsing url %q: %v", tt.url, err) t.Errorf("error parsing url %q: %v", tt.url, err)
} }
if got, want := validHost(remoteHosts, u), tt.valid; got != want { if got, want := validHost(allowHosts, u), tt.valid; got != want {
t.Errorf("validHost(%v, %q) returned %v, want %v", remoteHosts, u, got, want) t.Errorf("validHost(%v, %q) returned %v, want %v", allowHosts, u, got, want)
} }
} }
} }
@ -326,7 +326,7 @@ func TestProxy_ServeHTTP(t *testing.T) {
Client: &http.Client{ Client: &http.Client{
Transport: testTransport{}, Transport: testTransport{},
}, },
RemoteHosts: []string{"good.test"}, AllowHosts: []string{"good.test"},
ContentTypes: []string{"image/*"}, ContentTypes: []string{"image/*"},
} }