summaryrefslogtreecommitdiff
path: root/Run
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2020-04-01 17:16:56 -0700
committerBen Sima <ben@bsima.me>2020-04-01 18:34:27 -0700
commit67303d8890806a817e5eef34582900f37d5c03eb (patch)
tree4c0d573d88e45d1a1474cb25421e23a031ee6f05 /Run
parenta4f34429f343b775efb69971267980c7d42c9690 (diff)
Make pub the only publically-writable namespace
Diffstat (limited to 'Run')
-rw-r--r--Run/Que/Server.hs19
-rw-r--r--Run/Que/index.md2
-rw-r--r--Run/Que/quescripts.md6
-rw-r--r--Run/Que/tutorial.md26
4 files changed, 32 insertions, 21 deletions
diff --git a/Run/Que/Server.hs b/Run/Que/Server.hs
index 218c821..38c6bdc 100644
--- a/Run/Que/Server.hs
+++ b/Run/Que/Server.hs
@@ -92,6 +92,7 @@ routes = do
app . modify <| upsertNamespace ns
q <- app <| que ns qp
poll <- Scotty.param "poll" !: (pure . const False)
+ guardNs ns ["pub", "_"]
case poll of
True -> Scotty.stream $ streamQue q
_ -> do
@@ -106,19 +107,31 @@ routes = do
xRealIP <- Scotty.header "X-Real-IP"
host <- Scotty.header "Host"
(ns, qp) <- extract
- -- Only allow my IP or localhost to access '_' namespace
+ -- Only allow my IP or localhost to publish to '_' namespace
when ("_" == ns) <| case (xFwdHost, xRealIP, host) of
(Just "73.222.221.62", _, _) -> Scotty.status Http.ok200
(_, Just "73.222.221.62", _) -> Scotty.status Http.ok200
- (Just "::1", Just "::1", Just "localhost") -> Scotty.status Http.ok200
+ (_, _, Just ("localhost:3000")) -> Scotty.status Http.ok200
_ -> Scotty.status Http.methodNotAllowed405
- >> Scotty.text "error 405 not allowed: _ is a reserved namespace"
+ >> Scotty.text "not allowed: _ is a reserved namespace"
+ guardNs ns ["pub"]
+ -- passed all auth checks
app . modify <| upsertNamespace ns
q <- app <| que ns qp
qdata <- Scotty.body
liftIO <| pushQue (BSL.toStrict qdata) q
return ()
+-- | Given `guardNs ns whitelist`, if `ns` is not in the `whitelist`
+-- list, return a 405 error.
+guardNs :: Text -> [Text] -> Scotty.ActionT Text App ()
+guardNs ns whitelist = when (not <| ns `elem` whitelist) <| do
+ Scotty.status Http.methodNotAllowed405
+ Scotty.text
+ <| "not allowed: use 'pub' namespace or signup to protect '"
+ <> ns
+ <> "' at https://que.run"
+
-- | recover from a scotty-thrown exception.
(!:)
:: Scotty.ActionT Text App a -- ^ action that might throw
diff --git a/Run/Que/index.md b/Run/Que/index.md
index beca49d..c0f5105 100644
--- a/Run/Que/index.md
+++ b/Run/Que/index.md
@@ -10,7 +10,7 @@ que.run is the concurrent, async runtime in the cloud
- async programming as easy as running two terminal commands
HTTP routes on `que.run` are Golang-like channels with a namespace and a
-path. For example: `https://que.run/example/path/subpath`.
+path. For example: `https://que.run/pub/path/subpath`.
## Quickstart
diff --git a/Run/Que/quescripts.md b/Run/Que/quescripts.md
index 0414d90..9a2e6e0 100644
--- a/Run/Que/quescripts.md
+++ b/Run/Que/quescripts.md
@@ -10,15 +10,15 @@ the job finishes.
In one terminal run the listener:
- que example/notify --then "notify-send '\que' '\msg'"
+ que pub/notify --then "notify-send '\que' '\msg'"
In some other terminal run the job that takes forever:
- runtests ; echo "tests are done" | que example/notify -
+ runtests ; echo "tests are done" | que pub/notify -
When terminal 2 succeeds, terminal 1 will print "tests are done", then
call the `notify-send` command, which displays a notification toast in
-Linux with title "`example/notify`" and content "`tests are done`".
+Linux with title "`pub/notify`" and content "`tests are done`".
Que paths are multi-producer and multi-consumer, so you can add as many
terminals as you want.
diff --git a/Run/Que/tutorial.md b/Run/Que/tutorial.md
index b5b258d..66ecd3c 100644
--- a/Run/Que/tutorial.md
+++ b/Run/Que/tutorial.md
@@ -8,24 +8,24 @@ are pretty much the same thing. Put some values in one end, and take
them out the other end at a different time, or in a different process.
Ques are created dynamically for every HTTP request you make. Here we
-use the `que` client to create a new que at the path `example/new-que`:
+use the `que` client to create a new que at the path `pub/new-que`:
- que example/new-que
+ que pub/new-que
The `que` client is useful, but you can use anything to make the HTTP
request, for example here's the same thing with curl:
- curl https://que.run/example/new-que
+ curl https://que.run/pub/new-que
These requests will block until a value is placed on the other
end. Let's do that now. In a separate terminal:
- echo "hello world" | que example/new-que -
+ echo "hello world" | que pub/new-que -
This tells the `que` client to read the value from `stdin` and then send
it to `example/new-que`. Or with curl:
- curl https://que.run/example/new-que -d "hello world"
+ curl https://que.run/pub/new-que -d "hello world"
This will succeed immediately and send the string "`hello world`" over
the channel, which will be received and printed by the listener in the
@@ -37,19 +37,17 @@ you want.
## Namespaces
Ques are organized into namespaces, identified by the first fragment of
-the path. In the above commands we used `example` as the namespace, but
-you can use whatever you want.
+the path. In the above commands we used `pub` as the namespace, which is
+a special publically-writable namespace. The other special namespace is
+`_` which is reserved for internal use only. You can't write to the `_`
+namespace.
-Except, there is one special namespace `_` which is reserved for
-internal use only. You can't write to the `_` namespace.
-
-Namespaces are normally public, and anyone can write and read to
-them. The `Pro` version allows you to reserve namespaces and add
-authentication.
+To use other namespaces and add authentication/access controls, you can
+[sign up for the Power package](/_/index).
## Events
Just reading and writing data isn't very exciting, so let's throw in
some events. We can very quickly put together a job processor.
- que example/new-que --then "./worker.sh '\msg'"
+ que pub/new-que --then "./worker.sh '\msg'"