summaryrefslogtreecommitdiff
path: root/Run/Que/Server.hs
diff options
context:
space:
mode:
Diffstat (limited to 'Run/Que/Server.hs')
-rw-r--r--Run/Que/Server.hs28
1 files changed, 19 insertions, 9 deletions
diff --git a/Run/Que/Server.hs b/Run/Que/Server.hs
index 4974498..146a16a 100644
--- a/Run/Que/Server.hs
+++ b/Run/Que/Server.hs
@@ -35,6 +35,7 @@ import qualified Data.Text.Encoding as Encoding
import Data.Text.Lazy ( Text
, fromStrict
)
+import qualified Data.Text.Lazy.IO as Text
import qualified Network.HTTP.Types.Status as Http
import qualified Network.Wai as Wai
import qualified Network.Wai.Handler.Warp as Warp
@@ -84,6 +85,19 @@ routes = do
Scotty.get (Scotty.literal "/index.html") <| Scotty.redirect "/_/index"
Scotty.get (Scotty.literal "/") <| Scotty.redirect "/_/index"
+ -- | GET /_/dash
+ Scotty.get (Scotty.literal "/_/dash") <| do
+ authkey <- fromMaybe "" </ Scotty.header "Authorization"
+ adminkey <- liftIO <| lchomp </ Text.readFile "/run/keys/que-admin"
+ if authkey == adminkey
+ then do
+ d <- app <| gets ques
+ Scotty.json d
+ else do
+ Scotty.status Http.methodNotAllowed405
+ Scotty.text "not allowed"
+
+
-- | Namespace management
Scotty.matchAny (Scotty.regex namespace) <| do
Scotty.status Http.notImplemented501
@@ -110,17 +124,13 @@ routes = do
--
-- Put a value on a que. Returns immediately.
Scotty.post (Scotty.regex quepath) <| do
- xFwdHost <- Scotty.header "X-Forwarded-Host"
- xRealIP <- Scotty.header "X-Real-IP"
- host <- Scotty.header "Host"
+ authkey <- fromMaybe "" </ Scotty.header "Authorization"
+ adminkey <- liftIO <| lchomp </ Text.readFile "/run/keys/que-admin"
(ns, qp) <- extract
-- Only allow my IP or localhost to publish to '_' namespace
- when ("_" == ns) <| case (xFwdHost, xRealIP, host) of
- (Just "73.222.221.62", _, _) -> Scotty.status Http.ok200
- (_, Just "73.222.221.62", _) -> Scotty.status Http.ok200
- (_, _, Just ("localhost:3000")) -> Scotty.status Http.ok200
- _ -> Scotty.status Http.methodNotAllowed405
- >> Scotty.text "not allowed: _ is a reserved namespace"
+ when ("_" == ns && authkey /= adminkey)
+ <| Scotty.status Http.methodNotAllowed405
+ >> Scotty.text "not allowed: _ is a reserved namespace"
guardNs ns ["pub", "_"]
-- passed all auth checks
app . modify <| upsertNamespace ns