consbio/mbtileserver
1
1
Fork 0
mirror of https://github.com/consbio/mbtileserver.git synced 2024-09-11 07:15:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactored how request auth keys are set on a ServiceSet

Browse Source
This commit is contained in:
Brendan C. Ward 2020-02-14 06:14:14 -08:00
parent 7e953bac4f
commit a613fe59f4
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -74,7 +74,7 @@ Flags:
-k, --key string TLS private key
--path string URL root path of this server (if behind a proxy)
-p, --port int Server port. Default is 443 if --cert or --tls options are used, otherwise 8000. (default -1)
-s, --secret-key string Shared secret key used for HMAC authentication
-s, --secret-key string Shared secret key used for HMAC request authentication
-t, --tls Auto TLS using Let's Encrypt
-r, --redirect Redirect HTTP to HTTPS
--enable-reload Enable graceful reload
@ -438,7 +438,7 @@ go generate ./handlers/handlers.go
```
This will rewrite the `assets_vfsdata.go` which you must commit along with your
modification. Also you should run `go build` after `go generate`.
modification. You should run `go build` after `go generate`.
During the development cycle you may use `go build -tags dev .` to build the
binary, in which case it will always take the assets from the relative file
@ -449,14 +449,16 @@ But do not forget to perform it in the end.
### 0.6 (in progress)
- fixed bug in map preview when bounds is not defined for a tileset (#84)
- fixed bug in map preview when bounds are not defined for a tileset (#84)
- updated Leaflet to 1.6.0 and Mapbox GL to 0.32.0 (larger upgrades contingent on #65)
- fixed issues with `--tls` option (#89)
- added example proxy configuration for Caddy and NGINX (#91)
- fixed issues with map preview page using HTTP basemaps (#90)
- resolved template loading issues (#85)
- breaking changes:
- Removed `TemplatesFromAssets` as it was not used internally, and unlikely used externally
- `handlers.go`:
- Removed `TemplatesFromAssets` as it was not used internally, and unlikely used externally
- Removed `secretKey` from `NewFromBaseDir` parameters; this is replaced by calling `SetRequestAuthKey` on a `ServiceSet`.
### 0.5.0

9
handlers/handlers.go
View File

@ -176,9 +176,8 @@ func (s *ServiceSet) AddDBOnPath(filename string, urlPath string) error {
// the directory at baseDir. The DBs will all be served under their relative paths
// to baseDir. If baseDir does not exist, is not a valid path, or does not contain
// any valid .mbtiles files, an empty ServiceSet will be returned along with the error.
func NewFromBaseDir(baseDir string, secretKey string) (*ServiceSet, error) {
func NewFromBaseDir(baseDir string) (*ServiceSet, error) {
s := New()
s.secretKey = secretKey
var filenames []string
err := filepath.Walk(baseDir, func(p string, info os.FileInfo, err error) error {
@ -218,6 +217,12 @@ func NewFromBaseDir(baseDir string, secretKey string) (*ServiceSet, error) {
return s, nil
}
// SetRequestAuthKey sets the secret key used to verify that incoming requests
// are authorized. If blank, no authorization is performed.
func (s *ServiceSet) SetRequestAuthKey(key string) {
s.secretKey = key
}
// Size returns the number of tilesets in this ServiceSet
func (s *ServiceSet) Size() int {
return len(s.tilesets)

9
main.go
View File

@ -81,7 +81,7 @@ func init() {
flags.StringVarP(&privateKey, "key", "k", "", "TLS private key")
flags.StringVar(&pathPrefix, "path", "", "URL root path of this server (if behind a proxy)")
flags.StringVar(&domain, "domain", "", "Domain name of this server. NOTE: only used for AutoTLS.")
flags.StringVarP(&secretKey, "secret-key", "s", "", "Shared secret key used for HMAC authentication")
flags.StringVarP(&secretKey, "secret-key", "s", "", "Shared secret key used for HMAC request authentication")
flags.StringVar(&sentryDSN, "dsn", "", "Sentry DSN")
flags.BoolVarP(&verbose, "verbose", "v", false, "Verbose logging")
flags.BoolVarP(&autotls, "tls", "t", false, "Auto TLS via Let's Encrypt")
@ -199,11 +199,16 @@ func serve() {
log.Fatalln("Certificate or tls options are required to use redirect")
}
svcSet, err := handlers.NewFromBaseDir(tilePath, secretKey)
svcSet, err := handlers.NewFromBaseDir(tilePath)
if err != nil {
log.Errorf("Unable to create services for mbtiles in '%v': %v\n", tilePath, err)
}
if len(secretKey) > 0 {
log.Infoln("An HMAC request authorization key was set. All incoming must be signed.")
svcSet.SetRequestAuthKey(secretKey)
}
// print number of services
log.Infof("Published %v services", svcSet.Size())