mirror of
https://github.com/facebook/sapling.git
synced 2024-10-10 00:45:18 +03:00
mononoke: actually disable control api when !enable_http_control_api
Summary: Like it says in the title. I also replaced one of our status codes that was wrong. Reviewed By: johansglock Differential Revision: D26844865 fbshipit-source-id: b8c1261d0077cf5dc006827e16667e382db7d189
This commit is contained in:
parent
ad106958f2
commit
7e8332c9a5
@ -39,12 +39,15 @@ pub enum HttpError {
|
|||||||
#[error("Bad request")]
|
#[error("Bad request")]
|
||||||
BadRequest(#[source] Error),
|
BadRequest(#[source] Error),
|
||||||
|
|
||||||
#[error("Method not acceptable")]
|
#[error("Forbidden")]
|
||||||
NotAcceptable,
|
Forbidden,
|
||||||
|
|
||||||
#[error("Not found")]
|
#[error("Not found")]
|
||||||
NotFound,
|
NotFound,
|
||||||
|
|
||||||
|
#[error("Method not allowed")]
|
||||||
|
MethodNotAllowed,
|
||||||
|
|
||||||
#[error("Internal server error")]
|
#[error("Internal server error")]
|
||||||
InternalServerError(#[source] Error),
|
InternalServerError(#[source] Error),
|
||||||
}
|
}
|
||||||
@ -57,15 +60,17 @@ impl HttpError {
|
|||||||
pub fn http_response(&self) -> http::Result<Response<Body>> {
|
pub fn http_response(&self) -> http::Result<Response<Body>> {
|
||||||
let status = match self {
|
let status = match self {
|
||||||
Self::BadRequest(..) => http::StatusCode::BAD_REQUEST,
|
Self::BadRequest(..) => http::StatusCode::BAD_REQUEST,
|
||||||
Self::NotAcceptable => http::StatusCode::NOT_ACCEPTABLE,
|
Self::Forbidden => http::StatusCode::FORBIDDEN,
|
||||||
Self::NotFound => http::StatusCode::NOT_FOUND,
|
Self::NotFound => http::StatusCode::NOT_FOUND,
|
||||||
|
Self::MethodNotAllowed => http::StatusCode::METHOD_NOT_ALLOWED,
|
||||||
Self::InternalServerError(..) => http::StatusCode::INTERNAL_SERVER_ERROR,
|
Self::InternalServerError(..) => http::StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
};
|
};
|
||||||
|
|
||||||
let body = match self {
|
let body = match self {
|
||||||
Self::BadRequest(ref e) => Body::from(format!("{:#}", e)),
|
Self::BadRequest(ref e) => Body::from(format!("{:#}", e)),
|
||||||
Self::NotAcceptable => Body::empty(),
|
Self::Forbidden => Body::empty(),
|
||||||
Self::NotFound => Body::empty(),
|
Self::NotFound => Body::empty(),
|
||||||
|
Self::MethodNotAllowed => Body::empty(),
|
||||||
Self::InternalServerError(ref e) => Body::from(format!("{:#}", e)),
|
Self::InternalServerError(ref e) => Body::from(format!("{:#}", e)),
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -229,7 +234,11 @@ where
|
|||||||
path: &str,
|
path: &str,
|
||||||
) -> Result<Response<Body>, HttpError> {
|
) -> Result<Response<Body>, HttpError> {
|
||||||
if method != Method::POST {
|
if method != Method::POST {
|
||||||
return Err(HttpError::NotAcceptable);
|
return Err(HttpError::MethodNotAllowed);
|
||||||
|
}
|
||||||
|
|
||||||
|
if !self.acceptor().enable_http_control_api {
|
||||||
|
return Err(HttpError::Forbidden);
|
||||||
}
|
}
|
||||||
|
|
||||||
let ok = Response::builder()
|
let ok = Response::builder()
|
||||||
|
@ -63,7 +63,7 @@ pub async fn handle(
|
|||||||
return upload(body).await;
|
return upload(body).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
Err(HttpError::NotAcceptable)
|
Err(HttpError::MethodNotAllowed)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn download(headers: &HeaderMap<HeaderValue>) -> Result<Response<Body>, HttpError> {
|
fn download(headers: &HeaderMap<HeaderValue>) -> Result<Response<Body>, HttpError> {
|
||||||
|
@ -590,9 +590,14 @@ EOF
|
|||||||
scuba_local_path_censored="$SCUBA_CENSORED_LOGGING_PATH"
|
scuba_local_path_censored="$SCUBA_CENSORED_LOGGING_PATH"
|
||||||
CONFIG
|
CONFIG
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -z "$DISABLE_HTTP_CONTROL_API" ]]; then
|
||||||
cat >> common/common.toml <<CONFIG
|
cat >> common/common.toml <<CONFIG
|
||||||
enable_http_control_api=true
|
enable_http_control_api=true
|
||||||
|
CONFIG
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >> common/common.toml <<CONFIG
|
||||||
[[whitelist_entry]]
|
[[whitelist_entry]]
|
||||||
identity_type = "$ALLOWED_IDENTITY_TYPE"
|
identity_type = "$ALLOWED_IDENTITY_TYPE"
|
||||||
identity_data = "${OVERRIDE_ALLOWED_IDDATA:-$ALLOWED_IDENTITY_DATA}"
|
identity_data = "${OVERRIDE_ALLOWED_IDDATA:-$ALLOWED_IDENTITY_DATA}"
|
||||||
|
@ -0,0 +1,14 @@
|
|||||||
|
# Copyright (c) Facebook, Inc. and its affiliates.
|
||||||
|
#
|
||||||
|
# This software may be used and distributed according to the terms of the
|
||||||
|
# GNU General Public License found in the LICENSE file in the root
|
||||||
|
# directory of this source tree.
|
||||||
|
|
||||||
|
$ . "${TEST_FIXTURES}/library.sh"
|
||||||
|
$ DISABLE_HTTP_CONTROL_API=1 setup_common_config
|
||||||
|
$ mononoke
|
||||||
|
$ wait_for_mononoke
|
||||||
|
|
||||||
|
$ sslcurl -X POST -fsS "https://localhost:$MONONOKE_SOCKET/control/drop_bookmarks_cache"
|
||||||
|
curl: (22) The requested URL returned error: 403 Forbidden
|
||||||
|
[22]
|
Loading…
Reference in New Issue
Block a user