1
0
Fork 0
mirror of https://github.com/alice-lg/birdwatcher.git synced 2025-03-09 00:00:05 +01:00

whitelist routes

This commit is contained in:
Matthias Hannig 2016-12-06 13:17:43 +01:00
parent afe0297a9d
commit b6d715d6cc
3 changed files with 72 additions and 19 deletions

View file

@ -12,20 +12,53 @@ import (
"github.com/julienschmidt/httprouter"
)
func makeRouter() *httprouter.Router {
func isModuleEnabled(module string, modulesEnabled []string) bool {
for _, enabled := range modulesEnabled {
if enabled == module {
return true
}
}
return false
}
func makeRouter(config endpoints.ServerConfig) *httprouter.Router {
whitelist := config.ModulesEnabled
r := httprouter.New()
r.GET("/status", endpoints.Endpoint(endpoints.Status))
r.GET("/protocols/bgp", endpoints.Endpoint(endpoints.Bgp))
r.GET("/symbols", endpoints.Endpoint(endpoints.Symbols))
r.GET("/symbols/tables", endpoints.Endpoint(endpoints.SymbolTables))
r.GET("/symbols/protocols", endpoints.Endpoint(endpoints.SymbolProtocols))
r.GET("/routes/protocol/:protocol", endpoints.Endpoint(endpoints.ProtoRoutes))
r.GET("/routes/table/:table", endpoints.Endpoint(endpoints.TableRoutes))
r.GET("/routes/count/protocol/:protocol", endpoints.Endpoint(endpoints.ProtoCount))
r.GET("/routes/count/table/:table", endpoints.Endpoint(endpoints.TableCount))
r.GET("/route/net/:net", endpoints.Endpoint(endpoints.RouteNet))
r.GET("/route/net/:net/table/:table", endpoints.Endpoint(endpoints.RouteNetTable))
r.GET("/protocols", endpoints.Endpoint(endpoints.Protocols))
if isModuleEnabled("status", whitelist) {
r.GET("/status", endpoints.Endpoint(endpoints.Status))
}
if isModuleEnabled("protocols", whitelist) {
r.GET("/protocols", endpoints.Endpoint(endpoints.Protocols))
}
if isModuleEnabled("protocols_bgp", whitelist) {
r.GET("/protocols/bgp", endpoints.Endpoint(endpoints.Bgp))
}
if isModuleEnabled("symbols", whitelist) {
r.GET("/symbols", endpoints.Endpoint(endpoints.Symbols))
}
if isModuleEnabled("symbols_tables", whitelist) {
r.GET("/symbols/tables", endpoints.Endpoint(endpoints.SymbolTables))
}
if isModuleEnabled("symbols_protocols", whitelist) {
r.GET("/symbols/protocols", endpoints.Endpoint(endpoints.SymbolProtocols))
}
if isModuleEnabled("routes_protocol", whitelist) {
r.GET("/routes/protocol/:protocol", endpoints.Endpoint(endpoints.ProtoRoutes))
}
if isModuleEnabled("routes_table", whitelist) {
r.GET("/routes/table/:table", endpoints.Endpoint(endpoints.TableRoutes))
}
if isModuleEnabled("routes_count_protocol", whitelist) {
r.GET("/routes/count/protocol/:protocol", endpoints.Endpoint(endpoints.ProtoCount))
}
if isModuleEnabled("routes_count_table", whitelist) {
r.GET("/routes/count/table/:table", endpoints.Endpoint(endpoints.TableCount))
}
if isModuleEnabled("route_net", whitelist) {
r.GET("/route/net/:net", endpoints.Endpoint(endpoints.RouteNet))
r.GET("/route/net/:net/table/:table", endpoints.Endpoint(endpoints.RouteNetTable))
}
return r
}
@ -34,14 +67,19 @@ func makeRouter() *httprouter.Router {
func PrintServiceInfo(conf *Config, birdConf bird.BirdConfig) {
// General Info
log.Println("Starting Birdwatcher")
log.Println(" Using:", birdConf.BirdCmd)
log.Println(" Listen:", birdConf.Listen)
log.Println(" Using:", birdConf.BirdCmd)
log.Println(" Listen:", birdConf.Listen)
// Endpoint Info
if len(conf.Server.AllowFrom) == 0 {
log.Println(" AllowFrom: ALL")
log.Println(" AllowFrom: ALL")
} else {
log.Println(" AllowFrom:", strings.Join(conf.Server.AllowFrom, ", "))
log.Println(" AllowFrom:", strings.Join(conf.Server.AllowFrom, ", "))
}
log.Println(" ModulesEnabled:")
for _, m := range conf.Server.ModulesEnabled {
log.Println(" -", m)
}
}
@ -74,6 +112,6 @@ func main() {
endpoints.Conf = conf.Server
// Make server
r := makeRouter()
r := makeRouter(conf.Server)
log.Fatal(http.ListenAndServe(birdConf.Listen, r))
}

View file

@ -2,5 +2,6 @@ package endpoints
// Endpoints / Server configuration
type ServerConfig struct {
AllowFrom []string `toml:"allow_from"`
AllowFrom []string `toml:"allow_from"`
ModulesEnabled []string `toml:"modules_enabled"`
}

View file

@ -8,6 +8,20 @@
# Restrict access to certain IPs. Leave empty to allow from all.
allow_from = []
# All modules:
# status
# protocols
# protocols_bgp
# symbols
# symbols_tables
# symbols_protocols
# routes_protocol
# routes_table
# routes_count_protocol
# routes_count_table
# route_net
#
modules_enabled = ["status", "protocols_bgp", "routes_protocol"]
[status]
#