mirror of
https://github.com/chrislusf/seaweedfs
synced 2024-06-02 08:40:20 +02:00
Disable filer UI in configuration (#5297)
* Add filer.ui.enabled configuration property * Add filer.expose_directory_metadata to config * Ammend commit * Remove ShowUI reference * Update all routes that allow directory metadata * Add cmd flag to server.go
This commit is contained in:
parent
e88467bb36
commit
85d6d5371b
|
@ -62,6 +62,7 @@ type FilerOptions struct {
|
||||||
downloadMaxMBps *int
|
downloadMaxMBps *int
|
||||||
diskType *string
|
diskType *string
|
||||||
allowedOrigins *string
|
allowedOrigins *string
|
||||||
|
exposeDirectoryData *bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -93,6 +94,7 @@ func init() {
|
||||||
f.downloadMaxMBps = cmdFiler.Flag.Int("downloadMaxMBps", 0, "download max speed for each download request, in MB per second")
|
f.downloadMaxMBps = cmdFiler.Flag.Int("downloadMaxMBps", 0, "download max speed for each download request, in MB per second")
|
||||||
f.diskType = cmdFiler.Flag.String("disk", "", "[hdd|ssd|<tag>] hard drive or solid state drive or any tag")
|
f.diskType = cmdFiler.Flag.String("disk", "", "[hdd|ssd|<tag>] hard drive or solid state drive or any tag")
|
||||||
f.allowedOrigins = cmdFiler.Flag.String("allowedOrigins", "*", "comma separated list of allowed origins")
|
f.allowedOrigins = cmdFiler.Flag.String("allowedOrigins", "*", "comma separated list of allowed origins")
|
||||||
|
f.exposeDirectoryData = cmdFiler.Flag.Bool("exposeDirectoryData", true, "whether to return directory metadata and content in Filer UI")
|
||||||
|
|
||||||
// start s3 on filer
|
// start s3 on filer
|
||||||
filerStartS3 = cmdFiler.Flag.Bool("s3", false, "whether to start S3 gateway")
|
filerStartS3 = cmdFiler.Flag.Bool("s3", false, "whether to start S3 gateway")
|
||||||
|
|
|
@ -24,6 +24,13 @@ expires_after_seconds = 10 # seconds
|
||||||
[access]
|
[access]
|
||||||
ui = false
|
ui = false
|
||||||
|
|
||||||
|
# by default the filer UI is enabled. This can be a security risk if the filer is exposed to the public
|
||||||
|
# and the JWT for reads is not set. If you don't want the public to have access to the objects in your
|
||||||
|
# storage, and you haven't set the JWT for reads it is wise to disable access to directory metadata.
|
||||||
|
# This disables access to the Filer UI, and will no longer return directory metadata in GET requests.
|
||||||
|
[filer.expose_directory_metadata]
|
||||||
|
enabled = true
|
||||||
|
|
||||||
# this jwt signing key is read by master and volume server, and it is used for read operations:
|
# this jwt signing key is read by master and volume server, and it is used for read operations:
|
||||||
# - the Master server generates the JWT, which can be used to read a certain file on a volume server
|
# - the Master server generates the JWT, which can be used to read a certain file on a volume server
|
||||||
# - the Volume server validates the JWT on reading
|
# - the Volume server validates the JWT on reading
|
||||||
|
|
|
@ -118,6 +118,7 @@ func init() {
|
||||||
filerOptions.showUIDirectoryDelete = cmdServer.Flag.Bool("filer.ui.deleteDir", true, "enable filer UI show delete directory button")
|
filerOptions.showUIDirectoryDelete = cmdServer.Flag.Bool("filer.ui.deleteDir", true, "enable filer UI show delete directory button")
|
||||||
filerOptions.downloadMaxMBps = cmdServer.Flag.Int("filer.downloadMaxMBps", 0, "download max speed for each download request, in MB per second")
|
filerOptions.downloadMaxMBps = cmdServer.Flag.Int("filer.downloadMaxMBps", 0, "download max speed for each download request, in MB per second")
|
||||||
filerOptions.diskType = cmdServer.Flag.String("filer.disk", "", "[hdd|ssd|<tag>] hard drive or solid state drive or any tag")
|
filerOptions.diskType = cmdServer.Flag.String("filer.disk", "", "[hdd|ssd|<tag>] hard drive or solid state drive or any tag")
|
||||||
|
filerOptions.exposeDirectoryData = cmdServer.Flag.Bool("filer.exposeDirectoryData", true, "expose directory data via filer. If false, filer UI will be innaccessible.")
|
||||||
|
|
||||||
serverOptions.v.port = cmdServer.Flag.Int("volume.port", 8080, "volume server http listen port")
|
serverOptions.v.port = cmdServer.Flag.Int("volume.port", 8080, "volume server http listen port")
|
||||||
serverOptions.v.portGrpc = cmdServer.Flag.Int("volume.port.grpc", 0, "volume server grpc listen port")
|
serverOptions.v.portGrpc = cmdServer.Flag.Int("volume.port.grpc", 0, "volume server grpc listen port")
|
||||||
|
|
|
@ -72,6 +72,7 @@ type FilerOption struct {
|
||||||
DownloadMaxBytesPs int64
|
DownloadMaxBytesPs int64
|
||||||
DiskType string
|
DiskType string
|
||||||
AllowedOrigins []string
|
AllowedOrigins []string
|
||||||
|
ExposeDirectoryData bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type FilerServer struct {
|
type FilerServer struct {
|
||||||
|
@ -115,6 +116,10 @@ func NewFilerServer(defaultMux, readonlyMux *http.ServeMux, option *FilerOption)
|
||||||
domains := strings.Split(allowedOrigins, ",")
|
domains := strings.Split(allowedOrigins, ",")
|
||||||
option.AllowedOrigins = domains
|
option.AllowedOrigins = domains
|
||||||
|
|
||||||
|
v.SetDefault("filer.expose_directory_metadata.enabled", true)
|
||||||
|
returnDirMetadata := v.GetBool("filer.expose_directory_metadata.enabled")
|
||||||
|
option.ExposeDirectoryData = returnDirMetadata
|
||||||
|
|
||||||
fs = &FilerServer{
|
fs = &FilerServer{
|
||||||
option: option,
|
option: option,
|
||||||
grpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.filer"),
|
grpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.filer"),
|
||||||
|
|
|
@ -117,7 +117,7 @@ func (fs *FilerServer) GetOrHeadHandler(w http.ResponseWriter, r *http.Request)
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if query.Get("metadata") == "true" {
|
if query.Get("metadata") == "true" && fs.option.ExposeDirectoryData != false {
|
||||||
writeJsonQuiet(w, r, http.StatusOK, entry)
|
writeJsonQuiet(w, r, http.StatusOK, entry)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -135,7 +135,7 @@ func (fs *FilerServer) GetOrHeadHandler(w http.ResponseWriter, r *http.Request)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if query.Get("metadata") == "true" {
|
if query.Get("metadata") == "true" && fs.option.ExposeDirectoryData != false {
|
||||||
if query.Get("resolveManifest") == "true" {
|
if query.Get("resolveManifest") == "true" {
|
||||||
if entry.Chunks, _, err = filer.ResolveChunkManifest(
|
if entry.Chunks, _, err = filer.ResolveChunkManifest(
|
||||||
fs.filer.MasterClient.GetLookupFileIdFunction(),
|
fs.filer.MasterClient.GetLookupFileIdFunction(),
|
||||||
|
|
|
@ -18,6 +18,11 @@ import (
|
||||||
// is empty.
|
// is empty.
|
||||||
func (fs *FilerServer) listDirectoryHandler(w http.ResponseWriter, r *http.Request) {
|
func (fs *FilerServer) listDirectoryHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
|
if fs.option.ExposeDirectoryData == false {
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
stats.FilerHandlerCounter.WithLabelValues(stats.DirList).Inc()
|
stats.FilerHandlerCounter.WithLabelValues(stats.DirList).Inc()
|
||||||
|
|
||||||
path := r.URL.Path
|
path := r.URL.Path
|
||||||
|
@ -95,4 +100,5 @@ func (fs *FilerServer) listDirectoryHandler(w http.ResponseWriter, r *http.Reque
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.V(0).Infof("Template Execute Error: %v", err)
|
glog.V(0).Infof("Template Execute Error: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue