func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
_, pass, err := httputil.BasicAuth(req)
if err == nil {
if pass == da.Password {
return OpAll
}
if da.VivifyPass != nil && pass == *da.VivifyPass {
return OpVivify
}
}
if authTokenHeaderMatches(req) {
return OpAll
}
if websocketTokenMatches(req) {
return OpAll
}
// See if the local TCP port is owned by the same non-root user as this
// server. This check performed last as it may require reading from the
// kernel or exec'ing a program.
if httputil.IsLocalhost(req) {
return OpAll
}
return 0
}
func (up *UserPass) AllowedAccess(req *http.Request) Operation {
user, pass, err := httputil.BasicAuth(req)
if err == nil {
if user == up.Username {
if pass == up.Password {
return OpAll
}
if up.VivifyPass != nil && pass == *up.VivifyPass {
return OpVivify
}
}
}
if authTokenHeaderMatches(req) {
return OpAll
}
if websocketTokenMatches(req) {
return OpAll
}
if up.OrLocalhost && httputil.IsLocalhost(req) {
return OpAll
}
return 0
}
// serveRef gets the file at ref from fetcher and serves its contents.
// It is used by Service as a one time handler to serve to the thumbnail child process on localhost.
func serveRef(rw http.ResponseWriter, req *http.Request, ref blob.Ref, fetcher blob.Fetcher) {
if !httputil.IsGet(req) {
http.Error(rw, "Invalid download method.", 400)
return
}
if !httputil.IsLocalhost(req) {
http.Error(rw, "Forbidden.", 403)
return
}
parts := strings.Split(req.URL.Path, "/")
if len(parts) < 2 {
http.Error(rw, "Malformed GET URL.", 400)
return
}
blobRef, ok := blob.Parse(parts[1])
if !ok {
http.Error(rw, "Malformed GET URL.", 400)
return
}
// only serves its ref
if blobRef != ref {
log.Printf("videothumbnail: access to %v forbidden; wrong blobref for handler", blobRef)
http.Error(rw, "Forbidden.", 403)
return
}
rw.Header().Set("Content-Type", "application/octet-stream")
fr, err := schema.NewFileReader(fetcher, ref)
if err != nil {
httputil.ServeError(rw, req, err)
return
}
defer fr.Close()
http.ServeContent(rw, req, "", time.Now(), fr)
}
func IsLocalhost(req *http.Request) bool {
return httputil.IsLocalhost(req)
}
func (Localhost) AllowedAccess(req *http.Request) (out Operation) {
if httputil.IsLocalhost(req) {
return OpAll
}
return 0
}
func main() {
flag.Usage = usage
flag.Parse()
if *help {
usage()
}
useTLS = *certFile != "" && *keyFile != ""
go handleSignals()
ua, err := newUserAuth(userAuthFile)
if err != nil {
log.Fatalf("Error creating user auth wrapper: %v", err)
}
authWrapper := func(f http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if !(httputil.IsLocalhost(r) || ua.auth(r)) {
w.Header().Set("WWW-Authenticate", `Basic realm="buildbot master"`)
http.Error(w, "Unauthorized access", http.StatusUnauthorized)
return
}
f(w, r)
}
}
http.HandleFunc(okPrefix, okHandler)
http.HandleFunc(failPrefix, failHandler)
http.HandleFunc(progressPrefix, progressHandler)
http.HandleFunc(stderrPrefix, logHandler)
http.HandleFunc("/", statusHandler)
http.HandleFunc(reportPrefix, authWrapper(reportHandler))
go func() {
log.Printf("Now starting to listen on %v", *host)
if useTLS {
if err := http.ListenAndServeTLS(*host, *certFile, *keyFile, nil); err != nil {
log.Fatalf("Could not start listening (TLS) on %v: %v", *host, err)
}
} else {
if err := http.ListenAndServe(*host, nil); err != nil {
log.Fatalf("Could not start listening on %v: %v", *host, err)
}
}
}()
setup()
goTipHash = "Disabled"
for {
if err := pollGoChange(); err != nil {
log.Print(err)
goto Sleep
}
if err := pollCamliChange(); err != nil {
log.Print(err)
goto Sleep
}
if doBuildGo || doBuildCamli {
if err := buildBuilder(); err != nil {
log.Printf("Could not build builder bot: %v", err)
goto Sleep
}
cmd, err := startBuilder(goTipHash, camliHeadHash)
if err != nil {
log.Printf("Could not start builder bot: %v", err)
goto Sleep
}
dbg.Println("Waiting for builder to finish")
if err := cmd.Wait(); err != nil {
log.Printf("builder finished with error: %v", err)
}
resetBuilderState()
}
Sleep:
tsk := newTask("time.Sleep", interval.String())
dbg.Println(tsk.String())
time.Sleep(interval)
}
}