func main() { flagAddr := flag.String("a", ":8888", "listening address") flagRootFile := flag.String("roots", "", "configuration file specifying root keys") flagDefaultLabel := flag.String("l", "", "specify a default label") flagEndpointCert := flag.String("tls-cert", "", "server certificate") flagEndpointKey := flag.String("tls-key", "", "server private key") flag.IntVar(&log.Level, "loglevel", log.LevelInfo, "log level (0 = DEBUG, 4 = ERROR)") flag.Parse() if *flagRootFile == "" { log.Fatal("no root file specified") } roots, err := config.Parse(*flagRootFile) if err != nil { log.Fatalf("%v", err) } for label, root := range roots { s, err := parseSigner(root) if err != nil { log.Criticalf("%v", err) } signers[label] = s if root.ACL != nil { whitelists[label] = root.ACL } log.Info("loaded signer ", label) } defaultLabel = *flagDefaultLabel initStats() infoHandler, err := info.NewMultiHandler(signers, defaultLabel) if err != nil { log.Criticalf("%v", err) } var localhost = whitelist.NewBasic() localhost.Add(net.ParseIP("127.0.0.1")) localhost.Add(net.ParseIP("::1")) metrics, err := whitelist.NewHandlerFunc(dumpMetrics, metricsDisallowed, localhost) if err != nil { log.Criticalf("failed to set up the metrics whitelist: %v", err) } http.HandleFunc("/api/v1/cfssl/authsign", dispatchRequest) http.Handle("/api/v1/cfssl/info", infoHandler) http.Handle("/api/v1/cfssl/metrics", metrics) if *flagEndpointCert == "" && *flagEndpointKey == "" { log.Info("Now listening on ", *flagAddr) log.Fatal(http.ListenAndServe(*flagAddr, nil)) } else { log.Info("Now listening on https:// ", *flagAddr) log.Fatal(http.ListenAndServeTLS(*flagAddr, *flagEndpointCert, *flagEndpointKey, nil)) } }
func main() { root := flag.String("root", "files/", "file server root") flag.Parse() fileServer := http.StripPrefix("/files/", http.FileServer(http.Dir(*root))) wl.Add(net.IP{127, 0, 0, 1}) adminWL := whitelist.NewBasic() adminWL.Add(net.IP{127, 0, 0, 1}) adminWL.Add(net.ParseIP("::1")) protFiles, err := whitelist.NewHandler(fileServer, nil, wl) if err != nil { log.Fatalf("%v", err) } addHandler, err := whitelist.NewHandlerFunc(addIP, nil, adminWL) if err != nil { log.Fatalf("%v", err) } delHandler, err := whitelist.NewHandlerFunc(delIP, nil, adminWL) if err != nil { log.Fatalf("%v", err) } dumpHandler, err := whitelist.NewHandlerFunc(dumpWhitelist, nil, adminWL) if err != nil { log.Fatalf("%v", err) } http.Handle("/files/", protFiles) http.Handle("/add", addHandler) http.Handle("/del", delHandler) http.Handle("/dump", dumpHandler) log.Println("Serving files on :8080") log.Fatal(http.ListenAndServe(":8080", nil)) }
package main import ( "encoding/json" "flag" "fmt" "log" "net" "net/http" "github.com/kisom/cfssl/whitelist" ) var wl = whitelist.NewBasic() func addIP(w http.ResponseWriter, r *http.Request) { addr := r.FormValue("ip") ip := net.ParseIP(addr) wl.Add(ip) log.Printf("request to add %s to the whitelist", addr) w.Write([]byte(fmt.Sprintf("Added %s to whitelist.\n", addr))) } func delIP(w http.ResponseWriter, r *http.Request) { addr := r.FormValue("ip") ip := net.ParseIP(addr) wl.Remove(ip) log.Printf("request to remove %s from the whitelist", addr) w.Write([]byte(fmt.Sprintf("Removed %s from whitelist.\n", ip)))