diff options
| author | kali kaneko (leap communications) <kali@leap.se> | 2022-02-13 17:24:56 +0100 |
|---|---|---|
| committer | kali kaneko (leap communications) <kali@leap.se> | 2022-02-13 17:24:56 +0100 |
| commit | fa1e4442d7f32c82521b2a3e7266ab77e8669a4e (patch) | |
| tree | 25189177476eba29f2d2dbebc2f855c6bb87f669 | |
| parent | db98de94f47a831334a82d2044d08ebb2274e8d9 (diff) | |
make http api endpoint optional
| -rw-r--r-- | main.go | 29 |
1 files changed, 25 insertions, 4 deletions
@@ -16,6 +16,7 @@ package main import ( + "bytes" "encoding/json" "flag" "fmt" @@ -121,6 +122,8 @@ func (g *geodb) geolocateGateways(b *bonafide) { g.GatewayMap = make(map[[3]float64][]gateway) gatewayPoints := make([]kdtree.Point, 0) + log.Printf("There are %d gateways.\n", len(b.eip.Gateways)) + for i := 0; i < len(b.eip.Gateways); i++ { gw := b.eip.Gateways[i] coord := geolocateCity(gw.Location) @@ -221,7 +224,7 @@ func main() { var port = flag.Int("port", 9001, "port where the service listens on") var metricsPort = flag.Int("metricsPort", 9002, "port where the metrics server listens on") var dbpath = flag.String("geodb", "/var/lib/GeoIP/GeoLite2-City.mmdb", "path to the GeoLite2-City database") - var api = flag.String("api", "", "API to fetch eip-service.json from (default: black.riseup.net). MENSHEN_API environment variable can be setup instead.") + var api = flag.String("api", "", "API to fetch eip-service.json from (default: https://black.riseup.net). MENSHEN_API environment variable can be setup instead.") var notls = flag.Bool("notls", false, "disable TLS on the service") var key = flag.String("server_key", "", "path to the key file for TLS") var crt = flag.String("server_crt", "", "path to the cert file for TLS") @@ -247,14 +250,18 @@ func main() { envAPI := os.Getenv("MENSHEN_API") if envAPI != "" { log.Println("MENSHEN_API = " + envAPI) - configuredAPI = "https://" + envAPI + configuredAPI = envAPI } else { if *api == "" { + log.Println("using riseup api") configuredAPI = apiForRiseup } else { - configuredAPI = "https://" + *api + configuredAPI = *api } } + if !isValidAPIURI(configuredAPI) { + log.Fatal("Invalid API: " + configuredAPI) + } db, err := geoip2.Open(*dbpath) if err != nil { @@ -265,7 +272,7 @@ func main() { earth := ellipsoid.Init("WGS84", ellipsoid.Degrees, ellipsoid.Meter, ellipsoid.LongitudeIsSymmetric, ellipsoid.BearingIsSymmetric) geoipdb := geodb{db, forbidden, nil, nil, nil, &earth} - log.Println("Seeding gateway list...") + log.Println("Seeding gateway list from " + configuredAPI) bonafide := newBonafide(configuredAPI) bonafide.getGateways() @@ -313,3 +320,17 @@ func main() { log.Fatal("error in listenAndServe[TLS]: ", err) } } + +func isValidAPIURI(uri string) bool { + if bytes.HasPrefix([]byte(uri), []byte("https://")) { + return true + } + if bytes.HasPrefix([]byte(uri), []byte("http://")) { + if os.Getenv("INSECURE_API") == "true" { + return true + } else { + log.Println("ERROR: Please pass INSECURE_API=true if you need to use a http:// endpoint.") + } + } + return false +} |