From f0f0f0f2faa75ad113317762f1df7df3aff3c776 Mon Sep 17 00:00:00 2001 From: Naim A Date: Mon, 1 Feb 2016 00:10:49 +0200 Subject: [PATCH] Added only localhost to whitelist --- src/http/webapp.cpp | 27 ++------------------------- src/http/webapp.hpp | 2 -- src/main.cpp | 1 + src/udpTracker.cpp | 4 ++-- 4 files changed, 5 insertions(+), 29 deletions(-) diff --git a/src/http/webapp.cpp b/src/http/webapp.cpp index 3ab1c03..d3e7c4f 100644 --- a/src/http/webapp.cpp +++ b/src/http/webapp.cpp @@ -134,25 +134,6 @@ namespace UDPT ""); } - bool WebApp::isAllowedIP (WebApp *app, string key, uint32_t ip) - { - std::map >::iterator it, end; - end = app->ip_whitelist.end (); - it = app->ip_whitelist.find (key); - if (it == app->ip_whitelist.end()) - return false; // no such key - - list *lst = &it->second; - list::iterator ipit; - for (ipit = lst->begin();ipit != lst->end();ipit++) - { - if (*ipit == ip) - return true; - } - - return false; - } - void WebApp::doRemoveTorrent (HTTPServer::Request *req, HTTPServer::Response *resp) { string strHash = req->getParam("hash"); @@ -208,18 +189,14 @@ namespace UDPT throw ServerException (0, "IPv4 supported Only."); } - std::string key = req->getParam("auth"); - if (key.length() <= 0) - throw ServerException (0, "Bad Authentication Key"); - WebApp *app = (WebApp*)srv->getData("webapp"); if (app == NULL) throw ServerException(0, "WebApp object wasn't found"); - if (!isAllowedIP(app, key, req->getAddress()->sin_addr.s_addr)) + if (req->getAddress()->sin_addr.s_addr != 0x0100007f) { resp->setStatus(403, "Forbidden"); - resp->write("IP not whitelisted. Access Denied."); + resp->write("Access Denied. Only 127.0.0.1 can access this method."); return; } diff --git a/src/http/webapp.hpp b/src/http/webapp.hpp index dc4bafb..b764e2e 100644 --- a/src/http/webapp.hpp +++ b/src/http/webapp.hpp @@ -47,12 +47,10 @@ namespace UDPT std::shared_ptr m_server; UDPT::Data::DatabaseDriver *db; const boost::program_options::variables_map& m_conf; - std::map > ip_whitelist; static void handleRoot (HTTPServer*,HTTPServer::Request*, HTTPServer::Response*); static void handleAnnounce (HTTPServer*,HTTPServer::Request*, HTTPServer::Response*); static void handleAPI (HTTPServer*,HTTPServer::Request*, HTTPServer::Response*); - static bool isAllowedIP (WebApp *, string, uint32_t); void doAddTorrent (HTTPServer::Request*, HTTPServer::Response*); void doRemoveTorrent (HTTPServer::Request*, HTTPServer::Response*); diff --git a/src/main.cpp b/src/main.cpp index c4efe15..08b56f5 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -86,6 +86,7 @@ int main(int argc, char *argv[]) #endif ; + boost::program_options::options_description configOptions("Configuration options"); configOptions.add_options() ("db.driver", boost::program_options::value()->default_value("sqlite3"), "database driver to use") diff --git a/src/udpTracker.cpp b/src/udpTracker.cpp index dd6b5cd..15d3a49 100644 --- a/src/udpTracker.cpp +++ b/src/udpTracker.cpp @@ -58,6 +58,8 @@ namespace UDPT } this->m_localEndpoint = addrs.front(); + + this->m_conn = std::shared_ptr(new Data::SQLite3Driver(m_conf, this->m_isDynamic)); } UDPTracker::~UDPTracker() @@ -111,8 +113,6 @@ namespace UDPT this->m_sock = sock; - this->m_conn = std::shared_ptr(new Data::SQLite3Driver(m_conf, this->m_isDynamic)); - ss.str(""); ss << "Starting maintenance thread (1/" << ((int)this->m_threadCount) << ")"; logger->log(Logger::LL_INFO, ss.str());