ipfs · ghost · Sep 13, 2018 · Oct 5, 2018 · Oct 16, 2018 · keks
@@ -567,7 +567,7 @@ func serveHTTPGateway(req *cmds.Request, cctx *oldcmds.Context) (<-chan error, e
 		corehttp.GatewayOption(writable, "/ipfs", "/ipns"),
 		corehttp.VersionOption(),
 		corehttp.CheckVersionOption(),
-		corehttp.CommandsROOption(*cctx),
+		corehttp.GatewayCommandsOption(*cctx, cfg.Gateway.APICommands),
 	}
 
 	if len(cfg.Gateway.RootRedirect) > 0 {

@@ -16,32 +16,31 @@ func collectPaths(prefix string, cmd *cmds.Command, out map[string]struct{}) {
 }
 
 func TestROCommands(t *testing.T) {
-	list := []string{
-		"/block",
-		"/block/get",
-		"/block/stat",
-		"/cat",
-		"/commands",
-		"/dag",
-		"/dag/get",
-		"/dag/resolve",
-		"/dns",
-		"/get",
-		"/ls",
-		"/name",
-		"/name/resolve",
-		"/object",
-		"/object/data",
-		"/object/get",
-		"/object/links",
-		"/object/stat",
-		"/refs",
-		"/resolve",
-		"/version",
+	whitelist := []string{
+		"ls",
+		"cat",
+		"dag", // only included for the check afterwards
+		"dag/resolve",
+		"dag/get",
+	}
+
+	list := func() []string {
+		out := make([]string, len(whitelist))
+
+		for i, line := range whitelist {
+			out[i] = "/" + line
+		}
+
+		return out
+	}()
+
+	root, err := RootSubset(whitelist)
+	if err != nil {
+		t.Errorf("RootSubset error: %s", err)
 	}
 
 	cmdSet := make(map[string]struct{})
-	collectPaths("", RootRO, cmdSet)
+	collectPaths("", root, cmdSet)
 
 	for _, path := range list {
 		if _, ok := cmdSet[path]; !ok {
@@ -58,14 +57,15 @@ func TestROCommands(t *testing.T) {
 	for _, path := range list {
 		path = path[1:] // remove leading slash
 		split := strings.Split(path, "/")
-		sub, err := RootRO.Get(split)
+		sub, err := root.Get(split)
 		if err != nil {
 			t.Errorf("error getting subcommand %q: %v", path, err)
 		} else if sub == nil {
 			t.Errorf("subcommand %q is nil even though there was no error", path)
 		}
 	}
 }
+
 func TestCommands(t *testing.T) {
 	list := []string{
 		"/add",

@@ -2,6 +2,7 @@ package commands
 
 import (
 	"errors"
+	"fmt"
 	"io"
 	"strings"
 
@@ -147,64 +148,46 @@ var rootSubcommands = map[string]*cmds.Command{
 	"cid":       CidCmd,
 }
 
-// RootRO is the readonly version of Root
-var RootRO = &cmds.Command{}
-
-var CommandsDaemonROCmd = CommandsCmd(RootRO)
-
-var RefsROCmd = &oldcmds.Command{}
-
-var rootROSubcommands = map[string]*cmds.Command{
-	"commands": CommandsDaemonROCmd,
-	"cat":      CatCmd,
-	"block": &cmds.Command{
-		Subcommands: map[string]*cmds.Command{
-			"stat": blockStatCmd,
-			"get":  blockGetCmd,
-		},
-	},
-	"get": GetCmd,
-	"dns": lgc.NewCommand(DNSCmd),
-	"ls":  lgc.NewCommand(LsCmd),
-	"name": &cmds.Command{
-		Subcommands: map[string]*cmds.Command{
-			"resolve": name.IpnsCmd,
-		},
-	},
-	"object": lgc.NewCommand(&oldcmds.Command{
-		Subcommands: map[string]*oldcmds.Command{
-			"data":  ocmd.ObjectDataCmd,
-			"links": ocmd.ObjectLinksCmd,
-			"get":   ocmd.ObjectGetCmd,
-			"stat":  ocmd.ObjectStatCmd,
-		},
-	}),
-	"dag": lgc.NewCommand(&oldcmds.Command{
-		Subcommands: map[string]*oldcmds.Command{
-			"get":     dag.DagGetCmd,
-			"resolve": dag.DagResolveCmd,
-		},
-	}),
-	"resolve": ResolveCmd,
-	"version": lgc.NewCommand(VersionCmd),
-}
-
 func init() {
 	Root.ProcessHelp()
-	*RootRO = *Root
-
-	// sanitize readonly refs command
-	*RefsROCmd = *RefsCmd
-	RefsROCmd.Subcommands = map[string]*oldcmds.Command{}
-
-	// this was in the big map definition above before,
-	// but if we leave it there lgc.NewCommand will be executed
-	// before the value is updated (:/sanitize readonly refs command/)
-	rootROSubcommands["refs"] = lgc.NewCommand(RefsROCmd)
-
 	Root.Subcommands = rootSubcommands
+}
 
-	RootRO.Subcommands = rootROSubcommands
+func RootSubset(allowed []string) (*cmds.Command, error) {
+	subset := new(cmds.Command)
+	*subset = *Root
+	subset.Subcommands = map[string]*cmds.Command{}
+
+	commands := false
+	for _, path := range allowed {
+		if path == "commands" {
+			commands = true
+			continue
+		}
+
+		pathelems := strings.Split(path, "/")
+		in := Root
+		out := subset
+		for _, elem := range pathelems {
+			nextIn, ok := in.Subcommands[elem]
+			if !ok {
+				return nil, fmt.Errorf("unknown command: %s", path)
+			}
+
+			nextOut := new(cmds.Command)
+			*nextOut = *nextIn
+			nextOut.Subcommands = map[string]*cmds.Command{}
+
+			out.Subcommands[elem] = nextOut
+			out = nextOut
+			in = nextIn
+		}
+	}
+
+	if commands {
+		subset.Subcommands["commands"] = CommandsCmd(subset)
+	}
+	return subset, nil
 }
 
 type MessageOutput struct {

@@ -18,5 +18,4 @@ func TestCommandTree(t *testing.T) {
 		}
 	}
 	printErrors(Root.DebugValidate())
-	printErrors(RootRO.DebugValidate())
 }
@@ -37,6 +37,26 @@ cli arguments:
 // APIPath is the path at which the API is mounted.
 const APIPath = "/api/v0"
 
+var GatewayAPICommands = []string{
+	"commands",
+	"cat",
+	"get",
+	"ls",
+	"resolve",
+	"name/resolve",
+	"dag/get",
+	"dag/resolve",
+	"object/data",
+	"object/links",
+	"object/get",
+	"object/stat",
+	"refs",
+	"block/stat",
+	"block/get",
+	"dns",
+	"version",
+}
+
 var defaultLocalhostOrigins = []string{
 	"http://127.0.0.1:<port>",
 	"https://127.0.0.1:<port>",
@@ -143,8 +163,17 @@ func CommandsOption(cctx oldcmds.Context) ServeOption {
 
 // CommandsROOption constructs a ServerOption for hooking the read-only commands
 // into the HTTP server.
-func CommandsROOption(cctx oldcmds.Context) ServeOption {
-	return commandsOption(cctx, corecommands.RootRO)
+func GatewayCommandsOption(cctx oldcmds.Context, allowed []string) ServeOption {
+	if len(allowed) == 0 {
+		allowed = append(allowed, GatewayAPICommands...)
+	}
+	root, err := corecommands.RootSubset(allowed)
+	if err != nil {
+		return func(n *core.IpfsNode, l net.Listener, mux *http.ServeMux) (*http.ServeMux, error) {
+			return nil, err
+		}
+	}
+	return commandsOption(cctx, root)
 }
 
 // CheckVersionOption returns a ServeOption that checks whether the client ipfs version matches. Does nothing when the user agent string does not contain `/go-ipfs/`

@@ -13,6 +13,7 @@ import (
 
 	version "github.com/ipfs/go-ipfs"
 	core "github.com/ipfs/go-ipfs/core"
+	commands "github.com/ipfs/go-ipfs/core/commands"
 	coreunix "github.com/ipfs/go-ipfs/core/coreunix"
 	namesys "github.com/ipfs/go-ipfs/namesys"
 	nsopts "github.com/ipfs/go-ipfs/namesys/opts"
@@ -597,3 +598,24 @@ func TestVersion(t *testing.T) {
 		t.Fatalf("response doesn't contain protocol version:\n%s", s)
 	}
 }
+
+func TestCommands(t *testing.T) {
+	printErrors := func(errs map[string][]error) {
+		if errs == nil {
+			return
+		}
+		t.Error("In Root command tree:")
+		for cmd, err := range errs {
+			t.Errorf("  In X command %s:", cmd)
+			for _, e := range err {
+				t.Errorf("    %s", e)
+			}
+		}
+	}
+
+	gwroot, err := commands.RootSubset(GatewayAPICommands)
+	if err != nil {
+		t.Errorf("RootSubset error: %s", err)
+	}
+	printErrors(gwroot.DebugValidate())
+}
@@ -12,7 +12,6 @@ test_init_ipfs
 test_launch_ipfs_daemon
 
 port=$GWAY_PORT
-apiport=$API_PORT
 
 # TODO check both 5001 and 5002.
 # 5001 should have a readable gateway (part of the API)
@@ -80,47 +79,6 @@ test_expect_success "GET invalid path errors" '
   test_must_fail curl -sf "http://127.0.0.1:$port/12345"
 '
 
-test_expect_success "GET /webui returns code expected" '
-  test_curl_resp_http_code "http://127.0.0.1:$apiport/webui" "HTTP/1.1 302 Found" "HTTP/1.1 301 Moved Permanently"
-'
-
-test_expect_success "GET /webui/ returns code expected" '
-  test_curl_resp_http_code "http://127.0.0.1:$apiport/webui/" "HTTP/1.1 302 Found" "HTTP/1.1 301 Moved Permanently"
-'
-
-test_expect_success "GET /logs returns logs" '
-  test_expect_code 28 curl http://127.0.0.1:$apiport/logs -m1 > log_out
-'
-
-test_expect_success "log output looks good" '
-  grep "log API client connected" log_out
-'
-
-test_expect_success "GET /api/v0/version succeeds" '
-  curl -v "http://127.0.0.1:$apiport/api/v0/version" 2> version_out
-'
-
-test_expect_success "output only has one transfer encoding header" '
-  grep "Transfer-Encoding: chunked" version_out | wc -l | xargs echo > tecount_out &&
-  echo "1" > tecount_exp &&
-  test_cmp tecount_out tecount_exp
-'
-
-curl_pprofmutex() {
-  curl -f -X POST "http://127.0.0.1:$apiport/debug/pprof-mutex/?fraction=$1"
-}
-
-test_expect_success "set mutex fraction for pprof (negative so it doesn't enable)" '
-  curl_pprofmutex -1
-'
-
-test_expect_success "test failure conditions of mutex pprof endpoint" '
-  test_must_fail curl_pprofmutex &&
-    test_must_fail curl_pprofmutex that_is_string &&
-    test_must_fail curl -f -X GET "http://127.0.0.1:$apiport/debug/pprof-mutex/?fraction=-1"
-'
-
-
 test_expect_success "setup index hash" '
   mkdir index &&
   echo "<p></p>" > index/index.html &&
@@ -141,57 +99,6 @@ test_expect_success "HEAD 'index.html' has no content" '
   [ ! -s output ]
 '
 
-# test ipfs readonly api
-
-test_curl_gateway_api() {
-  curl -sfo actual "http://127.0.0.1:$port/api/v0/$1"
-}
-
-test_expect_success "get IPFS directory file through readonly API succeeds" '
-  test_curl_gateway_api "cat?arg=$HASH2/test"
-'
-
-test_expect_success "get IPFS directory file through readonly API output looks good" '
-  test_cmp dir/test actual
-'
-
-test_expect_success "refs IPFS directory file through readonly API succeeds" '
-  test_curl_gateway_api "refs?arg=$HASH2/test"
-'
-
-for cmd in add  \
-           block/put \
-           bootstrap \
-           config \
-           dht \
-           diag \
-           id \
-           mount \
-           name/publish \
-           object/put \
-           object/new \
-           object/patch \
-           pin \
-           ping \
-           repo \
-           stats \
-           swarm \
-           file \
-           update \
-           bitswap
-do
-  test_expect_success "test gateway api is sanitized: $cmd" '
-    test_curl_resp_http_code "http://127.0.0.1:$port/api/v0/$cmd" "HTTP/1.1 404 Not Found"
-  '
-done
-
-# This one is different. `local` will be interpreted as a path if the command isn't defined.
-test_expect_success "test gateway api is sanitized: refs/local" '
-    echo "Error: invalid '"'ipfs ref'"' path" > refs_local_expected &&
-    ! ipfs --api /ip4/127.0.0.1/tcp/$port refs local > refs_local_actual 2>&1 &&
-    test_cmp refs_local_expected refs_local_actual
-  '
-
 test_expect_success "create raw-leaves node" '
   echo "This is RAW!" > rfile &&
   echo "This is RAW!" | ipfs add --raw-leaves -q > rhash
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,5 +18,4 @@ func TestCommandTree(t *testing.T) { @@
     		}
     	}
     	printErrors(Root.DebugValidate())
-    	printErrors(RootRO.DebugValidate())
     }