diff --git a/README.md b/README.md index 67cc82e..7c319b5 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,8 @@ Usage of bin/request-baskets: Service mode: "public" - any visitor can create a new basket, "restricted" - baskets creation requires master token (default "public") -theme string CSS theme for web UI, supported values: standard, adaptive, flatly (default "standard") + -allowforward boolean + enable/disable forwarding of requests for all buckets (default "false") ``` ### Parameters @@ -128,6 +130,7 @@ List of command line parameters with corresponding ENVVAR for [docker container] * `-prefix` *URL path prefix* (`PATHPREFIX`) - allows to host API and web-UI of baskets service under a sub-path instead of domain ROOT * `-mode` *mode* (`MODE`) - defines service operation mode: `public` - when any visitor can create a new basket, or `restricted` - baskets creation requires master token * `-theme` *theme* (`THEME`) - CSS theme for web UI, supported values: `standard`, `adaptive`, `flatly` + * `-allowforward` *allow forward* (`ALLOWFORWARD`) - enable/disable forwarding of requests for all buckets ## Usage @@ -142,6 +145,7 @@ To view collected requests and manage basket: * Use [RESTful API](https://github.com/darklynx/request-baskets/blob/master/doc/rbaskets-openapi.yaml) exposed at `http://localhost:55555/api/baskets//...` It is possible to forward all incoming HTTP requests to arbitrary URL by configuring basket via web UI or RESTful API. +Because of https://github.com/darklynx/request-baskets/issues/91 forwarding is disabled by default. Forwarding can be enabled by setting allowforward commandline parameter to true. ### Bolt database diff --git a/config.go b/config.go index c769897..b60147e 100644 --- a/config.go +++ b/config.go @@ -21,6 +21,7 @@ const ( serviceName = "request-baskets" basketNamePattern = `^[\w\d\-_\.]{1,250}$` sourceCodeURL = "https://github.com/darklynx/request-baskets" + defaultAllowForward = false ) // ServerConfig describes server configuration. @@ -39,6 +40,7 @@ type ServerConfig struct { Mode string Theme string ThemeCSS template.HTML + AllowForward bool } type arrayFlags []string @@ -72,6 +74,7 @@ func CreateConfig() *ServerConfig { var theme = flag.String("theme", ThemeStandard, fmt.Sprintf( "CSS theme for web UI, supported values: %s, %s, %s", ThemeStandard, ThemeAdaptive, ThemeFlatly)) + var allowForward = flag.Bool("allowforward", defaultAllowForward, "Allow forwards for basket configs (default false)") var baskets arrayFlags flag.Var(&baskets, "basket", "Name of a basket to auto-create during service startup (can be specified multiple times)") @@ -97,7 +100,9 @@ func CreateConfig() *ServerConfig { PathPrefix: normalizePrefix(*prefix), Mode: *mode, Theme: *theme, - ThemeCSS: toThemeCSS(*theme)} + ThemeCSS: toThemeCSS(*theme), + AllowForward: *allowForward, + } } func normalizePrefix(prefix string) string { diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index edebeaa..187813e 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -54,6 +54,10 @@ if [ -n "$THEME" ]; then args="$args -theme $THEME" fi +if [ -n "$ALLOWFORWARD" ]; then + args="$args -allowforward $ALLOWFORWARD" +fi + cmd="/bin/rbaskets $args" echo "Executing: $cmd" exec $cmd diff --git a/handlers.go b/handlers.go index 281e4d9..f41d9e5 100644 --- a/handlers.go +++ b/handlers.go @@ -367,11 +367,12 @@ func ForwardToWeb(w http.ResponseWriter, r *http.Request, ps httprouter.Params) } type TemplateData struct { - Prefix string - Version *Version - ThemeCSS template.HTML - Basket string - Data interface{} + Prefix string + Version *Version + ThemeCSS template.HTML + Basket string + Data interface{} + AllowForward bool } // WebIndexPage handles HTTP request to render index page @@ -387,9 +388,9 @@ func WebBasketPage(w http.ResponseWriter, r *http.Request, ps httprouter.Params) case serviceOldAPIPath: // admin page to access all baskets w.Header().Set("Content-Type", "text/html; charset=utf-8") - basketsPageTemplate.Execute(w, TemplateData{Prefix: serverConfig.PathPrefix, Version: version, ThemeCSS: serverConfig.ThemeCSS}) + basketsPageTemplate.Execute(w, TemplateData{Prefix: serverConfig.PathPrefix, Version: version, ThemeCSS: serverConfig.ThemeCSS, AllowForward: serverConfig.AllowForward}) default: - basketPageTemplate.Execute(w, TemplateData{Prefix: serverConfig.PathPrefix, Version: version, ThemeCSS: serverConfig.ThemeCSS, Basket: name}) + basketPageTemplate.Execute(w, TemplateData{Prefix: serverConfig.PathPrefix, Version: version, ThemeCSS: serverConfig.ThemeCSS, Basket: name, AllowForward: serverConfig.AllowForward}) } } else { http.Error(w, "Basket name does not match pattern: "+validBasketName.String(), http.StatusBadRequest) @@ -407,7 +408,7 @@ func AcceptBasketRequests(w http.ResponseWriter, r *http.Request) { // forward request if configured and it's a first forwarding config := basket.Config() - if len(config.ForwardURL) > 0 && r.Header.Get(DoNotForwardHeader) != "1" { + if serverConfig.AllowForward && len(config.ForwardURL) > 0 && r.Header.Get(DoNotForwardHeader) != "1" { if config.ProxyResponse { forwardAndProxyResponse(w, request, config, name) return diff --git a/web_basket.html.go b/web_basket.html.go index 130c050..985ab52 100644 --- a/web_basket.html.go +++ b/web_basket.html.go @@ -697,7 +697,7 @@ const (
- +