diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-29 19:11:51 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-29 19:11:51 -0400 |
commit | aead2b77331482ca3af2ea386de00e41c50f7c12 (patch) | |
tree | 2dd818c3371d045e123917a4eb82c0baeb4cf563 | |
parent | 7ad3536737f30bbd328a4d37f78a72f9600fb4b8 (diff) | |
download | keysafe-aead2b77331482ca3af2ea386de00e41c50f7c12.tar.gz |
make server default to only listening to localhost
This way, the tor hidden service using it will be the only way it's
exposed.
-rw-r--r-- | CmdLine.hs | 32 | ||||
-rw-r--r-- | HTTP/Server.hs | 10 | ||||
-rw-r--r-- | keysafe.hs | 6 |
3 files changed, 37 insertions, 11 deletions
@@ -20,11 +20,17 @@ data CmdLine = CmdLine , gui :: Bool , testMode :: Bool , customShareParams :: Maybe ShareParams + , serverConfig :: ServerConfig } -data Mode = Backup | Restore | UploadQueued | Server Port | Benchmark +data Mode = Backup | Restore | UploadQueued | Server | Benchmark deriving (Show) +data ServerConfig = ServerConfig + { serverPort :: Port + , serverAddress :: String + } + parse :: Parser CmdLine parse = CmdLine <$> optional (backup <|> restore <|> uploadqueued <|> server <|> benchmark) @@ -33,6 +39,7 @@ parse = CmdLine <*> guiswitch <*> testmodeswitch <*> optional (ShareParams <$> totalobjects <*> neededobjects) + <*> serverconfig where backup = flag' Backup ( long "backup" @@ -46,9 +53,8 @@ parse = CmdLine ( long "uploadqueued" <> help "Upload any data to servers that was queued by a previous --backup run." ) - server = Server <$> option auto + server = flag' Server ( long "server" - <> metavar "PORT" <> help "Run as a keysafe server, accepting objects and storing them to ~/.keysafe/objects/local/" ) benchmark = flag' Benchmark @@ -80,14 +86,28 @@ parse = CmdLine totalobjects = option auto ( long "totalshares" <> metavar "M" - <> help ("Configure the number of shares to split encrypted secret key into. Default: " ++ show (totalObjects (shareParams defaultTunables)) ++ " (When this option is used to back up a key, it must also be provided at restore time.)") + <> help ("Configure the number of shares to split encrypted secret key into. (default: " ++ show (totalObjects (shareParams defaultTunables)) ++ ") (When this option is used to back up a key, it must also be provided at restore time.)") ) neededobjects = option auto ( long "neededshares" <> metavar "N" - <> help ("Configure the number of shares needed to restore. Default: " ++ show (neededObjects (shareParams defaultTunables)) ++ " (When this option is used to back up a key, it must also be provided at restore time.)") + <> help ("Configure the number of shares needed to restore. (default: " ++ show (neededObjects (shareParams defaultTunables)) ++ ") (When this option is used to back up a key, it must also be provided at restore time.)") ) - + serverconfig = ServerConfig + <$> option auto + ( long "port" + <> metavar "P" + <> value 80 + <> showDefault + <> help "Port for server to listen on." + ) + <*> option str + ( long "address" + <> metavar "A" + <> value "127.0.0.1" + <> showDefault + <> help "Address for server to bind to." + ) get :: IO CmdLine get = execParser opts where diff --git a/HTTP/Server.hs b/HTTP/Server.hs index f599c31..fa2e8da 100644 --- a/HTTP/Server.hs +++ b/HTTP/Server.hs @@ -19,6 +19,7 @@ import Network.Wai.Handler.Warp import Control.Monad.IO.Class import Control.Concurrent import Control.Concurrent.STM +import Data.String import qualified Data.ByteString as B data ServerState = ServerState @@ -29,11 +30,14 @@ newServerState :: IO ServerState newServerState = ServerState <$> newEmptyTMVarIO -runServer :: Port -> IO () -runServer port = do +runServer :: String -> Port -> IO () +runServer bindaddress port = do st <- newServerState _ <- forkIO $ obscurerThread st - run port (app st) + runSettings settings (app st) + where + settings = setHost host $ setPort port $ defaultSettings + host = fromString bindaddress serverStorage :: Storage serverStorage = localStorage "server" @@ -63,8 +63,10 @@ dispatch cmdline ui storagelocations tunables possibletunables = do restore storagelocations ui possibletunables Gpg.anyKey go CmdLine.UploadQueued _ = uploadQueued - go (CmdLine.Server port) _ = - runServer port + go (CmdLine.Server) _ = + runServer + (CmdLine.serverAddress $ CmdLine.serverConfig cmdline) + (CmdLine.serverPort $ CmdLine.serverConfig cmdline) go CmdLine.Benchmark _ = benchmarkTunables tunables |