add support for ip whitelist

author: manuel <manuel@mausz.at> 2013-12-26 13:13:59 +0100
committer: manuel <manuel@mausz.at> 2013-12-26 13:13:59 +0100
commit: 4c8a650943a0e619526937543a6e4a45e12d0427 (patch)
tree: b046ac0e89ac484e713e55cc00620f0e053e2b84
parent: 70d41a270bfd8cb96718cd6a46f6b04ced94eed7 (diff)
download: webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.tar.gz
webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.tar.bz2
webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.zip
2 files changed, 11 insertions, 2 deletions
diff --git a/python/webiopi/protocols/http.py b/python/webiopi/protocols/http.py
index aea6d82..00d811d 100644
--- a/python/webiopi/protocols/http.py
+++ b/python/webiopi/protocols/http.py
@@ -22,6 +22,7 @@ from webiopi.utils.version import VERSION_STRING, PYTHON_MAJOR
 from webiopi.utils.logger import info, exception
 from webiopi.utils.crypto import encrypt
 from webiopi.utils.types import str2bool
+from netaddr import IPNetwork, IPAddress
 if PYTHON_MAJOR >= 3:
    import http.server as BaseHTTPServer
@@ -36,7 +37,7 @@ except:
 WEBIOPI_DOCROOT = "/usr/share/webiopi/htdocs"
 class HTTPServer(BaseHTTPServer.HTTPServer, threading.Thread):
-    def __init__(self, host, port, handler, context, docroot, index, auth=None):
+    def __init__(self, host, port, handler, context, docroot, index, auth=None, allowfrom=[]):
        BaseHTTPServer.HTTPServer.__init__(self, ("", port), HTTPHandler)
        threading.Thread.__init__(self, name="HTTPThread")
        self.host = host
@@ -60,6 +61,7 @@ class HTTPServer(BaseHTTPServer.HTTPServer, threading.Thread):
            
        self.handler = handler
        self.auth = auth
+        self.allowfrom = allowfrom
        self.running = True
        self.start()
@@ -98,6 +100,10 @@ class HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        if self.server.auth == None or len(self.server.auth) == 0:
            return True
        
+        for cidr in self.server.allowfrom:
+            if IPAddress(self.client_address[0]) in IPNetwork(cidr):
+                return True
        authHeader = self.headers.get('Authorization')
        if authHeader == None:
            return False
diff --git a/python/webiopi/server/__init__.py b/python/webiopi/server/__init__.py
index 68fdbe6..11fe7d7 100644
--- a/python/webiopi/server/__init__.py
+++ b/python/webiopi/server/__init__.py
@@ -80,6 +80,7 @@ class Server():
        http_port = config.getint("HTTP", "port", port)
        http_enabled = config.getboolean("HTTP", "enabled", http_port > 0)
        http_passwdfile = config.get("HTTP", "passwd-file", passwdfile)
+        http_allowfrom = config.get("HTTP", "allow-from", None)
        context = config.get("HTTP", "context", None)
        docroot = config.get("HTTP", "doc-root", None)
        index = config.get("HTTP", "welcome-file", None)
@@ -112,8 +113,10 @@ class Server():
        if auth == None or len(auth) == 0:
            logger.warn("Access unprotected")
        
+        allowfrom = http_allowfrom.split(" ") if http_allowfrom != None else [ ]
        if http_enabled:
-            self.http_server = http.HTTPServer(self.host, http_port, self.restHandler, context, docroot, index, auth)
+            self.http_server = http.HTTPServer(self.host, http_port, self.restHandler, context, docroot, index, auth, allowfrom)
        else:
            self.http_server = None
author	manuel <manuel@mausz.at>	2013-12-26 13:13:59 +0100
committer	manuel <manuel@mausz.at>	2013-12-26 13:13:59 +0100
commit	4c8a650943a0e619526937543a6e4a45e12d0427 (patch)
tree	b046ac0e89ac484e713e55cc00620f0e053e2b84
parent	70d41a270bfd8cb96718cd6a46f6b04ced94eed7 (diff)
download	webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.tar.gz webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.tar.bz2 webiopi-4c8a650943a0e619526937543a6e4a45e12d0427.zip