...

Source file src/go.etcd.io/etcd/server/v3/etcdserver/server_access_control.go

Documentation: go.etcd.io/etcd/server/v3/etcdserver 

     1  // Copyright 2018 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package etcdserver
    16  
    17  import "sync"
    18  
    19  // AccessController controls etcd server HTTP request access.
    20  type AccessController struct {
    21  	corsMu          sync.RWMutex
    22  	CORS            map[string]struct{}
    23  	hostWhitelistMu sync.RWMutex
    24  	HostWhitelist   map[string]struct{}
    25  }
    26  
    27  // NewAccessController returns a new "AccessController" with default "*" values.
    28  func NewAccessController() *AccessController {
    29  	return &AccessController{
    30  		CORS:          map[string]struct{}{"*": {}},
    31  		HostWhitelist: map[string]struct{}{"*": {}},
    32  	}
    33  }
    34  
    35  // OriginAllowed determines whether the server will allow a given CORS origin.
    36  // If CORS is empty, allow all.
    37  func (ac *AccessController) OriginAllowed(origin string) bool {
    38  	ac.corsMu.RLock()
    39  	defer ac.corsMu.RUnlock()
    40  	if len(ac.CORS) == 0 { // allow all
    41  		return true
    42  	}
    43  	_, ok := ac.CORS["*"]
    44  	if ok {
    45  		return true
    46  	}
    47  	_, ok = ac.CORS[origin]
    48  	return ok
    49  }
    50  
    51  // IsHostWhitelisted returns true if the host is whitelisted.
    52  // If whitelist is empty, allow all.
    53  func (ac *AccessController) IsHostWhitelisted(host string) bool {
    54  	ac.hostWhitelistMu.RLock()
    55  	defer ac.hostWhitelistMu.RUnlock()
    56  	if len(ac.HostWhitelist) == 0 { // allow all
    57  		return true
    58  	}
    59  	_, ok := ac.HostWhitelist["*"]
    60  	if ok {
    61  		return true
    62  	}
    63  	_, ok = ac.HostWhitelist[host]
    64  	return ok
    65  }
    66  

View as plain text