From 18179c616ccf1187c4d87a24be467941194e3c5e Mon Sep 17 00:00:00 2001 From: Christian Hofstaedtler Date: Mon, 3 Mar 2014 20:18:44 +0100 Subject: [PATCH] Add api-readonly switch This disables all JSON-API-level changes to backend data. --- pdns/common_startup.cc | 1 + pdns/pdns.conf-dist | 5 +++++ pdns/ws-auth.cc | 10 +++++----- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 5cdcd5c6f6..a9a8c81006 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -65,6 +65,7 @@ void declareArguments() ::arg().set("retrieval-threads", "Number of AXFR-retrieval threads for slave operation")="2"; ::arg().setSwitch("experimental-json-interface", "If the webserver should serve JSON data")="no"; + ::arg().setSwitch("experimental-api-readonly", "If the JSON API should disallow data modification")="no"; ::arg().setCmd("help","Provide a helpful message"); ::arg().setCmd("version","Output version and compilation date"); diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist index 964dd0fb62..cb9dcfccc4 100644 --- a/pdns/pdns.conf-dist +++ b/pdns/pdns.conf-dist @@ -134,6 +134,11 @@ # # entropy-source=/dev/urandom +################################# +# experimental-api-readonly If the JSON API should disallow data modification +# +# experimental-api-readonly=no + ################################# # experimental-json-interface If the webserver should serve JSON data # diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 157952a834..c1261b21fe 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -370,7 +370,7 @@ static void apiServerZoneRRset(HttpRequest* req, HttpResponse* resp); static void apiServerZones(HttpRequest* req, HttpResponse* resp) { UeberBackend B; - if (req->method == "POST") { + if (req->method == "POST" && !::arg().mustDo("experimental-api-readonly")) { DomainInfo di; Document document; req->json(document); @@ -483,7 +483,7 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) { static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) { string zonename = apiZoneIdToName(req->path_parameters["id"]); - if(req->method == "PUT") { + if(req->method == "PUT" && !::arg().mustDo("experimental-api-readonly")) { // update domain settings UeberBackend B; DomainInfo di; @@ -507,7 +507,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) { fillZone(zonename, resp); return; } - else if(req->method == "DELETE") { + else if(req->method == "DELETE" && !::arg().mustDo("experimental-api-readonly")) { // delete domain UeberBackend B; DomainInfo di; @@ -520,7 +520,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) { // empty body on success resp->body = ""; return; - } else if (req->method == "PATCH") { + } else if (req->method == "PATCH" && !::arg().mustDo("experimental-api-readonly")) { apiServerZoneRRset(req, resp); return; } else if (req->method == "GET") { @@ -568,7 +568,7 @@ static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr) { } static void apiServerZoneRRset(HttpRequest* req, HttpResponse* resp) { - if(req->method != "PATCH") + if(req->method != "PATCH" || ::arg().mustDo("experimental-api-readonly")) throw HttpMethodNotAllowedException(); UeberBackend B; -- 2.47.2