From: Aki Tuomi <cmouse@cmouse.fi>
Date: Wed, 23 Aug 2023 12:57:46 +0000 (+0300)
Subject: ws-recursor.cc: Split apiServerConfigACL to GET and PUT variant
X-Git-Tag: auth-4.9.0-alpha1~42^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfb7a704d8a222d2af9ca0cdfecec26b3d927a67;p=thirdparty%2Fpdns.git

ws-recursor.cc: Split apiServerConfigACL to GET and PUT variant
---

diff --git a/pdns/recursordist/ws-recursor.cc b/pdns/recursordist/ws-recursor.cc
index feabb16dd0..41bcdd7702 100644
--- a/pdns/recursordist/ws-recursor.cc
+++ b/pdns/recursordist/ws-recursor.cc
@@ -86,91 +86,100 @@ static void apiWriteConfigFile(const string& filebasename, const string& content
   ofconf.close();
 }
 
-static void apiServerConfigACL(const std::string& aclType, HttpRequest* req, HttpResponse* resp)
+static void apiServerConfigACLGET(const std::string& aclType, HttpRequest* /* req */, HttpResponse* resp)
 {
-  if (req->method == "PUT") {
-    Json document = req->json();
+  // Return currently configured ACLs
+  vector<string> entries;
+  if (t_allowFrom && aclType == "allow-from") {
+    entries = t_allowFrom->toStringVector();
+  }
+  else if (t_allowNotifyFrom && aclType == "allow-notify-from") {
+    entries = t_allowNotifyFrom->toStringVector();
+  }
 
-    auto jlist = document["value"];
-    if (!jlist.is_array()) {
-      throw ApiException("'value' must be an array");
-    }
+  resp->setJsonBody(Json::object{
+    {"name", aclType},
+    {"value", entries},
+  });
+}
 
-    if (g_yamlSettings) {
-      ::rust::Vec<::rust::String> vec;
-      for (const auto& value : jlist.array_items()) {
-        vec.emplace_back(value.string_value());
-      }
+static void apiServerConfigACLPUT(const std::string& aclType, HttpRequest* req, HttpResponse* resp)
+{
+  const auto& document = req->json();
+
+  const auto& jlist = document["value"];
+
+  if (!jlist.is_array()) {
+    throw ApiException("'value' must be an array");
+  }
+
+  if (g_yamlSettings) {
+    ::rust::Vec<::rust::String> vec;
+    for (const auto& value : jlist.array_items()) {
+      vec.emplace_back(value.string_value());
+    }
 
+    try {
+      ::pdns::rust::settings::rec::validate_allow_from(aclType, vec);
+    }
+    catch (const ::rust::Error& e) {
+      throw ApiException(string("Unable to convert: ") + e.what());
+    }
+    ::rust::String yaml;
+    if (aclType == "allow-from") {
+      yaml = pdns::rust::settings::rec::allow_from_to_yaml_string_incoming("allow_from", "allow_from_file", vec);
+    }
+    else {
+      yaml = pdns::rust::settings::rec::allow_from_to_yaml_string_incoming("allow_notify_from", "allow_notify_from_file", vec);
+    }
+    apiWriteConfigFile(aclType, string(yaml));
+  }
+  else {
+    NetmaskGroup nmg;
+    for (const auto& value : jlist.array_items()) {
       try {
-        ::pdns::rust::settings::rec::validate_allow_from(aclType, vec);
-      }
-      catch (const ::rust::Error& e) {
-        throw ApiException(string("Unable to convert: ") + e.what());
+        nmg.addMask(value.string_value());
       }
-      ::rust::String yaml;
-      if (aclType == "allow-from") {
-        yaml = pdns::rust::settings::rec::allow_from_to_yaml_string_incoming("allow_from", "allow_from_file", vec);
-      }
-      else {
-        yaml = pdns::rust::settings::rec::allow_from_to_yaml_string_incoming("allow_notify_from", "allow_notify_from_file", vec);
+      catch (const NetmaskException& e) {
+        throw ApiException(e.reason);
       }
-      apiWriteConfigFile(aclType, string(yaml));
     }
-    else {
-      NetmaskGroup nmg;
-      for (const auto& value : jlist.array_items()) {
-        try {
-          nmg.addMask(value.string_value());
-        }
-        catch (const NetmaskException& e) {
-          throw ApiException(e.reason);
-        }
-      }
 
-      ostringstream strStream;
+    ostringstream strStream;
 
-      // Clear <foo>-from-file if set, so our changes take effect
-      strStream << aclType << "-file=" << endl;
+    // Clear <foo>-from-file if set, so our changes take effect
+    strStream << aclType << "-file=" << endl;
 
-      // Clear ACL setting, and provide a "parent" value
-      strStream << aclType << "=" << endl;
-      strStream << aclType << "+=" << nmg.toString() << endl;
+    // Clear ACL setting, and provide a "parent" value
+    strStream << aclType << "=" << endl;
+    strStream << aclType << "+=" << nmg.toString() << endl;
 
-      apiWriteConfigFile(aclType, strStream.str());
-    }
+    apiWriteConfigFile(aclType, strStream.str());
+  }
 
-    parseACLs();
+  parseACLs();
 
-    // fall through to GET
-  }
-  else if (req->method != "GET") {
-    throw HttpMethodNotAllowedException();
-  }
+  apiServerConfigACLGET(aclType, req, resp);
+}
 
-  // Return currently configured ACLs
-  vector<string> entries;
-  if (t_allowFrom && aclType == "allow-from") {
-    entries = t_allowFrom->toStringVector();
-  }
-  else if (t_allowNotifyFrom && aclType == "allow-notify-from") {
-    entries = t_allowNotifyFrom->toStringVector();
-  }
+static void apiServerConfigAllowFromGET(HttpRequest* req, HttpResponse* resp)
+{
+  apiServerConfigACLGET("allow-from", req, resp);
+}
 
-  resp->setJsonBody(Json::object{
-    {"name", aclType},
-    {"value", entries},
-  });
+static void apiServerConfigAllowNotifyFromGET(HttpRequest* req, HttpResponse* resp)
+{
+  apiServerConfigACLGET("allow-notify-from", req, resp);
 }
 
-static void apiServerConfigAllowFrom(HttpRequest* req, HttpResponse* resp)
+static void apiServerConfigAllowFromPUT(HttpRequest* req, HttpResponse* resp)
 {
-  apiServerConfigACL("allow-from", req, resp);
+  apiServerConfigACLPUT("allow-from", req, resp);
 }
 
-static void apiServerConfigAllowNotifyFrom(HttpRequest* req, HttpResponse* resp)
+static void apiServerConfigAllowNotifyFromPUT(HttpRequest* req, HttpResponse* resp)
 {
-  apiServerConfigACL("allow-notify-from", req, resp);
+  apiServerConfigACLPUT("allow-notify-from", req, resp);
 }
 
 static void fillZone(const DNSName& zonename, HttpResponse* resp)
@@ -1305,10 +1314,10 @@ RecursorWebServer::RecursorWebServer(FDMultiplexer* fdm)
   d_ws->registerApiHandler(
     "/jsonstat", [](HttpRequest* req, HttpResponse* resp) { jsonstat(req, resp); }, "GET", true);
   d_ws->registerApiHandler("/api/v1/servers/localhost/cache/flush", apiServerCacheFlush, "PUT");
-  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-from", apiServerConfigAllowFrom, "PUT");
-  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-from", apiServerConfigAllowFrom, "GET");
-  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-notify-from", apiServerConfigAllowNotifyFrom, "GET");
-  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-notify-from", apiServerConfigAllowNotifyFrom, "PUT");
+  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-from", apiServerConfigAllowFromPUT, "PUT");
+  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-from", apiServerConfigAllowFromGET, "GET");
+  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-notify-from", apiServerConfigAllowNotifyFromGET, "GET");
+  d_ws->registerApiHandler("/api/v1/servers/localhost/config/allow-notify-from", apiServerConfigAllowNotifyFromPUT, "PUT");
   d_ws->registerApiHandler("/api/v1/servers/localhost/config", apiServerConfig, "GET");
   d_ws->registerApiHandler("/api/v1/servers/localhost/rpzstatistics", apiServerRPZStats, "GET");
   d_ws->registerApiHandler("/api/v1/servers/localhost/search-data", apiServerSearchData, "GET");