You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/16 08:29:34 UTC

[GitHub] [apisix-dashboard] tokers commented on a change in pull request #1894: fix: restrict host and path of debugging URL

tokers commented on a change in pull request #1894:
URL: https://github.com/apache/apisix-dashboard/pull/1894#discussion_r633060998



##########
File path: api/conf/conf.yaml
##########
@@ -59,6 +59,9 @@ conf:
                          # log example: 2020-12-09T16:38:09.039+0800	INFO	filter/logging.go:46	/apisix/admin/routes/r1	{"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
   max_cpu: 0             # supports tweaking with the number of OS threads are going to be used for parallelism. Default value: 0 [will use max number of available cpu cores considering hyperthreading (if any)]. If the value is negative, is will not touch the existing parallelism profile.
 
+  gateways:              # host list of APISIX gateway, currently only used as a list of debuggable hosts

Review comment:
       Better to add big hints for users to be careful about this field.

##########
File path: api/internal/handler/route_online_debug/route_online_debug.go
##########
@@ -92,12 +108,60 @@ func (h *Handler) DebugRequestForwarding(c droplet.Context) (interface{}, error)
 type HTTPProtocolSupport struct {
 }
 
+func checkHost(host string) error {
+	if len(conf.Gateways) < 1 {
+		return errors.New("host list of APISIX gateways not configured")
+	}
+	for _, gatewayHost := range conf.Gateways {
+		if host == gatewayHost {
+			return nil
+		}
+	}
+
+	return errors.New("doesn't match any host of APISIX gateways")

Review comment:
       ```suggestion
   	return errors.New("host denied")
   ```

##########
File path: api/internal/handler/route_online_debug/route_online_debug.go
##########
@@ -92,12 +108,60 @@ func (h *Handler) DebugRequestForwarding(c droplet.Context) (interface{}, error)
 type HTTPProtocolSupport struct {
 }
 
+func checkHost(host string) error {

Review comment:
       Return a boolean value is better.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org