diff options
| author | Aaron LI <aaronly.me@outlook.com> | 2016-11-08 19:14:34 +0800 |
|---|---|---|
| committer | Aaron LI <aaronly.me@outlook.com> | 2016-11-08 19:14:34 +0800 |
| commit | 6ed92c4c5f85bc6975497af868210af072a18168 (patch) | |
| tree | 5a12cc28ecbb529f9b184e9f8a196ef42f9df1fe /fg21sim/webui/websocket.py | |
| parent | fca4b4700a12b26c623f0dfd5f83e7342567bb10 (diff) | |
| download | fg21sim-6ed92c4c5f85bc6975497af868210af072a18168.tar.bz2 | |
webui: Add support of controlling the allowed hosts
Diffstat (limited to 'fg21sim/webui/websocket.py')
| -rw-r--r-- | fg21sim/webui/websocket.py | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/fg21sim/webui/websocket.py b/fg21sim/webui/websocket.py index 8c2f427..fffc19c 100644 --- a/fg21sim/webui/websocket.py +++ b/fg21sim/webui/websocket.py @@ -22,10 +22,11 @@ import json import logging import tornado.websocket +from tornado.options import options from ..configs import ConfigManager from ..errors import ConfigError -from .utils import get_host_ip +from .utils import get_host_ip, ip_in_network logger = logging.getLogger(__name__) @@ -73,22 +74,32 @@ class FG21simWSHandler(tornado.websocket.WebSocketHandler): Currently, only allow access from the ``localhost`` (i.e., 127.0.0.1) and local LAN. """ + self.from_localhost = False logger.info("WebSocket: {0}: origin: {1}".format(self.name, origin)) ip = get_host_ip(url=origin) + network = options.hosts_allowed if ip == "127.0.0.1": self.from_localhost = True + allow = True logger.info("WebSocket: %s: origin is localhost" % self.name) - return True + elif network.upper() == "ANY": + # Any hosts are allowed + allow = True + logger.error("WebSocket: %s: any hosts are allowed" % self.name) + elif ip_in_network(ip, network): + allow = True + logger.error("WebSocket: %s: " % self.name + + "client is in the allowed network: %s" % network) else: - self.from_localhost = False - # FIXME/TODO: check whether from local LAN (or in same subnet)?? + allow = False logger.error("WebSocket: %s: " % self.name + - "ONLY allow access from localhost at the moment :(") - return False + "client is NOT in the allowed network: %s" % network) + return allow def open(self): """Invoked when a new WebSocket is opened by the client.""" - logger.info("WebSocket: %s: opened" % self.name) + logger.info("WebSocket: {0}: opened".format(self.name)) + logger.info("Allowed hosts: {0}".format(options.hosts_allowed)) def on_close(self): """Invoked when a new WebSocket is closed by the client.""" |