From 0735035ab6d2951f6c032c1cdd425c20c5efcf3e Mon Sep 17 00:00:00 2001 From: Andrew McIntosh Date: Tue, 4 Aug 2020 09:40:22 -0400 Subject: [PATCH] Move remote termination behind flag Probably don't want to add the ability to remotely shutdown the proxy to be accessible unless desired and in a safe environment, so moving behind a flag. Also updated the README with latest usage. See Issue #77 --- CONTRIBUTORS.md | 1 + README.md | 16 +++++++++ aws-es-proxy.go | 93 ++++++++++++++++++++++++++----------------------- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 2b9b1440..5c20dca4 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -24,4 +24,5 @@ https://github.com/diranged https://github.com/em0ney https://github.com/zqben402 https://github.com/dlackty +https://github.com/amcintosh diff --git a/README.md b/README.md index 2cd4ed03..8e09bf53 100644 --- a/README.md +++ b/README.md @@ -124,6 +124,10 @@ For a full list of available options, use `-h`: ```sh ./aws-es-proxy -h Usage of ./aws-es-proxy: + -auth + Require HTTP Basic Auth + -debug + Print debug messages -endpoint string Amazon ElasticSearch Endpoint (e.g: https://dummy-host.eu-west-1.es.amazonaws.com) -listen string @@ -132,10 +136,22 @@ Usage of ./aws-es-proxy: Log user requests and ElasticSearch responses to files -no-sign-reqs Disable AWS Signature v4 + -password string + HTTP Basic Auth Password -pretty Prettify verbose and file output + -realm string + Authentication Required + -remote-terminate + Allow HTTP remote termination + -timeout int + Set a request timeout to ES. Specify in seconds, defaults to 15 (default 15) + -username string + HTTP Basic Auth Username -verbose Print user requests + -version + Print aws-es-proxy version ``` diff --git a/aws-es-proxy.go b/aws-es-proxy.go index 289914e8..4b3e0ad4 100644 --- a/aws-es-proxy.go +++ b/aws-es-proxy.go @@ -69,23 +69,24 @@ type responseStruct struct { } type proxy struct { - scheme string - host string - region string - service string - endpoint string - verbose bool - prettify bool - logtofile bool - nosignreq bool - fileRequest *os.File - fileResponse *os.File - credentials *credentials.Credentials - httpClient *http.Client - auth bool - username string - password string - realm string + scheme string + host string + region string + service string + endpoint string + verbose bool + prettify bool + logtofile bool + nosignreq bool + fileRequest *os.File + fileResponse *os.File + credentials *credentials.Credentials + httpClient *http.Client + auth bool + username string + password string + realm string + remoteTerminate bool } func newProxy(args ...interface{}) *proxy { @@ -100,16 +101,17 @@ func newProxy(args ...interface{}) *proxy { } return &proxy{ - endpoint: args[0].(string), - verbose: args[1].(bool), - prettify: args[2].(bool), - logtofile: args[3].(bool), - nosignreq: args[4].(bool), - httpClient: &client, - auth: args[6].(bool), - username: args[7].(string), - password: args[8].(string), - realm: args[9].(string), + endpoint: args[0].(string), + verbose: args[1].(bool), + prettify: args[2].(bool), + logtofile: args[3].(bool), + nosignreq: args[4].(bool), + httpClient: &client, + auth: args[6].(bool), + username: args[7].(string), + password: args[8].(string), + realm: args[9].(string), + remoteTerminate: args[10].(bool), } } @@ -210,7 +212,7 @@ func (p *proxy) getSigner() *v4.Signer { } func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/terminate-proxy" && r.Method == http.MethodPost { + if p.remoteTerminate && r.URL.Path == "/terminate-proxy" && r.Method == http.MethodPost { logrus.Infoln("Terminate Signal") os.Exit(0) } @@ -424,22 +426,23 @@ func copyHeaders(dst, src http.Header) { func main() { var ( - debug bool - auth bool - username string - password string - realm string - verbose bool - prettify bool - logtofile bool - nosignreq bool - ver bool - endpoint string - listenAddress string - fileRequest *os.File - fileResponse *os.File - err error - timeout int + debug bool + auth bool + username string + password string + realm string + verbose bool + prettify bool + logtofile bool + nosignreq bool + ver bool + endpoint string + listenAddress string + fileRequest *os.File + fileResponse *os.File + err error + timeout int + remoteTerminate bool ) flag.StringVar(&endpoint, "endpoint", "", "Amazon ElasticSearch Endpoint (e.g: https://dummy-host.eu-west-1.es.amazonaws.com)") @@ -455,6 +458,7 @@ func main() { flag.StringVar(&username, "username", "", "HTTP Basic Auth Username") flag.StringVar(&password, "password", "", "HTTP Basic Auth Password") flag.StringVar(&realm, "realm", "", "Authentication Required") + flag.BoolVar(&remoteTerminate, "remote-terminate", false, "Allow HTTP remote termination") flag.Parse() if endpoint == "" { @@ -500,6 +504,7 @@ func main() { username, password, realm, + remoteTerminate, ) if err = p.parseEndpoint(); err != nil {