diff --git a/config/config.go b/config/config.go index 15982e4..bf7310d 100644 --- a/config/config.go +++ b/config/config.go @@ -23,6 +23,7 @@ type Config struct { Token string WhiteList map[string]bool DB string + LocalAuth bool } func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) { @@ -51,6 +52,7 @@ func Parse(c *cli.Context) *Config { SslCacert: c.String("ssl-cacert"), Token: c.String("token"), DB: c.String("db"), + LocalAuth: c.Bool("local-auth"), } cfg.WhiteList = make(map[string]bool) diff --git a/http.go b/http.go index 716ee47..793941f 100644 --- a/http.go +++ b/http.go @@ -67,10 +67,12 @@ func authorizedDev(devid string, cfg *config.Config) bool { return ok } -func httpAuth(c *gin.Context) bool { - addr, _ := net.ResolveTCPAddr("tcp", c.Request.RemoteAddr) - if addr.IP.IsLoopback() { - return true +func httpAuth(cfg *config.Config, c *gin.Context) bool { + if !cfg.LocalAuth { + addr, _ := net.ResolveTCPAddr("tcp", c.Request.RemoteAddr) + if addr.IP.IsLoopback() { + return true + } } cookie, err := c.Cookie("sid") @@ -98,7 +100,7 @@ func httpStart(br *broker) { return } - if !httpAuth(c) { + if !httpAuth(cfg, c) { c.AbortWithStatus(http.StatusUnauthorized) } }) @@ -193,7 +195,7 @@ func httpStart(br *broker) { }) r.GET("/authorized/:devid", func(c *gin.Context) { - authorized := authorizedDev(c.Param("devid"), cfg) || httpAuth(c) + authorized := authorizedDev(c.Param("devid"), cfg) || httpAuth(cfg, c) c.JSON(http.StatusOK, gin.H{ "authorized": authorized, }) @@ -225,7 +227,7 @@ func httpStart(br *broker) { }) r.GET("/alive", func(c *gin.Context) { - if !httpAuth(c) { + if !httpAuth(cfg, c) { c.AbortWithStatus(http.StatusUnauthorized) } else { c.Status(http.StatusOK) diff --git a/main.go b/main.go index 17b5d12..66b5c84 100644 --- a/main.go +++ b/main.go @@ -147,6 +147,10 @@ func main() { Value: "rttys.db", Usage: "sqlite3 database path", }, + &cli.BoolFlag{ + Name: "local-auth", + Usage: "need auth for local", + }, }, Action: func(c *cli.Context) error { runRttys(c)