[Bps-public-commit] SD branch, master, updated. 7a5545a8b8f3e0e1d1d78c62e906e9d7841a80f5

spang at bestpractical.com spang at bestpractical.com
Fri Aug 21 19:23:44 EDT 2009 

The branch, master has been updated
       via  7a5545a8b8f3e0e1d1d78c62e906e9d7841a80f5 (commit)
       via  28d0ac886eb3937cb8984699b85fd44cef9583e7 (commit)
      from  63979a4ec9204f4cf2adfabededcb78ecb03e0e3 (commit)

Summary of changes:
 lib/App/SD/CLI/Command/Help/Sync.pm |   16 ++++++------
 lib/App/SD/Server/Dispatcher.pm     |   43 +++++++++++++++++++++-------------
 2 files changed, 34 insertions(+), 25 deletions(-)

- Log -----------------------------------------------------------------
commit 28d0ac886eb3937cb8984699b85fd44cef9583e7
Author: Christine Spang <spang at bestpractical.com>
Date:   Sat Aug 22 00:16:25 2009 +0100

    For now, kill doc pointing out --writable option for server and reject
    all changes from non-localhost

diff --git a/lib/App/SD/CLI/Command/Help/Sync.pm b/lib/App/SD/CLI/Command/Help/Sync.pm
index 1327528..6b63972 100644
--- a/lib/App/SD/CLI/Command/Help/Sync.pm
+++ b/lib/App/SD/CLI/Command/Help/Sync.pm
@@ -35,14 +35,7 @@ print <<EOF
     ${cmd}server --port 9876
       Start an sd replica server on port 9876. This command will make your 
       replica browsable and pullable by anyone with remote access to your 
-      computer.
-
-    ${cmd}server --writable --port 9876
-    ${cmd}server -w -p 9876
-      Start an sd replica server on port 9876, with UNAUTHENTICATED,
-      PUBLIC WRITE ACCESS via HTTP POST.  This command will make your
-      replica modifiable, browsable and pullable by ANYONE with remote
-      access to your computer.
+      computer. Changes will only be accepted from the local machine.
 
 SD can sync to external systems as well as itself. Currently, there 
 are foreign replica types for:
@@ -111,6 +104,13 @@ EOF
 
 }
 
+    # ${cmd}server --writable --port 9876
+    # ${cmd}server -w -p 9876
+    #   Start an sd replica server on port 9876, with UNAUTHENTICATED,
+    #   PUBLIC WRITE ACCESS via HTTP POST.  This command will make your
+    #   replica modifiable, browsable and pullable by ANYONE with remote
+    #   access to your computer.
+
 __PACKAGE__->meta->make_immutable;
 no Any::Moose;
 
diff --git a/lib/App/SD/Server/Dispatcher.pm b/lib/App/SD/Server/Dispatcher.pm
index 2354620..0acecdb 100644
--- a/lib/App/SD/Server/Dispatcher.pm
+++ b/lib/App/SD/Server/Dispatcher.pm
@@ -53,6 +53,16 @@ on qr'.' => sub {
 
 
 under { method => 'POST' } => sub {
+    # reject edits from non-localhost
+    on qr'.' => sub {
+        my $self = shift;
+        if ( $self->server->cgi->remote_host() != '127.0.0.1' ) {
+            $self->server->_send_401;
+        }
+        else {
+            next_rule;
+        }
+    };
     on qr'^/ticket/([\w\d-]+)/edit$' => sub { shift->server->_send_redirect( to => '/ticket/' . $1 ); };
     on qr'^/(?!records)$' => sub { shift->server->_send_redirect( to => $1 ); };
 };

commit 7a5545a8b8f3e0e1d1d78c62e906e9d7841a80f5
Author: Christine Spang <spang at bestpractical.com>
Date:   Sat Aug 22 00:16:48 2009 +0100

    stab tabs.

diff --git a/lib/App/SD/Server/Dispatcher.pm b/lib/App/SD/Server/Dispatcher.pm
index 0acecdb..61494ae 100644
--- a/lib/App/SD/Server/Dispatcher.pm
+++ b/lib/App/SD/Server/Dispatcher.pm
@@ -88,23 +88,22 @@ under { method => 'GET' } => sub {
             }
         };
 
-        on 'new'                 => sub { shift->show_template('new_ticket') };
-        on qr'^([\w\d-]+)/?'    => sub {
-		my $self = shift;
-		my $id = $1;
-
-        my $ticket = App::SD::Model::Ticket->new(
-            app_handle => $self->server->app_handle,
-            handle     => $self->server->app_handle->handle
-        );
-        $ticket->load(($id =~ /^\d+$/ ? 'luid' : 'uuid') =>$id);
-			if (!$ticket->luid) {
-
-				$self->server->_send_404(); #redirect( to => "/error/ticket_does_not_exist");
-			}	else {
-				next_rule;
-				}
-		};
+        on 'new'             => sub { shift->show_template('new_ticket') };
+        on qr'^([\w\d-]+)/?' => sub {
+            my $self = shift;
+            my $id = $1;
+
+            my $ticket = App::SD::Model::Ticket->new(
+                app_handle => $self->server->app_handle,
+                handle     => $self->server->app_handle->handle
+            );
+            $ticket->load(($id =~ /^\d+$/ ? 'luid' : 'uuid') =>$id);
+            if (!$ticket->luid) {
+                $self->server->_send_404(); #redirect( to => "/error/ticket_does_not_exist");
+            } else {
+                next_rule;
+            }
+        };
         on qr'^([\w\d-]+)/?$'    => sub { shift->server->_send_redirect( to => "/ticket/$1/view" ) };
         on qr'^([\w\d-]+)/edit$' => sub { shift->show_template( 'edit_ticket', $1 ) };
         on qr'^([\w\d-]+)/history$' => sub { shift->show_template( 'show_ticket_history', $1 ) };

-----------------------------------------------------------------------

More information about the Bps-public-commit mailing list