From b8d1698865afc7790e1a11105f73f8501972499b Mon Sep 17 00:00:00 2001 From: Simon Michael Date: Mon, 21 Nov 2016 08:01:06 -0800 Subject: [PATCH] api: serve on 127.0.0.1 by default, add --host (fixes #432) Consistent with hledger-web now: serves only local requests by default, uses --host to change this. --- hledger-api/doc/hledger-api.1 | 9 ++++--- hledger-api/doc/hledger-api.1.info | 14 +++++----- hledger-api/doc/hledger-api.1.m4.md | 9 ++++--- hledger-api/doc/hledger-api.1.txt | 10 ++++--- hledger-api/hledger-api.hs | 42 +++++++++++++++++------------ hledger-web/doc/hledger-web.1 | 5 ++-- hledger-web/doc/hledger-web.1.info | 9 ++++--- hledger-web/doc/hledger-web.1.txt | 6 ++--- 8 files changed, 61 insertions(+), 43 deletions(-) diff --git a/hledger-api/doc/hledger-api.1 b/hledger-api/doc/hledger-api.1 index 4bc9b9f47..f6491594f 100644 --- a/hledger-api/doc/hledger-api.1 +++ b/hledger-api/doc/hledger-api.1 @@ -35,11 +35,14 @@ timeclock, timedot, or CSV format specified with \f[C]\-f\f[], or perhaps \f[C]C:/Users/USER/.hledger.journal\f[]). For more about this see hledger(1), hledger_journal(5) etc. .PP -The server listens on port 8001, or another specified with -\f[C]\-p\ PORT\f[]. -Note there is no built\-in access control, so you will need to hide +The server listens on IP address 127.0.0.1, accessible only to local +requests, by default. +You can change this with \f[C]\-\-host\f[], eg +\f[C]\-\-host\ 0.0.0.0\f[] to listen on all addresses. +Note there is no other access control, so you will need to hide hledger\-api behind an authenticating proxy if you want to restrict access. +You can change the TCP port (default: 8001) with \f[C]\-p\ PORT\f[]. .PP If invoked as \f[C]hledger\-api\ \-\-swagger\f[], instead of starting a server the API docs will be printed in Swagger 2.0 format. diff --git a/hledger-api/doc/hledger-api.1.info b/hledger-api/doc/hledger-api.1.info index d4f1b509c..bd62372b7 100644 --- a/hledger-api/doc/hledger-api.1.info +++ b/hledger-api/doc/hledger-api.1.info @@ -17,10 +17,12 @@ journal, timeclock, timedot, or CSV format specified with `-f', or `C:/Users/USER/.hledger.journal'). For more about this see hledger(1), hledger_journal(5) etc. - The server listens on port 8001, or another specified with `-p -PORT'. Note there is no built-in access control, so you will need to -hide hledger-api behind an authenticating proxy if you want to restrict -access. + The server listens on IP address 127.0.0.1, accessible only to local +requests, by default. You can change this with `--host', eg `--host +0.0.0.0' to listen on all addresses. Note there is no other access +control, so you will need to hide hledger-api behind an authenticating +proxy if you want to restrict access. You can change the TCP port +(default: 8001) with `-p PORT'. If invoked as `hledger-api --swagger', instead of starting a server the API docs will be printed in Swagger 2.0 format. @@ -84,7 +86,7 @@ before options as shown above.  Tag Table: Node: Top90 -Node: OPTIONS1055 -Ref: #options1142 +Node: OPTIONS1216 +Ref: #options1303  End Tag Table diff --git a/hledger-api/doc/hledger-api.1.m4.md b/hledger-api/doc/hledger-api.1.m4.md index da14e6174..cbdad5275 100644 --- a/hledger-api/doc/hledger-api.1.m4.md +++ b/hledger-api/doc/hledger-api.1.m4.md @@ -30,10 +30,11 @@ of simple client-side app examples, which drive its evolution. Like hledger, it reads _files_ For more about this see hledger(1), hledger_journal(5) etc. -The server listens on port 8001, or another specified with `-p PORT`. -Note there is no built-in access control, so you will need to hide -hledger-api behind an authenticating proxy if you want to restrict -access. +The server listens on IP address 127.0.0.1, accessible only to local requests, by default. +You can change this with `--host`, eg `--host 0.0.0.0` to listen on all addresses. +Note there is no other access control, so you will need to hide +hledger-api behind an authenticating proxy if you want to restrict access. +You can change the TCP port (default: 8001) with `-p PORT`. If invoked as `hledger-api --swagger`, instead of starting a server the API docs will be printed in Swagger 2.0 format. diff --git a/hledger-api/doc/hledger-api.1.txt b/hledger-api/doc/hledger-api.1.txt index cf4801c26..f0125ccee 100644 --- a/hledger-api/doc/hledger-api.1.txt +++ b/hledger-api/doc/hledger-api.1.txt @@ -27,10 +27,12 @@ DESCRIPTION C:/Users/USER/.hledger.journal). For more about this see hledger(1), hledger_journal(5) etc. - The server listens on port 8001, or another specified with -p PORT. - Note there is no built-in access control, so you will need to hide - hledger-api behind an authenticating proxy if you want to restrict - access. + The server listens on IP address 127.0.0.1, accessible only to local + requests, by default. You can change this with --host, eg + --host 0.0.0.0 to listen on all addresses. Note there is no other + access control, so you will need to hide hledger-api behind an authen- + ticating proxy if you want to restrict access. You can change the TCP + port (default: 8001) with -p PORT. If invoked as hledger-api --swagger, instead of starting a server the API docs will be printed in Swagger 2.0 format. diff --git a/hledger-api/hledger-api.hs b/hledger-api/hledger-api.hs index e613c825e..9f8a5207e 100644 --- a/hledger-api/hledger-api.hs +++ b/hledger-api/hledger-api.hs @@ -18,6 +18,7 @@ import qualified Data.ByteString.Lazy.Char8 as BL8 import Data.Decimal import qualified Data.Map as M import Data.Proxy +import Data.String (fromString) import Data.Swagger import Data.Text hiding (map,reverse) import Network.Wai as Wai @@ -52,16 +53,17 @@ Usage: hledger-api -h|--help|--info Options: - -f --file FILE use a different input file - (default: $LEDGER_FILE or ~/.hledger.journal) - -d --static-dir DIR serve files from a different directory - (default: .) - -p --port PORT use a different TCP port (default: 8001) - --version show version - -h show usage - --help show manual - --man show manual with man - --info show manual with info + -f --file FILE use a different input file + (default: $LEDGER_FILE or ~/.hledger.journal) + -d --static-dir DIR serve files from a different directory + (default: .) + --host IPADDR listen on this IP address (default: 127.0.0.1) + -p --port PORT listen on this TCP port (default: 8001) + --version show version + -h show usage + --help show manual + --man show manual with man + --info show manual with info |] swaggerSpec :: Swagger @@ -80,7 +82,10 @@ main = do when (isPresent args (longOption "info")) $ runInfoForTopic "api" >> exitSuccess when (isPresent args (longOption "version")) $ putStrLn hledgerApiVersion >> exitSuccess when (isPresent args (longOption "swagger")) $ BL8.putStrLn (encode swaggerSpec) >> exitSuccess - let defp = "8001" + let + defh = "127.0.0.1" + h = getArgWithDefault args defh (longOption "host") + defp = "8001" p <- case readMay $ getArgWithDefault args defp (longOption "port") of Nothing -> exitWithUsage doc Just n -> return n @@ -90,14 +95,17 @@ main = do let defd = "." d = getArgWithDefault args defd (longOption "static-dir") - readJournalFile Nothing Nothing True f >>= either error' (serveApi p d f) + readJournalFile Nothing Nothing True f >>= either error' (serveApi h p d f) -serveApi :: Int -> FilePath -> FilePath -> Journal -> IO () -serveApi p d f j = do - printf "Starting web api http://localhost:%d/api/v1 for %s\n" p f - printf "and file server http://localhost:%d for %s/\n" p d +serveApi :: String -> Int -> FilePath -> FilePath -> Journal -> IO () +serveApi h p d f j = do + printf "Starting web api http://%s:%d/api/v1 for %s\n" h p f + printf "and file server http://%s:%d for %s/\n" h p d printf "Press ctrl-c to quit\n" - Warp.run p $ + let warpsettings = defaultSettings + & setHost (fromString h) + & setPort p + Warp.runSettings warpsettings $ logStdout $ hledgerApiApp d j diff --git a/hledger-web/doc/hledger-web.1 b/hledger-web/doc/hledger-web.1 index 4883a63fa..991c56931 100644 --- a/hledger-web/doc/hledger-web.1 +++ b/hledger-web/doc/hledger-web.1 @@ -71,10 +71,11 @@ Similarly, use \f[C]\-\-port\f[] to set a TCP port other than 5000, eg if you are running multiple hledger\-web instances. .PP You can use \f[C]\-\-base\-url\f[] to change the protocol, hostname, -port and path that appear in hyperlinks, useful for integrating +port and path that appear in hyperlinks, useful eg for integrating hledger\-web within a larger website. The default is \f[C]http://HOST:PORT/\f[] using the server\[aq]s -configured host address and TCP port. +configured host address and TCP port (or \f[C]http://HOST\f[] if PORT is +80). .PP With \f[C]\-\-file\-url\f[] you can set a different base url for static files, eg for better caching or cookie\-less serving on high performance diff --git a/hledger-web/doc/hledger-web.1.info b/hledger-web/doc/hledger-web.1.info index 41f6dbd24..8d37c388e 100644 --- a/hledger-web/doc/hledger-web.1.info +++ b/hledger-web/doc/hledger-web.1.info @@ -49,9 +49,10 @@ only to local requests. You can use `--host' to change this, eg `--host are running multiple hledger-web instances. You can use `--base-url' to change the protocol, hostname, port and -path that appear in hyperlinks, useful for integrating hledger-web +path that appear in hyperlinks, useful eg for integrating hledger-web within a larger website. The default is `http://HOST:PORT/' using the -server's configured host address and TCP port. +server's configured host address and TCP port (or `http://HOST' if PORT +is 80). With `--file-url' you can set a different base url for static files, eg for better caching or cookie-less serving on high performance @@ -202,7 +203,7 @@ before options as shown above.  Tag Table: Node: Top90 -Node: OPTIONS3307 -Ref: #options3394 +Node: OPTIONS3343 +Ref: #options3430  End Tag Table diff --git a/hledger-web/doc/hledger-web.1.txt b/hledger-web/doc/hledger-web.1.txt index e8ae255ce..d1a75f8c8 100644 --- a/hledger-web/doc/hledger-web.1.txt +++ b/hledger-web/doc/hledger-web.1.txt @@ -59,9 +59,9 @@ DESCRIPTION running multiple hledger-web instances. You can use --base-url to change the protocol, hostname, port and path - that appear in hyperlinks, useful for integrating hledger-web within a - larger website. The default is http://HOST:PORT/ using the server's - configured host address and TCP port. + that appear in hyperlinks, useful eg for integrating hledger-web within + a larger website. The default is http://HOST:PORT/ using the server's + configured host address and TCP port (or http://HOST if PORT is 80). With --file-url you can set a different base url for static files, eg for better caching or cookie-less serving on high performance websites.