mirror of
https://github.com/Tecnativa/docker-socket-proxy
synced 2024-12-22 14:48:08 +00:00
7275202d5e
The original code will not allow write access (set via the POST var) to endpoints to which read access is not provided. Before this fix, verify_access would allow write-only access to all endpoints if the POST var was set regardless of read access.
13 lines
570 B
Lua
13 lines
570 B
Lua
core.register_fetches("verify_access", function(txn, api)
|
|
-- env(api) check is kept for backwards compatibility
|
|
local read_allowed = txn.f:env(api) == "1" or txn.f:env(api .. "_READ") == "1"
|
|
-- env(POST) check is kept for backwards compatibility
|
|
local write_allowed = txn.f:env(api .. "_WRITE") == "1" or (read_allowed and txn.f:env("POST") == "1")
|
|
local method = txn.f:method()
|
|
|
|
local result = ((method == "GET" or method == "HEAD") and read_allowed)
|
|
or ((method ~= "GET" and method ~= "HEAD") and write_allowed)
|
|
|
|
return result
|
|
end)
|