vh/rest-server
1
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-12-06 17:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Implement an append only mode.

Browse Source
This commit is contained in:
Kenny Keslar
2017-09-02 20:16:21 -05:00
committed by Zlatko Čalušić
parent cff373e8aa
commit 618b530b88
4 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -43,6 +43,7 @@ Usage:
rest-server [flags]
Flags:
--append-only Enable append only mode
--cpuprofile string write CPU profile to file
--debug output debug messages
-h, --help help for rest-server
@@ -88,6 +89,9 @@ keys with the following commands:
% openssl req -new -x509 -key private_key -out public_key -days 365
```
Append only mode allows creation of new backups but prevents deletion and modification of existing backups. This
can be useful when backing up systems that have a potential of being hacked.
Rest Server uses exactly the same directory structure as local backend, so you should be able to access it both locally
and via HTTP, even simultaneously.

1
cmd/rest-server/main.go
View File

@@ -29,6 +29,7 @@ func init() {
flags.StringVar(&restserver.Config.Log, "log", restserver.Config.Log, "log HTTP requests in the combined log format")
flags.StringVar(&restserver.Config.Path, "path", restserver.Config.Path, "data directory")
flags.BoolVar(&restserver.Config.TLS, "tls", restserver.Config.TLS, "turn on TLS support")
flags.BoolVar(&restserver.Config.AppendOnly, "append-only", restserver.Config.AppendOnly, "Enable append only mode")
}
var version = "manually"

11
handlers.go
View File

@@ -194,6 +194,12 @@ func DeleteConfig(w http.ResponseWriter, r *http.Request) {
if Config.Debug {
log.Println("DeleteConfig()")
}
if Config.AppendOnly {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
cfg, err := getPath(r, "config")
if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -372,6 +378,11 @@ func DeleteBlob(w http.ResponseWriter, r *http.Request) {
log.Println("DeleteBlob()")
}
if Config.AppendOnly && pat.Param(r, "type") != "locks" {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
path, err := getFilePath(r, pat.Param(r, "type"), pat.Param(r, "name"))
if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

2
mux.go
View File

@@ -18,9 +18,11 @@ var Config = struct {
Log string
CPUProfile string
Debug bool
AppendOnly bool
}{
Path: "/tmp/restic",
Listen: ":8000",
AppendOnly: false,
}
func debugHandler(next http.Handler) http.Handler {