From 6a355686ff92a776c222311f8855a489eb928f9c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 1 Mar 2014 00:31:17 -0400 Subject: [PATCH] annex.listen can be configured, instead of using --listen --- Assistant.hs | 2 +- Assistant/Threads/WebApp.hs | 30 ++++++++++++++++---------- Command/WebApp.hs | 21 ++++++++++++------ Types/GitConfig.hs | 2 ++ debian/changelog | 1 + doc/git-annex.mdwn | 9 +++++++- doc/tips/remote_webapp_setup.mdwn | 36 ++++++++++++++++++++----------- 7 files changed, 69 insertions(+), 32 deletions(-) diff --git a/Assistant.hs b/Assistant.hs index db6fc850ce..3c79c476cc 100644 --- a/Assistant.hs +++ b/Assistant.hs @@ -124,7 +124,7 @@ startDaemon assistant foreground startdelay cannotrun listenhost startbrowser = notice ["starting", desc, "version", SysConfig.packageversion] urlrenderer <- liftIO newUrlRenderer #ifdef WITH_WEBAPP - let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun listenhost Nothing webappwaiter ] + let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun Nothing listenhost webappwaiter ] #else let webappthread = [] #endif diff --git a/Assistant/Threads/WebApp.hs b/Assistant/Threads/WebApp.hs index 1ba0d43b0f..7b24ccea13 100644 --- a/Assistant/Threads/WebApp.hs +++ b/Assistant/Threads/WebApp.hs @@ -1,6 +1,6 @@ {- git-annex assistant webapp thread - - - Copyright 2012 Joey Hess + - Copyright 2012-2014 Joey Hess - - Licensed under the GNU GPL version 3 or higher. -} @@ -41,6 +41,7 @@ import Utility.WebApp import Utility.Tmp import Utility.FileMode import Git +import qualified Annex import Yesod import Network.Socket (SockAddr, HostName) @@ -56,13 +57,17 @@ webAppThread -> UrlRenderer -> Bool -> Maybe String - -> Maybe HostName -> Maybe (IO Url) + -> Maybe HostName -> Maybe (Url -> FilePath -> IO ()) -> NamedThread -webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun onstartup = thread $ liftIO $ do +webAppThread assistantdata urlrenderer noannex cannotrun postfirstrun listenhost onstartup = thread $ liftIO $ do + listenhost' <- if isJust listenhost + then pure listenhost + else getAnnex $ annexListen <$> Annex.getGitConfig + tlssettings <- getAnnex getTlsSettings #ifdef __ANDROID__ - when (isJust listenhost) $ + when (isJust listenhost') $ -- See Utility.WebApp error "Sorry, --listen is not currently supported on Android" #endif @@ -74,22 +79,20 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun <*> pure postfirstrun <*> pure cannotrun <*> pure noannex - <*> pure listenhost + <*> pure listenhost' setUrlRenderer urlrenderer $ yesodRender webapp (pack "") app <- toWaiAppPlain webapp app' <- ifM debugEnabled ( return $ httpDebugLogger app , return app ) - tlssettings <- runThreadState (threadState assistantdata) getTlsSettings - runWebApp tlssettings listenhost app' $ \addr -> if noannex + runWebApp tlssettings listenhost' app' $ \addr -> if noannex then withTmpFile "webapp.html" $ \tmpfile h -> do hClose h go tlssettings addr webapp tmpfile Nothing else do - let st = threadState assistantdata - htmlshim <- runThreadState st $ fromRepo gitAnnexHtmlShim - urlfile <- runThreadState st $ fromRepo gitAnnexUrlFile + htmlshim <- getAnnex' $ fromRepo gitAnnexHtmlShim + urlfile <- getAnnex' $ fromRepo gitAnnexUrlFile go tlssettings addr webapp htmlshim (Just urlfile) where -- The webapp thread does not wait for the startupSanityCheckThread @@ -100,13 +103,18 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun | noannex = return Nothing | otherwise = Just <$> (relHome =<< absPath - =<< runThreadState (threadState assistantdata) (fromRepo repoPath)) + =<< getAnnex' (fromRepo repoPath)) go tlssettings addr webapp htmlshim urlfile = do let url = myUrl tlssettings webapp addr maybe noop (`writeFileProtected` url) urlfile writeHtmlShim "Starting webapp..." url htmlshim maybe noop (\a -> a url htmlshim) onstartup + getAnnex a + | noannex = pure Nothing + | otherwise = getAnnex' a + getAnnex' = runThreadState (threadState assistantdata) + myUrl :: Maybe TLS.TLSSettings -> WebApp -> SockAddr -> Url myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR [] where diff --git a/Command/WebApp.hs b/Command/WebApp.hs index b252d4d7c3..ee5998c9ad 100644 --- a/Command/WebApp.hs +++ b/Command/WebApp.hs @@ -68,18 +68,24 @@ start' allowauto listenhost = do cannotrun <- needsUpgrade . fromMaybe (error "no version") =<< getVersion browser <- fromRepo webBrowser f <- liftIO . absPath =<< fromRepo gitAnnexHtmlShim + listenhost' <- if isJust listenhost + then pure listenhost + else annexListen <$> Annex.getGitConfig ifM (checkpid <&&> checkshim f) ( if isJust listenhost then error "The assistant is already running, so --listen cannot be used." else do url <- liftIO . readFile =<< fromRepo gitAnnexUrlFile - liftIO $ openBrowser browser f url Nothing Nothing - , startDaemon True True Nothing cannotrun listenhost $ Just $ - \origout origerr url htmlshim -> - if isJust listenhost - then maybe noop (`hPutStrLn` url) origout - else openBrowser browser htmlshim url origout origerr + liftIO $ if isJust listenhost' + then putStrLn url + else liftIO $ openBrowser browser f url Nothing Nothing + , do + startDaemon True True Nothing cannotrun listenhost' $ Just $ + \origout origerr url htmlshim -> + if isJust listenhost' + then maybe noop (`hPutStrLn` url) origout + else openBrowser browser htmlshim url origout origerr ) auto | allowauto = liftIO $ startNoRepo [] @@ -142,8 +148,9 @@ firstRun listenhost = do let callback a = Just $ a v runAssistant d $ do startNamedThread urlrenderer $ - webAppThread d urlrenderer True Nothing listenhost + webAppThread d urlrenderer True Nothing (callback signaler) + listenhost (callback mainthread) waitNamedThreads where diff --git a/Types/GitConfig.hs b/Types/GitConfig.hs index 65984a1084..ddcf6da50e 100644 --- a/Types/GitConfig.hs +++ b/Types/GitConfig.hs @@ -50,6 +50,7 @@ data GitConfig = GitConfig , annexExpireUnused :: Maybe (Maybe Duration) , annexSecureEraseCommand :: Maybe String , annexGenMetaData :: Bool + , annexListen :: Maybe String , coreSymlinks :: Bool , gcryptId :: Maybe String } @@ -83,6 +84,7 @@ extractGitConfig r = GitConfig <$> getmaybe (annex "expireunused") , annexSecureEraseCommand = getmaybe (annex "secure-erase-command") , annexGenMetaData = getbool (annex "genmetadata") False + , annexListen = getmaybe (annex "listen") , coreSymlinks = getbool "core.symlinks" True , gcryptId = getmaybe "core.gcrypt-id" } diff --git a/debian/changelog b/debian/changelog index 6d2e256910..4a38d9eb78 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium * webapp: Now supports HTTPS. * webapp: No longer supports a port specified after --listen, since it was buggy, and that use case is better supported by setting up HTTPS. + * annex.listen can be configured, instead of using --listen * Probe for quvi version at run time. * webapp: Filter out from Switch Repository list any repositories listed in autostart file that don't have a diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index 40e6adb2ab..0e8513dce0 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -308,7 +308,8 @@ subdirectories). it opens a browser window. To use the webapp on a remote computer, use the `--listen=address` - option to specify the address the web server should listen on. + option to specify the address the web server should listen on + (or set annex.listen). This disables running a local web browser, and outputs the url you can use to open the webapp. @@ -1376,6 +1377,12 @@ Here are all the supported configuration settings. Set to false to prevent the git-annex assistant from automatically committing changes to files in the repository. +* `annex.listen` + + Configures which address the webapp listens on. The default is localhost. + Can be either an IP address, or a hostname that resolves to the desired + address. + * `annex.debug` Set to true to enable debug logging by default. diff --git a/doc/tips/remote_webapp_setup.mdwn b/doc/tips/remote_webapp_setup.mdwn index 599841a34e..1b79fd8d57 100644 --- a/doc/tips/remote_webapp_setup.mdwn +++ b/doc/tips/remote_webapp_setup.mdwn @@ -4,7 +4,13 @@ web browser. Sure, no problem! It can even be done securely! -First, you need to generate a private key and a certificate for HTTPS. +Let's start by making the git-annex repository on the remote server. + + git init annex + cd annex + git annex init + +Now, you need to generate a private key and a certificate for HTTPS. These files are stored in `.git/annex/privkey.pem` and `.git/annex/certificate.pem` inside the git repository. Here's one way to generate those files, using a self-signed certificate: @@ -17,22 +23,28 @@ With those files in place, git-annex will automatically only accept HTTPS connections. That's good, since HTTP connections are not secure over the big bad internet. -All that remains is to start the webapp listening on the external interface +All that remains is to make the webapp listen on the external interface of the server. Normally, for security, git-annex only listens on localhost. +Tell it what hostname to listen on: - git annex webapp --listen=host.example.com + git config annex.listen host.example.com (If your hostname doesn't work, its IP address certianly will..) -When you run the webapp like that, it'll print out the URL to use to open -it. You can paste that into your web browser. +When you run the webapp configured like that, it'll print out the +URL to use to open it. You can paste that into your web browser. -Notice that the URL has a big jumble of letters at the end -- this is a secret -token that the webapp uses to verify you're you. So random attackers can't find -your webapp and do bad things with it. + git annex webapp + http://host.example.com:42232/?auth=ea7857ad... -The webapp also writes its url to `.git/annex/url`, so you can use that -file to automate opening the url. For example, you could make your server -start the webapp on boot, and then to open it, run: +Notice that the URL has a big jumble of letters at the end -- this is a +secret token that the webapp uses to verify you're you. So random attackers +can't find your webapp and do bad things with it. - xdg-open "$(ssh host.example.com cat annex/.git/annex/url)" +If you like, you can make the server run `git annex assistant --autostart` +on boot. + +To automate opening the remote server's webapp in your local browser, +just run this: + + firefox "$(ssh host.example.com git annex webapp)"