diff --git a/core/commands/filestore.go b/core/commands/filestore.go index ba5c51123c6..710946ee689 100644 --- a/core/commands/filestore.go +++ b/core/commands/filestore.go @@ -99,7 +99,7 @@ same as for 'ipfs add'. } config, _ := req.InvocContext().GetConfig() serverSide, _, _ := req.Option("server-side").Bool() - if serverSide && !config.Filestore.APIServerSidePaths { + if serverSide && !config.Filestore.APIServerSidePathsEnabled() { res.SetError(errors.New("server side paths not enabled"), cmds.ErrNormal) return } diff --git a/filestore/README-also.md b/filestore/README-also.md new file mode 100644 index 00000000000..8325017097a --- /dev/null +++ b/filestore/README-also.md @@ -0,0 +1,31 @@ +## Server side adds + +**Note: Server side adds are currently disabled in the code due to +security concerns. If you wish to enable this feature you will need +to compile IPFS from source and modify `repo/config/datastore.go`.** + +When adding a file when the daemon is online. The client sends both +the file contents and path to the server, and the server will then +verify that the same content is available via the specified path by +reading the file again on the server side. To avoid this extra +overhead and allow directories to be added when the daemon is +online server side paths can be used. + +To use this feature you must first enable API.ServerSideAdds using: +``` + ipfs config Filestore.APIServerSidePaths --bool true +``` +*This option should be used with care since it will allow anyone with +access to the API Server access to any files that the daemon has +permission to read.* For security reasons it is probably best to only +enable this on a single user system and to make sure the API server is +configured to the default value of only binding to the localhost +(`127.0.0.1`). + +With the `Filestore.APIServerSidePaths` option enabled you can add +files using `filestore add -S`. For example, to add the file +`hello.txt` in the current directory use: +``` + ipfs filestore add -S -P hello.txt +``` + diff --git a/filestore/README.md b/filestore/README.md index c5ea7e4b780..550838b7a1e 100644 --- a/filestore/README.md +++ b/filestore/README.md @@ -88,33 +88,6 @@ The `add-dir` script if fairly simple way to keep a directly in sync. A more sophisticated application could use i-notify or a similar interface to re-add files as they are changed. -## Server side adds - -When adding a file when the daemon is online. The client sends both -the file contents and path to the server, and the server will then -verify that the same content is available via the specified path by -reading the file again on the server side. To avoid this extra -overhead and allow directories to be added when the daemon is -online server side paths can be used. - -To use this feature you must first enable API.ServerSideAdds using: -``` - ipfs config Filestore.APIServerSidePaths --bool true -``` -*This option should be used with care since it will allow anyone with -access to the API Server access to any files that the daemon has -permission to read.* For security reasons it is probably best to only -enable this on a single user system and to make sure the API server is -configured to the default value of only binding to the localhost -(`127.0.0.1`). - -With the `Filestore.APIServerSidePaths` option enabled you can add -files using `filestore add -S`. For example, to add the file -`hello.txt` in the current directory use: -``` - ipfs filestore add -S -P hello.txt -``` - ## Listing and verifying blocks To list the contents of the filestore use the command `filestore ls`, diff --git a/filestore/util/move.go b/filestore/util/move.go index dcce724172e..ef21d1aa8cc 100644 --- a/filestore/util/move.go +++ b/filestore/util/move.go @@ -58,7 +58,7 @@ import ( func ConvertToFile(node *core.IpfsNode, k *cid.Cid, path string) error { config, _ := node.Repo.Config() - if !node.LocalMode() && (config == nil || !config.Filestore.APIServerSidePaths) { + if !node.LocalMode() && (config == nil || !config.Filestore.APIServerSidePathsEnabled()) { return errs.New("Daemon is running and server side paths are not enabled.") } if !filepath.IsAbs(path) { diff --git a/repo/config/datastore.go b/repo/config/datastore.go index 074a2bd5535..32f7a8d3472 100644 --- a/repo/config/datastore.go +++ b/repo/config/datastore.go @@ -43,5 +43,11 @@ func DataStorePath(configroot string) (string, error) { type Filestore struct { Verify string // one of "always", "ifchanged", "never" - APIServerSidePaths bool + // Note: APIServerSidePath Disabled due to security concerns + //APIServerSidePaths bool +} + +func (c *Filestore) APIServerSidePathsEnabled() bool { + //return c.APIServerSidePaths + return false; } diff --git a/test/sharness/lib/test-filestore-lib.sh b/test/sharness/lib/test-filestore-lib.sh index fe9a416c222..0c662be5c2a 100644 --- a/test/sharness/lib/test-filestore-lib.sh +++ b/test/sharness/lib/test-filestore-lib.sh @@ -377,52 +377,52 @@ filestore_test_w_daemon() { test -z "`ipfs filestore ls -q`" ' - test_expect_success "enable Filestore.APIServerSidePaths" ' - ipfs config Filestore.APIServerSidePaths --bool true - ' +# test_expect_success "enable Filestore.APIServerSidePaths" ' +# ipfs config Filestore.APIServerSidePaths --bool true +# ' - test_launch_ipfs_daemon $opt +# test_launch_ipfs_daemon $opt - test_add_cat_file "filestore add -S" "`pwd`" +# test_add_cat_file "filestore add -S" "`pwd`" - test_post_add "filestore add -S" "`pwd`" +# test_post_add "filestore add -S" "`pwd`" - test_add_empty_file "filestore add -S" "`pwd`" +# test_add_empty_file "filestore add -S" "`pwd`" - test_add_cat_5MB "filestore add -S" "`pwd`" +# test_add_cat_5MB "filestore add -S" "`pwd`" - test_add_mulpl_files "filestore add -S" +# test_add_mulpl_files "filestore add -S" - cat < add_expect -added QmQhAyoEzSg5JeAzGDCx63aPekjSGKeQaYs4iRf4y6Qm6w adir -added QmSr7FqYkxYWGoSfy8ZiaMWQ5vosb18DQGCzjwEQnVHkTb `pwd`/adir/file3 -added QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH `pwd`/adir/file1 -added QmZm53sWMaAQ59x56tFox8X9exJFELWC33NLjK6m8H7CpN `pwd`/adir/file2 -EOF +# cat < add_expect +# added QmQhAyoEzSg5JeAzGDCx63aPekjSGKeQaYs4iRf4y6Qm6w adir +# added QmSr7FqYkxYWGoSfy8ZiaMWQ5vosb18DQGCzjwEQnVHkTb `pwd`/adir/file3 +# added QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH `pwd`/adir/file1 +# added QmZm53sWMaAQ59x56tFox8X9exJFELWC33NLjK6m8H7CpN `pwd`/adir/file2 +# EOF - test_expect_success "testing filestore add -S -r" ' - mkdir adir && - echo "Hello Worlds!" > adir/file1 && - echo "HELLO WORLDS!" > adir/file2 && - random 5242880 41 > adir/file3 && - ipfs filestore add -S -r "`pwd`/adir" | LC_ALL=C sort > add_actual && - test_cmp add_expect add_actual && - ipfs cat QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH > cat_actual - test_cmp adir/file1 cat_actual - ' +# test_expect_success "testing filestore add -S -r" ' +# mkdir adir && +# echo "Hello Worlds!" > adir/file1 && +# echo "HELLO WORLDS!" > adir/file2 && +# random 5242880 41 > adir/file3 && +# ipfs filestore add -S -r "`pwd`/adir" | LC_ALL=C sort > add_actual && +# test_cmp add_expect add_actual && +# ipfs cat QmVr26fY1tKyspEJBniVhqxQeEjhF78XerGiqWAwraVLQH > cat_actual +# test_cmp adir/file1 cat_actual +# ' - test_expect_success "filestore mv" ' - HASH=QmQHRQ7EU8mUXLXkvqKWPubZqtxYPbwaqYo6NXSfS9zdCc && - test_must_fail ipfs filestore mv $HASH "mountdir/bigfile-42-also" && - ipfs filestore mv $HASH "`pwd`/mountdir/bigfile-42-also" - ' +# test_expect_success "filestore mv" ' +# HASH=QmQHRQ7EU8mUXLXkvqKWPubZqtxYPbwaqYo6NXSfS9zdCc && +# test_must_fail ipfs filestore mv $HASH "mountdir/bigfile-42-also" && +# ipfs filestore mv $HASH "`pwd`/mountdir/bigfile-42-also" +# ' - filestore_test_exact_paths '-S' +# filestore_test_exact_paths '-S' - test_add_symlinks '-S' +# test_add_symlinks '-S' - test_add_dir_w_symlinks '-S' +# test_add_dir_w_symlinks '-S' - test_kill_ipfs_daemon +# test_kill_ipfs_daemon }