Allow relative path.localDir paths when new --root flag is given (#25)

Add new `--root <path>` flag to `netbootd server` command which
defines the path from which mount `path.localDir` values should be
relative if they are not given as absolute paths.

Fixes #24.

Author: nwidger

README.md

@@ -227,6 +227,7 @@ Flags:
   -p, --http-port int         HTTP port to listen on (default 8080)
   -i, --interface string      interface to listen on, e.g. eth0 (DHCP)
   -m, --manifests string      load manifests from directory
+      --root string           if not given as an absolute path, a mount's path.localDir is relative to this directory
 
 Global Flags:
   -d, --debug                    enable debug logging

api/server.go

@@ -26,7 +26,7 @@ type Server struct {
 
 // NewServer set up HTTP API server instance
 // If authorization is passed, requires privileged operation callers to present Authorization header with this content.
-func NewServer(store *store.Store, authorization string) (server *Server, err error) {
+func NewServer(store *store.Store, authorization, rootPath string) (server *Server, err error) {
 	r := mux.NewRouter()
 
 	server = &Server{
@@ -119,13 +119,13 @@ func NewServer(store *store.Store, authorization string) (server *Server, err er
 		buf, _ := ioutil.ReadAll(r.Body)
 		var m manifest.Manifest
 		if r.Header.Get("Content-Type") == "application/json" {
-			err = json.Unmarshal(buf, &m)
+			m, err = manifest.ManifestFromJson(buf, rootPath)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusBadRequest)
 				return
 			}
 		} else {
-			m, err = manifest.ManifestFromYaml(buf)
+			m, err = manifest.ManifestFromYaml(buf, rootPath)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusBadRequest)
 				return

cmd/server.go

@@ -26,6 +26,7 @@ var (
 	apiTlsCert   string
 	apiTlsKey    string
 	manifestPath string
+	rootPath     string
 )
 
 func init() {
@@ -50,6 +51,9 @@ func init() {
 	serverCmd.Flags().StringVarP(&manifestPath, "manifests", "m", "", "load manifests from directory")
 	viper.BindPFlag("manifestPath", serverCmd.Flags().Lookup("manifests"))
 
+	serverCmd.Flags().StringVarP(&rootPath, "root", "", "", "if not given as an absolute path, a mount's path.localDir is relative to this directory")
+	viper.BindPFlag("rootPath", serverCmd.Flags().Lookup("root"))
+
 	rootCmd.AddCommand(serverCmd)
 }
 
@@ -73,7 +77,7 @@ var serverCmd = &cobra.Command{
 		})
 		if viper.GetString("manifestPath") != "" {
 			log.Info().Str("path", viper.GetString("manifestPath")).Msg("Loading manifests")
-			_ = store.LoadFromDirectory(viper.GetString("manifestPath"))
+			_ = store.LoadFromDirectory(viper.GetString("manifestPath"), viper.GetString("rootPath"))
 		}
 		store.GlobalHints.HttpPort = viper.GetInt("http.port")
 		store.GlobalHints.ApiPort = viper.GetInt("api.port")
@@ -86,7 +90,7 @@ var serverCmd = &cobra.Command{
 		go dhcpServer.Serve()
 
 		// TFTP
-		tftpServer, err := tftpd.NewServer(store)
+		tftpServer, err := tftpd.NewServer(store, viper.GetString("rootPath"))
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to create TFTP server")
 		}
@@ -100,7 +104,7 @@ var serverCmd = &cobra.Command{
 		go tftpServer.Serve(connTftp)
 
 		// HTTP service
-		httpServer, err := httpd.NewServer(store)
+		httpServer, err := httpd.NewServer(store, viper.GetString("rootPath"))
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to create HTTP server")
 		}
@@ -115,7 +119,7 @@ var serverCmd = &cobra.Command{
 		log.Info().Interface("addr", connHttp.Addr()).Msg("HTTP listening")
 
 		// HTTP API service
-		apiServer, err := api.NewServer(store, viper.GetString("api.authorization"))
+		apiServer, err := api.NewServer(store, viper.GetString("api.authorization"), viper.GetString("rootPath"))
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to create HTTP API server")
 		}

httpd/handler.go

@@ -11,7 +11,6 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"text/template"
@@ -176,13 +175,9 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		rp.ServeHTTP(w, r)
 		return
 	} else if mount.LocalDir != "" {
-		path := filepath.Join(mount.LocalDir, mount.Path)
+		path := mount.HostPath(h.server.rootPath, r.URL.Path)
 
-		if mount.AppendSuffix {
-			path = filepath.Join(mount.LocalDir, strings.TrimPrefix(r.URL.Path, mount.Path))
-		}
-
-		if !strings.HasPrefix(path, mount.LocalDir) {
+		if !mount.ValidateHostPath(h.server.rootPath, path) {
 			h.server.logger.Error().
 				Err(err).
 				Msgf("Requested path is invalid: %q", path)

httpd/server.go

@@ -14,20 +14,22 @@ type Server struct {
 	httpClient *http.Client
 	httpServer *http.Server
 
-	logger zerolog.Logger
-	store  *store.Store
+	logger   zerolog.Logger
+	store    *store.Store
+	rootPath string
 }
 
-func NewServer(store *store.Store) (server *Server, err error) {
+func NewServer(store *store.Store, rootPath string) (server *Server, err error) {
 
 	server = &Server{
 		httpServer: &http.Server{
 			ReadTimeout:    10 * time.Second,
 			MaxHeaderBytes: 1 << 20,
 			IdleTimeout:    10 * time.Second,
 		},
-		logger: log.With().Str("service", "http").Logger(),
-		store:  store,
+		logger:   log.With().Str("service", "http").Logger(),
+		store:    store,
+		rootPath: rootPath,
 	}
 
 	server.httpServer.Handler = Handler{server: server}

manifest/io.go

@@ -8,33 +8,33 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
-func ManifestFromJson(content []byte) (manifest Manifest, err error) {
+func ManifestFromJson(content []byte, rootPath string) (manifest Manifest, err error) {
 	err = json.Unmarshal(content, &manifest)
 	if err != nil {
 		return manifest, err
 	}
 
-	return manifest, manifest.Validate()
+	return manifest, manifest.Validate(rootPath)
 }
 
 func (m *Manifest) ToJson() ([]byte, error) {
 	return json.MarshalIndent(m, "", "  ")
 }
 
-func ManifestFromYaml(content []byte) (manifest Manifest, err error) {
+func ManifestFromYaml(content []byte, rootPath string) (manifest Manifest, err error) {
 	err = yaml.Unmarshal(content, &manifest)
 	if err != nil {
 		return manifest, err
 	}
 
-	return manifest, manifest.Validate()
+	return manifest, manifest.Validate(rootPath)
 }
 
-func (m Manifest) Validate() error {
+func (m Manifest) Validate(rootPath string) error {
 	for _, mount := range m.Mounts {
 		if mount.LocalDir != "" {
-			if !filepath.IsAbs(mount.LocalDir) {
-				return fmt.Errorf("localDir needs to be absolute path")
+			if !filepath.IsAbs(mount.LocalDir) && rootPath == "" {
+				return fmt.Errorf("localDir needs to be absolute path when rootPath is not set")
 			}
 		}
 	}

manifest/schema.go

@@ -5,6 +5,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"path/filepath"
 	"strings"
 	"time"
 )
@@ -52,9 +53,31 @@ type Mount struct {
 	// Provides a path on the host to find the files.
 	// So that LocalDir: /tftpboot path: /subdir and client requests: /subdir/file.x the path on the host
 	// becomes /tfptboot/file.x
+	// If LocalDir is not absolute, path is relative to rootPath passed into HostPath and ValidateHostPath.
+	// So that RootPath: /tftpboot, LocalDir: ./files, path: /subdir and client request: /subdir/file.x on the host
+	// becomes /tftpboot/files/file.x
 	LocalDir string `yaml:"localDir"`
 }
 
+func (m Mount) hostPathPrefix(rootPath string) string {
+	if filepath.IsAbs(m.LocalDir) {
+		return m.LocalDir
+	}
+	return filepath.Join(rootPath, m.LocalDir)
+}
+
+func (m Mount) HostPath(rootPath, requestPath string) string {
+	path := m.Path
+	if m.AppendSuffix {
+		path = strings.TrimPrefix(requestPath, m.Path)
+	}
+	return filepath.Join(m.hostPathPrefix(rootPath), path)
+}
+
+func (m Mount) ValidateHostPath(rootPath string, hostPath string) bool {
+	return strings.HasPrefix(hostPath, m.hostPathPrefix(rootPath))
+}
+
 func (m Mount) ProxyDirector() (func(req *http.Request), error) {
 	target, err := url.Parse(m.Proxy)
 	if err != nil {

store/store.go

@@ -53,7 +53,7 @@ func NewStore(cfg Config) (*Store, error) {
 	return &store, nil
 }
 
-func (s *Store) LoadFromDirectory(path string) (err error) {
+func (s *Store) LoadFromDirectory(path, rootPath string) (err error) {
 	items, err := os.ReadDir(path)
 	for _, item := range items {
 		if !item.Type().IsRegular() ||
@@ -68,7 +68,7 @@ func (s *Store) LoadFromDirectory(path string) (err error) {
 				Msg("cannot open file")
 			continue
 		}
-		m, err := manifest.ManifestFromYaml(b)
+		m, err := manifest.ManifestFromYaml(b, rootPath)
 		if err != nil {
 			s.logger.Error().
 				Err(err).

tftpd/handler.go

@@ -10,7 +10,6 @@ import (
 	"net/http"
 	"net/url"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"text/template"
@@ -172,13 +171,9 @@ func (server *Server) tftpReadHandler(filename string, rf io.ReaderFrom) error {
 			Int64("sent", n).
 			Msg("transfer finished")
 	} else if mount.LocalDir != "" {
-		path := filepath.Join(mount.LocalDir, mount.Path)
+		path := mount.HostPath(server.rootPath, filename)
 
-		if mount.AppendSuffix {
-			path = filepath.Join(mount.LocalDir, strings.TrimPrefix(filename, mount.Path))
-		}
-
-		if !strings.HasPrefix(path, mount.LocalDir) {
+		if !mount.ValidateHostPath(server.rootPath, path) {
 			err := fmt.Errorf("requested path is invalid")
 			server.logger.Error().
 				Err(err).

tftpd/server.go

@@ -14,16 +14,18 @@ type Server struct {
 	httpClient *http.Client
 	tftpServer *tftp.Server
 
-	logger zerolog.Logger
-	store  *store.Store
+	logger   zerolog.Logger
+	store    *store.Store
+	rootPath string
 }
 
-func NewServer(store *store.Store) (server *Server, err error) {
+func NewServer(store *store.Store, rootPath string) (server *Server, err error) {
 
 	server = &Server{
 		httpClient: &http.Client{},
 		logger:     log.With().Str("service", "tftp").Logger(),
 		store:      store,
+		rootPath:   rootPath,
 	}
 
 	return server, nil