Allow to configure the list of allowed endpoints

public-transport · Feb 20, 2024 · e4d075f · e4d075f
1 parent ad2437d
commit e4d075f
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/motis-proxy/Rocket.toml b/motis-proxy/Rocket.toml
@@ -5,6 +5,13 @@
 [debug]
 log_level = "debug"
 
+[release.proxy]
+proxy_assets = false
+allowed_endpoints = [ "/intermodal","/guesser", "/address",
+                      "/railviz/get_trains", "/railviz/get_trips", "/railviz/get_station",
+                      "/lookup/schedule_info", "/gbfs/info",  "/ppr/route", "/trip_to_connection" ]
+
+
 [debug.proxy]
 proxy_assets = true
 motis_address = "https://europe.motis-project.de"
diff --git a/motis-proxy/src/main.rs b/motis-proxy/src/main.rs
@@ -34,6 +34,9 @@ fn default_motis_address() -> String {
 fn default_proxy_assets() -> bool {
     false
 }
+fn default_allowed_endpoints() -> Option<Vec<Endpoint>> {
+    None
+}
 
 #[derive(Deserialize, DefaultFromSerde)]
 struct Config {
@@ -47,11 +50,16 @@ struct Config {
     /// Proxy endpoints other than `/`. This should only ever be used for debugging.
     /// It is slow and incomplete.
     #[serde(default = "default_proxy_assets" )]
-    proxy_assets: bool
+    proxy_assets: bool,
+
+    /// List of endpoints (by path) that should be allowed through the proxy.
+    /// If this option is not set, all known endpoints will be allowed.
+    #[serde(default = "default_allowed_endpoints")]
+    allowed_endpoints: Option<Vec<Endpoint>>
 }
 
-#[derive(Deserialize, Serialize)]
-enum AllowedEndpoints {
+#[derive(Deserialize, Serialize, PartialEq, Eq)]
+enum Endpoint {
     #[serde(rename = "/intermodal")]
     Intermodal,
     #[serde(rename = "/guesser")]
@@ -77,7 +85,7 @@ enum AllowedEndpoints {
 #[derive(Deserialize, Serialize)]
 #[serde(tag = "type")]
 enum RequestDestination {
-    Module { target: AllowedEndpoints },
+    Module { target: Endpoint },
 }
 
 #[derive(Deserialize, Serialize)]
@@ -313,6 +321,17 @@ async fn proxy_api(
 ) -> ResultResponse<Custom<Json<serde_json::Value>>> {
     let request = request.into_inner();
 
+    // Check if the requested endpoint is allowed
+    match &request.destination {
+        RequestDestination::Module { target } => {
+            if let Some(allowed_endpoints) = &config.allowed_endpoints {
+                if !allowed_endpoints.contains(&target) {
+                    return Err(Custom(Status::UnprocessableEntity, ()))
+                }
+            }
+        }
+    }
+
     trace!("MOTIS Request <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<");
     trace!("{}", serde_json::to_string_pretty(&request).unwrap());