core: restrict rest API to 127.0.0.1

Until there is TLS support for this, frontend and ogserver needs to be in the same box by now.
author: OpenGnSys Support Team <soporte-og@soleta.eu> 2023-11-14 11:11:02 +0100
committer: OpenGnSys Support Team <soporte-og@soleta.eu> 2023-11-14 11:25:42 +0100
commit: 944fef7b04f67ef18c445d4c825a39952f7d8e73 (patch)
tree: 1da7d37025b0be7d98e39c31d6a3102bec9b8f48 /src/core.c
parent: 485bf92216b7f3235f4e57dee5ac586beb60a090 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/core.c b/src/core.c
index 05e3bc1..4855f42 100644
--- a/src/core.c
+++ b/src/core.c
@@ -399,11 +399,17 @@ void og_server_accept_cb(struct ev_loop *loop, struct ev_io *io, int events)
 		og_agent_send_refresh(cli);
 }
 
-int og_socket_server_init(const char *port)
+int og_socket_server_init(const char *addr, const char *port)
 {
 	struct sockaddr_in local;
+	uint32_t s_addr;
 	int sd, on = 1;
 
+	if (!inet_pton(AF_INET, addr, &s_addr)) {
+		syslog(LOG_ERR, "listener address `%s' not valid\n", addr);
+		return -1;
+	}
+
 	sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	if (sd < 0) {
 		syslog(LOG_ERR, "cannot create main socket\n");
@@ -411,7 +417,7 @@ int og_socket_server_init(const char *port)
 	}
 	setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(int));
 
-	local.sin_addr.s_addr = htonl(INADDR_ANY);
+	local.sin_addr.s_addr = s_addr;
 	local.sin_family = AF_INET;
 	local.sin_port = htons(atoi(port));
author	OpenGnSys Support Team <soporte-og@soleta.eu>	2023-11-14 11:11:02 +0100
committer	OpenGnSys Support Team <soporte-og@soleta.eu>	2023-11-14 11:25:42 +0100
commit	944fef7b04f67ef18c445d4c825a39952f7d8e73 (patch)
tree	1da7d37025b0be7d98e39c31d6a3102bec9b8f48 /src/core.c
parent	485bf92216b7f3235f4e57dee5ac586beb60a090 (diff)