Add --allow-odoh-post

2025-04-03 04:57:37 +03:00 · 2021-06-06 17:41:48 +02:00 · 2021-06-06 17:41:48 +02:00 · 3bc0d22f69
commit 3bc0d22f69
parent a746e2822a
4 changed files with 15 additions and 4 deletions
--- a/src/config.rs
+++ b/src/config.rs
@ -128,6 +128,12 @@ pub fn parse_opts(globals: &mut Globals) {
                .short("P")
                .long("disable-post")
                .help("Disable POST queries"),
+        )
+        .arg(
+            Arg::with_name("allow_odoh_post")
+                .short("O")
+                .long("allow-odoh-post")
+                .help("Allow POST queries over ODoH even with they have been disabed for DoH"),
        );

    #[cfg(feature = "tls")]
@ -183,6 +189,7 @@ pub fn parse_opts(globals: &mut Globals) {
    globals.err_ttl = matches.value_of("err_ttl").unwrap().parse().unwrap();
    globals.keepalive = !matches.is_present("disable_keepalive");
    globals.disable_post = matches.is_present("disable_post");
+    globals.allow_odoh_post = matches.is_present("allow_odoh_post");

    #[cfg(feature = "tls")]
    {
--- a/src/libdoh/src/globals.rs
+++ b/src/libdoh/src/globals.rs
@ -29,6 +29,7 @@ pub struct Globals {
    pub err_ttl: u32,
    pub keepalive: bool,
    pub disable_post: bool,
+    pub allow_odoh_post: bool,
    pub odoh_configs_path: String,
    pub odoh_rotator: Arc<ODoHRotator>,

--- a/src/libdoh/src/lib.rs
+++ b/src/libdoh/src/lib.rs
@ -122,10 +122,6 @@ impl DoH {
    }

    async fn serve_post(&self, req: Request<Body>) -> Result<Response<Body>, http::Error> {
-        if self.globals.disable_post {
-            return http_error(StatusCode::METHOD_NOT_ALLOWED);
-        }
-
        match Self::parse_content_type(&req) {
            Ok(DoHType::Standard) => self.serve_doh_post(req).await,
            Ok(DoHType::Oblivious) => self.serve_odoh_post(req).await,
@ -178,6 +174,9 @@ impl DoH {
    }

    async fn serve_doh_post(&self, req: Request<Body>) -> Result<Response<Body>, http::Error> {
+        if self.globals.disable_post {
+            return http_error(StatusCode::METHOD_NOT_ALLOWED);
+        }
        let query = match self.read_body(req.into_body()).await {
            Ok(q) => q,
            Err(e) => return http_error(StatusCode::from(e)),
@ -221,6 +220,9 @@ impl DoH {
    }

    async fn serve_odoh_post(&self, req: Request<Body>) -> Result<Response<Body>, http::Error> {
+        if self.globals.disable_post && !self.globals.allow_odoh_post {
+            return http_error(StatusCode::METHOD_NOT_ALLOWED);
+        }
        let encrypted_query = match self.read_body(req.into_body()).await {
            Ok(q) => q,
            Err(e) => return http_error(StatusCode::from(e)),
--- a/src/main.rs
+++ b/src/main.rs
@ -49,6 +49,7 @@ fn main() {
        err_ttl: ERR_TTL,
        keepalive: true,
        disable_post: false,
+        allow_odoh_post: false,
        odoh_configs_path: ODOH_CONFIGS_PATH.to_string(),
        odoh_rotator: Arc::new(rotator),