Update m-lab/access version to use explicit access controller.Paths (#…

…370)

* Update m-lab/access version
* Set explicit access controller paths

go.mod

@@ -7,7 +7,7 @@ require (
  github.com/google/uuid v1.2.0
  github.com/gorilla/handlers v1.5.1
  github.com/gorilla/websocket v1.5.0
- github.com/m-lab/access v0.0.10
+ github.com/m-lab/access v0.0.11
  github.com/m-lab/go v0.1.53
  github.com/m-lab/tcp-info v1.5.3
  github.com/m-lab/uuid v0.0.0-20191115203855-549727171666

go.sum

@@ -186,6 +186,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/m-lab/access v0.0.10 h1:t/lMUJ+nGyDvW9fhT3yDFB+1hQgmuKEX7QMBOqkJBrA=
 github.com/m-lab/access v0.0.10/go.mod h1:gZ7YN3SeMTZYeRv5EFaLdG+XVI/F/X4njM1G1BfwuE4=
+github.com/m-lab/access v0.0.11 h1:i2aoal7zgdzXAA7pGL5mXpM8yybURDJGZLwBMmA4Le8=
+github.com/m-lab/access v0.0.11/go.mod h1:ky+hXvIDE1VgEdWhMRJLjYonRrcvfiEJ1BEZtK6+zFQ=
 github.com/m-lab/go v0.1.53 h1:1PsQSMfzPVs6qjrcf2Q3ZDYgiN/Y762K2fOXWSJcXSQ=
 github.com/m-lab/go v0.1.53/go.mod h1:woT26L9Hf07juZGHe7Z4WveV7MM6NS6vQaaWzRQnab4=
 github.com/m-lab/tcp-info v1.5.3 h1:4IspTPcNc8D8LNRvuFnID8gDiz+hxPAtYvpKZaiGGe8=

ndt-server.go

@@ -173,9 +173,24 @@ func main() {
  if (tokenRequired5 || tokenRequired7) && err != nil {
  rtx.Must(err, "Failed to load verifier for when tokens are required")
  }
+
+ // Enforce tokens and tx controllers on the same ndt5 resource.
+ // NOTE: raw ndt5 requests cannot honor tokens or differentiate between upload/downloads.
+ ndt5Paths := controller.Paths{
+ "/ndt_protocol": true,
+ }
+ // Enforce Tx limits only on downloads.
+ ndt7TxPaths := controller.Paths{
+ spec.DownloadURLPath: true,
+ }
+ // Enforce tokens on uploads and downloads.
+ ndt7TokenPaths := controller.Paths{
+ spec.DownloadURLPath: true,
+ spec.UploadURLPath: true,
+ }
  // NDT5 uses a raw server, which requires tx5. NDT7 is HTTP only.
- ac5, tx5 := controller.Setup(ctx, v, tokenRequired5, tokenMachine)
- ac7, _ := controller.Setup(ctx, v, tokenRequired7, tokenMachine)
+ ac5, tx5 := controller.Setup(ctx, v, tokenRequired5, tokenMachine, ndt5Paths, ndt5Paths)
+ ac7, _ := controller.Setup(ctx, v, tokenRequired7, tokenMachine, ndt7TxPaths, ndt7TokenPaths)
 
  // The ndt5 protocol serving non-HTTP-based tests - forwards to Ws-based
  // server if the first three bytes are "GET".
@@ -189,7 +204,6 @@ func main() {
  ndt5WsMux := http.NewServeMux()
  ndt5WsMux.Handle("/", http.FileServer(http.Dir(*htmlDir)))
  ndt5WsMux.Handle("/ndt_protocol", ndt5handler.NewWS(*dataDir+"/ndt5", serverMetadata))
- controller.AllowPathLabel("/ndt_protocol")
  ndt5WsServer := httpServer(
  *ndt5WsAddr,
  // NOTE: do not use `ac.Then()` to prevent 'double jeopardy' for
@@ -211,8 +225,6 @@ func main() {
  }
  ndt7Mux.Handle(spec.DownloadURLPath, http.HandlerFunc(ndt7Handler.Download))
  ndt7Mux.Handle(spec.UploadURLPath, http.HandlerFunc(ndt7Handler.Upload))
- controller.AllowPathLabel(spec.DownloadURLPath)
- controller.AllowPathLabel(spec.UploadURLPath)
  ndt7ServerCleartext := httpServer(
  *ndt7AddrCleartext,
  ac7.Then(logging.MakeAccessLogHandler(ndt7Mux)),