[tracker/wip/carlosg/http-endpoint: 10/12] libtracker-sparql: Add signal to control access to HTTP endpoint

[Carlos Garnacho <carlosg src gnome org>]

commit 31653cd4f700a40e3bb91ad2331d8972ed3e3786
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Dec 12 19:17:07 2020 +0100

    libtracker-sparql: Add signal to control access to HTTP endpoint
    
    This signal is meant for simple access control, and receives the GSocketAddress
    corresponding to the remote connection. Users may connect a signal handler
    to block the connection based on that data (e.g. allowing different scopes,
    loopback connections, local networks, ...).

 src/libtracker-sparql/tracker-endpoint-http.c | 37 +++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
---
diff --git a/src/libtracker-sparql/tracker-endpoint-http.c b/src/libtracker-sparql/tracker-endpoint-http.c
index c2b643c3a..de231ca59 100644
--- a/src/libtracker-sparql/tracker-endpoint-http.c
+++ b/src/libtracker-sparql/tracker-endpoint-http.c
@@ -47,6 +47,11 @@ typedef struct {
        TrackerSerializerFormat format;
 } Request;
 
+enum {
+       BLOCK_REMOTE_ADDRESS,
+       N_SIGNALS
+};
+
 enum {
        PROP_0,
        PROP_HTTP_PORT,
@@ -58,6 +63,7 @@ enum {
 #define JSON_TYPE "application/sparql-results+json"
 
 static GParamSpec *props[N_PROPS];
+static guint signals[N_SIGNALS];
 
 static void tracker_endpoint_http_initable_iface_init (GInitableIface *iface);
 
@@ -198,9 +204,22 @@ server_callback (SoupServer        *server,
        TrackerEndpoint *endpoint = user_data;
        TrackerSparqlConnection *conn;
        TrackerSerializerFormat format;
+       GSocketAddress *remote_address;
+       gboolean block = FALSE;
        const gchar *sparql;
        Request *request;
 
+       remote_address = soup_client_context_get_remote_address (client);
+       if (remote_address) {
+               g_signal_emit (endpoint, signals[BLOCK_REMOTE_ADDRESS], 0,
+                              remote_address, &block);
+       }
+
+       if (block) {
+               soup_message_set_status_full (message, 500, "Remote address disallowed");
+               return;
+       }
+
        sparql = g_hash_table_lookup (query, "query");
        if (!sparql) {
                soup_message_set_status_full (message, 500, "No query given");
@@ -321,6 +340,24 @@ tracker_endpoint_http_class_init (TrackerEndpointHttpClass *klass)
        object_class->set_property = tracker_endpoint_http_set_property;
        object_class->get_property = tracker_endpoint_http_get_property;
 
+       /**
+        * TrackerEndpointHttp::block-remote-address:
+        * @self: The #TrackerNotifier
+        * @address: The socket address of the remote connection
+        *
+        * Allows control over the connections stablished. The given
+        * address is that of the requesting peer.
+        *
+        * Returning %FALSE in this handler allows the connection,
+        * returning %TRUE blocks it. The default with no signal
+        * handlers connected is %FALSE.
+        */
+       signals[BLOCK_REMOTE_ADDRESS] =
+               g_signal_new ("block-remote-address",
+                             TRACKER_TYPE_ENDPOINT_HTTP, 0, 0,
+                             g_signal_accumulator_first_wins, NULL, NULL,
+                             G_TYPE_BOOLEAN, 1, G_TYPE_SOCKET_ADDRESS);
+
        props[PROP_HTTP_PORT] =
                g_param_spec_uint ("http-port",
                                   "HTTP Port",