[tracker/wip/carlosg/http-endpoint: 9/10] tracker: Add --loopback option to "tracker3 endpoint"

[Carlos Garnacho <carlosg src gnome org>]

commit 5a9e8d2ed3d81ac59976b4fdb2d2dde2c393865d
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Dec 12 19:44:37 2020 +0100

    tracker: Add --loopback option to "tracker3 endpoint"
    
    This combines with --http-port and HTTP endpoints. Allows running the
    endpoint in a way that only connections via the loopback device are
    allowed.
    
    This might be useful for testing, without maybe leaking undesired
    details on the outside.

 src/tracker/tracker-endpoint.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
---
diff --git a/src/tracker/tracker-endpoint.c b/src/tracker/tracker-endpoint.c
index d270dd989..2566bfc59 100644
--- a/src/tracker/tracker-endpoint.c
+++ b/src/tracker/tracker-endpoint.c
@@ -43,6 +43,7 @@ static gboolean system_bus = FALSE;
 static gboolean name_owned = FALSE;
 static gboolean list = FALSE;
 static gint http_port = -1;
+static gboolean http_loopback;
 
 static GOptionEntry entries[] = {
        { "database", 'd', 0, G_OPTION_ARG_FILENAME, &database_path,
@@ -65,6 +66,10 @@ static GOptionEntry entries[] = {
          N_("HTTP port"),
          NULL
        },
+       { "loopback", 0, 0, G_OPTION_ARG_NONE, &http_loopback,
+         N_("Whether to only allow HTTP connections in the loopback device"),
+         NULL
+       },
        { "session", 0, 0, G_OPTION_ARG_NONE, &session_bus,
          N_("Use session bus"),
          NULL
@@ -140,6 +145,28 @@ name_lost_cb (GDBusConnection *connection,
        g_main_loop_quit (user_data);
 }
 
+static gboolean
+block_http_handler (TrackerEndpointHttp *endpoint_http,
+                    GSocketAddress      *address,
+                    gpointer             user_data)
+{
+       GInetAddress *inet_address;
+
+       if (!G_IS_INET_SOCKET_ADDRESS (address))
+               return TRUE;
+
+       inet_address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (address));
+
+       if (http_loopback) {
+               if (g_inet_address_get_is_loopback (inet_address))
+                       return FALSE;
+
+               return TRUE;
+       }
+
+       return FALSE;
+}
+
 static gboolean
 run_http_endpoint (TrackerSparqlConnection  *connection,
                    GError                  **error)
@@ -160,6 +187,9 @@ run_http_endpoint (TrackerSparqlConnection  *connection,
                return FALSE;
        }
 
+       g_signal_connect (endpoint, "block-remote-address",
+                         G_CALLBACK (block_http_handler), NULL);
+
        main_loop = g_main_loop_new (NULL, FALSE);
 
        g_print ("%s\n", _("Listening to SPARQL commands. Press Ctrl-C to stop."));