Rename privateIPHandler to privateAccessHandler, and allow loopba…

…ck address access

cmd/gofs/flag.go

@@ -106,7 +106,7 @@ func parseFlags() {
 	flag.StringVar(&fileServerAddr, "server_addr", server.DefaultAddrHttps, "a file server binding address")
 	flag.BoolVar(&enableFileServerCompress, "server_compress", true, "enable response compression for the file server")
 	flag.BoolVar(&enablePprof, "pprof", false, "enable the pprof route")
-	flag.BoolVar(&pprofPrivate, "pprof_private", true, "allow to access pprof route by private ip only")
+	flag.BoolVar(&pprofPrivate, "pprof_private", true, "allow to access pprof route by private address and loopback address only")
 
 	// tls transfer
 	flag.BoolVar(&enableTLS, "tls", true, fmt.Sprintf("enable the tls connections, if disable it, server_addr is \"%s\" default", server.DefaultAddrHttp))

server/fs/file_server.go

@@ -85,7 +85,7 @@ func StartFileServer(opt server.Option) error {
 	if opt.EnablePprof {
 		debugGroup := rootGroup.Group("/debug")
 		if opt.PprofPrivate {
-			debugGroup.Use(middleware.NewPrivateIPHandler(logger).Handle)
+			debugGroup.Use(middleware.NewPrivateAccessHandler(logger).Handle)
 		}
 		pprof.RouteRegister(debugGroup, "pprof")
 	}

server/middleware/private_ip.go → server/middleware/private_access.go

@@ -8,19 +8,19 @@ import (
 	"net/http"
 )
 
-type privateIPHandler struct {
+type privateAccessHandler struct {
 	logger log.Logger
 }
 
-func NewPrivateIPHandler(logger log.Logger) handler.GinHandler {
-	return &privateIPHandler{
+func NewPrivateAccessHandler(logger log.Logger) handler.GinHandler {
+	return &privateAccessHandler{
 		logger: logger,
 	}
 }
 
-func (h *privateIPHandler) Handle(c *gin.Context) {
+func (h *privateAccessHandler) Handle(c *gin.Context) {
 	ip := net.ParseIP(c.ClientIP())
-	if !ip.IsPrivate() {
+	if !ip.IsPrivate() && !ip.IsLoopback() {
 		h.logger.Warn("access deny, client ip is [%s], path is [%s]", c.ClientIP(), c.FullPath())
 		c.String(http.StatusUnauthorized, "access deny")
 		c.Abort()