diff --git a/src/audit.go b/src/audit.go index 5b6307f..c96b0dd 100644 --- a/src/audit.go +++ b/src/audit.go @@ -378,17 +378,20 @@ func (audited *auditedBackend) DeleteManifest( return audited.Backend.DeleteManifest(ctx, name, opts) } -func (audited *auditedBackend) FreezeDomain(ctx context.Context, domain string, freeze bool) (err error) { - var event AuditEvent - if freeze { - event = AuditEvent_FreezeDomain - } else { - event = AuditEvent_UnfreezeDomain - } +func (audited *auditedBackend) FreezeDomain(ctx context.Context, domain string) (err error) { audited.appendNewAuditRecord(ctx, &AuditRecord{ - Event: event.Enum(), + Event: AuditEvent_FreezeDomain.Enum(), Domain: proto.String(domain), }) - return audited.Backend.FreezeDomain(ctx, domain, freeze) + return audited.Backend.FreezeDomain(ctx, domain) +} + +func (audited *auditedBackend) UnfreezeDomain(ctx context.Context, domain string) (err error) { + audited.appendNewAuditRecord(ctx, &AuditRecord{ + Event: AuditEvent_UnfreezeDomain.Enum(), + Domain: proto.String(domain), + }) + + return audited.Backend.UnfreezeDomain(ctx, domain) } diff --git a/src/backend.go b/src/backend.go index 280a54f..be8672d 100644 --- a/src/backend.go +++ b/src/backend.go @@ -134,9 +134,12 @@ type Backend interface { // Create a domain. This allows us to start serving content for the domain. CreateDomain(ctx context.Context, domain string) error - // Freeze or thaw a domain. This allows a site to be administratively locked, e.g. if it + // Freeze a domain. This allows a site to be administratively locked, e.g. if it // is discovered serving abusive content. - FreezeDomain(ctx context.Context, domain string, freeze bool) error + FreezeDomain(ctx context.Context, domain string) error + + // Thaw a domain. This removes the previously placed administrative lock (if any). + UnfreezeDomain(ctx context.Context, domain string) error // Append a record to the audit log. AppendAuditLog(ctx context.Context, id AuditID, record *AuditRecord) error diff --git a/src/backend_fs.go b/src/backend_fs.go index 965cacf..a7f886b 100644 --- a/src/backend_fs.go +++ b/src/backend_fs.go @@ -442,16 +442,16 @@ func (fs *FSBackend) CreateDomain(ctx context.Context, domain string) error { return nil // no-op } -func (fs *FSBackend) FreezeDomain(ctx context.Context, domain string, freeze bool) error { - if freeze { - return fs.siteRoot.WriteFile(domainFrozenMarkerName(domain), []byte{}, 0o644) +func (fs *FSBackend) FreezeDomain(ctx context.Context, domain string) error { + return fs.siteRoot.WriteFile(domainFrozenMarkerName(domain), []byte{}, 0o644) +} + +func (fs *FSBackend) UnfreezeDomain(ctx context.Context, domain string) error { + err := fs.siteRoot.Remove(domainFrozenMarkerName(domain)) + if errors.Is(err, os.ErrNotExist) { + return nil } else { - err := fs.siteRoot.Remove(domainFrozenMarkerName(domain)) - if errors.Is(err, os.ErrNotExist) { - return nil - } else { - return err - } + return err } } diff --git a/src/backend_s3.go b/src/backend_s3.go index 129a890..24158ab 100644 --- a/src/backend_s3.go +++ b/src/backend_s3.go @@ -718,23 +718,24 @@ func (s3 *S3Backend) CreateDomain(ctx context.Context, domain string) error { return err } -func (s3 *S3Backend) FreezeDomain(ctx context.Context, domain string, freeze bool) error { - if freeze { - logc.Printf(ctx, "s3: freeze domain %s\n", domain) +func (s3 *S3Backend) FreezeDomain(ctx context.Context, domain string) error { + logc.Printf(ctx, "s3: freeze domain %s\n", domain) - _, err := s3.client.PutObject(ctx, s3.bucket, domainFrozenObjectName(domain), - &bytes.Reader{}, 0, minio.PutObjectOptions{}) - return err + _, err := s3.client.PutObject(ctx, s3.bucket, domainFrozenObjectName(domain), + &bytes.Reader{}, 0, minio.PutObjectOptions{}) + return err + +} + +func (s3 *S3Backend) UnfreezeDomain(ctx context.Context, domain string) error { + logc.Printf(ctx, "s3: unfreeze domain %s\n", domain) + + err := s3.client.RemoveObject(ctx, s3.bucket, domainFrozenObjectName(domain), + minio.RemoveObjectOptions{}) + if errResp := minio.ToErrorResponse(err); errResp.Code == "NoSuchKey" { + return nil } else { - logc.Printf(ctx, "s3: thaw domain %s\n", domain) - - err := s3.client.RemoveObject(ctx, s3.bucket, domainFrozenObjectName(domain), - minio.RemoveObjectOptions{}) - if errResp := minio.ToErrorResponse(err); errResp.Code == "NoSuchKey" { - return nil - } else { - return err - } + return err } } diff --git a/src/main.go b/src/main.go index ca3553a..2ae5472 100644 --- a/src/main.go +++ b/src/main.go @@ -422,12 +422,15 @@ func Main() { freeze = false } - if err = backend.FreezeDomain(ctx, domain, freeze); err != nil { - logc.Fatalln(ctx, err) - } if freeze { + if err = backend.FreezeDomain(ctx, domain); err != nil { + logc.Fatalln(ctx, err) + } logc.Println(ctx, "frozen") } else { + if err = backend.UnfreezeDomain(ctx, domain); err != nil { + logc.Fatalln(ctx, err) + } logc.Println(ctx, "thawed") } diff --git a/src/observe.go b/src/observe.go index c8b0d43..a55bf52 100644 --- a/src/observe.go +++ b/src/observe.go @@ -452,9 +452,16 @@ func (backend *observedBackend) CreateDomain(ctx context.Context, domain string) return } -func (backend *observedBackend) FreezeDomain(ctx context.Context, domain string, freeze bool) (err error) { - span, ctx := ObserveFunction(ctx, "FreezeDomain", "domain.name", domain, "domain.frozen", freeze) - err = backend.inner.FreezeDomain(ctx, domain, freeze) +func (backend *observedBackend) FreezeDomain(ctx context.Context, domain string) (err error) { + span, ctx := ObserveFunction(ctx, "FreezeDomain", "domain.name", domain) + err = backend.inner.FreezeDomain(ctx, domain) + span.Finish() + return +} + +func (backend *observedBackend) UnfreezeDomain(ctx context.Context, domain string) (err error) { + span, ctx := ObserveFunction(ctx, "UnfreezeDomain", "domain.name", domain) + err = backend.inner.UnfreezeDomain(ctx, domain) span.Finish() return }