Merge pull request #95 from bausshf/master

Added host white-list

Author: bausshf

core/webconfig.d

@@ -20,6 +20,8 @@ static if (isWeb)
     string[] staticFileRoutes;
     /// The paths to white-list for file-access/directory-access.
     @optional string[] whiteListPaths;
+    /// A list of hosts that the server accepts.
+    @optional string[] hostWhiteList;
     /// The route that's mapped to the home page.
     string homeRoute;
     /// Boolean determining whether views can be accessed by their file name.

errors/errorhandler.d

@@ -29,34 +29,32 @@ static if (isWeb)
   {
     try
     {
-      response.statusCode = error ? error.code : 500;
-      auto httpStatusExcepton = cast(HTTPStatusException)e;
+      response.statusCode = (error ? error.code : 500);
 
-      if ((!httpStatusExcepton || httpStatusExcepton.status != HTTPStatus.NotFound) &&
-        (response.statusCode != 404 && response.statusCode != 200)
-        )
-      {
-        // log ...
-      }
+      auto httpStatusException = cast(HTTPStatusException)e;
 
-      if (httpStatusExcepton && httpStatusExcepton.status == HTTPStatus.NotFound)
+      if (httpStatusException)
       {
-        response.statusCode = 404;
-
-        foreach (headerKey,headerValue; webConfig.defaultHeaders.notFound)
-        {
-          response.headers[headerKey] = headerValue;
-        }
+        response.statusCode = httpStatusException.status;
 
-        if (webSettings)
-        {
-          webSettings.onNotFound(request,response);
-        }
-        else
+        if (httpStatusException.status == 404)
         {
-          response.bodyWriter.write("Not found ...");
+          foreach (headerKey,headerValue; webConfig.defaultHeaders.notFound)
+          {
+            response.headers[headerKey] = headerValue;
+          }
+
+          if (webSettings)
+          {
+            webSettings.onNotFound(request,response);
+          }
+          else
+          {
+            response.bodyWriter.write("Not found ...");
+          }
+
+          return;
         }
-        return;
       }
 
       foreach (headerKey,headerValue; webConfig.defaultHeaders.error)
@@ -98,7 +96,7 @@ static if (isWeb)
   {
     try
     {
-      response.statusCode = error ? error.code : 500;
+      response.statusCode = (error ? error.code : 500);
 
       if (error && error.code == 404)
       {

http/client.d

@@ -440,10 +440,17 @@ static if (isWeb)
     }
 
     /// Sends an unauthorized error
-    void unauthorized() {
+    void unauthorized()
+    {
       error(HttpStatus.unauthorized);
     }
 
+    /// Sends a forbidden error
+    void forbidden()
+    {
+      error(HttpStatus.forbidden);
+    }
+
     /**
     * Logs the client in.
     * Params:

init/web.d

@@ -181,7 +181,7 @@ static if (isWeb)
       }
     }
   }
-  
+
   /// The static file handlers.
   __gshared HTTPServerRequestDelegateS[string] _staticFiles;
 
@@ -272,6 +272,13 @@ static if (isWeb)
 
     try
     {
+      import std.algorithm : canFind;
+
+      if (webConfig.hostWhiteList && !webConfig.hostWhiteList.canFind(client.host))
+      {
+        client.forbidden();
+      }
+
       if (handleSpecializedRoute(client))
       {
         return;
@@ -299,6 +306,15 @@ static if (isWeb)
         handleHTTPListenInternal(client);
       }
     }
+    catch (HTTPStatusException hse)
+    {
+      auto e = cast(Exception)hse;
+
+      if (e)
+      {
+        handleUserException(e,request,response,null);
+      }
+    }
     catch (Throwable t)
     {
       static if (loggingEnabled)