3 changed files with 0 additions and 47 deletions
--- a/flake.nix
+++ b/flake.nix
@ -83,10 +83,6 @@
      rec {
        packages = {
          inherit nix-serve-ng lix-serve-ng;
-          private = pkgs.runCommand "private" { } ''
-            mkdir $out
-            touch $out/.private
-          '';
          default = nix-serve-ng;
        };

--- a/nix-serve-ng.cabal
+++ b/nix-serve-ng.cabal
@ -48,7 +48,6 @@ executable nix-serve
                    , base32
                    , bytestring
                    , charset
-                    , directory
                    , http-types
                    , managed
                    , megaparsec
--- a/src/Main.hs
+++ b/src/Main.hs
@ -6,13 +6,10 @@

 module Main where

-import Debug.Trace
-
 import Control.Monad.IO.Class (liftIO)
 import Data.ByteString (ByteString)
 import Data.CharSet.ByteSet (ByteSet(..))
 import Data.Function ((&))
-import Data.Word (Word8)
 import Network.Socket (SockAddr(..))
 import Network.Wai (Application)
 import Nix (NoSuchPath(..), PathInfo(..))
@ -38,7 +35,6 @@ import qualified Network.Wai.Middleware.RequestLogger as RequestLogger
 import qualified Nix
 import qualified Options
 import qualified Options.Applicative                  as Options
-import qualified System.Directory                     as Directory
 import qualified System.Environment                   as Environment

 data ApplicationOptions = ApplicationOptions
@ -58,20 +54,6 @@ validHashPartBytes =
        <>  [ 0x76 .. 0x7A ]  -- vwxyz
        )

-type HostAddressTuple = (Word8, Word8, Word8, Word8)
-
-isAllowed :: Socket.HostAddress -> Bool
-isAllowed host = any (uncurry (ipMatches $ Socket.hostAddressToTuple host)) allowedIPs
-    where
-        allowedIPs :: [(HostAddressTuple, HostAddressTuple)]
-        allowedIPs = [
-                ((127,0,0,1),    (127,0,0,1)),
-                ((10,0,0,1),     (10,255,255,254)),
-                ((192,168,72,1), (192,168,79,254))
-            ]
-
-        ipMatches ip a b = ip >= a && ip <= b
-
 validHashPart :: ByteString -> Bool
 validHashPart hash = ByteString.all (`ByteSet.member` validHashPartBytes) hash

@ -268,30 +250,6 @@ makeApplication ApplicationOptions{..} request respond = do

                    done response

-                let privateFilePath = ByteString.Char8.unpack storePath ++ "/nix-support/private"
-                isPrivate <- liftIO $ Directory.doesPathExist privateFilePath
-
-                let isLocalNet = case Wai.remoteHost request of
-                                    SockAddrInet _ host -> isAllowed host
-                                    _ -> False
-
-                traceM $ show (Wai.remoteHost request, isLocalNet)
-                traceM $ show (privateFilePath, isPrivate)
-
-                Monad.when (isPrivate && not isLocalNet) do
-                    let headers = [ ("Content-Type", "text/plain") ]
-
-                    let builder = "Forbidden.\n"
-
-                    let response =
-                            Wai.responseBuilder
-                                    Types.status403
-                                    headers
-                                    builder
-
-                    done response
-
-
                let streamingBody write flush = do
                       result <- Nix.dumpPath hashPart callback