libtransport.git Changeset - 1c4f01269f02

Changeset - 1c4f01269f02

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Jan Kaluza - 9 years ago 2016-01-20 11:19:35
jkaluza@redhat.com

Web interface: use absolute URLs in redirections

1 file changed with 41 insertions and 5 deletions:

spectrum_manager/src/server.cpp

0 comments (0 inline, 0 general)

spectrum_manager/src/server.cpp

➞

Show inline comments

 	if (sessions[session_id]->expire != 0 && sessions[session_id]->expire > now) {
 		return sessions[session_id];
+	}
 	return NULL;
+}
 void Server::authorize(struct mg_connection *conn, struct http_message *hm) {
 	Server::session *session;
 	std::string user = get_http_var(hm, "user");
 	std::string password = get_http_var(hm, "password");
 	std::string host;
 	mg_str *host_hdr = mg_get_http_header(hm, "Host");
 	if (host_hdr) {
 		if (!CONFIG_STRING(m_config, "service.cert").empty()) {
 			host += "https://";
+		}
 		else {
 			host += "http://";
+		}
 		host += std::string(host_hdr->p, host_hdr->len);
+	}
 	if (check_password(user, password) && (session = new_session(user)) != NULL) {
 		std::cout << "User authorized\n";
 		mg_printf(conn, "HTTP/1.1 302 Found\r\n"
 			"Set-Cookie: session=%s; max-age=3600; http-only\r\n"  // Session ID
 			"Set-Cookie: user=%s\r\n"  // Set user, needed by Javascript code
 			"Set-Cookie: admin=%s\r\n"  // Set user, needed by Javascript code
 			"Set-Cookie: original_url=/; max-age=0\r\n"  // Delete original_url
 			"Location: /instances\r\n\r\n",
 			session->session_id, session->user, session->admin ? "1" : "0");
 			"Location: %s/instances\r\n\r\n",
 			session->session_id, session->user, session->admin ? "1" : "0", host.c_str());
 	} else {
 		// Authentication failure, redirect to login.
 		redirect_to(conn, hm, "/login");
+	}
+}
 bool Server::is_authorized(const struct mg_connection *conn, struct http_message *hm) {
 	Server::session *session;
 	char valid_id[33];
 	bool authorized = false;
 	// Always authorize accesses to login page and to authorize URI
 	if ((session = get_session(hm)) != NULL) {
 		generate_session_id(valid_id, session->random, session->user);
 		if (strcmp(valid_id, session->session_id) == 0) {
 			session->expire = time(0) + SESSION_TTL;
 			authorized = true;
+		}
+	}
 	return authorized;
+}
 void Server::redirect_to(struct mg_connection *conn, struct http_message *hm, const char *where) {
 	std::string host;
 	mg_str *host_hdr = mg_get_http_header(hm, "Host");
 	if (host_hdr) {
 		if (!CONFIG_STRING(m_config, "service.cert").empty()) {
 			host += "https://";
+		}
 		else {
 			host += "http://";
+		}
 		host += std::string(host_hdr->p, host_hdr->len);
+	}
 	mg_printf(conn, "HTTP/1.1 302 Found\r\n"
 		"Set-Cookie: original_url=/\r\n"
 		"Location: %s\r\n\r\n", where);
+		"Location: %s%s\r\n\r\n", host.c_str(), where);
+}
 void Server::print_html(struct mg_connection *conn, struct http_message *hm, const std::string &html) {
 	mg_printf(conn,
 			"HTTP/1.1 200 OK\r\n"
 			"Content-Type: text/html\r\n"
 			"Content-Length: %d\r\n"        // Always set Content-Length
 			"\r\n"
 			"%s%s%s",
 			(int) html.size() + m_header.size() + m_footer.size(), m_header.c_str(), html.c_str(), m_footer.c_str());
+}
+	}
 	std::string response = get_response();
 	html += "<pre>" + response + "</pre>";
 	html += "<a href=\"/\">Back to main page</a>";
 	html += "</body></html>";
 	print_html(conn, hm, html);
+}
 void Server::serve_logout(struct mg_connection *conn, struct http_message *hm) {
 	std::string host;
 	mg_str *host_hdr = mg_get_http_header(hm, "Host");
 	if (host_hdr) {
 		if (!CONFIG_STRING(m_config, "service.cert").empty()) {
 			host += "https://";
+		}
 		else {
 			host += "http://";
+		}
 		host += std::string(host_hdr->p, host_hdr->len);
+	}
 	Server:session *session = get_session(hm);
 	mg_printf(conn, "HTTP/1.1 302 Found\r\n"
 		"Set-Cookie: session=%s; max-age=0\r\n"
 		"Set-Cookie: admin=%s; max-age=0\r\n"
 		"Location: /\r\n\r\n",
 		session->session_id, session->admin ? "1" : "0");
 		"Location: %s/\r\n\r\n",
 		session->session_id, session->admin ? "1" : "0", host.c_str());
 	sessions.erase(session->session_id);
 	delete session;
+}
 void Server::serve_users_add(struct mg_connection *conn, struct http_message *hm) {
 	std::string user = get_http_var(hm, "user");
 	std::string password = get_http_var(hm, "password");
 	if (!user.empty() && !password.empty()) {
 		if (m_storage) {
 			UserInfo dummy;

0 comments (0 inline, 0 general)