Changeset - 1c4f01269f02
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Jan Kaluza - 9 years ago 2016-01-20 11:19:35
jkaluza@redhat.com
Web interface: use absolute URLs in redirections
1 file changed with 41 insertions and 5 deletions:
spectrum_manager/src/server.cpp
41
5
0 comments (0 inline, 0 general)
spectrum_manager/src/server.cpp
Show inline comments
 
@@ -145,245 +145,281 @@ bool Server::check_password(const std::string &user, const std::string &password
 
	}
 

			




	
	
	
		
 
	UserInfo info;

			




	
	
	
		
 
	if (m_storage && m_storage->getUser(user, info) == true && info.password == password) {

			




	
	
	
		
 
		return true;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return false;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// Allocate new session object

			




	
	
	
		
 
Server::session *Server::new_session(const std::string &user) {

			




	
	
	
		
 
	Server::session *session = new Server::session;

			




	
	
	
		
 

			




	
	
	
		
 
	my_strlcpy(session->user, user.c_str(), sizeof(session->user));

			




	
	
	
		
 
	snprintf(session->random, sizeof(session->random), "%d", rand());

			




	
	
	
		
 
	generate_session_id(session->session_id, session->random, session->user);

			




	
	
	
		
 
	session->expire = time(0) + SESSION_TTL;

			




	
	
	
		
 
	session->admin = std::string(user) == m_user;

			




	
	
	
		
 

			




	
	
	
		
 
	sessions[session->session_id] = session;

			




	
	
	
		
 
	return session;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// Get session object for the connection. Caller must hold the lock.

			




	
	
	
		
 
Server::session *Server::get_session(struct http_message *hm) {

			




	
	
	
		
 
	time_t now = time(NULL);

			




	
	
	
		
 
	char session_id[255];

			




	
	
	
		
 
	struct mg_str *hdr = mg_get_http_header(hm, "Cookie");

			




	
	
	
		
 
	int len = mg_http_parse_header(hdr, "session", session_id, sizeof(session_id));

			




	
	
	
		
 
	session_id[len] = 0;

			




	
	
	
		
 

			




	
	
	
		
 
	if (sessions.find(session_id) == sessions.end()) {

			




	
	
	
		
 
		return NULL;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (sessions[session_id]->expire != 0 && sessions[session_id]->expire > now) {

			




	
	
	
		
 
		return sessions[session_id];

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return NULL;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::authorize(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	Server::session *session;

			




	
	
	
		
 
	std::string user = get_http_var(hm, "user");

			




	
	
	
		
 
	std::string password = get_http_var(hm, "password");

			




	
	
	
		
 

			




	
	
	
		
 
	std::string host;

			




	
	
	
		
 
	mg_str *host_hdr = mg_get_http_header(hm, "Host");

			




	
	
	
		
 
	if (host_hdr) {

			




	
	
	
		
 
		if (!CONFIG_STRING(m_config, "service.cert").empty()) {

			




	
	
	
		
 
			host += "https://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		else {

			




	
	
	
		
 
			host += "http://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		host += std::string(host_hdr->p, host_hdr->len);

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (check_password(user, password) && (session = new_session(user)) != NULL) {

			




	
	
	
		
 
		std::cout << "User authorized\n";

			




	
	
	
		
 
		mg_printf(conn, "HTTP/1.1 302 Found\r\n"

			




	
	
	
		
 
			"Set-Cookie: session=%s; max-age=3600; http-only\r\n"  // Session ID

			




	
	
	
		
 
			"Set-Cookie: user=%s\r\n"  // Set user, needed by Javascript code

			




	
	
	
		
 
			"Set-Cookie: admin=%s\r\n"  // Set user, needed by Javascript code

			




	
	
	
		
 
			"Set-Cookie: original_url=/; max-age=0\r\n"  // Delete original_url

			




	
	
	
		
 
			"Location: /instances\r\n\r\n",

			




	
	
	
		
 
			session->session_id, session->user, session->admin ? "1" : "0");

			




	
	
	
		
 
			"Location: %s/instances\r\n\r\n",

			




	
	
	
		
 
			session->session_id, session->user, session->admin ? "1" : "0", host.c_str());

			




	
	
	
		
 
	} else {

			




	
	
	
		
 
		// Authentication failure, redirect to login.

			




	
	
	
		
 
		redirect_to(conn, hm, "/login");

			




	
	
	
		
 
	}

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
bool Server::is_authorized(const struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	Server::session *session;

			




	
	
	
		
 
	char valid_id[33];

			




	
	
	
		
 
	bool authorized = false;

			




	
	
	
		
 

			




	
	
	
		
 
	// Always authorize accesses to login page and to authorize URI

			




	
	
	
		
 
	if (!mg_vcmp(&hm->uri, "/login") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/login/") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/form.css") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/style.css") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/logo.png") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/users") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/users/add") ||

			




	
	
	
		
 
		!mg_vcmp(&hm->uri, "/authorize")) {

			




	
	
	
		
 
		return true;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if ((session = get_session(hm)) != NULL) {

			




	
	
	
		
 
		generate_session_id(valid_id, session->random, session->user);

			




	
	
	
		
 
		if (strcmp(valid_id, session->session_id) == 0) {

			




	
	
	
		
 
			session->expire = time(0) + SESSION_TTL;

			




	
	
	
		
 
			authorized = true;

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return authorized;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::redirect_to(struct mg_connection *conn, struct http_message *hm, const char *where) {

			




	
	
	
		
 
	std::string host;

			




	
	
	
		
 
	mg_str *host_hdr = mg_get_http_header(hm, "Host");

			




	
	
	
		
 
	if (host_hdr) {

			




	
	
	
		
 
		if (!CONFIG_STRING(m_config, "service.cert").empty()) {

			




	
	
	
		
 
			host += "https://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		else {

			




	
	
	
		
 
			host += "http://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		host += std::string(host_hdr->p, host_hdr->len);

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	mg_printf(conn, "HTTP/1.1 302 Found\r\n"

			




	
	
	
		
 
		"Set-Cookie: original_url=/\r\n"

			




	
	
	
		
 
		"Location: %s\r\n\r\n", where);

			




	
	
	
		
 
		"Location: %s%s\r\n\r\n", host.c_str(), where);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::print_html(struct mg_connection *conn, struct http_message *hm, const std::string &html) {

			




	
	
	
		
 
	mg_printf(conn,

			




	
	
	
		
 
			"HTTP/1.1 200 OK\r\n"

			




	
	
	
		
 
			"Content-Type: text/html\r\n"

			




	
	
	
		
 
			"Content-Length: %d\r\n"        // Always set Content-Length

			




	
	
	
		
 
			"\r\n"

			




	
	
	
		
 
			"%s%s%s",

			




	
	
	
		
 
			(int) html.size() + m_header.size() + m_footer.size(), m_header.c_str(), html.c_str(), m_footer.c_str());

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
std::string Server::send_command(const std::string &jid, const std::string &cmd) {

			




	
	
	
		
 
	Swift::SimpleEventLoop eventLoop;

			




	
	
	
		
 
	Swift::BoostNetworkFactories networkFactories(&eventLoop);

			




	
	
	
		
 

			




	
	
	
		
 
	ask_local_server(m_config, networkFactories, jid, cmd);

			




	
	
	
		
 
	struct timeval td_start,td_end;

			




	
	
	
		
 
	float elapsed = 0; 

			




	
	
	
		
 
	gettimeofday(&td_start, NULL);

			




	
	
	
		
 
	gettimeofday(&td_end, NULL);

			




	
	
	
		
 

			




	
	
	
		
 
	time_t started = time(NULL);

			




	
	
	
		
 
	while(get_response().empty() && td_end.tv_sec - td_start.tv_sec < 1) {

			




	
	
	
		
 
		gettimeofday(&td_end, NULL);

			




	
	
	
		
 
		eventLoop.runOnce();

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return get_response();

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_onlineusers(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	Server:session *session = get_session(hm);

			




	
	
	
		
 
	if (!session->admin) {

			




	
	
	
		
 
		redirect_to(conn, hm, "/");

			




	
	
	
		
 
		return;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 

			




	
	
	
		
 
	html += std::string("<h2>") + jid + " online users</h2><table><tr><th>JID<th>Command</th></tr>";

			




	
	
	
		
 

			




	
	
	
		
 
	Swift::SimpleEventLoop eventLoop;

			




	
	
	
		
 
	Swift::BoostNetworkFactories networkFactories(&eventLoop);

			




	
	
	
		
 

			




	
	
	
		
 
	ask_local_server(m_config, networkFactories, jid, "online_users");

			




	
	
	
		
 
	eventLoop.runUntilEvents();

			




	
	
	
		
 
	while(get_response().empty()) {

			




	
	
	
		
 
		eventLoop.runUntilEvents();

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	std::string response = get_response();

			




	
	
	
		
 
	std::vector<std::string> users;

			




	
	
	
		
 
	boost::split(users, response, boost::is_any_of("\n"));

			




	
	
	
		
 

			




	
	
	
		
 
	BOOST_FOREACH(std::string &user, users) {

			




	
	
	
		
 
		html += "<tr><td>" + user + "</td><td></td></tr>";

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	html += "</table><a href=\"/\">Back to main page</a>";

			




	
	
	
		
 
	html += "</body></html>";

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_cmd(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	Server:session *session = get_session(hm);

			




	
	
	
		
 
	if (!session->admin) {

			




	
	
	
		
 
		redirect_to(conn, hm, "/");

			




	
	
	
		
 
		return;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 
	std::string cmd = get_http_var(hm, "cmd");

			




	
	
	
		
 

			




	
	
	
		
 
	html += std::string("<h2>") + jid + " command result</h2>";

			




	
	
	
		
 

			




	
	
	
		
 
	Swift::SimpleEventLoop eventLoop;

			




	
	
	
		
 
	Swift::BoostNetworkFactories networkFactories(&eventLoop);

			




	
	
	
		
 

			




	
	
	
		
 
	ask_local_server(m_config, networkFactories, jid, cmd);

			




	
	
	
		
 
	while(get_response().empty()) {

			




	
	
	
		
 
		eventLoop.runUntilEvents();

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	std::string response = get_response();

			




	
	
	
		
 
	

			




	
	
	
		
 
	html += "<pre>" + response + "</pre>";

			




	
	
	
		
 

			




	
	
	
		
 
	html += "<a href=\"/\">Back to main page</a>";

			




	
	
	
		
 
	html += "</body></html>";

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_logout(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string host;

			




	
	
	
		
 
	mg_str *host_hdr = mg_get_http_header(hm, "Host");

			




	
	
	
		
 
	if (host_hdr) {

			




	
	
	
		
 
		if (!CONFIG_STRING(m_config, "service.cert").empty()) {

			




	
	
	
		
 
			host += "https://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		else {

			




	
	
	
		
 
			host += "http://";

			




	
	
	
		
 
		}

			




	
	
	
		
 
		host += std::string(host_hdr->p, host_hdr->len);

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	Server:session *session = get_session(hm);

			




	
	
	
		
 
	mg_printf(conn, "HTTP/1.1 302 Found\r\n"

			




	
	
	
		
 
		"Set-Cookie: session=%s; max-age=0\r\n"

			




	
	
	
		
 
		"Set-Cookie: admin=%s; max-age=0\r\n"

			




	
	
	
		
 
		"Location: /\r\n\r\n",

			




	
	
	
		
 
		session->session_id, session->admin ? "1" : "0");

			




	
	
	
		
 
		"Location: %s/\r\n\r\n",

			




	
	
	
		
 
		session->session_id, session->admin ? "1" : "0", host.c_str());

			




	
	
	
		
 

			




	
	
	
		
 
	sessions.erase(session->session_id);

			




	
	
	
		
 
	delete session;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_users_add(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string user = get_http_var(hm, "user");

			




	
	
	
		
 
	std::string password = get_http_var(hm, "password");

			




	
	
	
		
 

			




	
	
	
		
 
	if (!user.empty() && !password.empty()) {

			




	
	
	
		
 
		if (m_storage) {

			




	
	
	
		
 
			UserInfo dummy;

			




	
	
	
		
 
			bool registered = m_storage->getUser(user, dummy);

			




	
	
	
		
 
			if (!registered) {

			




	
	
	
		
 
				UserInfo info;

			




	
	
	
		
 
				info.jid = user;

			




	
	
	
		
 
				info.password = password;

			




	
	
	
		
 
				m_storage->setUser(info);

			




	
	
	
		
 
			}

			




	
	
	
		
 
			else {

			




	
	
	
		
 
				redirect_to(conn, hm, "/users?error=This+username+is+already+registered");

			




	
	
	
		
 
				return;

			




	
	
	
		
 
			}

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 
	redirect_to(conn, hm, "/users?ok=1");

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_users_remove(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	Server:session *session = get_session(hm);

			




	
	
	
		
 
	if (!session->admin) {

			




	
	
	
		
 
		redirect_to(conn, hm, "/");

			




	
	
	
		
 
		return;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	if (!m_storage) {

			




	
	
	
		
 
		return;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	std::string user = get_http_var(hm, "user");

			




	
	
	
		
 
	UserInfo info;

			




	
	
	
		
 
	m_storage->getUser(user, info);

			




	
	
	
		
 
	m_storage->removeUser(info.id);

			




	
	
	
		
 
	redirect_to(conn, hm, "/users");

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_users(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string html;

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: srv01-10621
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support