Changeset - a13c26fb9289
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Jan Kaluza - 10 years ago 2015-12-30 15:40:28
jkaluza@redhat.com
spectrum2_manager: use get_http_var to get post/get variables
2 files changed with 27 insertions and 34 deletions:
spectrum_manager/src/server.cpp
25
32
spectrum_manager/src/server.h
2
2
0 comments (0 inline, 0 general)
spectrum_manager/src/server.cpp
Show inline comments
 
@@ -14,15 +14,27 @@
 

			




	
	
	
		
 
#define SESSION_TTL 120

			




	
	
	
		
 

			




	
	
	
		
 
static struct mg_serve_http_opts s_http_server_opts;

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
static void get_qsvar(const struct http_message *hm,

			




	
	
	
		
 
                      const char *name, char *dst, size_t dst_len) {

			




	
	
	
		
 
	mg_get_http_var(&hm->body, name, dst, dst_len);

			




	
	
	
		
 
static std::string get_http_var(const struct http_message *hm, const char *name) {

			




	
	
	
		
 
	char data[4096];

			




	
	
	
		
 
	data[0] = '\0';

			




	
	
	
		
 

			




	
	
	
		
 
	mg_get_http_var(&hm->body, name, data, sizeof(data));

			




	
	
	
		
 
	if (data[0] != '\0') {

			




	
	
	
		
 
		return data;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	mg_get_http_var(&hm->query_string, name, data, sizeof(data));

			




	
	
	
		
 
	if (data[0] != '\0') {

			




	
	
	
		
 
		return data;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return "";

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
static void my_strlcpy(char *dst, const char *src, size_t len) {

			




	
	
	
		
 
  strncpy(dst, src, len);

			




	
	
	
		
 
  dst[len - 1] = '\0';

			




	
	
	
		
 
}

			




	
	
		
 
@@ -79,21 +91,21 @@ bool Server::start() {

			




	
	
	
		
 
		mg_mgr_poll(&m_mgr, 1000);

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return true;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
bool Server::check_password(const char *user, const char *password) {

			




	
	
	
		
 
bool Server::check_password(const std::string &user, const std::string &password) {

			




	
	
	
		
 
	return (m_user == user && m_password == password);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// Allocate new session object

			




	
	
	
		
 
Server::session *Server::new_session(const char *user) {

			




	
	
	
		
 
Server::session *Server::new_session(const std::string &user) {

			




	
	
	
		
 
	Server::session *session = new Server::session;

			




	
	
	
		
 

			




	
	
	
		
 
	my_strlcpy(session->user, user, sizeof(session->user));

			




	
	
	
		
 
	my_strlcpy(session->user, user.c_str(), sizeof(session->user));

			




	
	
	
		
 
	snprintf(session->random, sizeof(session->random), "%d", rand());

			




	
	
	
		
 
	generate_session_id(session->session_id, session->random, session->user);

			




	
	
	
		
 
	session->expire = time(0) + SESSION_TTL;

			




	
	
	
		
 
	session->admin = std::string(user) == m_user;

			




	
	
	
		
 

			




	
	
	
		
 
	sessions[session->session_id] = session;

			




	
	
		
 
@@ -117,32 +129,18 @@ Server::session *Server::get_session(struct http_message *hm) {

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	return NULL;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::authorize(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	char user[255], password[255];

			




	
	
	
		
 
	Server::session *session;

			




	
	
	
		
 

			




	
	
	
		
 
	// Fetch user name and password.

			




	
	
	
		
 
	get_qsvar(hm, "user", user, sizeof(user));

			




	
	
	
		
 
	get_qsvar(hm, "password", password, sizeof(password));

			




	
	
	
		
 
	std::string user = get_http_var(hm, "user");

			




	
	
	
		
 
	std::string password = get_http_var(hm, "password");

			




	
	
	
		
 

			




	
	
	
		
 
	if (check_password(user, password) && (session = new_session(user)) != NULL) {

			




	
	
	
		
 
		std::cout << "User authorized\n";

			




	
	
	
		
 
		// Authentication success:

			




	
	
	
		
 
		//   1. create new session

			




	
	
	
		
 
		//   2. set session ID token in the cookie

			




	
	
	
		
 
		//   3. remove original_url from the cookie - not needed anymore

			




	
	
	
		
 
		//   4. redirect client back to the original URL

			




	
	
	
		
 
		//

			




	
	
	
		
 
		// The most secure way is to stay HTTPS all the time. However, just to

			




	
	
	
		
 
		// show the technique, we redirect to HTTP after the successful

			




	
	
	
		
 
		// authentication. The danger of doing this is that session cookie can

			




	
	
	
		
 
		// be stolen and an attacker may impersonate the user.

			




	
	
	
		
 
		// Secure application must use HTTPS all the time.

			




	
	
	
		
 
		mg_printf(conn, "HTTP/1.1 302 Found\r\n"

			




	
	
	
		
 
			"Set-Cookie: session=%s; max-age=3600; http-only\r\n"  // Session ID

			




	
	
	
		
 
			"Set-Cookie: user=%s\r\n"  // Set user, needed by Javascript code

			




	
	
	
		
 
			"Set-Cookie: original_url=/; max-age=0\r\n"  // Delete original_url

			




	
	
	
		
 
			"Location: /\r\n\r\n",

			




	
	
	
		
 
			session->session_id, session->user);

			




	
	
		
 
@@ -193,14 +191,13 @@ void Server::print_html(struct mg_connection *conn, struct http_message *hm, con

			




	
	
	
		
 
			"%s%s%s",

			




	
	
	
		
 
			(int) html.size() + m_header.size() + m_footer.size(), m_header.c_str(), html.c_str(), m_footer.c_str());

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_onlineusers(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	char jid[255];

			




	
	
	
		
 
	get_qsvar(hm, "jid", jid, sizeof(jid));

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 

			




	
	
	
		
 
	html += std::string("<h2>") + jid + " online users</h2><table><tr><th>JID<th>Command</th></tr>";

			




	
	
	
		
 

			




	
	
	
		
 
	Swift::SimpleEventLoop eventLoop;

			




	
	
	
		
 
	Swift::BoostNetworkFactories networkFactories(&eventLoop);

			




	
	
	
		
 

			




	
	
		
 
@@ -222,16 +219,14 @@ void Server::serve_onlineusers(struct mg_connection *conn, struct http_message *

			




	
	
	
		
 
	html += "</body></html>";

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_cmd(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	char jid[255];

			




	
	
	
		
 
	get_qsvar(hm, "jid", jid, sizeof(jid));

			




	
	
	
		
 
	char cmd[4096];

			




	
	
	
		
 
	get_qsvar(hm, "cmd", cmd, sizeof(cmd));

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 
	std::string cmd = get_http_var(hm, "cmd");

			




	
	
	
		
 

			




	
	
	
		
 
	html += std::string("<h2>") + jid + " command result</h2>";

			




	
	
	
		
 

			




	
	
	
		
 
	Swift::SimpleEventLoop eventLoop;

			




	
	
	
		
 
	Swift::BoostNetworkFactories networkFactories(&eventLoop);

			




	
	
	
		
 

			




	
	
		
 
@@ -249,25 +244,23 @@ void Server::serve_cmd(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_start(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	char jid[255];

			




	
	
	
		
 
	get_qsvar(hm, "jid", jid, sizeof(jid));

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 

			




	
	
	
		
 
	start_instances(m_config, jid);

			




	
	
	
		
 
	html += "<b>" + get_response() + "</b><br/><a href=\"/\">Back to main page</a>";

			




	
	
	
		
 
	html += "</body></html>";

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
void Server::serve_stop(struct mg_connection *conn, struct http_message *hm) {

			




	
	
	
		
 
	std::string html;

			




	
	
	
		
 
	char jid[255];

			




	
	
	
		
 
	get_qsvar(hm, "jid", jid, sizeof(jid));

			




	
	
	
		
 
	std::string jid = get_http_var(hm, "jid");

			




	
	
	
		
 

			




	
	
	
		
 
	stop_instances(m_config, jid);

			




	
	
	
		
 
	html += "<b>" + get_response() + "</b><br/><a href=\"/\">Back to main page</a>";

			




	
	
	
		
 
	html += "</body></html>";

			




	
	
	
		
 
	print_html(conn, hm, html);

			




	
	
	
		
 
}

			




        

    


    
    

    

        

                

                    spectrum_manager/src/server.h
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -57,14 +57,14 @@ class Server {

			




	
	
	
		
 
		void serve_stop(struct mg_connection *conn, struct http_message *hm);

			




	
	
	
		
 
		void serve_onlineusers(struct mg_connection *conn, struct http_message *hm);

			




	
	
	
		
 
		void serve_cmd(struct mg_connection *conn, struct http_message *hm);

			




	
	
	
		
 
		void print_html(struct mg_connection *conn, struct http_message *hm, const std::string &html);

			




	
	
	
		
 

			




	
	
	
		
 
	private:

			




	
	
	
		
 
		bool check_password(const char *user, const char *password);

			




	
	
	
		
 
		session *new_session(const char *user);

			




	
	
	
		
 
		bool check_password(const std::string &user, const std::string &password);

			




	
	
	
		
 
		session *new_session(const std::string &user);

			




	
	
	
		
 
		session *get_session(struct http_message *hm);

			




	
	
	
		
 

			




	
	
	
		
 
		void authorize(struct mg_connection *conn, struct http_message *hm);

			




	
	
	
		
 

			




	
	
	
		
 
		bool is_authorized(const struct mg_connection *conn, struct http_message *hm);

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: srv01-28608
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support