mirror of
https://github.com/falk-werner/webfuse
synced 2024-10-27 20:34:10 +00:00
delay authentication if header is not provided
This commit is contained in:
parent
d7c84ad085
commit
9423d75021
@ -1,8 +1,11 @@
|
|||||||
#include "webfuse/ws/server_handler.hpp"
|
#include "webfuse/ws/server_handler.hpp"
|
||||||
#include "webfuse/util/authenticator.hpp"
|
#include "webfuse/util/authenticator.hpp"
|
||||||
|
|
||||||
|
#include <exception>
|
||||||
|
#include <stdexcept>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
||||||
|
|
||||||
namespace
|
namespace
|
||||||
{
|
{
|
||||||
std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header)
|
std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header)
|
||||||
@ -48,6 +51,7 @@ namespace webfuse
|
|||||||
server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr)
|
server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr)
|
||||||
: connection(nullptr)
|
: connection(nullptr)
|
||||||
, id(0)
|
, id(0)
|
||||||
|
, is_authenticated(false)
|
||||||
, authenticator(auth_app)
|
, authenticator(auth_app)
|
||||||
, auth_header(auth_hdr)
|
, auth_header(auth_hdr)
|
||||||
{
|
{
|
||||||
@ -146,6 +150,7 @@ void server_handler::on_closed(lws * wsi)
|
|||||||
if (wsi == connection)
|
if (wsi == connection)
|
||||||
{
|
{
|
||||||
connection = nullptr;
|
connection = nullptr;
|
||||||
|
is_authenticated = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -169,17 +174,28 @@ void server_handler::poll()
|
|||||||
|
|
||||||
std::future<messagereader> server_handler::perform(messagewriter writer)
|
std::future<messagereader> server_handler::perform(messagewriter writer)
|
||||||
{
|
{
|
||||||
std::future<messagereader> result;
|
|
||||||
{
|
|
||||||
std::promise<messagereader> p;
|
std::promise<messagereader> p;
|
||||||
result = p.get_future();
|
std::future<messagereader> result = p.get_future();
|
||||||
|
if (is_authenticated)
|
||||||
|
{
|
||||||
std::lock_guard<std::mutex> lock(mut);
|
std::lock_guard<std::mutex> lock(mut);
|
||||||
uint32_t id = next_id();
|
uint32_t id = next_id();
|
||||||
writer.set_id(id);
|
writer.set_id(id);
|
||||||
requests.emplace(std::move(writer));
|
requests.emplace(std::move(writer));
|
||||||
pending_responses.emplace(id, std::move(p));
|
pending_responses.emplace(id, std::move(p));
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
throw std::runtime_error("unauthenticated");
|
||||||
|
}
|
||||||
|
catch(std::exception const &ex)
|
||||||
|
{
|
||||||
|
p.set_exception(std::current_exception());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
|
|
||||||
@ -188,21 +204,32 @@ std::future<messagereader> server_handler::perform(messagewriter writer)
|
|||||||
|
|
||||||
int server_handler::authenticate_via_header(lws * wsi)
|
int server_handler::authenticate_via_header(lws * wsi)
|
||||||
{
|
{
|
||||||
int result = 0;
|
// authentication is disabled
|
||||||
if ((!authenticator.empty()) && (!auth_header.empty()))
|
if (authenticator.empty())
|
||||||
{
|
{
|
||||||
std::string token = get_auth_token(wsi);
|
is_authenticated = true;
|
||||||
if (!token.empty())
|
return 0;
|
||||||
{
|
|
||||||
webfuse::authenticator auth(authenticator);
|
|
||||||
result = auth.authenticate(token) ? 0 : -1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
result = -1;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// authentication is enabled, but not via HTTP header
|
||||||
|
if (auth_header.empty())
|
||||||
|
{
|
||||||
|
is_authenticated = false;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// delay authentication if HTTP header is not provided
|
||||||
|
std::string token = get_auth_token(wsi);
|
||||||
|
if (token.empty())
|
||||||
|
{
|
||||||
|
is_authenticated = false;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// close connection, when authentication fails
|
||||||
|
webfuse::authenticator auth(authenticator);
|
||||||
|
int const result = auth.authenticate(token) ? 0 : -1;
|
||||||
|
is_authenticated = (result == 0);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
#include <unordered_map>
|
#include <unordered_map>
|
||||||
#include <mutex>
|
#include <mutex>
|
||||||
#include <future>
|
#include <future>
|
||||||
|
#include <atomic>
|
||||||
|
|
||||||
namespace webfuse
|
namespace webfuse
|
||||||
{
|
{
|
||||||
@ -38,6 +39,7 @@ private:
|
|||||||
struct lws * connection;
|
struct lws * connection;
|
||||||
uint32_t id;
|
uint32_t id;
|
||||||
|
|
||||||
|
std::atomic<bool> is_authenticated;
|
||||||
std::string authenticator;
|
std::string authenticator;
|
||||||
std::string auth_header;
|
std::string auth_header;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user