Archives/falk-werner_webfuse
1
0
Fork 0
mirror of https://github.com/falk-werner/webfuse synced 2024-10-27 20:34:10 +00:00
Code Issues Releases Wiki Activity

delay authentication if header is not provided

Browse Source
This commit is contained in:
Falk Werner 2023-01-22 14:38:10 +01:00
parent d7c84ad085
commit 9423d75021
2 changed files with 45 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/webfuse/ws/server_handler.cpp
View File

@ -1,8 +1,11 @@
#include "webfuse/ws/server_handler.hpp" #include "webfuse/ws/server_handler.hpp"
#include "webfuse/util/authenticator.hpp" #include "webfuse/util/authenticator.hpp"
#include <exception>
#include <stdexcept>
#include <iostream> #include <iostream>
namespace namespace
{ {
std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header) std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header)
@ -48,6 +51,7 @@ namespace webfuse
server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr) server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr)
: connection(nullptr) : connection(nullptr)
, id(0) , id(0)
, is_authenticated(false)
, authenticator(auth_app) , authenticator(auth_app)
, auth_header(auth_hdr) , auth_header(auth_hdr)
{ {
@ -146,6 +150,7 @@ void server_handler::on_closed(lws * wsi)
if (wsi == connection) if (wsi == connection)
{ {
connection = nullptr; connection = nullptr;
is_authenticated = false;
} }
} }
@ -169,17 +174,28 @@ void server_handler::poll()
std::future<messagereader> server_handler::perform(messagewriter writer) std::future<messagereader> server_handler::perform(messagewriter writer)
{ {
std::future<messagereader> result; std::promise<messagereader> p;
std::future<messagereader> result = p.get_future();
if (is_authenticated)
{ {
std::promise<messagereader> p;
result = p.get_future();
std::lock_guard<std::mutex> lock(mut); std::lock_guard<std::mutex> lock(mut);
uint32_t id = next_id(); uint32_t id = next_id();
writer.set_id(id); writer.set_id(id);
requests.emplace(std::move(writer)); requests.emplace(std::move(writer));
pending_responses.emplace(id, std::move(p)); pending_responses.emplace(id, std::move(p));
} }
else
{
try
{
throw std::runtime_error("unauthenticated");
}
catch(std::exception const &ex)
{
p.set_exception(std::current_exception());
}
}
return result; return result;
@ -188,21 +204,32 @@ std::future<messagereader> server_handler::perform(messagewriter writer)
int server_handler::authenticate_via_header(lws * wsi) int server_handler::authenticate_via_header(lws * wsi)
{ {
int result = 0; // authentication is disabled
if ((!authenticator.empty()) && (!auth_header.empty())) if (authenticator.empty())
{ {
std::string token = get_auth_token(wsi); is_authenticated = true;
if (!token.empty()) return 0;
{
webfuse::authenticator auth(authenticator);
result = auth.authenticate(token) ? 0 : -1;
}
else
{
result = -1;
}
} }
// authentication is enabled, but not via HTTP header
if (auth_header.empty())
{
is_authenticated = false;
return 0;
}
// delay authentication if HTTP header is not provided
std::string token = get_auth_token(wsi);
if (token.empty())
{
is_authenticated = false;
return 0;
}
// close connection, when authentication fails
webfuse::authenticator auth(authenticator);
int const result = auth.authenticate(token) ? 0 : -1;
is_authenticated = (result == 0);
return result; return result;
} }

2
src/webfuse/ws/server_handler.hpp
View File

@ -11,6 +11,7 @@
#include <unordered_map> #include <unordered_map>
#include <mutex> #include <mutex>
#include <future> #include <future>
#include <atomic>
namespace webfuse namespace webfuse
{ {
@ -38,6 +39,7 @@ private:
struct lws * connection; struct lws * connection;
uint32_t id; uint32_t id;
std::atomic<bool> is_authenticated;
std::string authenticator; std::string authenticator;
std::string auth_header; std::string auth_header;