1
0
mirror of https://github.com/falk-werner/webfuse synced 2024-10-27 20:34:10 +00:00

delay authentication if header is not provided

This commit is contained in:
Falk Werner 2023-01-22 14:38:10 +01:00
parent d7c84ad085
commit 9423d75021
2 changed files with 45 additions and 16 deletions

View File

@ -1,8 +1,11 @@
#include "webfuse/ws/server_handler.hpp"
#include "webfuse/util/authenticator.hpp"
#include <exception>
#include <stdexcept>
#include <iostream>
namespace
{
std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header)
@ -48,6 +51,7 @@ namespace webfuse
server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr)
: connection(nullptr)
, id(0)
, is_authenticated(false)
, authenticator(auth_app)
, auth_header(auth_hdr)
{
@ -146,6 +150,7 @@ void server_handler::on_closed(lws * wsi)
if (wsi == connection)
{
connection = nullptr;
is_authenticated = false;
}
}
@ -169,17 +174,28 @@ void server_handler::poll()
std::future<messagereader> server_handler::perform(messagewriter writer)
{
std::future<messagereader> result;
{
std::promise<messagereader> p;
result = p.get_future();
std::future<messagereader> result = p.get_future();
if (is_authenticated)
{
std::lock_guard<std::mutex> lock(mut);
uint32_t id = next_id();
writer.set_id(id);
requests.emplace(std::move(writer));
pending_responses.emplace(id, std::move(p));
}
else
{
try
{
throw std::runtime_error("unauthenticated");
}
catch(std::exception const &ex)
{
p.set_exception(std::current_exception());
}
}
return result;
@ -188,21 +204,32 @@ std::future<messagereader> server_handler::perform(messagewriter writer)
int server_handler::authenticate_via_header(lws * wsi)
{
int result = 0;
if ((!authenticator.empty()) && (!auth_header.empty()))
// authentication is disabled
if (authenticator.empty())
{
std::string token = get_auth_token(wsi);
if (!token.empty())
{
webfuse::authenticator auth(authenticator);
result = auth.authenticate(token) ? 0 : -1;
}
else
{
result = -1;
}
is_authenticated = true;
return 0;
}
// authentication is enabled, but not via HTTP header
if (auth_header.empty())
{
is_authenticated = false;
return 0;
}
// delay authentication if HTTP header is not provided
std::string token = get_auth_token(wsi);
if (token.empty())
{
is_authenticated = false;
return 0;
}
// close connection, when authentication fails
webfuse::authenticator auth(authenticator);
int const result = auth.authenticate(token) ? 0 : -1;
is_authenticated = (result == 0);
return result;
}

View File

@ -11,6 +11,7 @@
#include <unordered_map>
#include <mutex>
#include <future>
#include <atomic>
namespace webfuse
{
@ -38,6 +39,7 @@ private:
struct lws * connection;
uint32_t id;
std::atomic<bool> is_authenticated;
std::string authenticator;
std::string auth_header;