mirror of
https://github.com/falk-werner/webfuse
synced 2024-10-27 20:34:10 +00:00
delay authentication if header is not provided
This commit is contained in:
parent
d7c84ad085
commit
9423d75021
@ -1,8 +1,11 @@
|
||||
#include "webfuse/ws/server_handler.hpp"
|
||||
#include "webfuse/util/authenticator.hpp"
|
||||
|
||||
#include <exception>
|
||||
#include <stdexcept>
|
||||
#include <iostream>
|
||||
|
||||
|
||||
namespace
|
||||
{
|
||||
std::string get_auth_token_of_known_header(lws * wsi, lws_token_indexes header)
|
||||
@ -48,6 +51,7 @@ namespace webfuse
|
||||
server_handler::server_handler(std::string const & auth_app, std::string const & auth_hdr)
|
||||
: connection(nullptr)
|
||||
, id(0)
|
||||
, is_authenticated(false)
|
||||
, authenticator(auth_app)
|
||||
, auth_header(auth_hdr)
|
||||
{
|
||||
@ -146,6 +150,7 @@ void server_handler::on_closed(lws * wsi)
|
||||
if (wsi == connection)
|
||||
{
|
||||
connection = nullptr;
|
||||
is_authenticated = false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -169,17 +174,28 @@ void server_handler::poll()
|
||||
|
||||
std::future<messagereader> server_handler::perform(messagewriter writer)
|
||||
{
|
||||
std::future<messagereader> result;
|
||||
{
|
||||
std::promise<messagereader> p;
|
||||
result = p.get_future();
|
||||
|
||||
std::future<messagereader> result = p.get_future();
|
||||
if (is_authenticated)
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(mut);
|
||||
uint32_t id = next_id();
|
||||
writer.set_id(id);
|
||||
requests.emplace(std::move(writer));
|
||||
pending_responses.emplace(id, std::move(p));
|
||||
}
|
||||
else
|
||||
{
|
||||
try
|
||||
{
|
||||
throw std::runtime_error("unauthenticated");
|
||||
}
|
||||
catch(std::exception const &ex)
|
||||
{
|
||||
p.set_exception(std::current_exception());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return result;
|
||||
|
||||
@ -188,21 +204,32 @@ std::future<messagereader> server_handler::perform(messagewriter writer)
|
||||
|
||||
int server_handler::authenticate_via_header(lws * wsi)
|
||||
{
|
||||
int result = 0;
|
||||
if ((!authenticator.empty()) && (!auth_header.empty()))
|
||||
// authentication is disabled
|
||||
if (authenticator.empty())
|
||||
{
|
||||
std::string token = get_auth_token(wsi);
|
||||
if (!token.empty())
|
||||
{
|
||||
webfuse::authenticator auth(authenticator);
|
||||
result = auth.authenticate(token) ? 0 : -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
result = -1;
|
||||
}
|
||||
is_authenticated = true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// authentication is enabled, but not via HTTP header
|
||||
if (auth_header.empty())
|
||||
{
|
||||
is_authenticated = false;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// delay authentication if HTTP header is not provided
|
||||
std::string token = get_auth_token(wsi);
|
||||
if (token.empty())
|
||||
{
|
||||
is_authenticated = false;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// close connection, when authentication fails
|
||||
webfuse::authenticator auth(authenticator);
|
||||
int const result = auth.authenticate(token) ? 0 : -1;
|
||||
is_authenticated = (result == 0);
|
||||
return result;
|
||||
}
|
||||
|
||||
|
@ -11,6 +11,7 @@
|
||||
#include <unordered_map>
|
||||
#include <mutex>
|
||||
#include <future>
|
||||
#include <atomic>
|
||||
|
||||
namespace webfuse
|
||||
{
|
||||
@ -38,6 +39,7 @@ private:
|
||||
struct lws * connection;
|
||||
uint32_t id;
|
||||
|
||||
std::atomic<bool> is_authenticated;
|
||||
std::string authenticator;
|
||||
std::string auth_header;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user