Mercurial > hg > orthanc
annotate Core/HttpServer/MongooseServer.cpp @ 795:d466b3606aca
refactoring
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 06 May 2014 11:01:30 +0200 |
parents | b8c49473be38 |
children | 8ce2f69436ca |
rev | line source |
---|---|
0 | 1 /** |
59 | 2 * Orthanc - A Lightweight, RESTful DICOM Store |
689 | 3 * Copyright (C) 2012-2014 Medical Physics Department, CHU of Liege, |
0 | 4 * Belgium |
5 * | |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU General Public License as | |
8 * published by the Free Software Foundation, either version 3 of the | |
9 * License, or (at your option) any later version. | |
136 | 10 * |
11 * In addition, as a special exception, the copyright holders of this | |
12 * program give permission to link the code of its release with the | |
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it | |
14 * that use the same license as the "OpenSSL" library), and distribute | |
15 * the linked executables. You must obey the GNU General Public License | |
16 * in all respects for all of the code used other than "OpenSSL". If you | |
17 * modify file(s) with this exception, you may extend this exception to | |
18 * your version of the file(s), but you are not obligated to do so. If | |
19 * you do not wish to do so, delete this exception statement from your | |
20 * version. If you delete this exception statement from all source files | |
21 * in the program, then also delete it here. | |
0 | 22 * |
23 * This program is distributed in the hope that it will be useful, but | |
24 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
26 * General Public License for more details. | |
27 * | |
28 * You should have received a copy of the GNU General Public License | |
29 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
30 **/ | |
31 | |
32 | |
33 // http://en.highscore.de/cpp/boost/stringhandling.html | |
34 | |
35 #include "MongooseServer.h" | |
36 | |
37 #include <algorithm> | |
38 #include <string.h> | |
39 #include <boost/lexical_cast.hpp> | |
40 #include <boost/algorithm/string.hpp> | |
41 #include <iostream> | |
42 #include <string.h> | |
43 #include <stdio.h> | |
44 #include <boost/thread.hpp> | |
108 | 45 #include <glog/logging.h> |
0 | 46 |
59 | 47 #include "../OrthancException.h" |
0 | 48 #include "../ChunkedBuffer.h" |
324 | 49 #include "HttpOutput.h" |
0 | 50 #include "mongoose.h" |
51 | |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
52 #if ORTHANC_SSL_ENABLED == 1 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
53 #include <openssl/opensslv.h> |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
54 #endif |
0 | 55 |
59 | 56 #define ORTHANC_REALM "Orthanc Secure Area" |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
57 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
58 static const long LOCALHOST = (127ll << 24) + 1ll; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
59 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
60 |
59 | 61 namespace Orthanc |
0 | 62 { |
63 static const char multipart[] = "multipart/form-data; boundary="; | |
64 static unsigned int multipartLength = sizeof(multipart) / sizeof(char) - 1; | |
65 | |
66 | |
67 namespace | |
68 { | |
69 // Anonymous namespace to avoid clashes between compilation modules | |
70 class MongooseOutput : public HttpOutput | |
71 { | |
72 private: | |
73 struct mg_connection* connection_; | |
74 | |
75 public: | |
76 MongooseOutput(struct mg_connection* connection) : connection_(connection) | |
77 { | |
78 } | |
79 | |
80 virtual void Send(const void* buffer, size_t length) | |
81 { | |
217 | 82 if (length > 0) |
83 { | |
84 mg_write(connection_, buffer, length); | |
85 } | |
0 | 86 } |
87 }; | |
88 | |
89 | |
90 enum PostDataStatus | |
91 { | |
92 PostDataStatus_Success, | |
93 PostDataStatus_NoLength, | |
94 PostDataStatus_Pending, | |
95 PostDataStatus_Failure | |
96 }; | |
97 } | |
98 | |
99 | |
100 // TODO Move this to external file | |
101 | |
102 | |
103 class ChunkedFile : public ChunkedBuffer | |
104 { | |
105 private: | |
106 std::string filename_; | |
107 | |
108 public: | |
109 ChunkedFile(const std::string& filename) : | |
110 filename_(filename) | |
111 { | |
112 } | |
113 | |
114 const std::string& GetFilename() const | |
115 { | |
116 return filename_; | |
117 } | |
118 }; | |
119 | |
120 | |
121 | |
122 class ChunkStore | |
123 { | |
124 private: | |
125 typedef std::list<ChunkedFile*> Content; | |
126 Content content_; | |
127 unsigned int numPlaces_; | |
128 | |
129 boost::mutex mutex_; | |
130 std::set<std::string> discardedFiles_; | |
131 | |
132 void Clear() | |
133 { | |
134 for (Content::iterator it = content_.begin(); | |
656 | 135 it != content_.end(); ++it) |
0 | 136 { |
137 delete *it; | |
138 } | |
139 } | |
140 | |
141 Content::iterator Find(const std::string& filename) | |
142 { | |
143 for (Content::iterator it = content_.begin(); | |
656 | 144 it != content_.end(); ++it) |
0 | 145 { |
146 if ((*it)->GetFilename() == filename) | |
147 { | |
148 return it; | |
149 } | |
150 } | |
151 | |
152 return content_.end(); | |
153 } | |
154 | |
155 void Remove(const std::string& filename) | |
156 { | |
157 Content::iterator it = Find(filename); | |
158 if (it != content_.end()) | |
159 { | |
160 delete *it; | |
161 content_.erase(it); | |
162 } | |
163 } | |
164 | |
165 public: | |
166 ChunkStore() | |
167 { | |
168 numPlaces_ = 10; | |
169 } | |
170 | |
171 ~ChunkStore() | |
172 { | |
173 Clear(); | |
174 } | |
175 | |
176 PostDataStatus Store(std::string& completed, | |
177 const char* chunkData, | |
178 size_t chunkSize, | |
179 const std::string& filename, | |
180 size_t filesize) | |
181 { | |
182 boost::mutex::scoped_lock lock(mutex_); | |
183 | |
184 std::set<std::string>::iterator wasDiscarded = discardedFiles_.find(filename); | |
185 if (wasDiscarded != discardedFiles_.end()) | |
186 { | |
187 discardedFiles_.erase(wasDiscarded); | |
188 return PostDataStatus_Failure; | |
189 } | |
190 | |
191 ChunkedFile* f; | |
192 Content::iterator it = Find(filename); | |
193 if (it == content_.end()) | |
194 { | |
195 f = new ChunkedFile(filename); | |
196 | |
197 // Make some room | |
198 if (content_.size() >= numPlaces_) | |
199 { | |
200 discardedFiles_.insert(content_.front()->GetFilename()); | |
201 delete content_.front(); | |
202 content_.pop_front(); | |
203 } | |
204 | |
205 content_.push_back(f); | |
206 } | |
207 else | |
208 { | |
209 f = *it; | |
210 } | |
211 | |
212 f->AddChunk(chunkData, chunkSize); | |
213 | |
214 if (f->GetNumBytes() > filesize) | |
215 { | |
216 Remove(filename); | |
217 } | |
218 else if (f->GetNumBytes() == filesize) | |
219 { | |
220 f->Flatten(completed); | |
221 Remove(filename); | |
222 return PostDataStatus_Success; | |
223 } | |
224 | |
225 return PostDataStatus_Pending; | |
226 } | |
227 | |
228 /*void Print() | |
229 { | |
230 boost::mutex::scoped_lock lock(mutex_); | |
231 | |
232 printf("ChunkStore status:\n"); | |
233 for (Content::const_iterator i = content_.begin(); | |
234 i != content_.end(); i++) | |
235 { | |
236 printf(" [%s]: %d\n", (*i)->GetFilename().c_str(), (*i)->GetNumBytes()); | |
237 } | |
238 printf("-----\n"); | |
239 }*/ | |
240 }; | |
241 | |
242 | |
243 struct MongooseServer::PImpl | |
244 { | |
245 struct mg_context *context_; | |
246 ChunkStore chunkStore_; | |
247 }; | |
248 | |
249 | |
250 ChunkStore& MongooseServer::GetChunkStore() | |
251 { | |
252 return pimpl_->chunkStore_; | |
253 } | |
254 | |
255 | |
256 | |
257 HttpHandler* MongooseServer::FindHandler(const UriComponents& forUri) const | |
258 { | |
259 for (Handlers::const_iterator it = | |
656 | 260 handlers_.begin(); it != handlers_.end(); ++it) |
0 | 261 { |
262 if ((*it)->IsServedUri(forUri)) | |
263 { | |
264 return *it; | |
265 } | |
266 } | |
267 | |
268 return NULL; | |
269 } | |
270 | |
271 | |
272 | |
273 | |
416 | 274 static PostDataStatus ReadBody(std::string& postData, |
275 struct mg_connection *connection, | |
276 const HttpHandler::Arguments& headers) | |
0 | 277 { |
278 HttpHandler::Arguments::const_iterator cs = headers.find("content-length"); | |
279 if (cs == headers.end()) | |
280 { | |
281 return PostDataStatus_NoLength; | |
282 } | |
283 | |
284 int length; | |
285 try | |
286 { | |
287 length = boost::lexical_cast<int>(cs->second); | |
288 } | |
289 catch (boost::bad_lexical_cast) | |
290 { | |
291 return PostDataStatus_NoLength; | |
292 } | |
293 | |
294 if (length < 0) | |
295 { | |
296 length = 0; | |
297 } | |
298 | |
299 postData.resize(length); | |
300 | |
301 size_t pos = 0; | |
302 while (length > 0) | |
303 { | |
304 int r = mg_read(connection, &postData[pos], length); | |
305 if (r <= 0) | |
306 { | |
307 return PostDataStatus_Failure; | |
308 } | |
418
b79bf2f4ab2e
execution of lua through REST
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
417
diff
changeset
|
309 |
8 | 310 assert(r <= length); |
0 | 311 length -= r; |
312 pos += r; | |
313 } | |
314 | |
315 return PostDataStatus_Success; | |
316 } | |
317 | |
318 | |
319 | |
320 static PostDataStatus ParseMultipartPost(std::string &completedFile, | |
321 struct mg_connection *connection, | |
322 const HttpHandler::Arguments& headers, | |
323 const std::string& contentType, | |
324 ChunkStore& chunkStore) | |
325 { | |
326 std::string boundary = "--" + contentType.substr(multipartLength); | |
327 | |
328 std::string postData; | |
416 | 329 PostDataStatus status = ReadBody(postData, connection, headers); |
0 | 330 |
331 if (status != PostDataStatus_Success) | |
332 { | |
333 return status; | |
334 } | |
335 | |
336 /*for (HttpHandler::Arguments::const_iterator i = headers.begin(); i != headers.end(); i++) | |
337 { | |
338 std::cout << "Header [" << i->first << "] = " << i->second << "\n"; | |
339 } | |
340 printf("CHUNK\n");*/ | |
341 | |
342 typedef HttpHandler::Arguments::const_iterator ArgumentIterator; | |
343 | |
344 ArgumentIterator requestedWith = headers.find("x-requested-with"); | |
345 ArgumentIterator fileName = headers.find("x-file-name"); | |
346 ArgumentIterator fileSizeStr = headers.find("x-file-size"); | |
347 | |
338
3a3b3ba8c1e0
fix for uploads through internet explorer 7
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
333
diff
changeset
|
348 if (requestedWith != headers.end() && |
0 | 349 requestedWith->second != "XMLHttpRequest") |
350 { | |
351 return PostDataStatus_Failure; | |
352 } | |
353 | |
354 size_t fileSize = 0; | |
355 if (fileSizeStr != headers.end()) | |
356 { | |
357 try | |
358 { | |
359 fileSize = boost::lexical_cast<size_t>(fileSizeStr->second); | |
360 } | |
361 catch (boost::bad_lexical_cast) | |
362 { | |
363 return PostDataStatus_Failure; | |
364 } | |
365 } | |
366 | |
367 typedef boost::find_iterator<std::string::iterator> FindIterator; | |
10 | 368 typedef boost::iterator_range<char*> Range; |
0 | 369 |
370 //chunkStore.Print(); | |
371 | |
372 try | |
373 { | |
374 FindIterator last; | |
375 for (FindIterator it = | |
376 make_find_iterator(postData, boost::first_finder(boundary)); | |
377 it!=FindIterator(); | |
378 ++it) | |
379 { | |
380 if (last != FindIterator()) | |
381 { | |
10 | 382 Range part(&last->back(), &it->front()); |
0 | 383 Range content = boost::find_first(part, "\r\n\r\n"); |
345 | 384 if (/*content != Range()*/!content.empty()) |
0 | 385 { |
386 Range c(&content.back() + 1, &it->front() - 2); | |
387 size_t chunkSize = c.size(); | |
388 | |
389 if (chunkSize > 0) | |
390 { | |
391 const char* chunkData = &c.front(); | |
392 | |
393 if (fileName == headers.end()) | |
394 { | |
395 // This file is stored in a single chunk | |
396 completedFile.resize(chunkSize); | |
397 if (chunkSize > 0) | |
398 { | |
399 memcpy(&completedFile[0], chunkData, chunkSize); | |
400 } | |
401 return PostDataStatus_Success; | |
402 } | |
403 else | |
404 { | |
405 return chunkStore.Store(completedFile, chunkData, chunkSize, fileName->second, fileSize); | |
406 } | |
407 } | |
10 | 408 } |
0 | 409 } |
410 | |
411 last = it; | |
412 } | |
413 } | |
414 catch (std::length_error) | |
415 { | |
416 return PostDataStatus_Failure; | |
417 } | |
418 | |
419 return PostDataStatus_Pending; | |
420 } | |
421 | |
422 | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
423 static void SendUnauthorized(HttpOutput& output) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
424 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
425 std::string s = "HTTP/1.1 401 Unauthorized\r\n" |
59 | 426 "WWW-Authenticate: Basic realm=\"" ORTHANC_REALM "\"" |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
427 "\r\n\r\n"; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
428 output.Send(&s[0], s.size()); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
429 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
430 |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
431 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
432 static bool Authorize(const MongooseServer& that, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
433 const HttpHandler::Arguments& headers, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
434 HttpOutput& output) |
23 | 435 { |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
436 bool granted = false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
437 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
438 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
439 if (auth != headers.end()) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
440 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
441 std::string s = auth->second; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
442 if (s.substr(0, 6) == "Basic ") |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
443 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
444 std::string b64 = s.substr(6); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
445 granted = that.IsValidBasicHttpAuthentication(b64); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
446 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
447 } |
23 | 448 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
449 if (!granted) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
450 { |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
451 SendUnauthorized(output); |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
452 return false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
453 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
454 else |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
455 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
456 return true; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
457 } |
23 | 458 } |
459 | |
460 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
461 static std::string GetAuthenticatedUsername(const HttpHandler::Arguments& headers) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
462 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
463 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
464 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
465 if (auth == headers.end()) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
466 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
467 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
468 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
469 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
470 std::string s = auth->second; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
471 if (s.substr(0, 6) != "Basic ") |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
472 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
473 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
474 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
475 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
476 std::string b64 = s.substr(6); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
477 std::string decoded = Toolbox::DecodeBase64(b64); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
478 size_t semicolons = decoded.find(':'); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
479 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
480 if (semicolons == std::string::npos) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
481 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
482 // Bad-formatted request |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
483 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
484 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
485 else |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
486 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
487 return decoded.substr(0, semicolons); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
488 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
489 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
490 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
491 |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
492 static bool ExtractMethod(HttpMethod& method, |
414 | 493 const struct mg_request_info *request, |
494 const HttpHandler::Arguments& headers, | |
495 const HttpHandler::Arguments& argumentsGET) | |
496 { | |
497 std::string overriden; | |
498 | |
499 // Check whether some PUT/DELETE faking is done | |
500 | |
501 // 1. Faking with Google's approach | |
502 HttpHandler::Arguments::const_iterator methodOverride = | |
503 headers.find("x-http-method-override"); | |
504 | |
505 if (methodOverride != headers.end()) | |
506 { | |
507 overriden = methodOverride->second; | |
508 } | |
509 else if (!strcmp(request->request_method, "GET")) | |
510 { | |
511 // 2. Faking with Ruby on Rail's approach | |
512 // GET /my/resource?_method=delete <=> DELETE /my/resource | |
513 methodOverride = argumentsGET.find("_method"); | |
514 if (methodOverride != argumentsGET.end()) | |
515 { | |
516 overriden = methodOverride->second; | |
517 } | |
518 } | |
519 | |
520 if (overriden.size() > 0) | |
521 { | |
522 // A faking has been done within this request | |
523 Toolbox::ToUpperCase(overriden); | |
524 | |
416 | 525 LOG(INFO) << "HTTP method faking has been detected for " << overriden; |
526 | |
414 | 527 if (overriden == "PUT") |
528 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
529 method = HttpMethod_Put; |
416 | 530 return true; |
414 | 531 } |
532 else if (overriden == "DELETE") | |
533 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
534 method = HttpMethod_Delete; |
416 | 535 return true; |
414 | 536 } |
537 else | |
538 { | |
539 return false; | |
540 } | |
541 } | |
542 | |
543 // No PUT/DELETE faking was present | |
544 if (!strcmp(request->request_method, "GET")) | |
545 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
546 method = HttpMethod_Get; |
414 | 547 } |
548 else if (!strcmp(request->request_method, "POST")) | |
549 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
550 method = HttpMethod_Post; |
414 | 551 } |
552 else if (!strcmp(request->request_method, "DELETE")) | |
553 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
554 method = HttpMethod_Delete; |
414 | 555 } |
556 else if (!strcmp(request->request_method, "PUT")) | |
557 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
558 method = HttpMethod_Put; |
414 | 559 } |
560 else | |
561 { | |
562 return false; | |
563 } | |
564 | |
565 return true; | |
566 } | |
567 | |
568 | |
0 | 569 |
570 static void* Callback(enum mg_event event, | |
571 struct mg_connection *connection, | |
572 const struct mg_request_info *request) | |
573 { | |
574 if (event == MG_NEW_REQUEST) | |
575 { | |
656 | 576 MongooseServer* that = reinterpret_cast<MongooseServer*>(request->user_data); |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
577 MongooseOutput output(connection); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
578 |
414 | 579 // Check remote calls |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
580 if (!that->IsRemoteAccessAllowed() && |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
581 request->remote_ip != LOCALHOST) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
582 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
583 SendUnauthorized(output); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
584 return (void*) ""; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
585 } |
0 | 586 |
587 | |
414 | 588 // Extract the HTTP headers |
589 HttpHandler::Arguments headers; | |
0 | 590 for (int i = 0; i < request->num_headers; i++) |
591 { | |
592 std::string name = request->http_headers[i].name; | |
593 std::transform(name.begin(), name.end(), name.begin(), ::tolower); | |
594 headers.insert(std::make_pair(name, request->http_headers[i].value)); | |
595 } | |
596 | |
414 | 597 |
598 // Extract the GET arguments | |
599 HttpHandler::Arguments argumentsGET; | |
600 if (!strcmp(request->request_method, "GET")) | |
601 { | |
602 HttpHandler::ParseGetQuery(argumentsGET, request->query_string); | |
603 } | |
604 | |
605 | |
606 // Compute the HTTP method, taking method faking into consideration | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
607 HttpMethod method; |
414 | 608 if (!ExtractMethod(method, request, headers, argumentsGET)) |
609 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
610 output.SendHeader(HttpStatus_400_BadRequest); |
414 | 611 return (void*) ""; |
612 } | |
613 | |
614 | |
23 | 615 // Authenticate this connection |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
616 if (that->IsAuthenticationEnabled() && |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
617 !Authorize(*that, headers, output)) |
23 | 618 { |
619 return (void*) ""; | |
620 } | |
621 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
622 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
623 // Apply the filter, if it is installed |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
624 const IIncomingHttpRequestFilter *filter = that->GetIncomingHttpRequestFilter(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
625 if (filter != NULL) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
626 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
627 std::string username = GetAuthenticatedUsername(headers); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
628 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
629 char remoteIp[24]; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
630 sprintf(remoteIp, "%d.%d.%d.%d", |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
631 reinterpret_cast<const uint8_t*>(&request->remote_ip) [3], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
632 reinterpret_cast<const uint8_t*>(&request->remote_ip) [2], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
633 reinterpret_cast<const uint8_t*>(&request->remote_ip) [1], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
634 reinterpret_cast<const uint8_t*>(&request->remote_ip) [0]); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
635 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
636 if (!filter->IsAllowed(method, request->uri, remoteIp, username.c_str())) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
637 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
638 SendUnauthorized(output); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
639 return (void*) ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
640 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
641 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
642 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
643 |
414 | 644 // Extract the body of the request for PUT and POST |
645 std::string body; | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
646 if (method == HttpMethod_Post || |
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
647 method == HttpMethod_Put) |
0 | 648 { |
416 | 649 PostDataStatus status; |
650 | |
0 | 651 HttpHandler::Arguments::const_iterator ct = headers.find("content-type"); |
652 if (ct == headers.end()) | |
653 { | |
416 | 654 // No content-type specified. Assume no multi-part content occurs at this point. |
655 status = ReadBody(body, connection, headers); | |
0 | 656 } |
657 else | |
658 { | |
416 | 659 std::string contentType = ct->second; |
660 if (contentType.size() >= multipartLength && | |
661 !memcmp(contentType.c_str(), multipart, multipartLength)) | |
662 { | |
663 status = ParseMultipartPost(body, connection, headers, contentType, that->GetChunkStore()); | |
664 } | |
665 else | |
666 { | |
667 status = ReadBody(body, connection, headers); | |
668 } | |
0 | 669 } |
670 | |
671 switch (status) | |
672 { | |
416 | 673 case PostDataStatus_NoLength: |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
674 output.SendHeader(HttpStatus_411_LengthRequired); |
416 | 675 return (void*) ""; |
0 | 676 |
416 | 677 case PostDataStatus_Failure: |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
678 output.SendHeader(HttpStatus_400_BadRequest); |
416 | 679 return (void*) ""; |
0 | 680 |
416 | 681 case PostDataStatus_Pending: |
682 output.AnswerBufferWithContentType(NULL, 0, ""); | |
683 return (void*) ""; | |
0 | 684 |
416 | 685 default: |
686 break; | |
0 | 687 } |
688 } | |
689 | |
414 | 690 |
691 // Call the proper handler for this URI | |
0 | 692 UriComponents uri; |
415 | 693 try |
694 { | |
695 Toolbox::SplitUriComponents(uri, request->uri); | |
696 } | |
697 catch (OrthancException) | |
698 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
699 output.SendHeader(HttpStatus_400_BadRequest); |
415 | 700 return (void*) ""; |
701 } | |
702 | |
0 | 703 |
704 HttpHandler* handler = that->FindHandler(uri); | |
705 if (handler) | |
706 { | |
707 try | |
708 { | |
477 | 709 LOG(INFO) << EnumerationToString(method) << " " << Toolbox::FlattenUri(uri); |
414 | 710 handler->Handle(output, method, uri, headers, argumentsGET, body); |
0 | 711 } |
59 | 712 catch (OrthancException& e) |
0 | 713 { |
108 | 714 LOG(ERROR) << "MongooseServer Exception [" << e.What() << "]"; |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
715 output.SendHeader(HttpStatus_500_InternalServerError); |
0 | 716 } |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
717 catch (boost::bad_lexical_cast&) |
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
718 { |
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
719 LOG(ERROR) << "MongooseServer Exception: Bad lexical cast"; |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
720 output.SendHeader(HttpStatus_400_BadRequest); |
333 | 721 } |
722 catch (std::runtime_error&) | |
723 { | |
724 LOG(ERROR) << "MongooseServer Exception: Presumably a bad JSON request"; | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
725 output.SendHeader(HttpStatus_400_BadRequest); |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
726 } |
0 | 727 } |
728 else | |
729 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
730 output.SendHeader(HttpStatus_404_NotFound); |
0 | 731 } |
732 | |
733 // Mark as processed | |
734 return (void*) ""; | |
735 } | |
736 else | |
737 { | |
738 return NULL; | |
739 } | |
740 } | |
741 | |
742 | |
743 bool MongooseServer::IsRunning() const | |
744 { | |
745 return (pimpl_->context_ != NULL); | |
746 } | |
747 | |
748 | |
749 MongooseServer::MongooseServer() : pimpl_(new PImpl) | |
750 { | |
751 pimpl_->context_ = NULL; | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
752 remoteAllowed_ = false; |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
753 authentication_ = false; |
23 | 754 ssl_ = false; |
0 | 755 port_ = 8000; |
417 | 756 filter_ = NULL; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
757 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
758 #if ORTHANC_SSL_ENABLED == 1 |
749 | 759 // Check for the Heartbleed exploit |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
760 // https://en.wikipedia.org/wiki/OpenSSL#Heartbleed_bug |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
761 if (OPENSSL_VERSION_NUMBER < 0x1000107fL /* openssl-1.0.1g */ && |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
762 OPENSSL_VERSION_NUMBER >= 0x1000100fL /* openssl-1.0.1 */) |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
763 { |
749 | 764 LOG(WARNING) << "This version of OpenSSL is vulnerable to the Heartbleed exploit"; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
765 } |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
766 #endif |
0 | 767 } |
768 | |
769 | |
770 MongooseServer::~MongooseServer() | |
771 { | |
772 Stop(); | |
773 ClearHandlers(); | |
774 } | |
775 | |
776 | |
128 | 777 void MongooseServer::SetPortNumber(uint16_t port) |
0 | 778 { |
779 Stop(); | |
780 port_ = port; | |
781 } | |
782 | |
783 void MongooseServer::Start() | |
784 { | |
785 if (!IsRunning()) | |
786 { | |
787 std::string port = boost::lexical_cast<std::string>(port_); | |
788 | |
23 | 789 if (ssl_) |
790 { | |
791 port += "s"; | |
792 } | |
793 | |
0 | 794 const char *options[] = { |
795 "listening_ports", port.c_str(), | |
23 | 796 ssl_ ? "ssl_certificate" : NULL, |
797 certificate_.c_str(), | |
0 | 798 NULL |
799 }; | |
800 | |
801 pimpl_->context_ = mg_start(&Callback, this, options); | |
802 if (!pimpl_->context_) | |
803 { | |
59 | 804 throw OrthancException("Unable to launch the Mongoose server"); |
0 | 805 } |
806 } | |
807 } | |
808 | |
809 void MongooseServer::Stop() | |
810 { | |
811 if (IsRunning()) | |
812 { | |
813 mg_stop(pimpl_->context_); | |
814 pimpl_->context_ = NULL; | |
815 } | |
816 } | |
817 | |
818 | |
819 void MongooseServer::RegisterHandler(HttpHandler* handler) | |
820 { | |
821 Stop(); | |
822 | |
823 handlers_.push_back(handler); | |
824 } | |
825 | |
826 | |
827 void MongooseServer::ClearHandlers() | |
828 { | |
829 Stop(); | |
830 | |
831 for (Handlers::iterator it = | |
656 | 832 handlers_.begin(); it != handlers_.end(); ++it) |
0 | 833 { |
834 delete *it; | |
835 } | |
836 } | |
837 | |
23 | 838 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
839 void MongooseServer::ClearUsers() |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
840 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
841 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
842 registeredUsers_.clear(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
843 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
844 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
845 |
23 | 846 void MongooseServer::RegisterUser(const char* username, |
847 const char* password) | |
848 { | |
849 Stop(); | |
24 | 850 |
851 std::string tag = std::string(username) + ":" + std::string(password); | |
852 registeredUsers_.insert(Toolbox::EncodeBase64(tag)); | |
23 | 853 } |
854 | |
855 void MongooseServer::SetSslEnabled(bool enabled) | |
856 { | |
857 Stop(); | |
858 | |
59 | 859 #if ORTHANC_SSL_ENABLED == 0 |
23 | 860 if (enabled) |
861 { | |
59 | 862 throw OrthancException("Orthanc has been built without SSL support"); |
23 | 863 } |
864 else | |
865 { | |
866 ssl_ = false; | |
867 } | |
868 #else | |
869 ssl_ = enabled; | |
870 #endif | |
871 } | |
872 | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
873 void MongooseServer::SetAuthenticationEnabled(bool enabled) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
874 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
875 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
876 authentication_ = enabled; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
877 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
878 |
23 | 879 void MongooseServer::SetSslCertificate(const char* path) |
880 { | |
881 Stop(); | |
882 certificate_ = path; | |
883 } | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
884 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
885 void MongooseServer::SetRemoteAccessAllowed(bool allowed) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
886 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
887 Stop(); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
888 remoteAllowed_ = allowed; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
889 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
890 |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
891 void MongooseServer::SetIncomingHttpRequestFilter(IIncomingHttpRequestFilter& filter) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
892 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
893 Stop(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
894 filter_ = &filter; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
895 } |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
896 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
897 bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
898 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
899 return registeredUsers_.find(basic) != registeredUsers_.end(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
900 } |
0 | 901 } |