Mercurial > hg > orthanc
annotate Core/HttpServer/MongooseServer.cpp @ 908:e078ea944089 plugins
refactoring HttpOutput
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 19 Jun 2014 17:47:39 +0200 |
parents | 7d88f3f4a3b3 |
children | ef71057d8b26 |
rev | line source |
---|---|
0 | 1 /** |
59 | 2 * Orthanc - A Lightweight, RESTful DICOM Store |
689 | 3 * Copyright (C) 2012-2014 Medical Physics Department, CHU of Liege, |
0 | 4 * Belgium |
5 * | |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU General Public License as | |
8 * published by the Free Software Foundation, either version 3 of the | |
9 * License, or (at your option) any later version. | |
136 | 10 * |
11 * In addition, as a special exception, the copyright holders of this | |
12 * program give permission to link the code of its release with the | |
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it | |
14 * that use the same license as the "OpenSSL" library), and distribute | |
15 * the linked executables. You must obey the GNU General Public License | |
16 * in all respects for all of the code used other than "OpenSSL". If you | |
17 * modify file(s) with this exception, you may extend this exception to | |
18 * your version of the file(s), but you are not obligated to do so. If | |
19 * you do not wish to do so, delete this exception statement from your | |
20 * version. If you delete this exception statement from all source files | |
21 * in the program, then also delete it here. | |
0 | 22 * |
23 * This program is distributed in the hope that it will be useful, but | |
24 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
26 * General Public License for more details. | |
27 * | |
28 * You should have received a copy of the GNU General Public License | |
29 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
30 **/ | |
31 | |
32 | |
33 // http://en.highscore.de/cpp/boost/stringhandling.html | |
34 | |
824
a811bdf8b8eb
precompiled headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
809
diff
changeset
|
35 #include "../PrecompiledHeaders.h" |
0 | 36 #include "MongooseServer.h" |
37 | |
38 #include <algorithm> | |
39 #include <string.h> | |
40 #include <boost/lexical_cast.hpp> | |
41 #include <boost/algorithm/string.hpp> | |
42 #include <iostream> | |
43 #include <string.h> | |
44 #include <stdio.h> | |
45 #include <boost/thread.hpp> | |
108 | 46 #include <glog/logging.h> |
0 | 47 |
59 | 48 #include "../OrthancException.h" |
0 | 49 #include "../ChunkedBuffer.h" |
324 | 50 #include "HttpOutput.h" |
0 | 51 #include "mongoose.h" |
52 | |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
53 #if ORTHANC_SSL_ENABLED == 1 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
54 #include <openssl/opensslv.h> |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
55 #endif |
0 | 56 |
59 | 57 #define ORTHANC_REALM "Orthanc Secure Area" |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
58 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
59 static const long LOCALHOST = (127ll << 24) + 1ll; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
60 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
61 |
59 | 62 namespace Orthanc |
0 | 63 { |
64 static const char multipart[] = "multipart/form-data; boundary="; | |
65 static unsigned int multipartLength = sizeof(multipart) / sizeof(char) - 1; | |
66 | |
67 | |
68 namespace | |
69 { | |
70 // Anonymous namespace to avoid clashes between compilation modules | |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
71 class MongooseOutputStream : public HttpOutputStream |
0 | 72 { |
73 private: | |
74 struct mg_connection* connection_; | |
75 | |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
76 protected: |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
77 virtual void SendBody(const void* buffer, size_t length) |
0 | 78 { |
217 | 79 if (length > 0) |
80 { | |
81 mg_write(connection_, buffer, length); | |
82 } | |
0 | 83 } |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
84 |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
85 virtual void SendHeader(const void* buffer, size_t length) |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
86 { |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
87 SendBody(buffer, length); |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
88 } |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
89 |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
90 public: |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
91 MongooseOutputStream(struct mg_connection* connection) : connection_(connection) |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
92 { |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
93 } |
0 | 94 }; |
95 | |
96 | |
97 enum PostDataStatus | |
98 { | |
99 PostDataStatus_Success, | |
100 PostDataStatus_NoLength, | |
101 PostDataStatus_Pending, | |
102 PostDataStatus_Failure | |
103 }; | |
104 } | |
105 | |
106 | |
107 // TODO Move this to external file | |
108 | |
109 | |
110 class ChunkedFile : public ChunkedBuffer | |
111 { | |
112 private: | |
113 std::string filename_; | |
114 | |
115 public: | |
116 ChunkedFile(const std::string& filename) : | |
117 filename_(filename) | |
118 { | |
119 } | |
120 | |
121 const std::string& GetFilename() const | |
122 { | |
123 return filename_; | |
124 } | |
125 }; | |
126 | |
127 | |
128 | |
129 class ChunkStore | |
130 { | |
131 private: | |
132 typedef std::list<ChunkedFile*> Content; | |
133 Content content_; | |
134 unsigned int numPlaces_; | |
135 | |
136 boost::mutex mutex_; | |
137 std::set<std::string> discardedFiles_; | |
138 | |
139 void Clear() | |
140 { | |
141 for (Content::iterator it = content_.begin(); | |
656 | 142 it != content_.end(); ++it) |
0 | 143 { |
144 delete *it; | |
145 } | |
146 } | |
147 | |
148 Content::iterator Find(const std::string& filename) | |
149 { | |
150 for (Content::iterator it = content_.begin(); | |
656 | 151 it != content_.end(); ++it) |
0 | 152 { |
153 if ((*it)->GetFilename() == filename) | |
154 { | |
155 return it; | |
156 } | |
157 } | |
158 | |
159 return content_.end(); | |
160 } | |
161 | |
162 void Remove(const std::string& filename) | |
163 { | |
164 Content::iterator it = Find(filename); | |
165 if (it != content_.end()) | |
166 { | |
167 delete *it; | |
168 content_.erase(it); | |
169 } | |
170 } | |
171 | |
172 public: | |
173 ChunkStore() | |
174 { | |
175 numPlaces_ = 10; | |
176 } | |
177 | |
178 ~ChunkStore() | |
179 { | |
180 Clear(); | |
181 } | |
182 | |
183 PostDataStatus Store(std::string& completed, | |
184 const char* chunkData, | |
185 size_t chunkSize, | |
186 const std::string& filename, | |
187 size_t filesize) | |
188 { | |
189 boost::mutex::scoped_lock lock(mutex_); | |
190 | |
191 std::set<std::string>::iterator wasDiscarded = discardedFiles_.find(filename); | |
192 if (wasDiscarded != discardedFiles_.end()) | |
193 { | |
194 discardedFiles_.erase(wasDiscarded); | |
195 return PostDataStatus_Failure; | |
196 } | |
197 | |
198 ChunkedFile* f; | |
199 Content::iterator it = Find(filename); | |
200 if (it == content_.end()) | |
201 { | |
202 f = new ChunkedFile(filename); | |
203 | |
204 // Make some room | |
205 if (content_.size() >= numPlaces_) | |
206 { | |
207 discardedFiles_.insert(content_.front()->GetFilename()); | |
208 delete content_.front(); | |
209 content_.pop_front(); | |
210 } | |
211 | |
212 content_.push_back(f); | |
213 } | |
214 else | |
215 { | |
216 f = *it; | |
217 } | |
218 | |
219 f->AddChunk(chunkData, chunkSize); | |
220 | |
221 if (f->GetNumBytes() > filesize) | |
222 { | |
223 Remove(filename); | |
224 } | |
225 else if (f->GetNumBytes() == filesize) | |
226 { | |
227 f->Flatten(completed); | |
228 Remove(filename); | |
229 return PostDataStatus_Success; | |
230 } | |
231 | |
232 return PostDataStatus_Pending; | |
233 } | |
234 | |
235 /*void Print() | |
236 { | |
237 boost::mutex::scoped_lock lock(mutex_); | |
238 | |
239 printf("ChunkStore status:\n"); | |
240 for (Content::const_iterator i = content_.begin(); | |
241 i != content_.end(); i++) | |
242 { | |
243 printf(" [%s]: %d\n", (*i)->GetFilename().c_str(), (*i)->GetNumBytes()); | |
244 } | |
245 printf("-----\n"); | |
246 }*/ | |
247 }; | |
248 | |
249 | |
250 struct MongooseServer::PImpl | |
251 { | |
252 struct mg_context *context_; | |
253 ChunkStore chunkStore_; | |
254 }; | |
255 | |
256 | |
257 ChunkStore& MongooseServer::GetChunkStore() | |
258 { | |
259 return pimpl_->chunkStore_; | |
260 } | |
261 | |
262 | |
263 | |
416 | 264 static PostDataStatus ReadBody(std::string& postData, |
265 struct mg_connection *connection, | |
266 const HttpHandler::Arguments& headers) | |
0 | 267 { |
268 HttpHandler::Arguments::const_iterator cs = headers.find("content-length"); | |
269 if (cs == headers.end()) | |
270 { | |
271 return PostDataStatus_NoLength; | |
272 } | |
273 | |
274 int length; | |
275 try | |
276 { | |
277 length = boost::lexical_cast<int>(cs->second); | |
278 } | |
279 catch (boost::bad_lexical_cast) | |
280 { | |
281 return PostDataStatus_NoLength; | |
282 } | |
283 | |
284 if (length < 0) | |
285 { | |
286 length = 0; | |
287 } | |
288 | |
289 postData.resize(length); | |
290 | |
291 size_t pos = 0; | |
292 while (length > 0) | |
293 { | |
294 int r = mg_read(connection, &postData[pos], length); | |
295 if (r <= 0) | |
296 { | |
297 return PostDataStatus_Failure; | |
298 } | |
418
b79bf2f4ab2e
execution of lua through REST
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
417
diff
changeset
|
299 |
8 | 300 assert(r <= length); |
0 | 301 length -= r; |
302 pos += r; | |
303 } | |
304 | |
305 return PostDataStatus_Success; | |
306 } | |
307 | |
308 | |
309 | |
310 static PostDataStatus ParseMultipartPost(std::string &completedFile, | |
311 struct mg_connection *connection, | |
312 const HttpHandler::Arguments& headers, | |
313 const std::string& contentType, | |
314 ChunkStore& chunkStore) | |
315 { | |
316 std::string boundary = "--" + contentType.substr(multipartLength); | |
317 | |
318 std::string postData; | |
416 | 319 PostDataStatus status = ReadBody(postData, connection, headers); |
0 | 320 |
321 if (status != PostDataStatus_Success) | |
322 { | |
323 return status; | |
324 } | |
325 | |
326 /*for (HttpHandler::Arguments::const_iterator i = headers.begin(); i != headers.end(); i++) | |
327 { | |
328 std::cout << "Header [" << i->first << "] = " << i->second << "\n"; | |
329 } | |
330 printf("CHUNK\n");*/ | |
331 | |
332 typedef HttpHandler::Arguments::const_iterator ArgumentIterator; | |
333 | |
334 ArgumentIterator requestedWith = headers.find("x-requested-with"); | |
335 ArgumentIterator fileName = headers.find("x-file-name"); | |
336 ArgumentIterator fileSizeStr = headers.find("x-file-size"); | |
337 | |
338
3a3b3ba8c1e0
fix for uploads through internet explorer 7
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
333
diff
changeset
|
338 if (requestedWith != headers.end() && |
0 | 339 requestedWith->second != "XMLHttpRequest") |
340 { | |
341 return PostDataStatus_Failure; | |
342 } | |
343 | |
344 size_t fileSize = 0; | |
345 if (fileSizeStr != headers.end()) | |
346 { | |
347 try | |
348 { | |
349 fileSize = boost::lexical_cast<size_t>(fileSizeStr->second); | |
350 } | |
351 catch (boost::bad_lexical_cast) | |
352 { | |
353 return PostDataStatus_Failure; | |
354 } | |
355 } | |
356 | |
357 typedef boost::find_iterator<std::string::iterator> FindIterator; | |
10 | 358 typedef boost::iterator_range<char*> Range; |
0 | 359 |
360 //chunkStore.Print(); | |
361 | |
362 try | |
363 { | |
364 FindIterator last; | |
365 for (FindIterator it = | |
366 make_find_iterator(postData, boost::first_finder(boundary)); | |
367 it!=FindIterator(); | |
368 ++it) | |
369 { | |
370 if (last != FindIterator()) | |
371 { | |
10 | 372 Range part(&last->back(), &it->front()); |
0 | 373 Range content = boost::find_first(part, "\r\n\r\n"); |
345 | 374 if (/*content != Range()*/!content.empty()) |
0 | 375 { |
376 Range c(&content.back() + 1, &it->front() - 2); | |
377 size_t chunkSize = c.size(); | |
378 | |
379 if (chunkSize > 0) | |
380 { | |
381 const char* chunkData = &c.front(); | |
382 | |
383 if (fileName == headers.end()) | |
384 { | |
385 // This file is stored in a single chunk | |
386 completedFile.resize(chunkSize); | |
387 if (chunkSize > 0) | |
388 { | |
389 memcpy(&completedFile[0], chunkData, chunkSize); | |
390 } | |
391 return PostDataStatus_Success; | |
392 } | |
393 else | |
394 { | |
395 return chunkStore.Store(completedFile, chunkData, chunkSize, fileName->second, fileSize); | |
396 } | |
397 } | |
10 | 398 } |
0 | 399 } |
400 | |
401 last = it; | |
402 } | |
403 } | |
404 catch (std::length_error) | |
405 { | |
406 return PostDataStatus_Failure; | |
407 } | |
408 | |
409 return PostDataStatus_Pending; | |
410 } | |
411 | |
412 | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
413 static bool Authorize(const MongooseServer& that, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
414 const HttpHandler::Arguments& headers, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
415 HttpOutput& output) |
23 | 416 { |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
417 bool granted = false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
418 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
419 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
420 if (auth != headers.end()) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
421 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
422 std::string s = auth->second; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
423 if (s.substr(0, 6) == "Basic ") |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
424 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
425 std::string b64 = s.substr(6); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
426 granted = that.IsValidBasicHttpAuthentication(b64); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
427 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
428 } |
23 | 429 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
430 if (!granted) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
431 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
432 output.SendUnauthorized(ORTHANC_REALM); |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
433 return false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
434 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
435 else |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
436 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
437 return true; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
438 } |
23 | 439 } |
440 | |
441 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
442 static std::string GetAuthenticatedUsername(const HttpHandler::Arguments& headers) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
443 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
444 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
445 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
446 if (auth == headers.end()) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
447 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
448 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
449 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
450 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
451 std::string s = auth->second; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
452 if (s.substr(0, 6) != "Basic ") |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
453 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
454 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
455 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
456 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
457 std::string b64 = s.substr(6); |
809
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
458 std::string decoded; |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
459 Toolbox::DecodeBase64(decoded, b64); |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
460 size_t semicolons = decoded.find(':'); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
461 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
462 if (semicolons == std::string::npos) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
463 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
464 // Bad-formatted request |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
465 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
466 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
467 else |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
468 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
469 return decoded.substr(0, semicolons); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
470 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
471 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
472 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
473 |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
474 static bool ExtractMethod(HttpMethod& method, |
414 | 475 const struct mg_request_info *request, |
476 const HttpHandler::Arguments& headers, | |
477 const HttpHandler::Arguments& argumentsGET) | |
478 { | |
479 std::string overriden; | |
480 | |
481 // Check whether some PUT/DELETE faking is done | |
482 | |
483 // 1. Faking with Google's approach | |
484 HttpHandler::Arguments::const_iterator methodOverride = | |
485 headers.find("x-http-method-override"); | |
486 | |
487 if (methodOverride != headers.end()) | |
488 { | |
489 overriden = methodOverride->second; | |
490 } | |
491 else if (!strcmp(request->request_method, "GET")) | |
492 { | |
493 // 2. Faking with Ruby on Rail's approach | |
494 // GET /my/resource?_method=delete <=> DELETE /my/resource | |
495 methodOverride = argumentsGET.find("_method"); | |
496 if (methodOverride != argumentsGET.end()) | |
497 { | |
498 overriden = methodOverride->second; | |
499 } | |
500 } | |
501 | |
502 if (overriden.size() > 0) | |
503 { | |
504 // A faking has been done within this request | |
505 Toolbox::ToUpperCase(overriden); | |
506 | |
416 | 507 LOG(INFO) << "HTTP method faking has been detected for " << overriden; |
508 | |
414 | 509 if (overriden == "PUT") |
510 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
511 method = HttpMethod_Put; |
416 | 512 return true; |
414 | 513 } |
514 else if (overriden == "DELETE") | |
515 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
516 method = HttpMethod_Delete; |
416 | 517 return true; |
414 | 518 } |
519 else | |
520 { | |
521 return false; | |
522 } | |
523 } | |
524 | |
525 // No PUT/DELETE faking was present | |
526 if (!strcmp(request->request_method, "GET")) | |
527 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
528 method = HttpMethod_Get; |
414 | 529 } |
530 else if (!strcmp(request->request_method, "POST")) | |
531 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
532 method = HttpMethod_Post; |
414 | 533 } |
534 else if (!strcmp(request->request_method, "DELETE")) | |
535 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
536 method = HttpMethod_Delete; |
414 | 537 } |
538 else if (!strcmp(request->request_method, "PUT")) | |
539 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
540 method = HttpMethod_Put; |
414 | 541 } |
542 else | |
543 { | |
544 return false; | |
545 } | |
546 | |
547 return true; | |
548 } | |
549 | |
550 | |
0 | 551 |
552 static void* Callback(enum mg_event event, | |
553 struct mg_connection *connection, | |
554 const struct mg_request_info *request) | |
555 { | |
556 if (event == MG_NEW_REQUEST) | |
557 { | |
656 | 558 MongooseServer* that = reinterpret_cast<MongooseServer*>(request->user_data); |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
559 MongooseOutputStream stream(connection); |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
560 HttpOutput output(stream); |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
561 |
414 | 562 // Check remote calls |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
563 if (!that->IsRemoteAccessAllowed() && |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
564 request->remote_ip != LOCALHOST) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
565 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
566 output.SendUnauthorized(ORTHANC_REALM); |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
567 return (void*) ""; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
568 } |
0 | 569 |
570 | |
414 | 571 // Extract the HTTP headers |
572 HttpHandler::Arguments headers; | |
0 | 573 for (int i = 0; i < request->num_headers; i++) |
574 { | |
575 std::string name = request->http_headers[i].name; | |
576 std::transform(name.begin(), name.end(), name.begin(), ::tolower); | |
577 headers.insert(std::make_pair(name, request->http_headers[i].value)); | |
578 } | |
579 | |
414 | 580 |
581 // Extract the GET arguments | |
582 HttpHandler::Arguments argumentsGET; | |
583 if (!strcmp(request->request_method, "GET")) | |
584 { | |
585 HttpHandler::ParseGetQuery(argumentsGET, request->query_string); | |
586 } | |
587 | |
588 | |
589 // Compute the HTTP method, taking method faking into consideration | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
590 HttpMethod method; |
414 | 591 if (!ExtractMethod(method, request, headers, argumentsGET)) |
592 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
593 output.SendHeader(HttpStatus_400_BadRequest); |
414 | 594 return (void*) ""; |
595 } | |
596 | |
597 | |
23 | 598 // Authenticate this connection |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
599 if (that->IsAuthenticationEnabled() && |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
600 !Authorize(*that, headers, output)) |
23 | 601 { |
602 return (void*) ""; | |
603 } | |
604 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
605 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
606 // Apply the filter, if it is installed |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
607 const IIncomingHttpRequestFilter *filter = that->GetIncomingHttpRequestFilter(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
608 if (filter != NULL) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
609 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
610 std::string username = GetAuthenticatedUsername(headers); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
611 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
612 char remoteIp[24]; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
613 sprintf(remoteIp, "%d.%d.%d.%d", |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
614 reinterpret_cast<const uint8_t*>(&request->remote_ip) [3], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
615 reinterpret_cast<const uint8_t*>(&request->remote_ip) [2], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
616 reinterpret_cast<const uint8_t*>(&request->remote_ip) [1], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
617 reinterpret_cast<const uint8_t*>(&request->remote_ip) [0]); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
618 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
619 if (!filter->IsAllowed(method, request->uri, remoteIp, username.c_str())) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
620 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
621 output.SendUnauthorized(ORTHANC_REALM); |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
622 return (void*) ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
623 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
624 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
625 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
626 |
414 | 627 // Extract the body of the request for PUT and POST |
628 std::string body; | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
629 if (method == HttpMethod_Post || |
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
630 method == HttpMethod_Put) |
0 | 631 { |
416 | 632 PostDataStatus status; |
633 | |
0 | 634 HttpHandler::Arguments::const_iterator ct = headers.find("content-type"); |
635 if (ct == headers.end()) | |
636 { | |
416 | 637 // No content-type specified. Assume no multi-part content occurs at this point. |
638 status = ReadBody(body, connection, headers); | |
0 | 639 } |
640 else | |
641 { | |
416 | 642 std::string contentType = ct->second; |
643 if (contentType.size() >= multipartLength && | |
644 !memcmp(contentType.c_str(), multipart, multipartLength)) | |
645 { | |
646 status = ParseMultipartPost(body, connection, headers, contentType, that->GetChunkStore()); | |
647 } | |
648 else | |
649 { | |
650 status = ReadBody(body, connection, headers); | |
651 } | |
0 | 652 } |
653 | |
654 switch (status) | |
655 { | |
416 | 656 case PostDataStatus_NoLength: |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
657 output.SendHeader(HttpStatus_411_LengthRequired); |
416 | 658 return (void*) ""; |
0 | 659 |
416 | 660 case PostDataStatus_Failure: |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
661 output.SendHeader(HttpStatus_400_BadRequest); |
416 | 662 return (void*) ""; |
0 | 663 |
416 | 664 case PostDataStatus_Pending: |
665 output.AnswerBufferWithContentType(NULL, 0, ""); | |
666 return (void*) ""; | |
0 | 667 |
416 | 668 default: |
669 break; | |
0 | 670 } |
671 } | |
672 | |
414 | 673 |
896 | 674 // Decompose the URI into its components |
0 | 675 UriComponents uri; |
415 | 676 try |
677 { | |
678 Toolbox::SplitUriComponents(uri, request->uri); | |
679 } | |
680 catch (OrthancException) | |
681 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
682 output.SendHeader(HttpStatus_400_BadRequest); |
415 | 683 return (void*) ""; |
684 } | |
685 | |
0 | 686 |
901
7d88f3f4a3b3
refactoring IsServedUri, answer PNG images, regular expression groups
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
899
diff
changeset
|
687 // Loop over the candidate handlers for this URI |
896 | 688 LOG(INFO) << EnumerationToString(method) << " " << Toolbox::FlattenUri(uri); |
895
7e8cde5905fd
allow superposition of REST handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
824
diff
changeset
|
689 bool found = false; |
7e8cde5905fd
allow superposition of REST handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
824
diff
changeset
|
690 |
901
7d88f3f4a3b3
refactoring IsServedUri, answer PNG images, regular expression groups
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
899
diff
changeset
|
691 for (MongooseServer::Handlers::const_iterator it = |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
692 that->GetHandlers().begin(); it != that->GetHandlers().end() && !found; ++it) |
0 | 693 { |
694 try | |
695 { | |
895
7e8cde5905fd
allow superposition of REST handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
824
diff
changeset
|
696 found = (*it)->Handle(output, method, uri, headers, argumentsGET, body); |
0 | 697 } |
59 | 698 catch (OrthancException& e) |
0 | 699 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
700 // Using this candidate handler results in an exception |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
701 LOG(ERROR) << "Exception in the HTTP handler: " << e.What(); |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
702 return (void*) ""; |
0 | 703 } |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
704 catch (boost::bad_lexical_cast&) |
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
705 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
706 LOG(ERROR) << "Exception in the HTTP handler: Bad lexical cast"; |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
707 return (void*) ""; |
333 | 708 } |
709 catch (std::runtime_error&) | |
710 { | |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
711 LOG(ERROR) << "Exception in the HTTP handler: Presumably a bad JSON request"; |
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
712 return (void*) ""; |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
713 } |
0 | 714 } |
895
7e8cde5905fd
allow superposition of REST handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
824
diff
changeset
|
715 |
7e8cde5905fd
allow superposition of REST handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
824
diff
changeset
|
716 if (!found) |
0 | 717 { |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
718 output.SendHeader(HttpStatus_404_NotFound); |
0 | 719 } |
720 | |
721 // Mark as processed | |
722 return (void*) ""; | |
723 } | |
724 else | |
725 { | |
726 return NULL; | |
727 } | |
728 } | |
729 | |
730 | |
731 bool MongooseServer::IsRunning() const | |
732 { | |
733 return (pimpl_->context_ != NULL); | |
734 } | |
735 | |
736 | |
737 MongooseServer::MongooseServer() : pimpl_(new PImpl) | |
738 { | |
739 pimpl_->context_ = NULL; | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
740 remoteAllowed_ = false; |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
741 authentication_ = false; |
23 | 742 ssl_ = false; |
0 | 743 port_ = 8000; |
417 | 744 filter_ = NULL; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
745 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
746 #if ORTHANC_SSL_ENABLED == 1 |
749 | 747 // Check for the Heartbleed exploit |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
748 // https://en.wikipedia.org/wiki/OpenSSL#Heartbleed_bug |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
749 if (OPENSSL_VERSION_NUMBER < 0x1000107fL /* openssl-1.0.1g */ && |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
750 OPENSSL_VERSION_NUMBER >= 0x1000100fL /* openssl-1.0.1 */) |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
751 { |
749 | 752 LOG(WARNING) << "This version of OpenSSL is vulnerable to the Heartbleed exploit"; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
753 } |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
754 #endif |
0 | 755 } |
756 | |
757 | |
758 MongooseServer::~MongooseServer() | |
759 { | |
760 Stop(); | |
761 ClearHandlers(); | |
762 } | |
763 | |
764 | |
128 | 765 void MongooseServer::SetPortNumber(uint16_t port) |
0 | 766 { |
767 Stop(); | |
768 port_ = port; | |
769 } | |
770 | |
771 void MongooseServer::Start() | |
772 { | |
773 if (!IsRunning()) | |
774 { | |
775 std::string port = boost::lexical_cast<std::string>(port_); | |
776 | |
23 | 777 if (ssl_) |
778 { | |
779 port += "s"; | |
780 } | |
781 | |
0 | 782 const char *options[] = { |
783 "listening_ports", port.c_str(), | |
23 | 784 ssl_ ? "ssl_certificate" : NULL, |
785 certificate_.c_str(), | |
0 | 786 NULL |
787 }; | |
788 | |
789 pimpl_->context_ = mg_start(&Callback, this, options); | |
790 if (!pimpl_->context_) | |
791 { | |
59 | 792 throw OrthancException("Unable to launch the Mongoose server"); |
0 | 793 } |
794 } | |
795 } | |
796 | |
797 void MongooseServer::Stop() | |
798 { | |
799 if (IsRunning()) | |
800 { | |
801 mg_stop(pimpl_->context_); | |
802 pimpl_->context_ = NULL; | |
803 } | |
804 } | |
805 | |
806 | |
899 | 807 void MongooseServer::RegisterHandler(HttpHandler& handler) |
0 | 808 { |
809 Stop(); | |
810 | |
899 | 811 handlers_.push_back(&handler); |
0 | 812 } |
813 | |
814 | |
815 void MongooseServer::ClearHandlers() | |
816 { | |
817 Stop(); | |
818 } | |
819 | |
23 | 820 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
821 void MongooseServer::ClearUsers() |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
822 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
823 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
824 registeredUsers_.clear(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
825 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
826 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
827 |
23 | 828 void MongooseServer::RegisterUser(const char* username, |
829 const char* password) | |
830 { | |
831 Stop(); | |
24 | 832 |
833 std::string tag = std::string(username) + ":" + std::string(password); | |
809
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
834 std::string encoded; |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
835 Toolbox::EncodeBase64(encoded, tag); |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
836 registeredUsers_.insert(encoded); |
23 | 837 } |
838 | |
839 void MongooseServer::SetSslEnabled(bool enabled) | |
840 { | |
841 Stop(); | |
842 | |
59 | 843 #if ORTHANC_SSL_ENABLED == 0 |
23 | 844 if (enabled) |
845 { | |
59 | 846 throw OrthancException("Orthanc has been built without SSL support"); |
23 | 847 } |
848 else | |
849 { | |
850 ssl_ = false; | |
851 } | |
852 #else | |
853 ssl_ = enabled; | |
854 #endif | |
855 } | |
856 | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
857 void MongooseServer::SetAuthenticationEnabled(bool enabled) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
858 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
859 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
860 authentication_ = enabled; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
861 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
862 |
23 | 863 void MongooseServer::SetSslCertificate(const char* path) |
864 { | |
865 Stop(); | |
866 certificate_ = path; | |
867 } | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
868 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
869 void MongooseServer::SetRemoteAccessAllowed(bool allowed) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
870 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
871 Stop(); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
872 remoteAllowed_ = allowed; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
873 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
874 |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
875 void MongooseServer::SetIncomingHttpRequestFilter(IIncomingHttpRequestFilter& filter) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
876 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
877 Stop(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
878 filter_ = &filter; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
879 } |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
880 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
881 bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
882 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
883 return registeredUsers_.find(basic) != registeredUsers_.end(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
884 } |
0 | 885 } |