Mercurial > hg > orthanc
diff Core/HttpServer/MongooseServer.cpp @ 34:96e57b863dd9
option to disallow remote access
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 30 Aug 2012 11:22:21 +0200 |
parents | dd1489098265 |
children | 9be852ad33d2 |
line wrap: on
line diff
--- a/Core/HttpServer/MongooseServer.cpp Thu Aug 30 09:35:38 2012 +0200 +++ b/Core/HttpServer/MongooseServer.cpp Thu Aug 30 11:22:21 2012 +0200 @@ -38,6 +38,8 @@ #define PALANTIR_REALM "Palantir Secure Area" +static const long LOCALHOST = (127ll << 24) + 1ll; + namespace Palantir { @@ -397,6 +399,15 @@ } + static void SendUnauthorized(HttpOutput& output) + { + std::string s = "HTTP/1.1 401 Unauthorized\r\n" + "WWW-Authenticate: Basic realm=\"" PALANTIR_REALM "\"" + "\r\n\r\n"; + output.Send(&s[0], s.size()); + } + + static bool Authorize(const MongooseServer& that, const HttpHandler::Arguments& headers, HttpOutput& output) @@ -416,10 +427,7 @@ if (!granted) { - std::string s = "HTTP/1.1 401 Unauthorized\r\n" - "WWW-Authenticate: Basic realm=\"" PALANTIR_REALM "\"" - "\r\n\r\n"; - output.Send(&s[0], s.size()); + SendUnauthorized(output); return false; } else @@ -437,9 +445,16 @@ if (event == MG_NEW_REQUEST) { MongooseServer* that = (MongooseServer*) (request->user_data); + MongooseOutput output(connection); + + if (!that->IsRemoteAccessAllowed() && + request->remote_ip != LOCALHOST) + { + SendUnauthorized(output); + return (void*) ""; + } HttpHandler::Arguments arguments, headers; - MongooseOutput c(connection); for (int i = 0; i < request->num_headers; i++) { @@ -450,7 +465,7 @@ // Authenticate this connection if (that->IsAuthenticationEnabled() && - !Authorize(*that, headers, c)) + !Authorize(*that, headers, output)) { return (void*) ""; } @@ -466,7 +481,7 @@ HttpHandler::Arguments::const_iterator ct = headers.find("content-type"); if (ct == headers.end()) { - c.SendHeader(HttpStatus_400_BadRequest); + output.SendHeader(HttpStatus_400_BadRequest); return (void*) ""; } @@ -486,15 +501,15 @@ switch (status) { case PostDataStatus_NoLength: - c.SendHeader(HttpStatus_411_LengthRequired); + output.SendHeader(HttpStatus_411_LengthRequired); return (void*) ""; case PostDataStatus_Failure: - c.SendHeader(HttpStatus_400_BadRequest); + output.SendHeader(HttpStatus_400_BadRequest); return (void*) ""; case PostDataStatus_Pending: - c.AnswerBuffer(""); + output.AnswerBuffer(""); return (void*) ""; default: @@ -510,18 +525,18 @@ { try { - handler->Handle(c, std::string(request->request_method), + handler->Handle(output, std::string(request->request_method), uri, headers, arguments, postData); } catch (PalantirException& e) { std::cerr << "MongooseServer Exception [" << e.What() << "]" << std::endl; - c.SendHeader(HttpStatus_500_InternalServerError); + output.SendHeader(HttpStatus_500_InternalServerError); } } else { - c.SendHeader(HttpStatus_404_NotFound); + output.SendHeader(HttpStatus_404_NotFound); } // Mark as processed @@ -543,6 +558,7 @@ MongooseServer::MongooseServer() : pimpl_(new PImpl) { pimpl_->context_ = NULL; + remoteAllowed_ = false; authentication_ = false; ssl_ = false; port_ = 8000; @@ -664,6 +680,13 @@ certificate_ = path; } + void MongooseServer::SetRemoteAccessAllowed(bool allowed) + { + Stop(); + remoteAllowed_ = allowed; + } + + bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const { return registeredUsers_.find(basic) != registeredUsers_.end();