hydrar/mistserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added authentication support to HTTP library

Browse source
This commit is contained in:
Thulinma 2017-10-21 22:54:06 +02:00
parent 047aebdb27
commit c22a3c6e0f
2 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
lib/http_parser.cpp
View file

@ -5,6 +5,7 @@
#include "encode.h"
#include "timing.h"
#include "defines.h"
#include "auth.h"
/// Helper function to check if the given c-string is numeric or not
static bool is_numeric(const char * str){
@ -274,6 +275,41 @@ void HTTP::Parser::CleanPreserveHeaders() {
vars.clear();
}
/// Local-only helper function for use in auth()
/// Returns the string contents of the given val from list
static std::string findValIn(const std::string & list, const std::string & val){
size_t pos = list.find(val+"=\"");
if (pos == std::string::npos){return "";}
pos += val.size() + 2;
if (pos >= list.size()){return "";}
size_t ePos = list.find('"', pos);
if (ePos == std::string::npos){return "";}
return list.substr(pos, ePos - pos);
}
/// Attempts to send an authentication header with the given name and password. Uses authReq as WWW-Authenticate header.
void HTTP::Parser::auth(const std::string & user, const std::string & pass, const std::string & authReq){
size_t space = authReq.find(' ');
if (space == std::string::npos || !user.size() || !pass.size()){
FAIL_MSG("No authentication possible");
return;
}
std::string meth = authReq.substr(0, space);
if (meth == "Basic"){
SetHeader("Authorization", "Basic "+Encodings::Base64::encode(user+":"+pass));
return;
}
if (meth == "Digest"){
std::string realm=findValIn(authReq, "realm"), nonce=findValIn(authReq, "nonce");
std::string A1 = Secure::md5(user+":"+realm+":"+pass);
std::string A2 = Secure::md5(method+":"+url);
std::string response = Secure::md5(A1+":"+nonce+":"+A2);
SetHeader("Authorization", "Digest username=\""+user+"\", realm=\""+realm+"\", nonce=\""+nonce+"\", uri=\""+url+"\", response=\""+response+"\"");
return;
}
FAIL_MSG("No authentication possible, unimplemented method '%s'", meth.c_str());
}
/// Sets the neccesary headers to allow Cross Origin Resource Sharing with all domains.
void HTTP::Parser::setCORSHeaders(){
SetHeader("Access-Control-Allow-Origin", "*");

1
lib/http_parser.h
View file

@ -46,6 +46,7 @@ namespace HTTP {
void Proxy(Socket::Connection & from, Socket::Connection & to);
void Clean();
void CleanPreserveHeaders();
void auth(const std::string & user, const std::string & pass, const std::string & authReq);
std::string body;
std::string method;
std::string url;