2016-05-19 15:28:31 +08:00
|
|
|
/*
|
|
|
|
|
* ws protocol handler plugin for "generic sessions"
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
2017-04-06 23:01:34 +08:00
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
2016-05-19 15:28:31 +08:00
|
|
|
* License as published by the Free Software Foundation:
|
|
|
|
|
* version 2.1 of the License.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301 USA
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define LWS_DLL
|
|
|
|
|
#define LWS_INTERNAL
|
2018-08-23 09:46:01 +08:00
|
|
|
#include <libwebsockets.h>
|
2016-05-19 15:28:31 +08:00
|
|
|
|
|
|
|
|
#include <sqlite3.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#define LWSGS_VERIFIED_ACCEPTED 100
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
FGS_USERNAME,
|
|
|
|
|
FGS_PASSWORD,
|
|
|
|
|
FGS_PASSWORD2,
|
|
|
|
|
FGS_EMAIL,
|
|
|
|
|
FGS_REGISTER,
|
|
|
|
|
FGS_GOOD,
|
|
|
|
|
FGS_BAD,
|
|
|
|
|
FGS_REG_GOOD,
|
|
|
|
|
FGS_REG_BAD,
|
|
|
|
|
FGS_ADMIN,
|
|
|
|
|
FGS_FORGOT,
|
|
|
|
|
FGS_FORGOT_GOOD,
|
|
|
|
|
FGS_FORGOT_BAD,
|
|
|
|
|
FGS_FORGOT_POST_GOOD,
|
|
|
|
|
FGS_FORGOT_POST_BAD,
|
|
|
|
|
FGS_CHANGE,
|
|
|
|
|
FGS_CURPW,
|
|
|
|
|
FGS_DELETE,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct lwsgs_user {
|
|
|
|
|
char username[32];
|
|
|
|
|
char ip[16];
|
|
|
|
|
lwsgw_hash pwhash;
|
|
|
|
|
lwsgw_hash pwsalt;
|
|
|
|
|
lwsgw_hash token;
|
|
|
|
|
time_t created;
|
|
|
|
|
time_t last_forgot_validated;
|
|
|
|
|
char email[100];
|
|
|
|
|
int verified;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct per_vhost_data__gs {
|
2019-04-21 19:57:19 +01:00
|
|
|
lws_smtp_client_t *smtp_client;
|
context deprecation
1) This makes lwsws run a parent process with the original permissions.
But this process is only able to respond to SIGHUP, it doesn't do anything
else.
2) You can send this parent process a SIGHUP now to cause it to
- close listening sockets in existing lwsws processes
- mark those processes as to exit when the number of active connections
on the falls to zero
- spawn a fresh child process from scratch, using latest configuration
file content, latest plugins, etc. It can now reopen listening sockets
if it chooses to, or open different listen ports or whatever.
Notes:
1) lws_context_destroy() has been split into two pieces... the reason for
the split is the first part closes the per-vhost protocols, but since
they may have created libuv objects in the per-vhost protocol storage,
these cannot be freed until after the loop has been run.
That's the purpose of the second part of the context destruction,
lws_context_destroy2().
For compatibility, if you are not using libuv, the first part calls the
second part. However if you are using libuv, you must now call the
second part from your own main.c after the first part.
2016-12-16 07:37:43 +08:00
|
|
|
struct lwsgs_user u;
|
2016-05-19 15:28:31 +08:00
|
|
|
struct lws_context *context;
|
|
|
|
|
char session_db[256];
|
|
|
|
|
char admin_user[32];
|
2019-04-05 21:13:59 +08:00
|
|
|
char urlroot[48];
|
2016-05-19 15:28:31 +08:00
|
|
|
char confounder[32];
|
|
|
|
|
char email_contact_person[128];
|
|
|
|
|
char email_title[128];
|
|
|
|
|
char email_template[128];
|
|
|
|
|
char email_confirm_url[128];
|
2019-04-21 19:57:19 +01:00
|
|
|
char email_from[128];
|
|
|
|
|
lwsgw_hash admin_password_sha256;
|
2016-05-19 15:28:31 +08:00
|
|
|
sqlite3 *pdb;
|
|
|
|
|
int timeout_idle_secs;
|
|
|
|
|
int timeout_absolute_secs;
|
|
|
|
|
int timeout_anon_absolute_secs;
|
|
|
|
|
int timeout_email_secs;
|
|
|
|
|
time_t last_session_expire;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct per_session_data__gs {
|
|
|
|
|
struct lws_spa *spa;
|
|
|
|
|
lwsgw_hash login_session;
|
|
|
|
|
lwsgw_hash delete_session;
|
|
|
|
|
unsigned int login_expires;
|
|
|
|
|
char onward[256];
|
|
|
|
|
char result[500 + LWS_PRE];
|
|
|
|
|
char urldec[500 + LWS_PRE];
|
|
|
|
|
int result_len;
|
|
|
|
|
char ip[46];
|
|
|
|
|
struct lws_process_html_state phs;
|
|
|
|
|
int spos;
|
2018-01-14 20:57:34 +08:00
|
|
|
char check_response_value;
|
2016-05-19 15:28:31 +08:00
|
|
|
|
|
|
|
|
unsigned int logging_out:1;
|
2018-01-14 20:57:34 +08:00
|
|
|
unsigned int check_response:1;
|
2016-05-19 15:28:31 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* utils.c */
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
lwsgs_lookup_callback_user(void *priv, int cols, char **col_val,
|
|
|
|
|
char **col_name);
|
|
|
|
|
void
|
|
|
|
|
lwsgw_cookie_from_session(lwsgw_hash *sid, time_t expires, char **p, char *end);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_get_sid_from_wsi(struct lws *wsi, lwsgw_hash *sid);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_lookup_session(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const lwsgw_hash *sid, char *username, int len);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_get_auth_level(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const char *username);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_check_credentials(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const char *username, const char *password);
|
|
|
|
|
void
|
2019-04-05 21:13:59 +08:00
|
|
|
sha256_to_lwsgw_hash(unsigned char *hash, lwsgw_hash *shash);
|
2016-05-19 15:28:31 +08:00
|
|
|
unsigned int
|
|
|
|
|
lwsgs_now_secs(void);
|
|
|
|
|
int
|
|
|
|
|
lwsgw_check_admin(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const char *username, const char *password);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_hash_password(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const char *password, struct lwsgs_user *u);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_new_session_id(struct per_vhost_data__gs *vhd,
|
|
|
|
|
lwsgw_hash *sid, const char *username, int exp);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_lookup_user(struct per_vhost_data__gs *vhd,
|
|
|
|
|
const char *username, struct lwsgs_user *u);
|
|
|
|
|
int
|
|
|
|
|
lwsgw_update_session(struct per_vhost_data__gs *vhd,
|
|
|
|
|
lwsgw_hash *hash, const char *user);
|
|
|
|
|
int
|
|
|
|
|
lwsgw_expire_old_sessions(struct per_vhost_data__gs *vhd);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* handlers.c */
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
lwsgs_handler_confirm(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
|
|
|
struct per_session_data__gs *pss);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_handler_forgot(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
|
|
|
struct per_session_data__gs *pss);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_handler_check(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
2019-04-05 21:13:59 +08:00
|
|
|
struct per_session_data__gs *pss, const char *in);
|
2016-05-19 15:28:31 +08:00
|
|
|
int
|
|
|
|
|
lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
|
|
|
struct per_session_data__gs *pss);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_handler_forgot_pw_form(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
|
|
|
struct per_session_data__gs *pss);
|
|
|
|
|
int
|
|
|
|
|
lwsgs_handler_register_form(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
|
|
|
struct per_session_data__gs *pss);
|
|
|
|
|
|