/* * libwebsockets - small server side websockets and web server implementation * * Copyright (C) 2010 - 2019 Andy Green * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to * deal in the Software without restriction, including without limitation the * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or * sell copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. */ #include "private-lwsgs.h" #include /* keep changes in sync with the enum in lwsgs.h */ static const char * const param_names[] = { "username", "password", "password2", "email", "register", "good", "bad", "reg-good", "reg-bad", "admin", "forgot", "forgot-good", "forgot-bad", "forgot-post-good", "forgot-post-bad", "change", "curpw", "delete" }; struct lwsgs_fill_args { char *buf; int len; }; static const struct lws_protocols protocols[]; struct lwsgs_subst_args { struct per_session_data__gs *pss; struct per_vhost_data__gs *vhd; struct lws *wsi; }; static const char * lwsgs_subst(void *data, int index) { struct lwsgs_subst_args *a = (struct lwsgs_subst_args *)data; struct lwsgs_user u; lwsgw_hash sid; char esc[96], s[100]; int n; a->pss->result[0] = '\0'; u.email[0] = '\0'; if (!lwsgs_get_sid_from_wsi(a->wsi, &sid)) { if (lwsgs_lookup_session(a->vhd, &sid, a->pss->result, 31)) { lwsl_notice("sid lookup for %s failed\n", sid.id); a->pss->delete_session = sid; return NULL; } lws_snprintf(s, sizeof(s) - 1, "select username,email " "from users where username = '%s';", lws_sql_purify(esc, a->pss->result, sizeof(esc) - 1)); if (sqlite3_exec(a->vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) != SQLITE_OK) { lwsl_err("Unable to lookup token: %s\n", sqlite3_errmsg(a->vhd->pdb)); a->pss->delete_session = sid; return NULL; } } else lwsl_notice("no sid\n"); lws_strncpy(a->pss->result + 32, u.email, 100); switch (index) { case 0: return a->pss->result; case 1: n = lwsgs_get_auth_level(a->vhd, a->pss->result); sprintf(a->pss->result, "%d", n); return a->pss->result; case 2: return a->pss->result + 32; } return NULL; } static int lws_get_effective_host(struct lws *wsi, char *buf, size_t buflen) { #if defined(LWS_ROLE_H2) /* h2 */ if (lws_hdr_copy(wsi, buf, buflen - 1, WSI_TOKEN_HTTP_COLON_AUTHORITY) > 0) return 0; #endif /* h1 */ if (lws_hdr_copy(wsi, buf, buflen - 1, WSI_TOKEN_HOST) > 0) return 0; return 1; } static int callback_generic_sessions(struct lws *wsi, enum lws_callback_reasons reason, void *user, void *in, size_t len) { struct per_session_data__gs *pss = (struct per_session_data__gs *)user; const struct lws_protocol_vhost_options *pvo; struct per_vhost_data__gs *vhd = (struct per_vhost_data__gs *) lws_protocol_vh_priv_get(lws_get_vhost(wsi), lws_vhost_name_to_protocol(lws_get_vhost(wsi), "protocol-generic-sessions")); char cookie[1024], username[32], *pc = cookie; unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE]; struct lws_process_html_args *args = in; struct lws_session_info *sinfo; char s[LWSGS_EMAIL_CONTENT_SIZE]; unsigned char *p, *start, *end; const char *cp, *cp1; sqlite3_stmt *sm; lwsgw_hash sid; #if defined(LWS_WITH_SMTP) lws_abs_t abs; #endif int n; switch (reason) { case LWS_CALLBACK_PROTOCOL_INIT: /* per vhost */ vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), lws_get_protocol(wsi), sizeof(struct per_vhost_data__gs)); if (!vhd) return 1; vhd->context = lws_get_context(wsi); /* defaults */ vhd->timeout_idle_secs = 600; vhd->timeout_absolute_secs = 36000; vhd->timeout_anon_absolute_secs = 1200; vhd->timeout_email_secs = 24 * 3600; strcpy(vhd->helo, "unconfigured.com"); strcpy(vhd->ip, "127.0.0.1"); strcpy(vhd->email_from, "noreply@unconfigured.com"); strcpy(vhd->email_title, "Registration Email from unconfigured"); vhd->urlroot[0] = '\0'; pvo = (const struct lws_protocol_vhost_options *)in; while (pvo) { if (!strcmp(pvo->name, "admin-user")) lws_strncpy(vhd->admin_user, pvo->value, sizeof(vhd->admin_user)); if (!strcmp(pvo->name, "urlroot")) lws_strncpy(vhd->urlroot, pvo->value, sizeof(vhd->urlroot)); if (!strcmp(pvo->name, "admin-password-sha256")) lws_strncpy(vhd->admin_password_sha256.id, pvo->value, sizeof(vhd->admin_password_sha256.id)); if (!strcmp(pvo->name, "session-db")) lws_strncpy(vhd->session_db, pvo->value, sizeof(vhd->session_db)); if (!strcmp(pvo->name, "confounder")) lws_strncpy(vhd->confounder, pvo->value, sizeof(vhd->confounder)); if (!strcmp(pvo->name, "email-from")) lws_strncpy(vhd->email_from, pvo->value, sizeof(vhd->email_from)); if (!strcmp(pvo->name, "email-helo")) lws_strncpy(vhd->helo, pvo->value, sizeof(vhd->helo)); if (!strcmp(pvo->name, "email-template")) lws_strncpy(vhd->email_template, pvo->value, sizeof(vhd->email_template)); if (!strcmp(pvo->name, "email-title")) lws_strncpy(vhd->email_title, pvo->value, sizeof(vhd->email_title)); if (!strcmp(pvo->name, "email-contact-person")) lws_strncpy(vhd->email_contact_person, pvo->value, sizeof(vhd->email_contact_person)); if (!strcmp(pvo->name, "email-confirm-url-base")) lws_strncpy(vhd->email_confirm_url, pvo->value, sizeof(vhd->email_confirm_url)); if (!strcmp(pvo->name, "email-server-ip")) lws_strncpy(vhd->ip, pvo->value, sizeof(vhd->ip)); if (!strcmp(pvo->name, "timeout-idle-secs")) vhd->timeout_idle_secs = atoi(pvo->value); if (!strcmp(pvo->name, "timeout-absolute-secs")) vhd->timeout_absolute_secs = atoi(pvo->value); if (!strcmp(pvo->name, "timeout-anon-absolute-secs")) vhd->timeout_anon_absolute_secs = atoi(pvo->value); if (!strcmp(pvo->name, "email-expire")) vhd->timeout_email_secs = atoi(pvo->value); pvo = pvo->next; } if (!vhd->admin_user[0] || !vhd->admin_password_sha256.id[0] || !vhd->session_db[0]) { lwsl_err("generic-sessions: " "You must give \"admin-user\", " "\"admin-password-sha256\", " "and \"session_db\" per-vhost options\n"); return 1; } if (lws_struct_sq3_open(lws_get_context(wsi), vhd->session_db, &vhd->pdb)) { lwsl_err("Unable to open session db %s: %s\n", vhd->session_db, sqlite3_errmsg(vhd->pdb)); return 1; } if (sqlite3_prepare(vhd->pdb, "create table if not exists sessions (" " name char(65)," " username varchar(32)," " expire integer" ");", -1, &sm, NULL) != SQLITE_OK) { lwsl_err("Unable to prepare session table init: %s\n", sqlite3_errmsg(vhd->pdb)); return 1; } if (sqlite3_step(sm) != SQLITE_DONE) { lwsl_err("Unable to run session table init: %s\n", sqlite3_errmsg(vhd->pdb)); return 1; } sqlite3_finalize(sm); if (sqlite3_exec(vhd->pdb, "create table if not exists users (" " username varchar(32)," " creation_time integer," " ip varchar(46)," " email varchar(100)," " pwhash varchar(65)," " pwsalt varchar(65)," " pwchange_time integer," " token varchar(65)," " verified integer," " token_time integer," " last_forgot_validated integer," " primary key (username)" ");", NULL, NULL, NULL) != SQLITE_OK) { lwsl_err("Unable to create user table: %s\n", sqlite3_errmsg(vhd->pdb)); return 1; } #if defined(LWS_WITH_SMTP) memset(&abs, 0, sizeof(abs)); abs.vh = lws_get_vhost(wsi); /* select the protocol and bind its tokens */ abs.ap = lws_abs_protocol_get_by_name("smtp"); if (!abs.ap) return 1; vhd->protocol_tokens[0].name_index = LTMI_PSMTP_V_HELO; vhd->protocol_tokens[0].u.value = vhd->helo; abs.ap_tokens = vhd->protocol_tokens; /* select the transport and bind its tokens */ abs.at = lws_abs_transport_get_by_name("raw_skt"); if (!abs.at) return 1; vhd->transport_tokens[0].name_index = LTMI_PEER_V_DNS_ADDRESS; vhd->transport_tokens[0].u.value = vhd->ip; vhd->transport_tokens[1].name_index = LTMI_PEER_LV_PORT; vhd->transport_tokens[1].u.lvalue = 25; abs.at_tokens = vhd->transport_tokens; vhd->smtp_client = lws_abs_bind_and_create_instance(&abs); if (!vhd->smtp_client) return 1; lwsl_notice("%s: created SMTP client\n", __func__); #endif break; case LWS_CALLBACK_PROTOCOL_DESTROY: // lwsl_notice("gs: LWS_CALLBACK_PROTOCOL_DESTROY: v=%p, ctx=%p\n", vhd, vhd->context); if (vhd->pdb) { sqlite3_close(vhd->pdb); vhd->pdb = NULL; } #if defined(LWS_WITH_SMTP) if (vhd->smtp_client) lws_abs_destroy_instance(&vhd->smtp_client); #endif break; case LWS_CALLBACK_HTTP_WRITEABLE: if (!pss->check_response) break; pss->check_response = 0; n = lws_write(wsi, (unsigned char *)&pss->check_response_value, 1, LWS_WRITE_HTTP | LWS_WRITE_H2_STREAM_END); if (n != 1) return -1; goto try_to_reuse; case LWS_CALLBACK_HTTP: if (!pss) { lwsl_err("%s: no valid pss\n", __func__); return 1; } pss->login_session.id[0] = '\0'; pss->phs.pos = 0; cp = in; if ((*(const char *)in == '/')) cp++; if (lws_get_effective_host(wsi, cookie, sizeof(cookie))) { lwsl_err("%s: HTTP: no effective host\n", __func__); return 1; } lwsl_notice("LWS_CALLBACK_HTTP: %s, HOST '%s'\n", (const char *)in, cookie); n = strlen(cp); lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, (const char *)in); if (n >= 12 && !strcmp(cp + n - 12, "lwsgs-forgot")) { lwsgs_handler_forgot(vhd, wsi, pss); goto redirect_with_cookie; } if (n >= 13 && !strcmp(cp + n - 13, "lwsgs-confirm")) { lwsgs_handler_confirm(vhd, wsi, pss); goto redirect_with_cookie; } cp1 = strstr(cp, "lwsgs-check/"); if (cp1) { lwsgs_handler_check(vhd, wsi, pss, cp1 + 12); /* second, async part will complete transaction */ break; } if (n >= 11 && cp && !strcmp(cp + n - 11, "lwsgs-login")) break; if (n >= 12 && cp && !strcmp(cp + n - 12, "lwsgs-logout")) break; if (n >= 12 && cp && !strcmp(cp + n - 12, "lwsgs-forgot")) break; if (n >= 12 && cp && !strcmp(cp + n - 12, "lwsgs-change")) break; /* if no legitimate url for GET, return 404 */ lwsl_err("%s: http doing 404 on %s\n", __func__, cp ? cp : "null"); lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL); return -1; //goto try_to_reuse; case LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION: args = (struct lws_process_html_args *)in; if (!args->chunked) break; case LWS_CALLBACK_CHECK_ACCESS_RIGHTS: n = 0; username[0] = '\0'; sid.id[0] = '\0'; args = (struct lws_process_html_args *)in; lwsl_notice("%s: LWS_CALLBACK_CHECK_ACCESS_RIGHTS: need 0x%x\n", __func__, args->max_len); if (!lwsgs_get_sid_from_wsi(wsi, &sid)) { if (lwsgs_lookup_session(vhd, &sid, username, sizeof(username))) { /* * if we're authenticating for ws, we don't * want to redirect it or gain a cookie on that, * he'll need to get the cookie from http * interactions outside of this. */ if (args->chunked) { lwsl_notice("%s: ws auth failed\n", __func__); return 1; } lwsl_notice("session lookup for %s failed, " "probably expired\n", sid.id); pss->delete_session = sid; args->final = 1; /* signal we dealt with it */ lws_snprintf(pss->onward, sizeof(pss->onward) - 1, "%s%s", vhd->urlroot, args->p); lwsl_notice("redirecting to ourselves with " "cookie refresh\n"); /* we need a redirect to ourselves, * session cookie is expired */ goto redirect_with_cookie; } } else lwsl_notice("%s: failed to get sid from wsi\n", __func__); n = lwsgs_get_auth_level(vhd, username); lwsl_notice("%s: lwsgs_get_auth_level '%s' says %d\n", __func__, username, n); if ((args->max_len & n) != args->max_len) { lwsl_notice("Access rights fail 0x%X vs 0x%X (cookie %s)\n", args->max_len, n, sid.id); return 1; } lwsl_debug("Access rights OK\n"); break; case LWS_CALLBACK_SESSION_INFO: { struct lwsgs_user u; sinfo = (struct lws_session_info *)in; sinfo->username[0] = '\0'; sinfo->email[0] = '\0'; sinfo->ip[0] = '\0'; sinfo->session[0] = '\0'; sinfo->mask = 0; sid.id[0] = '\0'; lwsl_debug("LWS_CALLBACK_SESSION_INFO\n"); if (lwsgs_get_sid_from_wsi(wsi, &sid)) break; if (lwsgs_lookup_session(vhd, &sid, username, sizeof(username))) break; lws_snprintf(s, sizeof(s) - 1, "select username, email from users where username='%s';", username); if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) != SQLITE_OK) { lwsl_err("Unable to lookup token: %s\n", sqlite3_errmsg(vhd->pdb)); break; } lws_strncpy(sinfo->username, u.username, sizeof(sinfo->username)); lws_strncpy(sinfo->email, u.email, sizeof(sinfo->email)); lws_strncpy(sinfo->session, sid.id, sizeof(sinfo->session)); sinfo->mask = lwsgs_get_auth_level(vhd, username); lws_get_peer_simple(wsi, sinfo->ip, sizeof(sinfo->ip)); } break; case LWS_CALLBACK_PROCESS_HTML: args = (struct lws_process_html_args *)in; { static const char * const vars[] = { "$lwsgs_user", "$lwsgs_auth", "$lwsgs_email" }; struct lwsgs_subst_args a; a.vhd = vhd; a.pss = pss; a.wsi = wsi; pss->phs.vars = vars; pss->phs.count_vars = LWS_ARRAY_SIZE(vars); pss->phs.replace = lwsgs_subst; pss->phs.data = &a; if (lws_chunked_html_process(args, &pss->phs)) return -1; } break; case LWS_CALLBACK_HTTP_BODY: if (len < 2) { lwsl_err("%s: HTTP_BODY: len %d < 2\n", __func__, (int)len); break; } if (!pss->spa) { pss->spa = lws_spa_create(wsi, param_names, LWS_ARRAY_SIZE(param_names), 1024, NULL, NULL); if (!pss->spa) return -1; } if (lws_spa_process(pss->spa, in, len)) { lwsl_notice("spa process blew\n"); return -1; } break; case LWS_CALLBACK_HTTP_BODY_COMPLETION: lwsl_debug("%s: LWS_CALLBACK_HTTP_BODY_COMPLETION\n", __func__); if (!pss->spa) break; cp1 = (const char *)pss->onward; if (*cp1 == '/') cp1++; lws_spa_finalize(pss->spa); n = strlen(cp1); if (lws_get_effective_host(wsi, cookie, sizeof(cookie))) return 1; if (!strcmp(cp1 + n - 12, "lwsgs-change")) { if (!lwsgs_handler_change_password(vhd, wsi, pss)) { cp = lws_spa_get_string(pss->spa, FGS_GOOD); goto pass; } cp = lws_spa_get_string(pss->spa, FGS_BAD); lwsl_notice("user/password no good %s\n", lws_spa_get_string(pss->spa, FGS_USERNAME)); lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, cp); pss->onward[sizeof(pss->onward) - 1] = '\0'; goto completion_flow; } if (!strcmp(cp1 + n - 11, "lwsgs-login")) { lwsl_err("%s: lwsgs-login\n", __func__); if (lws_spa_get_string(pss->spa, FGS_FORGOT) && lws_spa_get_string(pss->spa, FGS_FORGOT)[0]) { if (lwsgs_handler_forgot_pw_form(vhd, wsi, pss)) { n = FGS_FORGOT_BAD; goto reg_done; } #if defined(LWS_WITH_SMTP) /* get the email monitor to take a look */ lws_smtpc_kick(vhd->smtp_client); #endif n = FGS_FORGOT_GOOD; goto reg_done; } if (!lws_spa_get_string(pss->spa, FGS_USERNAME) || !lws_spa_get_string(pss->spa, FGS_PASSWORD)) { lwsl_notice("username '%s' or pw '%s' missing\n", lws_spa_get_string(pss->spa, FGS_USERNAME), lws_spa_get_string(pss->spa, FGS_PASSWORD)); return -1; } if (lws_spa_get_string(pss->spa, FGS_REGISTER) && lws_spa_get_string(pss->spa, FGS_REGISTER)[0]) { if (lwsgs_handler_register_form(vhd, wsi, pss)) n = FGS_REG_BAD; else { n = FGS_REG_GOOD; #if defined(LWS_WITH_SMTP) /* get the email monitor to take a look */ lws_smtpc_kick(vhd->smtp_client); #endif } reg_done: lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, lws_spa_get_string(pss->spa, n)); pss->login_expires = 0; pss->logging_out = 1; goto completion_flow; } /* we have the username and password... check if admin */ if (lwsgw_check_admin(vhd, lws_spa_get_string(pss->spa, FGS_USERNAME), lws_spa_get_string(pss->spa, FGS_PASSWORD))) { if (lws_spa_get_string(pss->spa, FGS_ADMIN)) cp = lws_spa_get_string(pss->spa, FGS_ADMIN); else if (lws_spa_get_string(pss->spa, FGS_GOOD)) cp = lws_spa_get_string(pss->spa, FGS_GOOD); else { lwsl_info("No admin or good target url in form\n"); return -1; } lwsl_debug("admin\n"); goto pass; } /* check users in database */ if (!lwsgs_check_credentials(vhd, lws_spa_get_string(pss->spa, FGS_USERNAME), lws_spa_get_string(pss->spa, FGS_PASSWORD))) { lwsl_notice("pw hash check met\n"); cp = lws_spa_get_string(pss->spa, FGS_GOOD); goto pass; } else lwsl_notice("user/password no good %s %s\n", lws_spa_get_string(pss->spa, FGS_USERNAME), lws_spa_get_string(pss->spa, FGS_PASSWORD)); if (!lws_spa_get_string(pss->spa, FGS_BAD)) { lwsl_info("No admin or good target url in form\n"); return -1; } lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, lws_spa_get_string(pss->spa, FGS_BAD)); lwsl_notice("failed: %s\n", pss->onward); goto completion_flow; } if (!strcmp(cp1 + n - 12, "lwsgs-logout")) { lwsl_notice("/logout\n"); if (lwsgs_get_sid_from_wsi(wsi, &pss->login_session)) { lwsl_notice("not logged in...\n"); return 1; } /* * We keep the same session, but mark it as not * being associated to any authenticated user */ lwsgw_update_session(vhd, &pss->login_session, ""); if (!lws_spa_get_string(pss->spa, FGS_GOOD)) { lwsl_info("No admin or good target url in form\n"); return -1; } lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, lws_spa_get_string(pss->spa, FGS_GOOD)); pss->login_expires = 0; pss->logging_out = 1; goto completion_flow; } break; pass: lws_snprintf(pss->onward, sizeof(pss->onward), "%s%s", vhd->urlroot, cp); if (lwsgs_get_sid_from_wsi(wsi, &sid)) sid.id[0] = '\0'; pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs; if (!sid.id[0]) { /* we need to create a new, authorized session */ if (lwsgs_new_session_id(vhd, &pss->login_session, lws_spa_get_string(pss->spa, FGS_USERNAME), pss->login_expires)) goto try_to_reuse; lwsl_notice("%s: Creating new session: %s\n", __func__, pss->login_session.id); } else { /* * we can just update the existing session to be * authorized */ lwsl_notice("%s: Authorizing existing session %s, name %s\n", __func__, sid.id, lws_spa_get_string(pss->spa, FGS_USERNAME)); lwsgw_update_session(vhd, &sid, lws_spa_get_string(pss->spa, FGS_USERNAME)); pss->login_session = sid; } completion_flow: lwsgw_expire_old_sessions(vhd); goto redirect_with_cookie; case LWS_CALLBACK_HTTP_DROP_PROTOCOL: if (pss && pss->spa) { lws_spa_destroy(pss->spa); pss->spa = NULL; } break; case LWS_CALLBACK_ADD_HEADERS: lwsgw_expire_old_sessions(vhd); lwsl_warn("ADD_HEADERS\n"); args = (struct lws_process_html_args *)in; if (!pss) return 1; if (pss->delete_session.id[0]) { pc = cookie; lwsgw_cookie_from_session(&pss->delete_session, 0, &pc, cookie + sizeof(cookie) - 1); lwsl_notice("deleting cookie '%s'\n", cookie); if (lws_add_http_header_by_name(wsi, (unsigned char *)"set-cookie:", (unsigned char *)cookie, pc - cookie, (unsigned char **)&args->p, (unsigned char *)args->p + args->max_len)) return 1; } if (!pss->login_session.id[0]) lwsgs_get_sid_from_wsi(wsi, &pss->login_session); if (!pss->login_session.id[0] && !pss->logging_out) { pss->login_expires = lws_now_secs() + vhd->timeout_anon_absolute_secs; if (lwsgs_new_session_id(vhd, &pss->login_session, "", pss->login_expires)) goto try_to_reuse; pc = cookie; lwsgw_cookie_from_session(&pss->login_session, pss->login_expires, &pc, cookie + sizeof(cookie) - 1); lwsl_info("LWS_CALLBACK_ADD_HEADERS: setting cookie '%s'\n", cookie); if (lws_add_http_header_by_name(wsi, (unsigned char *)"set-cookie:", (unsigned char *)cookie, pc - cookie, (unsigned char **)&args->p, (unsigned char *)args->p + args->max_len)) return 1; } break; default: break; } return 0; redirect_with_cookie: p = buffer + LWS_PRE; start = p; end = p + sizeof(buffer) - LWS_PRE; lwsl_warn("%s: redirect_with_cookie\n", __func__); if (lws_add_http_header_status(wsi, HTTP_STATUS_SEE_OTHER, &p, end)) return 1; { char loc[1024], uria[128]; uria[0] = '\0'; lws_hdr_copy_fragment(wsi, uria, sizeof(uria), WSI_TOKEN_HTTP_URI_ARGS, 0); n = lws_snprintf(loc, sizeof(loc), "%s?%s", pss->onward, uria); lwsl_notice("%s: redirect to '%s'\n", __func__, loc); if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_LOCATION, (unsigned char *)loc, n, &p, end)) return 1; } if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, (unsigned char *)"text/html", 9, &p, end)) return 1; if (lws_add_http_header_content_length(wsi, 0, &p, end)) return 1; if (pss->delete_session.id[0]) { lwsgw_cookie_from_session(&pss->delete_session, 0, &pc, cookie + sizeof(cookie) - 1); lwsl_notice("deleting cookie '%s'\n", cookie); if (lws_add_http_header_by_name(wsi, (unsigned char *)"set-cookie:", (unsigned char *)cookie, pc - cookie, &p, end)) { lwsl_err("fail0\n"); return 1; } } if (!pss->login_session.id[0]) { pss->login_expires = lws_now_secs() + vhd->timeout_anon_absolute_secs; if (lwsgs_new_session_id(vhd, &pss->login_session, "", pss->login_expires)) { lwsl_err("fail1\n"); return 1; } } else pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs; if (pss->login_session.id[0] || pss->logging_out) { /* * we succeeded to login, we must issue a login * cookie with the prepared data */ pc = cookie; lwsgw_cookie_from_session(&pss->login_session, pss->login_expires, &pc, cookie + sizeof(cookie) - 1); lwsl_err("%s: setting cookie '%s'\n", __func__, cookie); pss->logging_out = 0; if (lws_add_http_header_by_name(wsi, (unsigned char *)"set-cookie:", (unsigned char *)cookie, pc - cookie, &p, end)) { lwsl_err("fail2\n"); return 1; } } if (lws_finalize_http_header(wsi, &p, end)) return 1; // lwsl_hexdump_notice(start, p - start); n = lws_write(wsi, start, p - start, LWS_WRITE_H2_STREAM_END | LWS_WRITE_HTTP_HEADERS); if (n < 0) return 1; /* fallthru */ try_to_reuse: if (lws_http_transaction_completed(wsi)) return -1; return 0; } static const struct lws_protocols protocols[] = { { "protocol-generic-sessions", callback_generic_sessions, sizeof(struct per_session_data__gs), 1024, }, }; LWS_VISIBLE int init_protocol_generic_sessions(struct lws_context *context, struct lws_plugin_capability *c) { if (c->api_magic != LWS_PLUGIN_API_MAGIC) { lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, c->api_magic); return 1; } c->protocols = protocols; c->count_protocols = LWS_ARRAY_SIZE(protocols); c->extensions = NULL; c->count_extensions = 0; return 0; } LWS_VISIBLE int destroy_protocol_generic_sessions(struct lws_context *context) { return 0; }