From a13c26fb9289eaec8678ec96a561e19c0a237bec Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Wed, 30 Dec 2015 15:40:28 +0100 Subject: [PATCH] spectrum2_manager: use get_http_var to get post/get variables --- spectrum_manager/src/server.cpp | 57 +++++++++++++++------------------ spectrum_manager/src/server.h | 4 +-- 2 files changed, 27 insertions(+), 34 deletions(-) diff --git a/spectrum_manager/src/server.cpp b/spectrum_manager/src/server.cpp index c279c240..65152e6d 100644 --- a/spectrum_manager/src/server.cpp +++ b/spectrum_manager/src/server.cpp @@ -17,9 +17,21 @@ static struct mg_serve_http_opts s_http_server_opts; -static void get_qsvar(const struct http_message *hm, - const char *name, char *dst, size_t dst_len) { - mg_get_http_var(&hm->body, name, dst, dst_len); +static std::string get_http_var(const struct http_message *hm, const char *name) { + char data[4096]; + data[0] = '\0'; + + mg_get_http_var(&hm->body, name, data, sizeof(data)); + if (data[0] != '\0') { + return data; + } + + mg_get_http_var(&hm->query_string, name, data, sizeof(data)); + if (data[0] != '\0') { + return data; + } + + return ""; } static void my_strlcpy(char *dst, const char *src, size_t len) { @@ -82,15 +94,15 @@ bool Server::start() { return true; } -bool Server::check_password(const char *user, const char *password) { +bool Server::check_password(const std::string &user, const std::string &password) { return (m_user == user && m_password == password); } // Allocate new session object -Server::session *Server::new_session(const char *user) { +Server::session *Server::new_session(const std::string &user) { Server::session *session = new Server::session; - my_strlcpy(session->user, user, sizeof(session->user)); + my_strlcpy(session->user, user.c_str(), sizeof(session->user)); snprintf(session->random, sizeof(session->random), "%d", rand()); generate_session_id(session->session_id, session->random, session->user); session->expire = time(0) + SESSION_TTL; @@ -120,26 +132,12 @@ Server::session *Server::get_session(struct http_message *hm) { } void Server::authorize(struct mg_connection *conn, struct http_message *hm) { - char user[255], password[255]; Server::session *session; - - // Fetch user name and password. - get_qsvar(hm, "user", user, sizeof(user)); - get_qsvar(hm, "password", password, sizeof(password)); + std::string user = get_http_var(hm, "user"); + std::string password = get_http_var(hm, "password"); if (check_password(user, password) && (session = new_session(user)) != NULL) { std::cout << "User authorized\n"; - // Authentication success: - // 1. create new session - // 2. set session ID token in the cookie - // 3. remove original_url from the cookie - not needed anymore - // 4. redirect client back to the original URL - // - // The most secure way is to stay HTTPS all the time. However, just to - // show the technique, we redirect to HTTP after the successful - // authentication. The danger of doing this is that session cookie can - // be stolen and an attacker may impersonate the user. - // Secure application must use HTTPS all the time. mg_printf(conn, "HTTP/1.1 302 Found\r\n" "Set-Cookie: session=%s; max-age=3600; http-only\r\n" // Session ID "Set-Cookie: user=%s\r\n" // Set user, needed by Javascript code @@ -196,8 +194,7 @@ void Server::print_html(struct mg_connection *conn, struct http_message *hm, con void Server::serve_onlineusers(struct mg_connection *conn, struct http_message *hm) { std::string html; - char jid[255]; - get_qsvar(hm, "jid", jid, sizeof(jid)); + std::string jid = get_http_var(hm, "jid"); html += std::string("

") + jid + " online users

"; @@ -225,10 +222,8 @@ void Server::serve_onlineusers(struct mg_connection *conn, struct http_message * void Server::serve_cmd(struct mg_connection *conn, struct http_message *hm) { std::string html; - char jid[255]; - get_qsvar(hm, "jid", jid, sizeof(jid)); - char cmd[4096]; - get_qsvar(hm, "cmd", cmd, sizeof(cmd)); + std::string jid = get_http_var(hm, "jid"); + std::string cmd = get_http_var(hm, "cmd"); html += std::string("

") + jid + " command result

"; @@ -252,8 +247,7 @@ void Server::serve_cmd(struct mg_connection *conn, struct http_message *hm) { void Server::serve_start(struct mg_connection *conn, struct http_message *hm) { std::string html; - char jid[255]; - get_qsvar(hm, "jid", jid, sizeof(jid)); + std::string jid = get_http_var(hm, "jid"); start_instances(m_config, jid); html += "" + get_response() + "
Back to main page"; @@ -263,8 +257,7 @@ void Server::serve_start(struct mg_connection *conn, struct http_message *hm) { void Server::serve_stop(struct mg_connection *conn, struct http_message *hm) { std::string html; - char jid[255]; - get_qsvar(hm, "jid", jid, sizeof(jid)); + std::string jid = get_http_var(hm, "jid"); stop_instances(m_config, jid); html += "" + get_response() + "
Back to main page"; diff --git a/spectrum_manager/src/server.h b/spectrum_manager/src/server.h index c9d31726..f20cae66 100644 --- a/spectrum_manager/src/server.h +++ b/spectrum_manager/src/server.h @@ -60,8 +60,8 @@ class Server { void print_html(struct mg_connection *conn, struct http_message *hm, const std::string &html); private: - bool check_password(const char *user, const char *password); - session *new_session(const char *user); + bool check_password(const std::string &user, const std::string &password); + session *new_session(const std::string &user); session *get_session(struct http_message *hm); void authorize(struct mg_connection *conn, struct http_message *hm);
JIDCommand