add URI_PROTECTED_SSE

examples/userver/userver.cfg.default

@@ -192,6 +192,7 @@ userver {
 # WEBSOCKET_TIMEOUT          timeout for websocket request
 # DIGEST_AUTHENTICATION      flag authentication method (yes = digest, no = basic)
 #
+# URI_PROTECTED_SSE          SSE needs authentication (/sse_event/<name_of_passwd_file>)
 # URI_PROTECTED_MASK         mask (DOS regexp) of URI protected from prying eyes (that needs authentication)
 # URI_PROTECTED_ALLOWED_IP   list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
 #
@@ -260,6 +261,7 @@ http {
 # WEBSOCKET_TIMEOUT     -1 
 # DIGEST_AUTHENTICATION yes
 
+# URI_PROTECTED_SSE        yes
 # URI_PROTECTED_MASK       /RA/admin/cgi-bin/*
 # URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16
  

include/ulib/utility/uhttp.h

@@ -714,6 +714,7 @@ public:
 #ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
    typedef UString (*strPF)();
 
+   static bool sse_auth;
    static strPF sse_func;
    static int sse_pipe_fd;
    static const char* sse_corsbase;
@@ -1526,7 +1527,7 @@ private:
    static void putDataInCache(const UString& path, const UString& fmt, UString& content) U_NO_EXPORT;
    static void addContentLengthToHeader(UString& header, char* ptr, uint32_t size, const char* pEndHeader = U_NULLPTR) U_NO_EXPORT;
    static void setDataInCache(const UString& fmt, const UString& content, const char* encoding, uint32_t encoding_len) U_NO_EXPORT;
-   static bool processAuthorization(const char* ptr = U_NULLPTR, uint32_t sz = 0, const char* pattern = U_NULLPTR, uint32_t len = 0) U_NO_EXPORT;
+   static bool processAuthorization(const char* ptr, uint32_t sz, const char* pattern = U_NULLPTR, uint32_t len = 0) U_NO_EXPORT;
 
    static inline void resetFileCache() U_NO_EXPORT;
    static inline void setUpgrade(const char* ptr) U_NO_EXPORT;

openwrt/package/nodog/x86_64/Makefile

@@ -46,7 +46,7 @@ NODOG_OPTIONS:= --disable-examples \
 					 --with-ssl --with-libz --with-libtdb \
 					 --without-expat --without-magic --without-pcre \
 					 --disable-static --disable-new-ldflags --disable-zip --disable-LFS \
-					 --enable-log --enable-captive-portal --enable-static-server-plugin="nocat http" \
+					 --enable-log --enable-captive-portal --enable-static-server-plugin="nodog http" \
 					 --disable-stdcpp --disable-thread --disable-HCRS --disable-HPRS --disable-HIS \
 					 $(if $(CONFIG_NODOG_DEBUG),--enable-debug) \
 					 $(if $(CONFIG_NODOG_UUID),--with-libuuid,--without-libuuid) \

src/ulib/net/server/plugin/mod_http.cpp

@@ -86,6 +86,7 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
    //
    // ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add "Cache control: public" directive)
    //
+   // URI_PROTECTED_SSE        SSE needs authentication (/sse_event/<name_of_passwd_file>)
    // URI_PROTECTED_MASK       mask (DOS regexp) of URI protected from prying eyes
    // URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
    //
@@ -338,6 +339,17 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
 
    U_INTERNAL_DUMP("UHTTP::digest_authentication = %b", UHTTP::digest_authentication)
 
+# ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
+   x = cfg.at(U_CONSTANT_TO_PARAM("URI_PROTECTED_SSE"));
+
+   if (x)
+      {
+      U_INTERNAL_ASSERT_EQUALS(UHTTP::sse_auth, false)
+
+      UHTTP::sse_auth = x.strtob();
+      }
+#  endif
+
 # ifdef USE_LIBSSL
    x = cfg.at(U_CONSTANT_TO_PARAM("URI_PROTECTED_MASK"));
 

src/ulib/net/server/plugin/mod_nodog.cpp

@@ -257,14 +257,6 @@ U_NO_EXPORT void UNoDogPlugIn::makeInfoData(UFlatBuffer* pfb, void* param)
 
          if (U_peer_allowed) continue;
 
-         if (peer->ctraffic &&
-             U_peer_permit == false)
-            {
-            U_SRV_LOG("WARNING: Peer IP %v MAC %v has made traffic(%u bytes) but it has status DENY", peer->ip.rep, peer->mac.rep, peer->ctraffic);
-
-            continue;
-            }
-
          // -----------------------------------------------------------------------------------------------------------------------------------------
          // $1 -> mac
          // $2 -> ip
@@ -286,10 +278,22 @@ U_NO_EXPORT void UNoDogPlugIn::makeInfoData(UFlatBuffer* pfb, void* param)
 
          if (peer->ctraffic)
             {
-            pfb->UInt(peer->ctraffic);
+            if (U_peer_permit)
-                      peer->ctraffic = 0;
+               {
+               pfb->UInt(peer->ctraffic);
 
-            peer->time_no_traffic = 0U;
+               peer->time_no_traffic = 0U;
+               }
+            else
+               {
+               pfb->UInt(0U);
+
+               peer->time_no_traffic += _ctime;
+
+               U_SRV_LOG("WARNING: Peer IP %v MAC %v has made traffic(%u bytes) but it has status DENY", peer->ip.rep, peer->mac.rep, peer->ctraffic);
+               }
+
+            peer->ctraffic = 0;
 
             /*
             pfb->UInt(_ctime);
@@ -1419,6 +1423,15 @@ next:             eraseTimer();
             goto end;
             }
 
+         /**
+         if ((peer->_ctime + U_ONE_HOUR_IN_SECOND) < u_now->tv_sec) // if too old change as NEW user...
+            {
+            U_SRV_LOG("request from OLD USER but it has status very OLD");
+
+            goto log;
+            }
+         */
+
          goto welcome;
          }
 

src/ulib/utility/uhttp.cpp

@@ -176,6 +176,7 @@ URDBObjectHandler<UDataStorage*>* UHTTP::db_session_ssl;
 #endif
 #ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
 int          UHTTP::sse_pipe_fd;
+bool         UHTTP::sse_auth;
 const char*  UHTTP::sse_corsbase = "*";
 UHTTP::strPF UHTTP::sse_func;
 #endif
@@ -5143,7 +5144,10 @@ void UHTTP::processRequest()
          {
          // check if it's OK to do directory listing via authentication (digest|basic)
 
-         if (processAuthorization()) setDynamicResponse(getHTMLDirectoryList());
+         uint32_t sz;
+         const char* ptr = UClientImage_Base::getRequestUri(sz);
+
+         if (processAuthorization(ptr, sz)) setDynamicResponse(getHTMLDirectoryList());
 
          return;
          }
@@ -7172,10 +7176,14 @@ bool UHTTP::isValidationSSE()
 
    U_ASSERT_EQUALS(getPathComponent(0), "sse_event")
 
-   if (file->getPathRelativLen() > U_CONSTANT_SIZE("sse_event") && // Ex: "sse_event/tutor"
+   if (sse_auth)
-       processAuthorization() == false) // check if it's OK to do directory listing via authentication (digest|basic)
       {
-      U_RETURN(false);
+      // check if it's OK to do directory listing via authentication (digest|basic)
+
+      uint32_t sz;
+      const char* ptr = UClientImage_Base::getRequestUri(sz);
+
+      if (processAuthorization(ptr, sz) == false) U_RETURN(false);
       }
 
    U_RETURN(true);
@@ -7812,7 +7820,8 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
 {
    U_TRACE(0, "UHTTP::processAuthorization(%.*S,%u,%.*S,%u)", sz, request, sz, len, pattern, len)
 
-   if (sz == 0) request = UClientImage_Base::getRequestUri(sz);
+   U_INTERNAL_ASSERT_MAJOR(sz, 0)
+   U_INTERNAL_ASSERT_POINTER(request)
 
    UTokenizer t;
    const char* ptr;
@@ -7845,12 +7854,18 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
          pos = (request + sz) - uri_suffix;
          }
 #  ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
-      else if (sz > U_CONSTANT_SIZE("/sse_event") &&
+      else
-               memcmp(request, U_CONSTANT_TO_PARAM("/sse_event")) == 0) // Ex: "/sse_event/tutor"
          {
-         ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd);
+         if (sz > U_CONSTANT_SIZE("/sse_event/")) // Ex: "/sse_event/tutor"
+            {
+            U_INTERNAL_ASSERT_EQUALS(memcmp(request, U_CONSTANT_TO_PARAM("/sse_event/")), 0)
 
-         goto next;
+            ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd);
+
+            goto next;
+            }
+
+         goto end;
          }
 #  endif
       }

tests/examples/TSA/tsaserial

@@ -1 +1 @@
-049F
+04AD

tests/ulib/README

@@ -7,8 +7,8 @@ Debian 7.11 was released Saturday, 4th June 2016.
 Debian 8.11, or jessie.  Access this release through dists/oldstable
 Debian 8.11 was released Saturday, 23rd June 2018.
 
-Debian 9.6, or stretch.  Access this release through dists/stable
+Debian 9.7, or stretch.  Access this release through dists/stable
-Debian 9.6 was released Saturday, 10th November 2018.
+Debian 9.7 was released Wednesday, 23rd January 2019.
 
 Testing, or buster.  Access this release through dists/testing.  The
 current tested development snapshot is named buster.  Packages which