mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity

add URI_PROTECTED_SSE

Browse Source
This commit is contained in:
stefanocasazza 2019-01-29 15:34:55 +01:00
parent ff7f66fa8e
commit bc17a662ad
8 changed files with 68 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/userver/userver.cfg.default
View File

@ -192,6 +192,7 @@ userver {
# WEBSOCKET_TIMEOUT timeout for websocket request
# DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic)
#
# URI_PROTECTED_SSE SSE needs authentication (/sse_event/<name_of_passwd_file>)
# URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes (that needs authentication)
# URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
#
@ -260,6 +261,7 @@ http {
# WEBSOCKET_TIMEOUT -1
# DIGEST_AUTHENTICATION yes
# URI_PROTECTED_SSE yes
# URI_PROTECTED_MASK /RA/admin/cgi-bin/*
# URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16

3
include/ulib/utility/uhttp.h
View File

@ -714,6 +714,7 @@ public:
#ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
typedef UString (*strPF)();
static bool sse_auth;
static strPF sse_func;
static int sse_pipe_fd;
static const char* sse_corsbase;
@ -1526,7 +1527,7 @@ private:
static void putDataInCache(const UString& path, const UString& fmt, UString& content) U_NO_EXPORT;
static void addContentLengthToHeader(UString& header, char* ptr, uint32_t size, const char* pEndHeader = U_NULLPTR) U_NO_EXPORT;
static void setDataInCache(const UString& fmt, const UString& content, const char* encoding, uint32_t encoding_len) U_NO_EXPORT;
static bool processAuthorization(const char* ptr = U_NULLPTR, uint32_t sz = 0, const char* pattern = U_NULLPTR, uint32_t len = 0) U_NO_EXPORT;
static bool processAuthorization(const char* ptr, uint32_t sz, const char* pattern = U_NULLPTR, uint32_t len = 0) U_NO_EXPORT;
static inline void resetFileCache() U_NO_EXPORT;
static inline void setUpgrade(const char* ptr) U_NO_EXPORT;

2
openwrt/package/nodog/x86_64/Makefile
View File

@ -46,7 +46,7 @@ NODOG_OPTIONS:= --disable-examples \
--with-ssl --with-libz --with-libtdb \
--without-expat --without-magic --without-pcre \
--disable-static --disable-new-ldflags --disable-zip --disable-LFS \
--enable-log --enable-captive-portal --enable-static-server-plugin="nocat http" \
--enable-log --enable-captive-portal --enable-static-server-plugin="nodog http" \
--disable-stdcpp --disable-thread --disable-HCRS --disable-HPRS --disable-HIS \
$(if $(CONFIG_NODOG_DEBUG),--enable-debug) \
$(if $(CONFIG_NODOG_UUID),--with-libuuid,--without-libuuid) \

12
src/ulib/net/server/plugin/mod_http.cpp
View File

@ -86,6 +86,7 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
//
// ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add "Cache control: public" directive)
//
// URI_PROTECTED_SSE SSE needs authentication (/sse_event/<name_of_passwd_file>)
// URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes
// URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
//
@ -338,6 +339,17 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
U_INTERNAL_DUMP("UHTTP::digest_authentication = %b", UHTTP::digest_authentication)
# ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
x = cfg.at(U_CONSTANT_TO_PARAM("URI_PROTECTED_SSE"));
if (x)
{
U_INTERNAL_ASSERT_EQUALS(UHTTP::sse_auth, false)
UHTTP::sse_auth = x.strtob();
}
# endif
# ifdef USE_LIBSSL
x = cfg.at(U_CONSTANT_TO_PARAM("URI_PROTECTED_MASK"));

35
src/ulib/net/server/plugin/mod_nodog.cpp
View File

@ -257,14 +257,6 @@ U_NO_EXPORT void UNoDogPlugIn::makeInfoData(UFlatBuffer* pfb, void* param)
if (U_peer_allowed) continue;
if (peer->ctraffic &&
U_peer_permit == false)
{
U_SRV_LOG("WARNING: Peer IP %v MAC %v has made traffic(%u bytes) but it has status DENY", peer->ip.rep, peer->mac.rep, peer->ctraffic);
continue;
}
// -----------------------------------------------------------------------------------------------------------------------------------------
// $1 -> mac
// $2 -> ip
@ -286,10 +278,22 @@ U_NO_EXPORT void UNoDogPlugIn::makeInfoData(UFlatBuffer* pfb, void* param)
if (peer->ctraffic)
{
pfb->UInt(peer->ctraffic);
peer->ctraffic = 0;
if (U_peer_permit)
{
pfb->UInt(peer->ctraffic);
peer->time_no_traffic = 0U;
peer->time_no_traffic = 0U;
}
else
{
pfb->UInt(0U);
peer->time_no_traffic += _ctime;
U_SRV_LOG("WARNING: Peer IP %v MAC %v has made traffic(%u bytes) but it has status DENY", peer->ip.rep, peer->mac.rep, peer->ctraffic);
}
peer->ctraffic = 0;
/*
pfb->UInt(_ctime);
@ -1419,6 +1423,15 @@ next: eraseTimer();
goto end;
}
/**
if ((peer->_ctime + U_ONE_HOUR_IN_SECOND) < u_now->tv_sec) // if too old change as NEW user...
{
U_SRV_LOG("request from OLD USER but it has status very OLD");
goto log;
}
*/
goto welcome;
}

33
src/ulib/utility/uhttp.cpp
View File

@ -176,6 +176,7 @@ URDBObjectHandler<UDataStorage*>* UHTTP::db_session_ssl;
#endif
#ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
int UHTTP::sse_pipe_fd;
bool UHTTP::sse_auth;
const char* UHTTP::sse_corsbase = "*";
UHTTP::strPF UHTTP::sse_func;
#endif
@ -5143,7 +5144,10 @@ void UHTTP::processRequest()
{
// check if it's OK to do directory listing via authentication (digest|basic)
if (processAuthorization()) setDynamicResponse(getHTMLDirectoryList());
uint32_t sz;
const char* ptr = UClientImage_Base::getRequestUri(sz);
if (processAuthorization(ptr, sz)) setDynamicResponse(getHTMLDirectoryList());
return;
}
@ -7172,10 +7176,14 @@ bool UHTTP::isValidationSSE()
U_ASSERT_EQUALS(getPathComponent(0), "sse_event")
if (file->getPathRelativLen() > U_CONSTANT_SIZE("sse_event") && // Ex: "sse_event/tutor"
processAuthorization() == false) // check if it's OK to do directory listing via authentication (digest|basic)
if (sse_auth)
{
U_RETURN(false);
// check if it's OK to do directory listing via authentication (digest|basic)
uint32_t sz;
const char* ptr = UClientImage_Base::getRequestUri(sz);
if (processAuthorization(ptr, sz) == false) U_RETURN(false);
}
U_RETURN(true);
@ -7812,7 +7820,8 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
{
U_TRACE(0, "UHTTP::processAuthorization(%.*S,%u,%.*S,%u)", sz, request, sz, len, pattern, len)
if (sz == 0) request = UClientImage_Base::getRequestUri(sz);
U_INTERNAL_ASSERT_MAJOR(sz, 0)
U_INTERNAL_ASSERT_POINTER(request)
UTokenizer t;
const char* ptr;
@ -7845,12 +7854,18 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
pos = (request + sz) - uri_suffix;
}
# ifdef U_SSE_ENABLE // SERVER SENT EVENTS (SSE)
else if (sz > U_CONSTANT_SIZE("/sse_event") &&
memcmp(request, U_CONSTANT_TO_PARAM("/sse_event")) == 0) // Ex: "/sse_event/tutor"
else
{
ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd);
if (sz > U_CONSTANT_SIZE("/sse_event/")) // Ex: "/sse_event/tutor"
{
U_INTERNAL_ASSERT_EQUALS(memcmp(request, U_CONSTANT_TO_PARAM("/sse_event/")), 0)
goto next;
ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd);
goto next;
}
goto end;
}
# endif
}

2
tests/examples/TSA/tsaserial
View File

@ -1 +1 @@
049F
04AD

4
tests/ulib/README
View File

@ -7,8 +7,8 @@ Debian 7.11 was released Saturday, 4th June 2016.
Debian 8.11, or jessie. Access this release through dists/oldstable
Debian 8.11 was released Saturday, 23rd June 2018.
Debian 9.6, or stretch. Access this release through dists/stable
Debian 9.6 was released Saturday, 10th November 2018.
Debian 9.7, or stretch. Access this release through dists/stable
Debian 9.7 was released Wednesday, 23rd January 2019.
Testing, or buster. Access this release through dists/testing. The
current tested development snapshot is named buster. Packages which