*/
static void IdentifyHandler(FCGIContext *context, char *params) {
bool ident_sensors = false, ident_actuators = false;
-
+ bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING"));
int i;
FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
FCGI_JSONLong("api_version", API_VERSION);
+ FCGI_JSONBool("logged_in", has_control);
+ FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : "");
//Sensor and actuator information
if (ident_sensors) {
* the system at any one time. The key can be forcibly generated, revoking
* any previous control keys. To be used in conjunction with HTTP
* basic authentication.
- * This function will generate a JSON response that indicates success/failure.
* @param context The context to work in
* @param force Whether to force key generation or not.
- */
-void FCGI_LockControl(FCGIContext *context, bool force) {
+ * @return true on success, false otherwise (eg someone else already in control)
+ */
+bool FCGI_LockControl(FCGIContext *context, bool force) {
time_t now = time(NULL);
bool expired = now - context->control_timestamp > CONTROL_TIMEOUT;
-
+
if (force || !*(context->control_key) || expired)
{
SHA_CTX sha1ctx;
for (i = 0; i < 20; i++)
sprintf(context->control_key + i * 2, "%02x", sha1[i]);
snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR"));
+ return true;
}
+ return false;
}
/**
bool FCGI_HasControl(FCGIContext *context, const char *key) {
time_t now = time(NULL);
int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT &&
- key != NULL && !strcmp(context->control_key, key);
+ key != NULL && context->control_key[0] != '\0' &&
+ !strcmp(context->control_key, key);
if (result) {
context->control_timestamp = now; //Update the control_timestamp
}
*/
void FCGI_ReleaseControl(FCGIContext *context) {
*(context->control_key) = 0;
- FCGI_BeginJSON(context, STATUS_OK);
- FCGI_EndJSON();
return;
}
FCGI_JSONPair("control_state", Control_GetModeName());
}
+/**
+ * Generic accept response in JSON format.
+ * @param context The context to work in
+ * @param description A short description.
+ * @param cookie Optional. If given, the cookie field is set to that value.
+ */
+void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie)
+{
+ printf("Content-type: application/json; charset=utf-8\r\n");
+ if (cookie) {
+ printf("Set-Cookie: %s\r\n", cookie);
+ }
+ printf("\r\n{\r\n");
+ printf("\t\"module\" : \"%s\"", context->current_module);
+ FCGI_JSONLong("status", STATUS_OK);
+ FCGI_JSONPair("description", description);
+ FCGI_EndJSON();
+}
+
/**
* Adds a key/value pair to a JSON response. The response must have already
* been initiated by FCGI_BeginJSON. Special characters are not escaped.
FCGI_BeginJSON(context, status);
FCGI_JSONPair("description", description);
FCGI_JSONLong("responsenumber", context->response_number);
- //FCGI_JSONPair("params", getenv("QUERY_STRING"));
+ //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff
FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
FCGI_JSONPair("user", getenv("REMOTE_USER"));
FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
while (FCGI_Accept() >= 0) {
ModuleHandler module_handler = NULL;
- char module[BUFSIZ], params[BUFSIZ], cookie[BUFSIZ];
+ char module[BUFSIZ], params[BUFSIZ];
+ //Don't need to copy if we're not modifying string contents
+ const char *cookie = getenv("COOKIE_STRING");
//strncpy doesn't zero-truncate properly
snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
- snprintf(cookie, BUFSIZ, "%s", getenv("COOKIE_STRING"));
Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params);
Log(LOGDEBUG, "Cookie: %s", cookie);
-
//Remove trailing slashes (if present) from module query
size_t lastchar = strlen(module) - 1;
if (lastchar > 0 && module[lastchar] == '/')
module[lastchar] = 0;
- //Escape all special characters
- FCGI_EscapeText(params);
-
//Default to the 'identify' module if none specified
if (!*module)
strcpy(module, "identify");
context.current_module = module;
context.response_number++;
-
-
if (module_handler)
{
- if (module_handler != Login_Handler)
+ if (module_handler != Login_Handler && module_handler != IdentifyHandler)
{
if (cookie[0] == '\0')
{
- FCGI_RejectJSON(&context, "Please login.");
+ FCGI_RejectJSONEx(&context, STATUS_UNAUTHORIZED, "Please login.");
continue;
}
+
if (!FCGI_HasControl(&context, cookie))
{
FCGI_RejectJSON(&context, "Invalid control key.");
continue;
}
+
+ //Escape all special characters.
+ //Don't escape for login (password may have special chars?)
+ FCGI_EscapeText(params);
}
module_handler(&context, params);
git.ucc.asn.au / matches / MCTX3420.git / blobdiff
UCC git Repository :: git.ucc.asn.au