*/
static void IdentifyHandler(FCGIContext *context, char *params) {
bool ident_sensors = false, ident_actuators = false;
-
+ bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING"));
int i;
FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
FCGI_JSONLong("api_version", API_VERSION);
- FCGI_JSONBool("logged_in", FCGI_HasControl(context, getenv("COOKIE_STRING")));
- FCGI_JSONPair("friendly_name", "");
+ FCGI_JSONBool("logged_in", has_control);
+ FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : "");
//Sensor and actuator information
if (ident_sensors) {
* the system at any one time. The key can be forcibly generated, revoking
* any previous control keys. To be used in conjunction with HTTP
* basic authentication.
- * This function will generate a JSON response that indicates success/failure.
* @param context The context to work in
* @param force Whether to force key generation or not.
- */
-void FCGI_LockControl(FCGIContext *context, bool force) {
+ * @return true on success, false otherwise (eg someone else already in control)
+ */
+bool FCGI_LockControl(FCGIContext *context, bool force) {
time_t now = time(NULL);
bool expired = now - context->control_timestamp > CONTROL_TIMEOUT;
-
+
if (force || !*(context->control_key) || expired)
{
SHA_CTX sha1ctx;
for (i = 0; i < 20; i++)
sprintf(context->control_key + i * 2, "%02x", sha1[i]);
snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR"));
+ return true;
}
+ return false;
}
/**
bool FCGI_HasControl(FCGIContext *context, const char *key) {
time_t now = time(NULL);
int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT &&
- key != NULL && !strcmp(context->control_key, key);
+ key != NULL && context->control_key[0] != '\0' &&
+ !strcmp(context->control_key, key);
if (result) {
context->control_timestamp = now; //Update the control_timestamp
}
*/
void FCGI_ReleaseControl(FCGIContext *context) {
*(context->control_key) = 0;
- FCGI_BeginJSON(context, STATUS_OK);
- FCGI_EndJSON();
return;
}
FCGI_BeginJSON(context, status);
FCGI_JSONPair("description", description);
FCGI_JSONLong("responsenumber", context->response_number);
- //FCGI_JSONPair("params", getenv("QUERY_STRING"));
+ //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff
FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
FCGI_JSONPair("user", getenv("REMOTE_USER"));
FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
if (lastchar > 0 && module[lastchar] == '/')
module[lastchar] = 0;
- //Escape all special characters
- FCGI_EscapeText(params);
-
//Default to the 'identify' module if none specified
if (!*module)
strcpy(module, "identify");
FCGI_RejectJSON(&context, "Please login.");
continue;
}
+
if (!FCGI_HasControl(&context, cookie))
{
FCGI_RejectJSON(&context, "Invalid control key.");
continue;
}
+
+ //Escape all special characters.
+ //Don't escape for login (password may have special chars?)
+ FCGI_EscapeText(params);
}
module_handler(&context, params);