*/
static void IdentifyHandler(FCGIContext *context, char *params) {
bool ident_sensors = false, ident_actuators = false;
-
+ bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING"));
int i;
FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
FCGI_JSONLong("api_version", API_VERSION);
- FCGI_JSONBool("logged_in", FCGI_HasControl(context, getenv("COOKIE_STRING")));
- FCGI_JSONPair("friendly_name", "");
+ FCGI_JSONBool("logged_in", has_control);
+ FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : "");
//Sensor and actuator information
if (ident_sensors) {
FCGI_JSONKey("sensors");
FCGI_JSONValue("{\n\t\t");
- for (i = 0; i < NUMSENSORS; i++) {
+ for (i = 0; i < g_num_sensors; i++) {
if (i > 0) {
FCGI_JSONValue(",\n\t\t");
}
- FCGI_JSONValue("\"%d\" : \"%s\"", i, g_sensor_names[i]);
+ FCGI_JSONValue("\"%d\" : \"%s\"", i, Sensor_GetName(i));
}
FCGI_JSONValue("\n\t}");
}
if (ident_actuators) {
FCGI_JSONKey("actuators");
FCGI_JSONValue("{\n\t\t");
- for (i = 0; i < NUMACTUATORS; i++) {
+ for (i = 0; i < g_num_actuators; i++) {
if (i > 0) {
FCGI_JSONValue(",\n\t\t");
}
- FCGI_JSONValue("\"%d\" : \"%s\"", i, g_actuator_names[i]);
+ FCGI_JSONValue("\"%d\" : \"%s\"", i, Actuator_GetName(i));
}
FCGI_JSONValue("\n\t}");
}
* the system at any one time. The key can be forcibly generated, revoking
* any previous control keys. To be used in conjunction with HTTP
* basic authentication.
- * This function will generate a JSON response that indicates success/failure.
* @param context The context to work in
* @param force Whether to force key generation or not.
- */
-void FCGI_LockControl(FCGIContext *context, bool force) {
+ * @return true on success, false otherwise (eg someone else already in control)
+ */
+bool FCGI_LockControl(FCGIContext *context, bool force) {
time_t now = time(NULL);
bool expired = now - context->control_timestamp > CONTROL_TIMEOUT;
-
+
if (force || !*(context->control_key) || expired)
{
SHA_CTX sha1ctx;
for (i = 0; i < 20; i++)
sprintf(context->control_key + i * 2, "%02x", sha1[i]);
snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR"));
+ return true;
}
+ return false;
}
/**
bool FCGI_HasControl(FCGIContext *context, const char *key) {
time_t now = time(NULL);
int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT &&
- key != NULL && !strcmp(context->control_key, key);
+ key != NULL && context->control_key[0] != '\0' &&
+ !strcmp(context->control_key, key);
if (result) {
context->control_timestamp = now; //Update the control_timestamp
}
*/
void FCGI_ReleaseControl(FCGIContext *context) {
*(context->control_key) = 0;
- FCGI_BeginJSON(context, STATUS_OK);
- FCGI_EndJSON();
return;
}
FCGI_BeginJSON(context, status);
FCGI_JSONPair("description", description);
FCGI_JSONLong("responsenumber", context->response_number);
- //FCGI_JSONPair("params", getenv("QUERY_STRING"));
+ //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff
FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
FCGI_JSONPair("user", getenv("REMOTE_USER"));
FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
if (lastchar > 0 && module[lastchar] == '/')
module[lastchar] = 0;
- //Escape all special characters
- FCGI_EscapeText(params);
-
//Default to the 'identify' module if none specified
if (!*module)
strcpy(module, "identify");
if (module_handler)
{
- if (module_handler != Login_Handler && module_handler != IdentifyHandler)
+ //if (module_handler != Login_Handler && module_handler != IdentifyHandler)
+ if (false) // Testing
{
if (cookie[0] == '\0')
{
- FCGI_RejectJSON(&context, "Please login.");
+ FCGI_RejectJSONEx(&context, STATUS_UNAUTHORIZED, "Please login.");
continue;
}
+
if (!FCGI_HasControl(&context, cookie))
{
FCGI_RejectJSON(&context, "Invalid control key.");
continue;
}
+
+ //Escape all special characters.
+ //Don't escape for login (password may have special chars?)
+ FCGI_EscapeText(params);
}
module_handler(&context, params);
git.ucc.asn.au / matches / MCTX3420.git / blobdiff
UCC git Repository :: git.ucc.asn.au