diff options
author | OpenGnSys Support Team <soporte-og@soleta.eu> | 2019-06-21 13:03:04 +0200 |
---|---|---|
committer | OpenGnSys Support Team <soporte-og@soleta.eu> | 2019-06-24 13:42:25 +0200 |
commit | fd305405b753528dd53934a15c5194feb6deb7a9 (patch) | |
tree | df2f72a0bd85a8c2f9da0c6056983087766c6198 | |
parent | e45455ec8206d676ff3513dc56456a7e27bc402b (diff) |
#915 add support for HTTP Authorization
Add APITOKEN= field to ogAdmServer.cfg to specify the REST API key.
-rw-r--r-- | sources/ogAdmServer.cpp | 23 | ||||
-rw-r--r-- | tests/config/ogAdmServer.cfg | 1 | ||||
-rwxr-xr-x | tests/run-tests.sh | 22 |
3 files changed, 35 insertions, 11 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp index d70aa0c..2504236 100644 --- a/sources/ogAdmServer.cpp +++ b/sources/ogAdmServer.cpp @@ -22,6 +22,7 @@ static char pasguor[LONPRM]; // Password del usuario static char datasource[LONPRM]; // Dirección IP del gestor de base de datos static char catalog[LONPRM]; // Nombre de la base de datos static char interface[LONPRM]; // Interface name +static char auth_token[LONPRM]; // API token //________________________________________________________________________________________________________ // Función: tomaConfiguracion @@ -77,7 +78,8 @@ static bool tomaConfiguracion(const char *filecfg) snprintf(catalog, sizeof(catalog), "%s", value); else if (!strcmp(StrToUpper(key), "INTERFACE")) snprintf(interface, sizeof(interface), "%s", value); - + else if (!strcmp(StrToUpper(key), "APITOKEN")) + snprintf(auth_token, sizeof(auth_token), "%s", value); line = fgets(buf, sizeof(buf), fcfg); } @@ -132,6 +134,7 @@ struct og_client { int keepalive_idx; bool rest; unsigned int content_length; + char auth_token[64]; }; static inline int og_client_socket(const struct og_client *cli) @@ -3880,6 +3883,15 @@ static int og_client_not_found(struct og_client *cli) return -1; } +static int og_client_not_authorized(struct og_client *cli) +{ + char buf[] = "HTTP/1.1 404 Unauthorized\r\nContent-Length: 0\r\n\r\n"; + + send(og_client_socket(cli), buf, strlen(buf), 0); + + return -1; +} + static int og_client_ok(struct og_client *cli, char *buf_reply) { char buf[4096] = {}; @@ -3918,6 +3930,11 @@ static int og_client_state_process_payload_rest(struct og_client *cli) body = strstr(cli->buf, "\r\n\r\n") + 4; + if (strcmp(cli->auth_token, auth_token)) { + syslog(LOG_ERR, "wrong Authentication key\n"); + return og_client_not_authorized(cli); + } + if (cli->content_length) { root = json_loads(body, 0, &json_err); if (!root) { @@ -4047,6 +4064,10 @@ static int og_client_state_recv_hdr_rest(struct og_client *cli) cli->msg_len += cli->content_length; } + ptr = strstr(cli->buf, "Authorization: "); + if (ptr) + sscanf(ptr, "Authorization: %64[^\r\n]", cli->auth_token); + return 1; } diff --git a/tests/config/ogAdmServer.cfg b/tests/config/ogAdmServer.cfg index aa20113..41d812b 100644 --- a/tests/config/ogAdmServer.cfg +++ b/tests/config/ogAdmServer.cfg @@ -5,3 +5,4 @@ PASSWORD=test-db datasource=localhost CATALOG=test-db INTERFACE=eth1 +APITOKEN=07b3bfe728954619b58f0107ad73acc1 diff --git a/tests/run-tests.sh b/tests/run-tests.sh index f0cae2a..ca00b5f 100755 --- a/tests/run-tests.sh +++ b/tests/run-tests.sh @@ -1,10 +1,12 @@ -curl -X POST http://127.0.0.1:8888/clients -d @post_clients.json -curl -X GET http://127.0.0.1:8888/clients -curl -X POST http://127.0.0.1:8888/wol -d @wol.json -curl -X POST http://127.0.0.1:8888/shell/run -d @post_shell_run.json -curl -X POST http://127.0.0.1:8888/shell/output -d @post_shell_output.json -curl -X POST http://127.0.0.1:8888/session -d @session.json -curl -X POST http://127.0.0.1:8888/poweroff -d @poweroff.json -curl -X POST http://127.0.0.1:8888/reboot -d @reboot.json -curl -X POST http://127.0.0.1:8888/stop -d @stop.json -curl -X POST http://127.0.0.1:8888/refresh -d @refresh.json +API_KEY="07b3bfe728954619b58f0107ad73acc1" + +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/clients -d @post_clients.json +curl -X GET -H "Authorization: $API_KEY" http://127.0.0.1:8888/clients +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/wol -d @wol.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/shell/run -d @post_shell_run.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/shell/output -d @post_shell_output.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/session -d @session.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/poweroff -d @poweroff.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/reboot -d @reboot.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/stop -d @stop.json +curl -X POST -H "Authorization: $API_KEY" http://127.0.0.1:8888/refresh -d @refresh.json |