Implement session and login handling

addon/www/rest.cgi

@@ -21,15 +21,99 @@
 #set env(TCLLIBPATH) [list /www /usr/local/addons/rmupdate/lib]
 #source once.tcl
 #source session.tcl
+load tclrega.so
 source /usr/local/addons/rmupdate/lib/rmupdate.tcl
+package require http
+
+proc get_http_header {request header_name} {
+	upvar $request req
+	set header_name [string toupper $header_name]
+	array set meta $req(meta)
+	foreach header [array names meta] {
+		if {$header_name == [string toupper $header] } then {
+			return $meta($header)
+		}
+	}
+	return ""
+}
+
+proc get_session {sid} {
+	if {[regexp {@([0-9a-zA-Z]{10})@} $sid match sidnr]} {
+		return [lindex [rega_script "Write(system.GetSessionVarStr('$sidnr'));"] 1]
+	}
+	return ""
+}
+
+proc check_session {sid} {
+	if {[get_session $sid] != ""} {
+		# renew session
+		set url "http://127.0.0.1/pages/index.htm?sid=$sid"
+		::http::cleanup [::http::geturl $url]
+		return 1
+	}
+	return 0
+}
+
+proc new_session {} {
+	set request [::http::geturl "http://127.0.0.1/login.htm"]
+	set location [get_http_header $request "location"]
+	::http::cleanup $request
+	if {![regexp {sid=@([0-9a-zA-Z]{10})@} $location match sid]} {
+		error "Too many sessions" "Service Unavailable" 503
+	}
+	return $sid
+}
+
+proc login {username password} {
+	set sid [new_session]
+	
+	set request [::http::geturl "http://127.0.0.1/login.htm?sid=@$sid@" -query [::http::formatQuery tbUsername $username tbPassword $password]]
+	set code [::http::code $request]
+	set location [get_http_header $request "location"]
+	::http::cleanup $request
+	
+	if {[string first "500" $code] != -1} {
+		rega_script "system.ClearSessionID(\"$sid\");"
+		error "Invalid session" "Internal server error" 500
+	}
+	
+	if {[string first "error" $location] != -1} {
+		rega_script "system.ClearSessionID(\"$sid\");"
+		error "Invalid username oder password" "Unauthorized" 401
+	}
+	return $sid
+}
 
 proc process {} {
 	global env
 	if { [info exists env(QUERY_STRING)] } {
 		set query $env(QUERY_STRING)
-		set path [split $query {/}]
+		set sid ""
+		set pairs [split $query "&"]
+		foreach pair $pairs {
+			if {[regexp "^(\[^=\]+)=(.*)$" $pair match varname value]} {
+				if {$varname == "sid"} {
+					set sid $value
+				} elseif {$varname == "path"} {
+					set path [split $value "/"]
+				}
+			}
+		}
 		set plen [expr [llength $path] - 1]
 		
+		
+		if {[lindex $path 1] == "login"} {
+			set data [read stdin $env(CONTENT_LENGTH)]
+			regexp {\"username\"\s*:\s*\"([^\"]*)\"} $data match username
+			regexp {\"password\"\s*:\s*\"([^\"]*)\"} $data match password
+			set sid [login $username $password]
+			return "\"${sid}\""
+		}
+		
+		if {![check_session $sid]} {
+			error "Invalid session" "Unauthorized" 401
+		}
+		
 		if {[lindex $path 1] == "install_addon_archive"} {
 			set archive_file "/tmp/uploaded_addon.tar.gz"
 			catch {fconfigure stdin -translation binary}
@@ -48,7 +132,9 @@ proc process {} {
 			set data [read stdin $env(CONTENT_LENGTH)]
 		}
 		
-		if {[lindex $path 1] == "version"} {
+		if {[lindex $path 1] == "get_session"} {
+			return "\"[get_session $sid]\""
+		} elseif {[lindex $path 1] == "version"} {
 			return "\"[rmupdate::version]\""
 		} elseif {[lindex $path 1] == "get_firmware_info"} {
 			return [rmupdate::get_firmware_info]
@@ -151,14 +237,14 @@ proc process {} {
 			return [rmupdate::wlan_disconnect]
 		}
 	}
-	error "invalid request" "Not found" 404
+	error "Path not found" "Not found" 404
 }
 
 variable content_type "application/json"
 
 if [catch {process} result] {
 	set status 500
-	if { [info exists $errorCode] } {
+	if { $errorCode != "NONE" } {
 		set status $errorCode
 	}
 	puts "Content-Type: ${content_type}"