diff --git a/addon/www/rest.cgi b/addon/www/rest.cgi index e2b1511..ea8050f 100644 --- a/addon/www/rest.cgi +++ b/addon/www/rest.cgi @@ -21,15 +21,99 @@ #set env(TCLLIBPATH) [list /www /usr/local/addons/rmupdate/lib] #source once.tcl #source session.tcl +load tclrega.so source /usr/local/addons/rmupdate/lib/rmupdate.tcl +package require http + +proc get_http_header {request header_name} { + upvar $request req + set header_name [string toupper $header_name] + array set meta $req(meta) + foreach header [array names meta] { + if {$header_name == [string toupper $header] } then { + return $meta($header) + } + } + return "" +} + +proc get_session {sid} { + if {[regexp {@([0-9a-zA-Z]{10})@} $sid match sidnr]} { + return [lindex [rega_script "Write(system.GetSessionVarStr('$sidnr'));"] 1] + } + return "" +} + +proc check_session {sid} { + if {[get_session $sid] != ""} { + # renew session + set url "http://127.0.0.1/pages/index.htm?sid=$sid" + ::http::cleanup [::http::geturl $url] + return 1 + } + return 0 +} + +proc new_session {} { + set request [::http::geturl "http://127.0.0.1/login.htm"] + set location [get_http_header $request "location"] + ::http::cleanup $request + if {![regexp {sid=@([0-9a-zA-Z]{10})@} $location match sid]} { + error "Too many sessions" "Service Unavailable" 503 + } + return $sid +} + +proc login {username password} { + set sid [new_session] + + set request [::http::geturl "http://127.0.0.1/login.htm?sid=@$sid@" -query [::http::formatQuery tbUsername $username tbPassword $password]] + set code [::http::code $request] + set location [get_http_header $request "location"] + ::http::cleanup $request + + if {[string first "500" $code] != -1} { + rega_script "system.ClearSessionID(\"$sid\");" + error "Invalid session" "Internal server error" 500 + } + + if {[string first "error" $location] != -1} { + rega_script "system.ClearSessionID(\"$sid\");" + error "Invalid username oder password" "Unauthorized" 401 + } + return $sid +} proc process {} { global env if { [info exists env(QUERY_STRING)] } { set query $env(QUERY_STRING) - set path [split $query {/}] + set sid "" + set pairs [split $query "&"] + foreach pair $pairs { + if {[regexp "^(\[^=\]+)=(.*)$" $pair match varname value]} { + if {$varname == "sid"} { + set sid $value + } elseif {$varname == "path"} { + set path [split $value "/"] + } + } + } set plen [expr [llength $path] - 1] + + if {[lindex $path 1] == "login"} { + set data [read stdin $env(CONTENT_LENGTH)] + regexp {\"username\"\s*:\s*\"([^\"]*)\"} $data match username + regexp {\"password\"\s*:\s*\"([^\"]*)\"} $data match password + set sid [login $username $password] + return "\"${sid}\"" + } + + if {![check_session $sid]} { + error "Invalid session" "Unauthorized" 401 + } + if {[lindex $path 1] == "install_addon_archive"} { set archive_file "/tmp/uploaded_addon.tar.gz" catch {fconfigure stdin -translation binary} @@ -48,7 +132,9 @@ proc process {} { set data [read stdin $env(CONTENT_LENGTH)] } - if {[lindex $path 1] == "version"} { + if {[lindex $path 1] == "get_session"} { + return "\"[get_session $sid]\"" + } elseif {[lindex $path 1] == "version"} { return "\"[rmupdate::version]\"" } elseif {[lindex $path 1] == "get_firmware_info"} { return [rmupdate::get_firmware_info] @@ -151,14 +237,14 @@ proc process {} { return [rmupdate::wlan_disconnect] } } - error "invalid request" "Not found" 404 + error "Path not found" "Not found" 404 } variable content_type "application/json" if [catch {process} result] { set status 500 - if { [info exists $errorCode] } { + if { $errorCode != "NONE" } { set status $errorCode } puts "Content-Type: ${content_type}"