Implement session and login handling
This commit is contained in:
parent
34d35761ca
commit
ee2956f7b4
|
@ -21,15 +21,99 @@
|
||||||
#set env(TCLLIBPATH) [list /www /usr/local/addons/rmupdate/lib]
|
#set env(TCLLIBPATH) [list /www /usr/local/addons/rmupdate/lib]
|
||||||
#source once.tcl
|
#source once.tcl
|
||||||
#source session.tcl
|
#source session.tcl
|
||||||
|
load tclrega.so
|
||||||
source /usr/local/addons/rmupdate/lib/rmupdate.tcl
|
source /usr/local/addons/rmupdate/lib/rmupdate.tcl
|
||||||
|
package require http
|
||||||
|
|
||||||
|
proc get_http_header {request header_name} {
|
||||||
|
upvar $request req
|
||||||
|
set header_name [string toupper $header_name]
|
||||||
|
array set meta $req(meta)
|
||||||
|
foreach header [array names meta] {
|
||||||
|
if {$header_name == [string toupper $header] } then {
|
||||||
|
return $meta($header)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
proc get_session {sid} {
|
||||||
|
if {[regexp {@([0-9a-zA-Z]{10})@} $sid match sidnr]} {
|
||||||
|
return [lindex [rega_script "Write(system.GetSessionVarStr('$sidnr'));"] 1]
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
proc check_session {sid} {
|
||||||
|
if {[get_session $sid] != ""} {
|
||||||
|
# renew session
|
||||||
|
set url "http://127.0.0.1/pages/index.htm?sid=$sid"
|
||||||
|
::http::cleanup [::http::geturl $url]
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
proc new_session {} {
|
||||||
|
set request [::http::geturl "http://127.0.0.1/login.htm"]
|
||||||
|
set location [get_http_header $request "location"]
|
||||||
|
::http::cleanup $request
|
||||||
|
if {![regexp {sid=@([0-9a-zA-Z]{10})@} $location match sid]} {
|
||||||
|
error "Too many sessions" "Service Unavailable" 503
|
||||||
|
}
|
||||||
|
return $sid
|
||||||
|
}
|
||||||
|
|
||||||
|
proc login {username password} {
|
||||||
|
set sid [new_session]
|
||||||
|
|
||||||
|
set request [::http::geturl "http://127.0.0.1/login.htm?sid=@$sid@" -query [::http::formatQuery tbUsername $username tbPassword $password]]
|
||||||
|
set code [::http::code $request]
|
||||||
|
set location [get_http_header $request "location"]
|
||||||
|
::http::cleanup $request
|
||||||
|
|
||||||
|
if {[string first "500" $code] != -1} {
|
||||||
|
rega_script "system.ClearSessionID(\"$sid\");"
|
||||||
|
error "Invalid session" "Internal server error" 500
|
||||||
|
}
|
||||||
|
|
||||||
|
if {[string first "error" $location] != -1} {
|
||||||
|
rega_script "system.ClearSessionID(\"$sid\");"
|
||||||
|
error "Invalid username oder password" "Unauthorized" 401
|
||||||
|
}
|
||||||
|
return $sid
|
||||||
|
}
|
||||||
|
|
||||||
proc process {} {
|
proc process {} {
|
||||||
global env
|
global env
|
||||||
if { [info exists env(QUERY_STRING)] } {
|
if { [info exists env(QUERY_STRING)] } {
|
||||||
set query $env(QUERY_STRING)
|
set query $env(QUERY_STRING)
|
||||||
set path [split $query {/}]
|
set sid ""
|
||||||
|
set pairs [split $query "&"]
|
||||||
|
foreach pair $pairs {
|
||||||
|
if {[regexp "^(\[^=\]+)=(.*)$" $pair match varname value]} {
|
||||||
|
if {$varname == "sid"} {
|
||||||
|
set sid $value
|
||||||
|
} elseif {$varname == "path"} {
|
||||||
|
set path [split $value "/"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
set plen [expr [llength $path] - 1]
|
set plen [expr [llength $path] - 1]
|
||||||
|
|
||||||
|
|
||||||
|
if {[lindex $path 1] == "login"} {
|
||||||
|
set data [read stdin $env(CONTENT_LENGTH)]
|
||||||
|
regexp {\"username\"\s*:\s*\"([^\"]*)\"} $data match username
|
||||||
|
regexp {\"password\"\s*:\s*\"([^\"]*)\"} $data match password
|
||||||
|
set sid [login $username $password]
|
||||||
|
return "\"${sid}\""
|
||||||
|
}
|
||||||
|
|
||||||
|
if {![check_session $sid]} {
|
||||||
|
error "Invalid session" "Unauthorized" 401
|
||||||
|
}
|
||||||
|
|
||||||
if {[lindex $path 1] == "install_addon_archive"} {
|
if {[lindex $path 1] == "install_addon_archive"} {
|
||||||
set archive_file "/tmp/uploaded_addon.tar.gz"
|
set archive_file "/tmp/uploaded_addon.tar.gz"
|
||||||
catch {fconfigure stdin -translation binary}
|
catch {fconfigure stdin -translation binary}
|
||||||
|
@ -48,7 +132,9 @@ proc process {} {
|
||||||
set data [read stdin $env(CONTENT_LENGTH)]
|
set data [read stdin $env(CONTENT_LENGTH)]
|
||||||
}
|
}
|
||||||
|
|
||||||
if {[lindex $path 1] == "version"} {
|
if {[lindex $path 1] == "get_session"} {
|
||||||
|
return "\"[get_session $sid]\""
|
||||||
|
} elseif {[lindex $path 1] == "version"} {
|
||||||
return "\"[rmupdate::version]\""
|
return "\"[rmupdate::version]\""
|
||||||
} elseif {[lindex $path 1] == "get_firmware_info"} {
|
} elseif {[lindex $path 1] == "get_firmware_info"} {
|
||||||
return [rmupdate::get_firmware_info]
|
return [rmupdate::get_firmware_info]
|
||||||
|
@ -151,14 +237,14 @@ proc process {} {
|
||||||
return [rmupdate::wlan_disconnect]
|
return [rmupdate::wlan_disconnect]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
error "invalid request" "Not found" 404
|
error "Path not found" "Not found" 404
|
||||||
}
|
}
|
||||||
|
|
||||||
variable content_type "application/json"
|
variable content_type "application/json"
|
||||||
|
|
||||||
if [catch {process} result] {
|
if [catch {process} result] {
|
||||||
set status 500
|
set status 500
|
||||||
if { [info exists $errorCode] } {
|
if { $errorCode != "NONE" } {
|
||||||
set status $errorCode
|
set status $errorCode
|
||||||
}
|
}
|
||||||
puts "Content-Type: ${content_type}"
|
puts "Content-Type: ${content_type}"
|
||||||
|
|
Loading…
Reference in New Issue