websocketpp::http::status_code::value SessionApi::handleLogin(ApiRequest& aRequest, bool aIsSecure, const WebSocketPtr& aSocket, const string& aIP) {
const auto& reqJson = aRequest.getRequestBody();
auto username = JsonUtil::getField<string>("username", reqJson, false);
auto password = JsonUtil::getField<string>("password", reqJson, false);
auto inactivityMinutes = JsonUtil::getOptionalFieldDefault<uint64_t>("max_inactivity", reqJson, WEBCFG(DEFAULT_SESSION_IDLE_TIMEOUT).uint64());
auto userSession = JsonUtil::getOptionalFieldDefault<bool>("user_session", reqJson, false);
auto session = WebServerManager::getInstance()->getUserManager().authenticate(username, password,
aIsSecure, inactivityMinutes, userSession, aIP);
if (!session) {
aRequest.setResponseErrorStr("Invalid username or password");
return websocketpp::http::status_code::unauthorized;
}
json retJson = {
{ "permissions", session->getUser()->getPermissions() },
{ "token", session->getAuthToken() },
{ "user", session->getUser()->getUserName() },
{ "system", getSystemInfo(aIP) },
{ "run_wizard", SETTING(WIZARD_RUN) },
{ "cid", ClientManager::getInstance()->getMyCID().toBase32() },
};
if (aSocket) {
session->onSocketConnected(aSocket);
aSocket->setSession(session);
}
aRequest.setResponseBody(retJson);
return websocketpp::http::status_code::ok;
}
api_return SessionApi::handleSocketConnect(ApiRequest& aRequest, bool aIsSecure, const WebSocketPtr& aSocket) {
auto sessionToken = JsonUtil::getField<string>("authorization", aRequest.getRequestBody(), false);
auto session = WebServerManager::getInstance()->getUserManager().getSession(sessionToken);
if (!session) {
aRequest.setResponseErrorStr("Invalid session token");
return websocketpp::http::status_code::bad_request;
}
if (session->isSecure() != aIsSecure) {
aRequest.setResponseErrorStr("Invalid protocol");
return websocketpp::http::status_code::bad_request;
}
session->onSocketConnected(aSocket);
aSocket->setSession(session);
return websocketpp::http::status_code::ok;
}
