static void handleRequestFromChild(struct Admin* admin, uint8_t buffer[MAX_API_REQUEST_SIZE], size_t amount, struct Allocator* allocator) { String* txid = NULL; int skip = 0; if (!memcmp(buffer, "0123", 4)) { // out of band txid txid = &(String) { .len = 4, .bytes = (char*) buffer + 4 }; skip = 8; } struct Reader* reader = ArrayReader_new(buffer + skip, amount - skip, allocator); Dict message; if (List_getStandardBencSerializer()->parseDictionary(reader, allocator, &message)) { return; } String* query = Dict_getString(&message, CJDHTConstants_QUERY); if (!query) { return; } // If they're asking for a cookie then lets give them one. String* cookie = BSTR("cookie"); if (String_equals(query, cookie)) { Dict* d = Dict_new(allocator); char bytes[32]; snprintf(bytes, 32, "%u", (uint32_t) Time_currentTimeSeconds(admin->eventBase)); String* theCookie = &(String) { .len = strlen(bytes), .bytes = bytes }; Dict_putString(d, cookie, theCookie, allocator); Admin_sendMessage(d, txid, admin); return; } // If this is a permitted query, make sure the cookie is right. String* auth = BSTR("auth"); bool authed = false; if (String_equals(query, auth)) { if (!authValid(&message, buffer + skip, reader->bytesRead(reader), admin)) { Dict* d = Dict_new(allocator); Dict_putString(d, BSTR("error"), BSTR("Auth failed."), allocator); Admin_sendMessage(d, txid, admin); return; } query = Dict_getString(&message, BSTR("aq")); authed = true; } for (int i = 0; i < admin->functionCount; i++) { if (String_equals(query, admin->functions[i].name) && (authed || !admin->functions[i].needsAuth)) { admin->functions[i].call(&message, admin->functions[i].context, txid); } } return; }
void DatabaseCommand_ClientAuthValid::exec( DatabaseImpl* lib ) { TomahawkSqlQuery q = lib->newquery(); q.prepare( "SELECT name FROM http_client_auth WHERE token = ?" ); q.addBindValue( m_clientToken ); if ( q.exec() ) { if ( q.next() ) { QString name = q.value( 0 ).toString(); emit authValid( m_clientToken, name, true ); } else { emit authValid( m_clientToken, QString(), false ); } } else { qWarning() << "Failed to query http auth table for client:" << m_clientToken; } }
static void handleRequestFromChild(struct Admin* admin, union Admin_TxidPrefix* txid_prefix, Dict* message, uint8_t* buffer, size_t amount, struct Allocator* allocator) { String* query = Dict_getString(message, CJDHTConstants_QUERY); if (!query) { Log_info(admin->logger, "Got a non-query from admin interface on channel [%u].", admin->messageHeader.channelNum); adminChannelClose(admin, admin->messageHeader.channelNum); return; } // txid becomes the user supplied txid combined with the inter-process txid. String* userTxid = Dict_getString(message, TXID); uint32_t txidlen = ((userTxid) ? userTxid->len : 0) + Admin_TxidPrefix_SIZE; String* txid = String_newBinary(NULL, txidlen, allocator); Bits_memcpyConst(txid->bytes, txid_prefix->raw, Admin_TxidPrefix_SIZE); if (userTxid) { Bits_memcpy(txid->bytes + Admin_TxidPrefix_SIZE, userTxid->bytes, userTxid->len); } // If they're asking for a cookie then lets give them one. String* cookie = String_CONST("cookie"); if (String_equals(query, cookie)) { Dict* d = Dict_new(allocator); char bytes[32]; snprintf(bytes, 32, "%u", (uint32_t) Time_currentTimeSeconds(admin->eventBase)); String* theCookie = &(String) { .len = strlen(bytes), .bytes = bytes }; Dict_putString(d, cookie, theCookie, allocator); Admin_sendMessage(d, txid, admin); return; } // If this is a permitted query, make sure the cookie is right. String* auth = String_CONST("auth"); bool authed = false; if (String_equals(query, auth)) { if (!authValid(message, buffer, amount, admin)) { Dict* d = Dict_new(allocator); Dict_putString(d, String_CONST("error"), String_CONST("Auth failed."), allocator); Admin_sendMessage(d, txid, admin); return; } query = Dict_getString(message, String_CONST("aq")); authed = true; } Dict* args = Dict_getDict(message, String_CONST("args")); bool noFunctionsCalled = true; for (int i = 0; i < admin->functionCount; i++) { if (String_equals(query, admin->functions[i].name) && (authed || !admin->functions[i].needsAuth)) { if (checkArgs(args, &admin->functions[i], txid, admin)) { admin->functions[i].call(args, admin->functions[i].context, txid); } noFunctionsCalled = false; } } if (noFunctionsCalled) { Dict* d = Dict_new(allocator); Dict_putString(d, String_CONST("error"), String_CONST("No functions matched your request."), allocator); Dict* functions = Dict_new(allocator); for (int i = 0; i < admin->functionCount; i++) { Dict_putDict(functions, admin->functions[i].name, admin->functions[i].args, allocator); } if (functions) { Dict_putDict(d, String_CONST("availableFunctions"), functions, allocator); } Admin_sendMessage(d, txid, admin); return; } return; }
static void handleRequestFromChild(struct Admin* admin, uint8_t buffer[MAX_API_REQUEST_SIZE], size_t amount, struct Allocator* allocator) { struct Reader* reader = ArrayReader_new(buffer + TXID_LEN, amount - TXID_LEN, allocator); Dict message; if (StandardBencSerializer_get()->parseDictionary(reader, allocator, &message)) { Log_info(admin->logger, "Got unparsable data from admin interface."); return; } String* query = Dict_getString(&message, CJDHTConstants_QUERY); if (!query) { Log_info(admin->logger, "Got a non-query from admin interface."); return; } // txid becomes the user supplied txid combined with the inter-process txid. String* userTxid = Dict_getString(&message, TXID); String* txid = String_newBinary((char*)buffer, ((userTxid) ? userTxid->len : 0) + TXID_LEN, allocator); if (userTxid) { Bits_memcpy(txid->bytes + TXID_LEN, userTxid->bytes, userTxid->len); } // If they're asking for a cookie then lets give them one. String* cookie = String_CONST("cookie"); if (String_equals(query, cookie)) { Dict* d = Dict_new(allocator); char bytes[32]; snprintf(bytes, 32, "%u", (uint32_t) Time_currentTimeSeconds(admin->eventBase)); String* theCookie = &(String) { .len = strlen(bytes), .bytes = bytes }; Dict_putString(d, cookie, theCookie, allocator); Admin_sendMessage(d, txid, admin); return; } // If this is a permitted query, make sure the cookie is right. String* auth = String_CONST("auth"); bool authed = false; if (String_equals(query, auth)) { if (!authValid(&message, buffer + TXID_LEN, reader->bytesRead(reader), admin)) { Dict* d = Dict_new(allocator); Dict_putString(d, String_CONST("error"), String_CONST("Auth failed."), allocator); Admin_sendMessage(d, txid, admin); return; } query = Dict_getString(&message, String_CONST("aq")); authed = true; } Dict* args = Dict_getDict(&message, String_CONST("args")); bool noFunctionsCalled = true; for (int i = 0; i < admin->functionCount; i++) { if (String_equals(query, admin->functions[i].name) && (authed || !admin->functions[i].needsAuth)) { if (checkArgs(args, &admin->functions[i], txid, admin)) { admin->functions[i].call(args, admin->functions[i].context, txid); } noFunctionsCalled = false; } } if (noFunctionsCalled) { Dict* d = Dict_new(allocator); Dict_putString(d, String_CONST("error"), String_CONST("No functions matched your request."), allocator); Dict* functions = Dict_new(allocator); for (int i = 0; i < admin->functionCount; i++) { Dict_putDict(functions, admin->functions[i].name, admin->functions[i].args, allocator); } if (functions) { Dict_putDict(d, String_CONST("availableFunctions"), functions, allocator); } Admin_sendMessage(d, txid, admin); return; } return; }