api_return ApiModule::handleRequest(ApiRequest& aRequest) { // Find section auto i = requestHandlers.find(aRequest.getStringParam(0)); if (i == requestHandlers.end()) { aRequest.setResponseErrorStr("Invalid API section"); return websocketpp::http::status_code::bad_request; } aRequest.popParam(); const auto& sectionHandlers = i->second; bool hasParamMatch = false; // for better error reporting // Match parameters auto handler = boost::find_if(sectionHandlers, [&](const RequestHandler& aHandler) { // Regular matching auto matchesParams = aHandler.matchParams(aRequest.getParameters()); if (!matchesParams) { return false; } if (aHandler.method == aRequest.getMethod() || aHandler.isModuleHandler()) { return true; } hasParamMatch = true; return false; }); if (handler == sectionHandlers.end()) { if (hasParamMatch) { aRequest.setResponseErrorStr("Method not supported for this command"); } else { aRequest.setResponseErrorStr("Invalid parameters for this API section"); } return websocketpp::http::status_code::bad_request; } // Check JSON payload if (handler->requireJson && !aRequest.hasRequestBody()) { aRequest.setResponseErrorStr("JSON body required"); return websocketpp::http::status_code::bad_request; } // Check permission if (!session->getUser()->hasPermission(handler->access)) { aRequest.setResponseErrorStr("Permission denied"); return websocketpp::http::status_code::forbidden; } // Exact params could be removed from the request... return handler->f(aRequest); }