api_return ApiModule::handleRequest(ApiRequest& aRequest) {
// Find section
auto i = requestHandlers.find(aRequest.getStringParam(0));
if (i == requestHandlers.end()) {
aRequest.setResponseErrorStr("Invalid API section");
return websocketpp::http::status_code::bad_request;
}
aRequest.popParam();
const auto& sectionHandlers = i->second;
bool hasParamMatch = false; // for better error reporting
// Match parameters
auto handler = boost::find_if(sectionHandlers, [&](const RequestHandler& aHandler) {
// Regular matching
auto matchesParams = aHandler.matchParams(aRequest.getParameters());
if (!matchesParams) {
return false;
}
if (aHandler.method == aRequest.getMethod() || aHandler.isModuleHandler()) {
return true;
}
hasParamMatch = true;
return false;
});
if (handler == sectionHandlers.end()) {
if (hasParamMatch) {
aRequest.setResponseErrorStr("Method not supported for this command");
} else {
aRequest.setResponseErrorStr("Invalid parameters for this API section");
}
return websocketpp::http::status_code::bad_request;
}
// Check JSON payload
if (handler->requireJson && !aRequest.hasRequestBody()) {
aRequest.setResponseErrorStr("JSON body required");
return websocketpp::http::status_code::bad_request;
}
// Check permission
if (!session->getUser()->hasPermission(handler->access)) {
aRequest.setResponseErrorStr("Permission denied");
return websocketpp::http::status_code::forbidden;
}
// Exact params could be removed from the request...
return handler->f(aRequest);
}
