/*
Form login service routine. Called in response to a form-based login request. Only used when httpSetAuthForm is utilized.
The password is clear-text so this must be used over SSL to be secure.
*/
static void loginServiceProc(HttpConn *conn)
{
HttpAuth *auth;
cchar *username, *password, *referrer;
auth = conn->rx->route->auth;
username = httpGetParam(conn, "username", 0);
password = httpGetParam(conn, "password", 0);
if (httpLogin(conn, username, password)) {
if ((referrer = httpGetSessionVar(conn, "referrer", 0)) != 0) {
/*
Preserve protocol scheme from existing connection
*/
HttpUri *where = httpCreateUri(referrer, 0);
httpCompleteUri(where, conn->rx->parsedUri);
referrer = httpUriToString(where, 0);
httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, referrer);
} else {
if (auth->loggedIn) {
httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, auth->loggedIn);
} else {
httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, "~");
}
}
} else {
httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, auth->loginPage);
}
}
static void myaction(HttpConn *conn)
{
HttpQueue *q;
q = conn->writeq;
/*
Set the HTTP response status
*/
httpSetStatus(conn, 200);
/*
Add desired headers. "Set" will overwrite, add will create if not already defined.
*/
httpAddHeaderString(conn, "Content-Type", "text/plain");
httpSetHeaderString(conn, "Cache-Control", "no-cache");
httpWrite(q, "<html><title>simpleAction</title><body>\r\n");
httpWrite(q, "<p>Name: %s</p>\n", httpGetParam(conn, "name", "-"));
httpWrite(q, "<p>Address: %s</p>\n", httpGetParam(conn, "address", "-"));
httpWrite(q, "</body></html>\r\n");
/*
Call finalize output and close the request.
Delay closing if you want to do asynchronous output and close later.
*/
httpFinalize(conn);
#if POSSIBLE
/*
Useful things to do in actions
*/
httpRedirect(conn, 302, "/other-uri");
httpError(conn, 409, "My message : %d", 5);
#endif
}
/*
Get the username and password credentials. If using an in-protocol auth scheme like basic|digest, the
rx->authDetails will contain the credentials and the parseAuth callback will be invoked to parse.
Otherwise, it is expected that "username" and "password" fields are present in the request parameters.
This is called by authCondition which thereafter calls httpLogin
*/
PUBLIC bool httpGetCredentials(HttpConn *conn, cchar **username, cchar **password)
{
HttpAuth *auth;
assert(username);
assert(password);
*username = *password = NULL;
auth = conn->rx->route->auth;
if (!auth || !auth->type) {
return 0;
}
if (auth->type) {
if (conn->authType && !smatch(conn->authType, auth->type->name)) {
if (!(smatch(auth->type->name, "form") && conn->rx->flags & HTTP_POST)) {
/* If a posted form authentication, ignore any basic|digest details in request */
return 0;
}
}
if (auth->type->parseAuth && (auth->type->parseAuth)(conn, username, password) < 0) {
return 0;
}
} else {
*username = httpGetParam(conn, "username", 0);
*password = httpGetParam(conn, "password", 0);
}
return 1;
}
/*
Get the username and password credentials. If using an in-protocol auth scheme like basic|digest, the
rx->authDetails will contain the credentials and the parseAuth callback will be invoked to parse.
Otherwise, it is expected that "username" and "password" fields are present in the request parameters.
This is called by authCondition which thereafter calls httpLogin
*/
PUBLIC bool httpGetCredentials(HttpConn *conn, cchar **username, cchar **password)
{
HttpAuth *auth;
assert(username);
assert(password);
*username = *password = NULL;
auth = conn->rx->route->auth;
if (auth->type) {
if (conn->authType && !smatch(conn->authType, auth->type->name)) {
/* Do not call httpError so that a 401 response will be sent with WWW-Authenticate header */
return 0;
}
if (auth->type->parseAuth && (auth->type->parseAuth)(conn, username, password) < 0) {
httpError(conn, HTTP_CODE_BAD_REQUEST, "Access denied. Bad authentication data.");
return 0;
}
} else {
*username = httpGetParam(conn, "username", 0);
*password = httpGetParam(conn, "password", 0);
}
return 1;
}
PUBLIC HttpUri *httpLinkUri(HttpConn *conn, cchar *target, MprHash *options)
{
HttpRoute *route, *lroute;
HttpRx *rx;
HttpUri *uri;
cchar *routeName, *action, *controller, *originalAction, *tplate;
char *rest;
assert(conn);
rx = conn->rx;
route = rx->route;
controller = 0;
if (target == 0) {
target = "";
}
if (*target == '@') {
target = sjoin("{action: '", target, "'}", NULL);
}
if (*target != '{') {
tplate = target;
if (!options) {
options = route->vars;
}
} else {
if (options) {
options = mprBlendHash(httpGetOptions(target), options);
} else {
options = httpGetOptions(target);
}
options = mprBlendHash(options, route->vars);
/*
Prep the action. Forms are:
. @action # Use the current controller
. @controller/ # Use "index" as the action
. @controller/action
*/
if ((action = httpGetOption(options, "action", 0)) != 0) {
originalAction = action;
if (*action == '@') {
action = &action[1];
}
if (strchr(action, '/')) {
controller = stok((char*) action, "/", (char**) &action);
action = stok((char*) action, "/", &rest);
}
if (controller) {
httpSetOption(options, "controller", controller);
} else {
controller = httpGetParam(conn, "controller", 0);
}
if (action == 0 || *action == '\0') {
action = "list";
}
if (action != originalAction) {
httpSetOption(options, "action", action);
}
}
/*
Find the template to use. Strategy is this order:
. options.template
. options.route.template
. options.action mapped to a route.template, via:
. /app/STAR/action
. /app/controller/action
. /app/STAR/default
. /app/controller/default
*/
if ((tplate = httpGetOption(options, "template", 0)) == 0) {
if ((routeName = httpGetOption(options, "route", 0)) != 0) {
routeName = expandRouteName(conn, routeName);
lroute = httpLookupRoute(conn->host, routeName);
} else {
lroute = 0;
}
if (!lroute) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, controller, action))) == 0) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, "{controller}", action))) == 0) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, controller, "default"))) == 0) {
lroute = httpLookupRoute(conn->host, actionRoute(route, "{controller}", "default"));
}
}
}
}
if (lroute) {
tplate = lroute->tplate;
}
}
if (!tplate) {
mprLog("error http", 0, "Cannot find template for URI %s", target);
target = "/";
}
}
target = httpTemplate(conn, tplate, options);
if ((uri = httpCreateUri(target, 0)) == 0) {
return 0;
}
return uri;
}
cchar *espGetParam(HttpConn *conn, cchar *var, cchar *defaultValue)
{
return httpGetParam(conn, var, defaultValue);
}
PUBLIC int formParse(HttpConn *conn, cchar **username, cchar **password)
{
*username = httpGetParam(conn, "username", 0);
*password = httpGetParam(conn, "password", 0);
return 0;
}
PUBLIC HttpUri *httpLinkUri(HttpConn *conn, cchar *target, MprHash *options)
{
HttpRoute *route, *lroute;
HttpRx *rx;
HttpUri *uri;
cchar *routeName, *action, *controller, *originalAction, *tplate;
char *rest;
rx = conn->rx;
route = rx->route;
controller = 0;
if (target == 0) {
target = "";
}
if (*target == '@') {
target = sjoin("{action: '", target, "'}", NULL);
}
if (*target != '{') {
tplate = target;
if (!options) {
options = route->vars;
}
} else {
if (options) {
options = mprBlendHash(httpGetOptions(target), options);
} else {
options = httpGetOptions(target);
}
options = mprBlendHash(options, route->vars);
/*
Prep the action. Forms are:
. @action # Use the current controller
. @controller/ # Use "index" as the action
. @controller/action
*/
if ((action = httpGetOption(options, "action", 0)) != 0) {
originalAction = action;
if (*action == '@') {
action = &action[1];
}
if (strchr(action, '/')) {
controller = stok((char*) action, "/", (char**) &action);
action = stok((char*) action, "/", &rest);
}
if (controller) {
httpSetOption(options, "controller", controller);
} else {
controller = httpGetParam(conn, "controller", 0);
}
if (action == 0 || *action == '\0') {
action = "list";
}
if (action != originalAction) {
httpSetOption(options, "action", action);
}
}
/*
Find the template to use. Strategy is this order:
. options.template
. options.route.template
. options.action mapped to a route.template, via:
. /app/STAR/action
. /app/controller/action
. /app/STAR/default
. /app/controller/default
*/
if ((tplate = httpGetOption(options, "template", 0)) == 0) {
if ((routeName = httpGetOption(options, "route", 0)) != 0) {
routeName = expandRouteName(conn, routeName);
lroute = httpLookupRoute(conn->host, routeName);
} else {
lroute = 0;
}
if (!lroute) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, controller, action))) == 0) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, "{controller}", action))) == 0) {
if ((lroute = httpLookupRoute(conn->host, actionRoute(route, controller, "default"))) == 0) {
lroute = httpLookupRoute(conn->host, actionRoute(route, "{controller}", "default"));
}
}
}
}
if (lroute) {
tplate = lroute->tplate;
}
}
if (!tplate) {
mprLog("error http", 0, "Cannot find template for URI %s", target);
target = "/";
}
}
target = httpTemplate(conn, tplate, options);
uri = httpCreateUri(target, 0);
/*
This was changed from: httpCreateUri(rx->uri) to rx->parsedUri.
The use case was appweb: /auth/form/login which redirects using: https:///auth/form/login on localhost:4443
This must extract the existing host and port from the prior request
*/
uri = httpResolveUri(rx->parsedUri, 1, &uri, 0);
return httpNormalizeUri(uri);
}
PUBLIC void espAddParam(HttpConn *conn, cchar *var, cchar *value)
{
if (!httpGetParam(conn, var, 0)) {
httpSetParam(conn, var, value);
}
}
