20190509_jeffrey - silenceuncrio/diary GitHub Wiki
0905
review
1000
昨晚睡前想到的簡單方法
commit 6d960390431c4ef04eeb2f6659fd5b9c5dba4928
Refs: [feature/lighttpd]
Author: jeffrey <[email protected]>
Date: Thu May 9 09:59:44 2019 +0800
implement the basic access control for app=sntp:
- act=help
- ATTVAL_SYSTEM_LEVEL1(guest)
- act=config
- ATTVAL_SYSTEM_LEVEL2(normal user)
proscend/prosrc/fcgi/app_sntp.c | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
先求有再來 refactoring
現在可以來做 login 了
看一下原本 iweb 的作法
static void _register_http_endpoint(struct mg_connection *nc)
{
mg_register_http_endpoint(nc, "/api/login", _api_login);
...
}
- 利用
mg_register_http_endpoint把/api/login註冊到_api_login
static void _api_login(struct mg_connection *nc, int ev, void *p)
{
struct http_message *hm = (struct http_message *) p;
if (mg_vcmp(&hm->method, "POST") != 0)
{
mg_serve_http(nc, (struct http_message *) p, s_http_server_opts);
return;
}
/* Perform password check. */
char user[50], pass[50];
int ul = mg_get_http_var(&hm->body, "user", user, sizeof(user));
int pl = mg_get_http_var(&hm->body, "pass", pass, sizeof(pass));
if (ul > 0)
{
char addr[128];
mg_conn_addr_to_str(nc, addr, sizeof(addr), MG_SOCK_STRINGIFY_REMOTE |
MG_SOCK_STRINGIFY_IP |
MG_SOCK_STRINGIFY_PORT);
//printf("%p conn from %s\n", nc, addr);
//printf("login: user: %s; pass:%s\n", user, pass);
if (check_pass(user, pass))
{
struct session *s = create_session(user, hm);
char shead[100];
snprintf(shead, sizeof(shead), "Set-Cookie: %s=%" INT64_X_FMT "; path=/", SESSION_COOKIE_NAME, s->id);
int level = _get_user_level_by_name(s->user);
//printf("user %s logged in with level %d, sid %" INT64_X_FMT "\n", s->user, level, s->id);
ICOS_slog(MODULE_WEB, LOG_INFO, "user \'%s\' logged in from %s", s->user, addr);
mg_printf(nc,
"HTTP/1.1 200 OK\r\n"
"Content-type: application/json\r\n"
"%s\r\n"
"\r\n"
"{ \"ok\": true }\r\n", shead);
}
else
{
//printf("user %s log in fail\n", user);
ICOS_slog(MODULE_WEB, LOG_INFO, "user \'%s\' log in fail from %s\n", user, addr);
mg_printf(nc,
"HTTP/1.1 200 OK\r\nContent-type: application/json\r\n\r\n"
"{ \"fail\": true, \"info\": \"authorize fail\" }\r\n");
}
}
else
{
mg_printf(nc,
"HTTP/1.1 200 OK\r\nContent-type: application/json\r\n\r\n"
"{ \"fail\": true, \"info\": \"authorize fail\" }\r\n");
}
nc->flags |= MG_F_SEND_AND_CLOSE;
}
- 利用 (user, pass) 來檢查使用者書的帳號和密碼
- 回應都是 HTTP status 200 ok 搭配 json 內容供前端判斷 login 結果
- login pass -
{ "ok": true } - login fail -
{ "fail": true, "info": "authorize fail" }
- login pass -
- login pass 時
- 建立 session 供後續透過 cookie 判斷是哪個使用者
- 利用 response 的 HTTP header 來對使用者的 browser 寫入 cookie
"Set-Cookie: %s=%" INT64_X_FMT "; path=/"
1020
修改一下 URL rewrite 的 設定讓 /api/whoAmI?uuid=0.xxxx 以及 /api/login 都能套同一個 rule
diff --git a/proscend/base_fs/default/rootfs/home/factory/icos/lighttpd/lighttpd.conf b/proscend/base_fs/default/rootfs/home/factory/icos/lighttpd/lighttpd.conf
index 7fa218a..e3aa48e 100644
--- a/proscend/base_fs/default/rootfs/home/factory/icos/lighttpd/lighttpd.conf
+++ b/proscend/base_fs/default/rootfs/home/factory/icos/lighttpd/lighttpd.conf
@@ -159,7 +159,7 @@ $SERVER["socket"] == ":443" {
#### url handling modules (rewrite, redirect, access)
url.rewrite-once = (
- "^/api/whoAmI" => "/fcgi-bin/iweb.fcgi?app=api&act=whoAmI",
+ "^/api/([a-zA-Z]+)[0-9a-zA-Z=.?]*$" => "/fcgi-bin/iweb.fcgi?app=api&act=$1",
"^/cgi-bin/([a-zA-Z]+).cgi$" => "/fcgi-bin/iweb.fcgi?app=$1",
"^/cgi-bin/([a-zA-Z]+).cgi\?act=([a-zA-Z]+)$" => "/fcgi-bin/iweb.fcgi?app=$1&act=$2"
)
diff --git a/proscend/prosrc/fcgi/jweb.c b/proscend/prosrc/fcgi/jweb.c
index ad55a28..fc5489d 100644
--- a/proscend/prosrc/fcgi/jweb.c
+++ b/proscend/prosrc/fcgi/jweb.c
@@ -113,7 +113,12 @@ static void cgi_init_values(void)
-#if 0
+ /*
+ ** use to check URL rewrite
+ ** - before rewirte - REQUEST_URI
+ ** - after rewirte - SCRIPT_NAME + QUERY_STRING
+ */
+#if 1 // use to check URL rewrite
json_object *obj = json_object_new_object();
json_object_object_add(obj, "REQUEST_URI", json_object_new_string(getenv("REQUEST_URI")));
json_object_object_add(obj, "QUERY_STRING", json_object_new_string(getenv("QUERY_STRING")));
這是一個 know how 先上 code
commit d9b54feb21f8edd29e0d99fd201945f52e33379f
Refs: [feature/lighttpd]
Author: jeffrey <[email protected]>
Date: Thu May 9 10:55:05 2019 +0800
let `/api/whoAmI?uuid=0.xxxx` and `/api/login` apply the same rule of "URL rewrite"
.../default/rootfs/home/factory/icos/lighttpd/lighttpd.conf | 2 +-
proscend/prosrc/fcgi/jweb.c | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
1625
參考 JSON parser in C language - json-c
我目前懷疑是我使用 json_object_put() 不恰當所導致
目前 ligttpd 搭 fcgi 運作起來也不太穩定
1800
感覺 lighttpd url rewrite 不太穩定
關掉就穩定很多