d0s3t3ch/wownero
1
0
Fork 0
mirror of https://git.wownero.com/wownero/wownero.git synced 2024-08-15 01:03:23 +00:00
Code Issues Projects Releases Wiki Activity

epee: optionally restrict HTTP service to a configurable user agent

Browse source 
This is intended to catch traffic coming from a web browser,
so we avoid issues with a web page sending a transfer RPC to
the wallet. Requiring a particular user agent can act as a
simple password scheme, while we wait for 0MQ and proper
authentication to be merged.
This commit is contained in:
moneromooo-monero 2016-09-07 21:38:41 +01:00
parent 68e6678ab7
commit eeb2bbc0fc
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
19 changed files with 60 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
contrib/epee/include/net/http_base.h
View file

@ -98,6 +98,7 @@ namespace net_utils
std::string m_content_encoding; //"Content-Encoding:"
std::string m_host; //"Host:"
std::string m_cookie; //"Cookie:"
std::string m_user_agent; //"User-Agent:"
fields_list m_etc_fields;
void clear()
@ -110,6 +111,7 @@ namespace net_utils
m_content_encoding.clear();
m_host.clear();
m_cookie.clear();
m_user_agent.clear();
m_etc_fields.clear();
}
};

12
contrib/epee/include/net/http_client.h
View file

@ -638,10 +638,10 @@ using namespace std;
LOG_FRAME("http_stream_filter::parse_cached_header(*)", LOG_LEVEL_4);
STATIC_REGEXP_EXPR_1(rexp_mach_field,
"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)"
// 12 3 4 5 6 7 8 9
"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)|(User-Agent)"
// 12 3 4 5 6 7 8 9 10
"|([\\w-]+?)) ?: ?((.*?)(\r?\n))[^\t ]",
//10 1112 13
//11 1213 14
boost::regex::icase | boost::regex::normal);
boost::smatch result;
@ -653,8 +653,8 @@ using namespace std;
//lookup all fields and fill well-known fields
while( boost::regex_search( it_current_bound, it_end_bound, result, rexp_mach_field, boost::match_default) && result[0].matched)
{
const size_t field_val = 12;
//const size_t field_etc_name = 10;
const size_t field_val = 13;
//const size_t field_etc_name = 11;
int i = 2; //start position = 2
if(result[i++].matched)//"Connection"
@ -675,6 +675,8 @@ using namespace std;
}
else if(result[i++].matched)//"Cookie"
body_info.m_cookie = result[field_val];
else if(result[i++].matched)//"User-Agent"
body_info.m_user_agent = result[field_val];
else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!)
{;}
else

1
contrib/epee/include/net/http_protocol_handler.h
View file

@ -49,6 +49,7 @@ namespace net_utils
struct http_server_config
{
std::string m_folder;
std::string m_required_user_agent;
critical_section m_lock;
};

23
contrib/epee/include/net/http_protocol_handler.inl
View file

@ -285,7 +285,8 @@ namespace net_utils
}
break;
}
analize_cached_request_header_and_invoke_state(pos);
if (!analize_cached_request_header_and_invoke_state(pos))
return false;
break;
}
case http_state_retriving_body:
@ -387,8 +388,16 @@ namespace net_utils
{
LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): failed to anilize request header: " << m_cache);
m_state = http_state_error;
return false;
}
if (!m_config.m_required_user_agent.empty() && m_query_info.m_header_info.m_user_agent != m_config.m_required_user_agent)
{
LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): unexpected user agent: " << m_query_info.m_header_info.m_user_agent);
m_state = http_state_error;
return false;
}
m_cache.erase(0, pos);
std::string req_command_str = m_query_info.m_full_request_str;
@ -473,10 +482,10 @@ namespace net_utils
LOG_FRAME("http_stream_filter::parse_cached_header(*)", LOG_LEVEL_3);
STATIC_REGEXP_EXPR_1(rexp_mach_field,
"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)"
// 12 3 4 5 6 7 8 9
"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)|(User-Agent)"
// 12 3 4 5 6 7 8 9 10
"|([\\w-]+?)) ?: ?((.*?)(\r?\n))[^\t ]",
//10 1112 13
//11 1213 14
boost::regex::icase | boost::regex::normal);
boost::smatch result;
@ -488,8 +497,8 @@ namespace net_utils
//lookup all fields and fill well-known fields
while( boost::regex_search( it_current_bound, it_end_bound, result, rexp_mach_field, boost::match_default) && result[0].matched)
{
const size_t field_val = 12;
const size_t field_etc_name = 10;
const size_t field_val = 13;
const size_t field_etc_name = 11;
int i = 2; //start position = 2
if(result[i++].matched)//"Connection"
@ -508,6 +517,8 @@ namespace net_utils
body_info.m_host = result[field_val];
else if(result[i++].matched)//"Cookie"
body_info.m_cookie = result[field_val];
else if(result[i++].matched)//"User-Agent"
body_info.m_user_agent = result[field_val];
else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!)
body_info.m_etc_fields.push_back(std::pair<std::string, std::string>(result[field_etc_name], result[field_val]));
else

5
contrib/epee/include/net/http_server_impl_base.h
View file

@ -52,7 +52,7 @@ namespace epee
: m_net_server(external_io_service)
{}
bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0")
bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0", const std::string &user_agent = "")
{
//set self as callback handler
@ -61,6 +61,9 @@ namespace epee
//here set folder for hosting reqests
m_net_server.get_config_object().m_folder = "";
// workaround till we get auth/encryption
m_net_server.get_config_object().m_required_user_agent = user_agent;
LOG_PRINT_L0("Binding on " << bind_ip << ":" << bind_port);
bool res = m_net_server.init_server(bind_port, bind_ip);
if(!res)