check_query_token()

This commit is contained in:
psyc://psyced.org/~lynX 2010-03-02 23:45:06 +01:00
parent 6e5c5b98db
commit 8c6522112a
3 changed files with 16 additions and 12 deletions

View File

@ -7,6 +7,7 @@
#include <net.h> #include <net.h>
#include <services.h> #include <services.h>
#include <proto.h>
#include "driver.h" #include "driver.h"
//#include CONFIG_PATH "ports.h" //#include CONFIG_PATH "ports.h"
@ -216,3 +217,13 @@ varargs string make_query_string(mapping params, int sort) {
return q; return q;
} }
object check_query_token(mapping query) {
string nick;
object user;
if (nick = query["user"]) user = find_person(nick);
if (user && user->validToken(query["token"])) return user;
return 0;
}

View File

@ -14,6 +14,7 @@
void dns_resolve(string hostname, closure callback, varargs array(mixed) extra); void dns_resolve(string hostname, closure callback, varargs array(mixed) extra);
void dns_rresolve(string ip, closure callback, varargs array(mixed) extra); void dns_rresolve(string ip, closure callback, varargs array(mixed) extra);
#endif #endif
varargs object find_person(string name, vaint lowercazed);
#ifndef hex2int #ifndef hex2int
int hex2int(string hex); int hex2int(string hex);
#endif #endif

View File

@ -530,14 +530,6 @@ void displayFooter() {
w("_HTML_tail_threads", "</body></html>"); w("_HTML_tail_threads", "</body></html>");
} }
static object checkToken(mapping query) {
string nick;
object user;
if (nick = query["user"]) user = find_person(nick);
if (user && user->validToken(query["token"])) return user;
return 0;
}
htget(prot, query, headers, qs, data) { htget(prot, query, headers, qs, data) {
mapping entrymap; mapping entrymap;
mixed target; mixed target;
@ -546,7 +538,7 @@ htget(prot, query, headers, qs, data) {
int a; int a;
int limit = to_int(query["limit"]) || DEFAULT_BACKLOG; int limit = to_int(query["limit"]) || DEFAULT_BACKLOG;
int offset = to_int(query["offset"]); int offset = to_int(query["offset"]);
int authed = checkToken(query) ? 1 : 0; int authed = check_query_token(query) ? 1 : 0;
unless (isPublic() || authed) { unless (isPublic() || authed) {
write("<h1>404</h1>"); write("<h1>404</h1>");
return 1; return 1;
@ -570,7 +562,7 @@ htget(prot, query, headers, qs, data) {
htok(prot); htok(prot);
// TODO: remote user auth // TODO: remote user auth
unless (user = checkToken(query)) { unless (user = check_query_token(query)) {
write("Not authenticated!\n"); write("Not authenticated!\n");
return 1; return 1;
} }
@ -618,10 +610,10 @@ htget(prot, query, headers, qs, data) {
//P2(("all entries: %O\n", _thread)) //P2(("all entries: %O\n", _thread))
htok3(prot, "text/html", "Cache-Control: no-cache\n"); htok3(prot, "text/html", "Cache-Control: no-cache\n");
displayHeader("entries"); displayHeader("entries");
if ((user = checkToken(query)) && canPost(user->qName())) if ((user = check_query_token(query)) && canPost(user->qName()))
displayForm(!v("showform")); displayForm(!v("showform"));
// display the blog // display the blog
displayMain(limit, offset, checkToken(query) ? 1 : 0); displayMain(limit, offset, check_query_token(query) ? 1 : 0);
// display the chatlog // display the chatlog
if (showWebLog()) logView(a < 24 ? a : 12, "html", 15); if (showWebLog()) logView(a < 24 ? a : 12, "html", 15);
displayFooter(); displayFooter();