/*
* Copyright (C) 2015 "IoT.bzh"
* Author "Fulup Ar Foll"
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*
* Reference:
* http://stackoverflow.com/questions/25971505/how-to-delete-element-from-hsearch
*
*/
#include "local-def.h"
#include
#include
#include
#include
#include
#include
#include
#include "afb-apis.h"
// Session UUID are store in a simple array [for 10 sessions this should be enough]
static struct {
pthread_mutex_t mutex; // declare a mutex to protect hash table
AFB_clientCtx **store; // sessions store
int count; // current number of sessions
int max;
} sessions;
static const char key_uuid[] = "uuid";
static const char key_token[] = "token";
// Free context [XXXX Should be protected again memory abort XXXX]
static void ctxUuidFreeCB (AFB_clientCtx *client)
{
int idx, cnt;
// If application add a handle let's free it now
if (client->contexts != NULL) {
cnt = afb_apis_count();
// Free client handle with a standard Free function, with app callback or ignore it
for (idx=0; idx < cnt; idx ++) {
if (client->contexts[idx] != NULL) {
afb_apis_free_context(idx, client->contexts[idx]);
}
}
}
}
// Create a new store in RAM, not that is too small it will be automatically extended
void ctxStoreInit (int nbSession)
{
// let's create as store as hashtable does not have any
sessions.store = calloc (1 + (unsigned)nbSession, sizeof(AFB_clientCtx));
sessions.max = nbSession;
}
static AFB_clientCtx *ctxStoreSearch (const char* uuid)
{
int idx;
AFB_clientCtx *client;
if (uuid == NULL)
return NULL;
pthread_mutex_lock(&sessions.mutex);
for (idx=0; idx < sessions.max; idx++) {
if (sessions.store[idx] && (0 == strcmp (uuid, sessions.store[idx]->uuid))) break;
}
if (idx == sessions.max) client=NULL;
else client= sessions.store[idx];
pthread_mutex_unlock(&sessions.mutex);
return client;
}
static AFB_error ctxStoreDel (AFB_clientCtx *client)
{
int idx;
int status;
if (client == NULL)
return AFB_FAIL;
pthread_mutex_lock(&sessions.mutex);
for (idx=0; idx < sessions.max; idx++) {
if (sessions.store[idx] && (0 == strcmp (client->uuid, sessions.store[idx]->uuid))) break;
}
if (idx == sessions.max)
status = AFB_FAIL;
else {
sessions.count--;
ctxUuidFreeCB (sessions.store[idx]);
sessions.store[idx]=NULL;
status = AFB_SUCCESS;
}
pthread_mutex_unlock(&sessions.mutex);
return status;
}
static AFB_error ctxStoreAdd (AFB_clientCtx *client)
{
int idx;
int status;
if (client == NULL)
return AFB_FAIL;
//fprintf (stderr, "ctxStoreAdd request uuid=%s count=%d\n", client->uuid, sessions.count);
pthread_mutex_lock(&sessions.mutex);
for (idx=0; idx < sessions.max; idx++) {
if (NULL == sessions.store[idx]) break;
}
if (idx == sessions.max) status=AFB_FAIL;
else {
status=AFB_SUCCESS;
sessions.count ++;
sessions.store[idx]= client;
}
pthread_mutex_unlock(&sessions.mutex);
return status;
}
// Check if context timeout or not
static int ctxStoreTooOld (AFB_clientCtx *ctx, int timeout)
{
int res;
time_t now = time(NULL);
res = (ctx->timeStamp + timeout) <= now;
return res;
}
// Loop on every entry and remove old context sessions.hash
void ctxStoreGarbage (const int timeout)
{
AFB_clientCtx *ctx;
long idx;
// Loop on Sessions Table and remove anything that is older than timeout
for (idx=0; idx < sessions.max; idx++) {
ctx = sessions.store[idx];
if ((ctx != NULL) && (ctxStoreTooOld(ctx, timeout))) {
ctxStoreDel (ctx);
}
}
}
// This function will return exiting client context or newly created client context
AFB_clientCtx *ctxClientGet (AFB_request *request, int apiidx)
{
AFB_clientCtx *clientCtx=NULL;
const char *uuid;
uuid_t newuuid;
if (request->config->token == NULL) return NULL;
// Check if client as a context or not inside the URL
uuid = MHD_lookup_connection_value(request->connection, MHD_GET_ARGUMENT_KIND, key_uuid);
// if UUID in query we're restfull with no cookies otherwise check for cookie
if (uuid != NULL)
request->restfull = TRUE;
else {
char cookie[64];
request->restfull = FALSE;
snprintf(cookie, sizeof cookie, "%s-%d", COOKIE_NAME, request->config->httpdPort);
uuid = MHD_lookup_connection_value (request->connection, MHD_COOKIE_KIND, cookie);
};
// Warning when no cookie defined MHD_lookup_connection_value may return something !!!
if ((uuid != NULL) && (strnlen (uuid, 10) >= 10)) {
// search if client context exist and it not timeout let's use it
clientCtx = ctxStoreSearch (uuid);
if (clientCtx) {
if (ctxStoreTooOld (clientCtx, request->config->cntxTimeout)) {
// this session is too old let's delete it
ctxStoreDel (clientCtx);
clientCtx = NULL;
} else {
request->context = clientCtx->contexts[apiidx];
request->uuid = uuid;
return clientCtx;
}
}
}
// we have no session let's create one otherwise let's clean any exiting values
if (clientCtx == NULL) {
clientCtx = calloc(1, sizeof(AFB_clientCtx)); // init NULL clientContext
clientCtx->contexts = calloc ((unsigned)afb_apis_count(), sizeof (void*));
}
uuid_generate(newuuid); // create a new UUID
uuid_unparse_lower(newuuid, clientCtx->uuid);
// if table is full at 50% let's clean it up
if(sessions.count > (sessions.max / 2)) ctxStoreGarbage(request->config->cntxTimeout);
// finally add uuid into hashtable
if (AFB_SUCCESS != ctxStoreAdd (clientCtx)) {
free (clientCtx);
return NULL;
}
// if (verbose) fprintf (stderr, "ctxClientGet New uuid=[%s] token=[%s] timestamp=%d\n", clientCtx->uuid, clientCtx->token, clientCtx->timeStamp);
request->context = clientCtx->contexts[apiidx];
request->uuid = clientCtx->uuid;
return clientCtx;
}
// Sample Generic Ping Debug API
AFB_error ctxTokenCheck (AFB_clientCtx *clientCtx, AFB_request *request)
{
const char *token;
if (clientCtx->contexts == NULL)
return AFB_EMPTY;
// this time have to extract token from query list
token = MHD_lookup_connection_value(request->connection, MHD_GET_ARGUMENT_KIND, key_token);
// if not token is providing we refuse the exchange
if ((token == NULL) || (clientCtx->token == NULL))
return AFB_FALSE;
// compare current token with previous one
if ((0 == strcmp (token, clientCtx->token)) && (!ctxStoreTooOld (clientCtx, request->config->cntxTimeout))) {
return AFB_SUCCESS;
}
// Token is not valid let move level of assurance to zero and free attached client handle
return AFB_FAIL;
}
// Free Client Session Context
AFB_error ctxTokenReset (AFB_clientCtx *clientCtx, AFB_request *request)
{
if (clientCtx == NULL)
return AFB_EMPTY;
//if (verbose) fprintf (stderr, "ctxClientReset New uuid=[%s] token=[%s] timestamp=%d\n", clientCtx->uuid, clientCtx->token, clientCtx->timeStamp);
// Search for an existing client with the same UUID
clientCtx = ctxStoreSearch (clientCtx->uuid);
if (clientCtx == NULL)
return AFB_FALSE;
// Remove client from table
ctxStoreDel (clientCtx);
return AFB_SUCCESS;
}
// generate a new token
AFB_error ctxTokenCreate (AFB_clientCtx *clientCtx, AFB_request *request)
{
uuid_t newuuid;
const char *token;
if (clientCtx == NULL)
return AFB_EMPTY;
// if config->token!="" then verify that we have the right initial share secret
if (request->config->token[0] != '\0') {
// check for initial token secret and return if not presented
token = MHD_lookup_connection_value(request->connection, MHD_GET_ARGUMENT_KIND, key_token);
if (token == NULL)
return AFB_UNAUTH;
// verify that it fits with initial tokens fit
if (strcmp(request->config->token, token))
return AFB_UNAUTH;
}
// create a UUID as token value
uuid_generate(newuuid);
uuid_unparse_lower(newuuid, clientCtx->token);
// keep track of time for session timeout and further clean up
clientCtx->timeStamp=time(NULL);
// Token is also store in context but it might be convenient for plugin to access it directly
return AFB_SUCCESS;
}
// generate a new token and update client context
AFB_error ctxTokenRefresh (AFB_clientCtx *clientCtx, AFB_request *request)
{
uuid_t newuuid;
if (clientCtx == NULL)
return AFB_EMPTY;
// Check if the old token is valid
if (ctxTokenCheck (clientCtx, request) != AFB_SUCCESS)
return AFB_FAIL;
// Old token was valid let's regenerate a new one
uuid_generate(newuuid); // create a new UUID
uuid_unparse_lower(newuuid, clientCtx->token);
// keep track of time for session timeout and further clean up
clientCtx->timeStamp=time(NULL);
return AFB_SUCCESS;
}