/*
- * Copyright (C) 2017-2019 "IoT.bzh"
+ * Copyright (C) 2015-2020 "IoT.bzh"
* Author José Bollo <jose.bollo@iot.bzh>
*
* Licensed under the Apache License, Version 2.0 (the "License");
static int xreq_has_permission_cb(struct afb_req_x2 *closure, const char *permission)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return afb_auth_has_permission(xreq, permission);
+ return afb_context_has_permission(&xreq->context, permission);
}
static char *xreq_get_application_id_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return xreq->cred && xreq->cred->id ? strdup(xreq->cred->id) : NULL;
+ struct afb_cred *cred = xreq->context.credentials;
+ return cred && cred->id ? strdup(cred->id) : NULL;
}
static void *xreq_context_make_cb(struct afb_req_x2 *closure, int replace, void *(*create_value)(void*), void (*free_value)(void*), void *create_closure)
static int xreq_get_uid_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return xreq->cred && xreq->cred->id ? (int)xreq->cred->uid : -1;
+ struct afb_cred *cred = xreq->context.credentials;
+ return cred && cred->id ? (int)cred->uid : -1;
}
static struct json_object *xreq_get_client_info_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
+ struct afb_cred *cred = xreq->context.credentials;
struct json_object *r = json_object_new_object();
- if (xreq->cred && xreq->cred->id) {
- json_object_object_add(r, "uid", json_object_new_int(xreq->cred->uid));
- json_object_object_add(r, "gid", json_object_new_int(xreq->cred->gid));
- json_object_object_add(r, "pid", json_object_new_int(xreq->cred->pid));
- json_object_object_add(r, "user", json_object_new_string(xreq->cred->user));
- json_object_object_add(r, "label", json_object_new_string(xreq->cred->label));
- json_object_object_add(r, "id", json_object_new_string(xreq->cred->id));
+ if (cred && cred->id) {
+ json_object_object_add(r, "uid", json_object_new_int(cred->uid));
+ json_object_object_add(r, "gid", json_object_new_int(cred->gid));
+ json_object_object_add(r, "pid", json_object_new_int(cred->pid));
+ json_object_object_add(r, "user", json_object_new_string(cred->user));
+ json_object_object_add(r, "label", json_object_new_string(cred->label));
+ json_object_object_add(r, "id", json_object_new_string(cred->id));
}
if (xreq->context.session) {
json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)?:""));
return -1;
}
-#if WITH_LEGACY_BINDING_V1
-static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
-{
- int loa;
-
- if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- return afb_xreq_reply_invalid_token(xreq);
- }
- }
-
- if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (!afb_context_check_loa(&xreq->context, loa))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- }
-
- if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (afb_context_check_loa(&xreq->context, loa + 1))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- }
-
- if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
- afb_context_change_loa(&xreq->context, 0);
- afb_context_close(&xreq->context);
- }
-
- return 0;
-}
-#endif
-
-static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
-{
- int loa;
-
- if (sessionflags != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- return afb_xreq_reply_invalid_token(xreq);
- }
- }
-
- loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
- if (loa && !afb_context_check_loa(&xreq->context, loa))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
-
- if (auth && !afb_auth_check(xreq, auth))
- return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
-
- if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
- afb_context_close(&xreq->context);
-
- return 0;
-}
-
#if WITH_LEGACY_BINDING_V1
void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb)
{
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v1(xreq, verb->session))
+ if (afb_auth_check_and_set_session_x1(xreq, verb->session) >= 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
+ if (afb_auth_check_and_set_session_x2(xreq, verb->auth, verb->session) > 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (xreq_session_check_apply_v2(xreq, verb->session, verb->auth) >= 0)
+ if (afb_auth_check_and_set_session_x2(xreq, verb->auth, verb->session) > 0)
verb->callback(xreq_to_req_x2(xreq));
}
const char *xreq_on_behalf_cred_export(struct afb_xreq *xreq)
{
- return xreq->caller ? afb_cred_export(xreq->cred) : NULL;
+ return afb_context_on_behalf_export(&xreq->context);
}