Code Review / src / app-framework-binder.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Added --token=xxxxx for initial shared secret
[src/app-framework-binder.git] / src / session.c
diff --git a/src/session.c b/src/session.c
index a5a0040..56620f3 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -476,9 +476,23 @@ PUBLIC AFB_error ctxTokenCreate (AFB_request *request) {
     int oldTnkValid;
     const char *ornew;
     uuid_t newuuid;
+    const char *token;
 
     if (request->client == NULL) return AFB_EMPTY;
 
+    // if config->token!="" then verify that we have the right initial share secret   
+    if (request->config->token[0] != '\0') {
+        
+        // check for initial token secret and return if not presented
+        token = MHD_lookup_connection_value(request->connection, MHD_GET_ARGUMENT_KIND, "token");
+        if (token == NULL) return AFB_UNAUTH;
+        
+        // verify that presented initial tokens fit
+        if (strcmp(request->config->token, token)) return AFB_UNAUTH;
+        
+    }
+    
+
     // create a UUID as token value
     uuid_generate(newuuid); 
     uuid_unparse_lower(newuuid, request->client->token);
Application Framework binder daemon, maintained by iot.bzh team