X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-hreq.c;h=4d5f659c24a369ca5f98a956cd00f80a7b78ca87;hb=b4da3b7f3db2211e7ecca74301e26b3089fda5a2;hp=54c097e0ba2f0ec9c4a41da25e67b65cd23a6c9d;hpb=93d8d6f69399dacbb43c0780ebccc378b4f44880;p=src%2Fapp-framework-binder.git

diff --git a/src/afb-hreq.c b/src/afb-hreq.c
index 54c097e0..4d5f659c 100644
--- a/src/afb-hreq.c
+++ b/src/afb-hreq.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016, 2017, 2018 "IoT.bzh"
+ * Copyright (C) 2016-2019 "IoT.bzh"
  * Author: José Bollo <jose.bollo@iot.bzh>
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <ctype.h>
 #include <assert.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -27,6 +28,9 @@
 
 #include <microhttpd.h>
 #include <json-c/json.h>
+#if !defined(JSON_C_TO_STRING_NOSLASHESCAPE)
+#define JSON_C_TO_STRING_NOSLASHESCAPE 0
+#endif
 
 #if defined(USE_MAGIC_MIME_TYPE)
 #include <magic.h>
@@ -39,6 +43,7 @@
 #include "afb-hsrv.h"
 #include "afb-session.h"
 #include "afb-cred.h"
+#include "afb-token.h"
 #include "verbose.h"
 #include "locale-root.h"
 
@@ -57,6 +62,9 @@ static const char short_key_for_token[] = "token";
 static const char long_key_for_reqid[] = "x-afb-reqid";
 static const char short_key_for_reqid[] = "reqid";
 
+static const char key_for_bearer[] = "Bearer";
+static const char key_for_access_token[] = "access_token";
+
 static char *cookie_name = NULL;
 static char *cookie_setter = NULL;
 static char *tmp_pattern = NULL;
@@ -159,7 +167,8 @@ static void afb_hreq_reply_v(struct afb_hreq *hreq, unsigned status, struct MHD_
 		MHD_add_response_header(response, k, v);
 		k = va_arg(args, const char *);
 	}
-	v = afb_context_sent_uuid(&hreq->xreq.context);
+
+	v = afb_context_uuid(&hreq->xreq.context);
 	if (v != NULL && asprintf(&cookie, cookie_setter, v) > 0) {
 		MHD_add_response_header(response, MHD_HTTP_HEADER_SET_COOKIE, cookie);
 		free(cookie);
@@ -732,6 +741,23 @@ const char *afb_hreq_get_header(struct afb_hreq *hreq, const char *name)
 	return MHD_lookup_connection_value(hreq->connection, MHD_HEADER_KIND, name);
 }
 
+const char *afb_hreq_get_authorization_bearer(struct afb_hreq *hreq)
+{
+	const char *value = afb_hreq_get_header(hreq, MHD_HTTP_HEADER_AUTHORIZATION);
+	if (value) {
+		if (strncasecmp(value, key_for_bearer, sizeof key_for_bearer - 1) == 0) {
+			value += sizeof key_for_bearer - 1;
+			if (isblank(*value++)) {
+				while (isblank(*value))
+					value++;
+				if (*value)
+					return value;
+			}
+		}
+	}
+	return NULL;
+}
+
 int afb_hreq_post_add(struct afb_hreq *hreq, const char *key, const char *data, size_t size)
 {
 	void *p;
@@ -897,7 +923,7 @@ static struct json_object *req_json(struct afb_xreq *xreq)
 
 static ssize_t send_json_cb(json_object *obj, uint64_t pos, char *buf, size_t max)
 {
-	ssize_t len = stpncpy(buf, json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN)+pos, max) - buf;
+	ssize_t len = stpncpy(buf, json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)+pos, max) - buf;
 	return len ? : (ssize_t)MHD_CONTENT_READER_END_OF_STREAM;
 }
 
@@ -918,7 +944,7 @@ static void req_reply(struct afb_xreq *xreq, struct json_object *object, const c
 	if (reqid != NULL && json_object_object_get_ex(reply, "request", &sub))
 		json_object_object_add(sub, "reqid", json_object_new_string(reqid));
 
-	response = MHD_create_response_from_callback((uint64_t)strlen(json_object_to_json_string_ext(reply, JSON_C_TO_STRING_PLAIN)), SIZE_RESPONSE_BUFFER, (void*)send_json_cb, reply, (void*)json_object_put);
+	response = MHD_create_response_from_callback((uint64_t)strlen(json_object_to_json_string_ext(reply, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)), SIZE_RESPONSE_BUFFER, (void*)send_json_cb, reply, (void*)json_object_put);
 	afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
 }
 
@@ -941,25 +967,40 @@ int afb_hreq_init_context(struct afb_hreq *hreq)
 {
 	const char *uuid;
 	const char *token;
+	struct afb_token *tok;
 
 	if (hreq->xreq.context.session != NULL)
 		return 0;
 
+	/* get the uuid of the session */
 	uuid = afb_hreq_get_header(hreq, long_key_for_uuid);
-	if (uuid == NULL)
+	if (uuid == NULL) {
 		uuid = afb_hreq_get_argument(hreq, long_key_for_uuid);
-	if (uuid == NULL)
-		uuid = afb_hreq_get_cookie(hreq, cookie_name);
-	if (uuid == NULL)
-		uuid = afb_hreq_get_argument(hreq, short_key_for_uuid);
-
-	token = afb_hreq_get_header(hreq, long_key_for_token);
-	if (token == NULL)
-		token = afb_hreq_get_argument(hreq, long_key_for_token);
-	if (token == NULL)
-		token = afb_hreq_get_argument(hreq, short_key_for_token);
-
-	return afb_context_connect(&hreq->xreq.context, uuid, token);
+		if (uuid == NULL) {
+			uuid = afb_hreq_get_cookie(hreq, cookie_name);
+			if (uuid == NULL)
+				uuid = afb_hreq_get_argument(hreq, short_key_for_uuid);
+		}
+	}
+
+	/* get the authorisation token */
+	token = afb_hreq_get_authorization_bearer(hreq);
+	if (token == NULL) {
+		token = afb_hreq_get_argument(hreq, key_for_access_token);
+		if (token == NULL) {
+			token = afb_hreq_get_header(hreq, long_key_for_token);
+			if (token == NULL) {
+				token = afb_hreq_get_argument(hreq, long_key_for_token);
+				if (token == NULL)
+					token = afb_hreq_get_argument(hreq, short_key_for_token);
+			}
+		}
+	}
+	tok = NULL;
+	if (token)
+		afb_token_get(&tok, token);
+
+	return afb_context_connect(&hreq->xreq.context, uuid, tok);
 }
 
 int afb_hreq_init_cookie(int port, const char *path, int maxage)