afb-context.c
afb-cred.c
afb-debug.c
+ afb-error-text.c
afb-evt.c
afb-export.c
afb-fdev.c
#include "afb-msg-json.h"
#include "afb-session.h"
#include "afb-xreq.h"
+#include "afb-error-text.h"
#include "jobs.h"
#include "verbose.h"
/******************************************************************************/
-static const char _internal_error_[] = "internal-error";
-
-/******************************************************************************/
-
static int store_reply(
struct json_object *iobject, const char *ierror, const char *iinfo,
struct json_object **sobject, char **serror, char **sinfo)
callreq->jobloop = jobloop;
afb_export_process_xreq(callreq->export, &callreq->xreq);
} else {
- afb_xreq_reply(&callreq->xreq, NULL, _internal_error_, NULL);
+ afb_xreq_reply(&callreq->xreq, NULL, afb_error_text_internal_error, NULL);
}
}
afb_xreq_unhooked_unref(&callreq->xreq);
interr:
- return store_reply(NULL, _internal_error_, NULL, object, error, info);
+ return store_reply(NULL, afb_error_text_internal_error, NULL, object, error, info);
}
/******************************************************************************/
callreq = callreq_create(export, caller, api, verb, args, flags, mode);
if (!callreq)
- final(closure, NULL, _internal_error_, NULL, (union callback){ .any = callback }, export, caller);
+ final(closure, NULL, afb_error_text_internal_error, NULL, (union callback){ .any = callback }, export, caller);
else {
callreq->callback.any = callback;
callreq->closure = closure;
afb_xreq_unhooked_unref(&callreq->xreq);
interr:
if (object)
- *object = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL);
+ *object = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL);
return -1;
}
callreq = callreq_create(export, caller, api, verb, args, flags, mode);
if (!callreq) {
- ie = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL);
+ ie = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL);
final(closure, -1, ie, (union callback){ .any = callback }, export, caller);
json_object_put(ie);
} else {
--- /dev/null
+/*
+ * Copyright (C) 2015-2019 "IoT.bzh"
+ * Author José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "afb-error-text.h"
+
+const char afb_error_text_aborted[] = "aborted";
+const char afb_error_text_disconnected[] = "disconnected";
+const char afb_error_text_invalid_request[] = "invalid-request";
+const char afb_error_text_not_available[] = "not-available";
+const char afb_error_text_not_replied[] = "not-replied";
+const char afb_error_text_unknown_api[] = "unknown-api";
+const char afb_error_text_unknown_session[] = "unknown-session";
+const char afb_error_text_unknown_verb[] = "unknown-verb";
+const char afb_error_text_insufficient_scope[] = "insufficient-scope";
+const char afb_error_text_internal_error[] = "internal-error";
+const char afb_error_text_invalid_token[] = "invalid-token";
+
--- /dev/null
+/*
+ * Copyright (C) 2015-2019 "IoT.bzh"
+ * Author José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+extern const char afb_error_text_aborted[];
+extern const char afb_error_text_disconnected[];
+extern const char afb_error_text_invalid_request[];
+extern const char afb_error_text_not_available[];
+extern const char afb_error_text_not_replied[];
+extern const char afb_error_text_unknown_api[];
+extern const char afb_error_text_unknown_session[];
+extern const char afb_error_text_unknown_verb[];
+extern const char afb_error_text_insufficient_scope[];
+extern const char afb_error_text_internal_error[];
+extern const char afb_error_text_invalid_token[];
#include "afb-session.h"
#include "afb-xreq.h"
#include "afb-calls.h"
+#include "afb-error-text.h"
#include "systemd.h"
#include "jobs.h"
afb_api_v3_process_call(export->desc.v3, xreq);
break;
default:
- afb_xreq_reply(xreq, NULL, "bad-api-type", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, NULL);
break;
}
}
#include "afb-session.h"
#include "afb-cred.h"
#include "afb-token.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "locale-root.h"
return obj;
}
+static inline const char *get_json_string(json_object *obj)
+{
+ return json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE);
+}
static ssize_t send_json_cb(json_object *obj, uint64_t pos, char *buf, size_t max)
{
- ssize_t len = stpncpy(buf, json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)+pos, max) - buf;
+ ssize_t len = stpncpy(buf, get_json_string(obj)+pos, max) - buf;
return len ? : (ssize_t)MHD_CONTENT_READER_END_OF_STREAM;
}
if (reqid != NULL && json_object_object_get_ex(reply, "request", &sub))
json_object_object_add(sub, "reqid", json_object_new_string(reqid));
- response = MHD_create_response_from_callback((uint64_t)strlen(json_object_to_json_string_ext(reply, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)), SIZE_RESPONSE_BUFFER, (void*)send_json_cb, reply, (void*)json_object_put);
- afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
+ response = MHD_create_response_from_callback(
+ (uint64_t)strlen(get_json_string(reply)),
+ SIZE_RESPONSE_BUFFER,
+ (void*)send_json_cb,
+ reply,
+ (void*)json_object_put);
+
+ /* handle authorisation feedback */
+ if (error == afb_error_text_invalid_token)
+ afb_hreq_reply(hreq, MHD_HTTP_UNAUTHORIZED, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"invalid_token\"", NULL);
+ else if (error == afb_error_text_insufficient_scope)
+ afb_hreq_reply(hreq, MHD_HTTP_FORBIDDEN, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"insufficient_scope\"", NULL);
+ else
+ afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
}
void afb_hreq_call(struct afb_hreq *hreq, struct afb_apiset *apiset, const char *api, size_t lenapi, const char *verb, size_t lenverb)
#include "afb-xreq.h"
#include "afb-trace.h"
#include "afb-session.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "wrap-json.h"
#else
static void f_trace(afb_req_t req)
{
- afb_req_reply(req, NULL, "not-available", NULL);
+ afb_req_reply(req, NULL, afb_error_text_not_available, NULL);
}
#endif
#include "afb-evt.h"
#include "afb-xreq.h"
#include "afb-token.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "fdev.h"
#include "jobs.h"
proto = client_get_proto(stubws);
if (proto == NULL) {
- afb_xreq_reply(xreq, NULL, "disconnected", "server hung up");
+ afb_xreq_reply(xreq, NULL, afb_error_text_disconnected, NULL);
return;
}
xreq_on_behalf_cred_export(xreq));
}
if (rc < 0) {
- afb_xreq_reply(xreq, NULL, "internal", "can't send message");
+ afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, "can't send message");
afb_xreq_unhooked_unref(xreq);
}
}
no_session:
json_object_put(args);
afb_stub_ws_unref(stubws);
- afb_proto_ws_call_reply(call, NULL, "internal-error", NULL);
+ afb_proto_ws_call_reply(call, NULL, afb_error_text_internal_error, NULL);
afb_proto_ws_call_unref(call);
}
#include "afb-stub-ws.h"
#include "afb-debug.h"
#include "afb-fdev.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "wrap-json.h"
#include "jobs.h"
if (wrap_json_unpack(args, "s", &uuid))
wrap_json_unpack(args, "{ss}", "uuid", &uuid);
if (!uuid)
- afb_xreq_reply(xreq, NULL, "invalid", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL);
else {
session = afb_session_search(uuid);
if (!session)
- afb_xreq_reply(xreq, NULL, "not-found", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_unknown_session, NULL);
else {
afb_session_close(session);
afb_session_unref(session);
}
afb_req_success(req, NULL, NULL);
#else
- afb_req_reply(req, NULL, "not-available", NULL);
+ afb_req_reply(req, NULL, afb_error_text_not_available, NULL);
#endif
break;
case Do:
sub = NULL;
if (wrap_json_unpack(args, "{ss ss s?o*}", "api", &api, "verb", &verb, "args", &sub))
- afb_xreq_reply(xreq, NULL, "error", "bad request");
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL);
else {
xapi = afb_apiset_lookup_started(global.apiset, api, 1);
if (!xapi)
#include "afb-hook.h"
#include "afb-msg-json.h"
#include "afb-xreq.h"
+#include "afb-error-text.h"
#include "jobs.h"
#include "verbose.h"
static void xreq_finalize(struct afb_xreq *xreq)
{
if (!xreq->replied)
- afb_xreq_reply(xreq, NULL, "error", "no reply");
+ afb_xreq_reply(xreq, NULL, afb_error_text_not_replied, NULL);
#if WITH_AFB_HOOK
if (xreq->hookflags)
afb_hook_xreq_end(xreq);
return afb_req_x2_subcall_sync_legacy(xreq_to_req_x2(xreq), api, verb, args, result);
}
+int afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
+{
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_api, "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
+{
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_verb, "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_invalid_token(struct afb_xreq *xreq)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_token, "invalid token"); /* TODO: or "no token" */
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_insufficient_scope, scope ?: "insufficient scope");
+ errno = EPERM;
+ return -1;
+}
+
#if WITH_LEGACY_BINDING_V1
static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
{
if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
+ return afb_xreq_reply_invalid_token(xreq);
}
}
if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (!afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (!afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
}
if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (afb_context_check_loa(&xreq->context, loa + 1)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (afb_context_check_loa(&xreq->context, loa + 1))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
}
if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
if (sessionflags != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
+ return afb_xreq_reply_invalid_token(xreq);
}
}
loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
- if (loa && !afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (loa && !afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- if (auth && !afb_auth_check(xreq, auth)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "authorisation refused");
- errno = EPERM;
- return -1;
- }
+ if (auth && !afb_auth_check(xreq, auth))
+ return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
- if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) {
+ if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
afb_context_close(&xreq->context);
- }
return 0;
}
xreq->queryitf = queryitf;
}
-void afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-api", "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
-}
-
-void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-verb", "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
-}
-
#if WITH_AFB_HOOK
static void init_hooking(struct afb_xreq *xreq)
{
if (signum != 0) {
/* emit the error (assumes that hooking is initialised) */
- afb_xreq_reply_f(xreq, NULL, "aborted", "signal %s(%d) caught", strsignal(signum), signum);
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_aborted, "signal %s(%d) caught", strsignal(signum), signum);
} else {
#if WITH_AFB_HOOK
/* init hooking */
extern void afb_xreq_reply(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info);
extern void afb_xreq_reply_f(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info, ...);
-extern void afb_xreq_reply_unknown_api(struct afb_xreq *xreq);
-extern void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq);
+extern int afb_xreq_reply_unknown_api(struct afb_xreq *xreq);
+extern int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq);
+
+extern int afb_xreq_reply_invalid_token(struct afb_xreq *xreq);
+extern int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope);
+
extern const char *afb_xreq_raw(struct afb_xreq *xreq, size_t *size);
Code Review / src / app-framework-binder.git / commitdiff