#include "afb-context.h"
#include "afb-api-so.h"
#include "afb-xreq.h"
+#include "afb-auth.h"
#include "verbose.h"
/*
afb_xreq_call_verb_v1(xreq, verb);
}
-static struct json_object *addperm(struct json_object *o, struct json_object *x)
-{
- struct json_object *a;
-
- if (!o)
- return x;
-
- if (!json_object_object_get_ex(o, "allOf", &a)) {
- a = json_object_new_array();
- json_object_array_add(a, o);
- o = json_object_new_object();
- json_object_object_add(o, "allOf", a);
- }
- json_object_array_add(a, x);
- return o;
-}
-
-static struct json_object *addperm_key_val(struct json_object *o, const char *key, struct json_object *val)
-{
- struct json_object *x = json_object_new_object();
- json_object_object_add(x, key, val);
- return addperm(o, x);
-}
-
-static struct json_object *addperm_key_valstr(struct json_object *o, const char *key, const char *val)
-{
- return addperm_key_val(o, key, json_object_new_string(val));
-}
-
-static struct json_object *addperm_key_valint(struct json_object *o, const char *key, int val)
-{
- return addperm_key_val(o, key, json_object_new_int(val));
-}
-
struct json_object *afb_api_so_v1_make_description_openAPIv3(struct afb_binding_v1 *binding, const char *apiname)
{
char buffer[256];
g = json_object_new_object();
json_object_object_add(f, "get", g);
- a = NULL;
- if (verb->session & AFB_SESSION_CLOSE_X1)
- a = addperm_key_valstr(a, "session", "close");
- if (verb->session & AFB_SESSION_CHECK_X1)
- a = addperm_key_valstr(a, "session", "check");
- if (verb->session & AFB_SESSION_RENEW_X1)
- a = addperm_key_valstr(a, "token", "refresh");
- if (verb->session & AFB_SESSION_LOA_MASK_X1)
- a = addperm_key_valint(a, "LOA", (verb->session >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1);
+ a = afb_auth_json_x1(verb->session);
if (a)
json_object_object_add(g, "x-permissions", a);
g = json_object_new_object();
json_object_object_add(f, "get", g);
- a = afb_auth_json_v2(verb->auth, verb->session);
+ a = afb_auth_json_x2(verb->auth, verb->session);
if (a)
json_object_object_add(g, "x-permissions", a);
g = json_object_new_object();
json_object_object_add(f, "get", g);
- a = afb_auth_json_v2(verb->auth, verb->session);
+ a = afb_auth_json_x2(verb->auth, verb->session);
if (a)
json_object_object_add(g, "x-permissions", a);
#include <json-c/json.h>
#include <afb/afb-auth.h>
#include <afb/afb-session-x2.h>
+#if WITH_LEGACY_BINDING_V1
+#include <afb/afb-session-x1.h>
+#endif
#include "afb-auth.h"
#include "afb-context.h"
return afb_cred_has_permission(xreq->cred, permission, &xreq->context);
}
+#if WITH_LEGACY_BINDING_V1
+int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int sessionflags)
+{
+ int loa;
+
+ if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
+ if (!afb_context_check(&xreq->context)) {
+ afb_context_close(&xreq->context);
+ return afb_xreq_reply_invalid_token(xreq);
+ }
+ }
+
+ if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
+ loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
+ if (!afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+ }
+
+ if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
+ loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
+ if (afb_context_check_loa(&xreq->context, loa + 1))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+ }
+
+ if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
+ afb_context_change_loa(&xreq->context, 0);
+ afb_context_close(&xreq->context);
+ }
+
+ return 0;
+}
+#endif
+
+int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
+{
+ int loa;
+
+ if (sessionflags != 0) {
+ if (!afb_context_check(&xreq->context)) {
+ afb_context_close(&xreq->context);
+ return afb_xreq_reply_invalid_token(xreq);
+ }
+ }
+
+ loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
+ if (loa && !afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
+
+ if (auth && !afb_auth_check(xreq, auth))
+ return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
+
+ if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
+ afb_context_close(&xreq->context);
+
+ return 0;
+}
+
/*********************************************************************************/
static struct json_object *addperm(struct json_object *o, struct json_object *x)
return o;
}
-struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session)
+struct json_object *afb_auth_json_x2(const struct afb_auth *auth, uint32_t session)
{
struct json_object *result = NULL;
return result;
}
+
+#if WITH_LEGACY_BINDING_V1
+struct json_object *afb_auth_json_x1(int session)
+{
+ struct json_object *result = NULL;
+
+ if (session & AFB_SESSION_CLOSE_X1)
+ result = addperm_key_valstr(result, "session", "close");
+ if (session & AFB_SESSION_CHECK_X1)
+ result = addperm_key_valstr(result, "session", "check");
+ if (session & AFB_SESSION_RENEW_X1)
+ result = addperm_key_valstr(result, "token", "refresh");
+ if (session & AFB_SESSION_LOA_MASK_X1)
+ result = addperm_key_valint(result, "LOA", (session >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1);
+
+ return result;
+}
+#endif
extern int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth);
extern int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission);
-extern struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session);
+extern int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t session, const struct afb_auth *auth);
+extern struct json_object *afb_auth_json_x2(const struct afb_auth *auth, uint32_t session);
+
+#if WITH_LEGACY_BINDING_V1
+extern int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int session);
+extern struct json_object *afb_auth_json_x1(int session);
+#endif
\ No newline at end of file
return -1;
}
-#if WITH_LEGACY_BINDING_V1
-static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
-{
- int loa;
-
- if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- return afb_xreq_reply_invalid_token(xreq);
- }
- }
-
- if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (!afb_context_check_loa(&xreq->context, loa))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- }
-
- if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (afb_context_check_loa(&xreq->context, loa + 1))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- }
-
- if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
- afb_context_change_loa(&xreq->context, 0);
- afb_context_close(&xreq->context);
- }
-
- return 0;
-}
-#endif
-
-static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
-{
- int loa;
-
- if (sessionflags != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- return afb_xreq_reply_invalid_token(xreq);
- }
- }
-
- loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
- if (loa && !afb_context_check_loa(&xreq->context, loa))
- return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
-
- if (auth && !afb_auth_check(xreq, auth))
- return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
-
- if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
- afb_context_close(&xreq->context);
-
- return 0;
-}
-
#if WITH_LEGACY_BINDING_V1
void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb)
{
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v1(xreq, verb->session))
+ if (afb_auth_check_and_set_session_x1(xreq, verb->session) >= 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
+ if (afb_auth_check_and_set_session_x2(xreq, verb->session, verb->auth) >= 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (xreq_session_check_apply_v2(xreq, verb->session, verb->auth) >= 0)
+ if (afb_auth_check_and_set_session_x2(xreq, verb->session, verb->auth) >= 0)
verb->callback(xreq_to_req_x2(xreq));
}