From: Jose Bollo <jose.bollo@iot.bzh>
Date: Wed, 23 Oct 2019 12:08:12 +0000 (+0200)
Subject: afb-hreq: Handle HTTP header Authorization
X-Git-Tag: 8.99.1~1
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?p=src%2Fapp-framework-binder.git;a=commitdiff_plain;h=1b240e6b92eb3762594312cc603180ae5ce77f72

afb-hreq: Handle HTTP header Authorization

Allows the client to pass its authorization
token using the standard RFC 6750 method.

Bug-AGL: SPEC-2968

Change-Id: Ie9428f4b63554af121b091282ae2c126b4d0c020
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
---

diff --git a/src/afb-hreq.c b/src/afb-hreq.c
index a2df4b13..462f7ad5 100644
--- a/src/afb-hreq.c
+++ b/src/afb-hreq.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <ctype.h>
 #include <assert.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -735,6 +736,24 @@ const char *afb_hreq_get_header(struct afb_hreq *hreq, const char *name)
 	return MHD_lookup_connection_value(hreq->connection, MHD_HEADER_KIND, name);
 }
 
+const char *afb_hreq_get_authorization_bearer(struct afb_hreq *hreq)
+{
+	static const char bearer[] = "Bearer";
+	const char *value = afb_hreq_get_header(hreq, MHD_HTTP_HEADER_AUTHORIZATION);
+	if (value) {
+		if (strncasecmp(value, bearer, sizeof bearer - 1) == 0) {
+			value += sizeof bearer - 1;
+			if (isblank(*value++)) {
+				while (isblank(*value))
+					value++;
+				if (*value)
+					return value;
+			}
+		}
+	}
+	return NULL;
+}
+
 int afb_hreq_post_add(struct afb_hreq *hreq, const char *key, const char *data, size_t size)
 {
 	void *p;
@@ -948,19 +967,27 @@ int afb_hreq_init_context(struct afb_hreq *hreq)
 	if (hreq->xreq.context.session != NULL)
 		return 0;
 
+	/* get the uuid of the session */
 	uuid = afb_hreq_get_header(hreq, long_key_for_uuid);
-	if (uuid == NULL)
+	if (uuid == NULL) {
 		uuid = afb_hreq_get_argument(hreq, long_key_for_uuid);
-	if (uuid == NULL)
-		uuid = afb_hreq_get_cookie(hreq, cookie_name);
-	if (uuid == NULL)
-		uuid = afb_hreq_get_argument(hreq, short_key_for_uuid);
-
-	token = afb_hreq_get_header(hreq, long_key_for_token);
-	if (token == NULL)
-		token = afb_hreq_get_argument(hreq, long_key_for_token);
-	if (token == NULL)
-		token = afb_hreq_get_argument(hreq, short_key_for_token);
+		if (uuid == NULL) {
+			uuid = afb_hreq_get_cookie(hreq, cookie_name);
+			if (uuid == NULL)
+				uuid = afb_hreq_get_argument(hreq, short_key_for_uuid);
+		}
+	}
+
+	/* get the authorisation token */
+	token = afb_hreq_get_authorization_bearer(hreq);
+	if (token == NULL) {
+		token = afb_hreq_get_header(hreq, long_key_for_token);
+		if (token == NULL) {
+			token = afb_hreq_get_argument(hreq, long_key_for_token);
+			if (token == NULL)
+				token = afb_hreq_get_argument(hreq, short_key_for_token);
+		}
+	}
 
 	return afb_context_connect(&hreq->xreq.context, uuid, token);
 }