From 74a7ebbea3d36158aabbda85d2aeb5a1b3a9daa9 Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Wed, 27 Nov 2019 12:20:38 +0100 Subject: [PATCH] afb-error-text: Introduce standard error text The standard error text are used to return standard HTTP error codes. Bug-AGL: SPEC-2968 Change-Id: Ic70e7982b1e05a1830cfa4e54813227621192ae2 Signed-off-by: Jose Bollo --- src/CMakeLists.txt | 1 + src/afb-calls.c | 15 ++++------ src/afb-error-text.c | 31 +++++++++++++++++++ src/afb-error-text.h | 30 +++++++++++++++++++ src/afb-export.c | 3 +- src/afb-hreq.c | 23 +++++++++++++-- src/afb-monitor.c | 3 +- src/afb-stub-ws.c | 7 +++-- src/afb-supervision.c | 9 +++--- src/afb-xreq.c | 82 ++++++++++++++++++++++++++------------------------- src/afb-xreq.h | 8 +++-- 11 files changed, 149 insertions(+), 63 deletions(-) create mode 100644 src/afb-error-text.c create mode 100644 src/afb-error-text.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index abfd13e8..d290327c 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -88,6 +88,7 @@ SET(AFB_LIB_SOURCES afb-context.c afb-cred.c afb-debug.c + afb-error-text.c afb-evt.c afb-export.c afb-fdev.c diff --git a/src/afb-calls.c b/src/afb-calls.c index 084250b3..958b9a87 100644 --- a/src/afb-calls.c +++ b/src/afb-calls.c @@ -34,6 +34,7 @@ #include "afb-msg-json.h" #include "afb-session.h" #include "afb-xreq.h" +#include "afb-error-text.h" #include "jobs.h" #include "verbose.h" @@ -110,10 +111,6 @@ struct callreq /******************************************************************************/ -static const char _internal_error_[] = "internal-error"; - -/******************************************************************************/ - static int store_reply( struct json_object *iobject, const char *ierror, const char *iinfo, struct json_object **sobject, char **serror, char **sinfo) @@ -160,7 +157,7 @@ static void sync_enter(int signum, void *closure, struct jobloop *jobloop) callreq->jobloop = jobloop; afb_export_process_xreq(callreq->export, &callreq->xreq); } else { - afb_xreq_reply(&callreq->xreq, NULL, _internal_error_, NULL); + afb_xreq_reply(&callreq->xreq, NULL, afb_error_text_internal_error, NULL); } } @@ -350,7 +347,7 @@ static int do_sync( afb_xreq_unhooked_unref(&callreq->xreq); interr: - return store_reply(NULL, _internal_error_, NULL, object, error, info); + return store_reply(NULL, afb_error_text_internal_error, NULL, object, error, info); } /******************************************************************************/ @@ -372,7 +369,7 @@ static void do_async( callreq = callreq_create(export, caller, api, verb, args, flags, mode); if (!callreq) - final(closure, NULL, _internal_error_, NULL, (union callback){ .any = callback }, export, caller); + final(closure, NULL, afb_error_text_internal_error, NULL, (union callback){ .any = callback }, export, caller); else { callreq->callback.any = callback; callreq->closure = closure; @@ -559,7 +556,7 @@ static int do_legacy_sync( afb_xreq_unhooked_unref(&callreq->xreq); interr: if (object) - *object = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL); + *object = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL); return -1; } @@ -583,7 +580,7 @@ static void do_legacy_async( callreq = callreq_create(export, caller, api, verb, args, flags, mode); if (!callreq) { - ie = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL); + ie = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL); final(closure, -1, ie, (union callback){ .any = callback }, export, caller); json_object_put(ie); } else { diff --git a/src/afb-error-text.c b/src/afb-error-text.c new file mode 100644 index 00000000..1371afbf --- /dev/null +++ b/src/afb-error-text.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2015-2019 "IoT.bzh" + * Author José Bollo + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "afb-error-text.h" + +const char afb_error_text_aborted[] = "aborted"; +const char afb_error_text_disconnected[] = "disconnected"; +const char afb_error_text_invalid_request[] = "invalid-request"; +const char afb_error_text_not_available[] = "not-available"; +const char afb_error_text_not_replied[] = "not-replied"; +const char afb_error_text_unknown_api[] = "unknown-api"; +const char afb_error_text_unknown_session[] = "unknown-session"; +const char afb_error_text_unknown_verb[] = "unknown-verb"; +const char afb_error_text_insufficient_scope[] = "insufficient-scope"; +const char afb_error_text_internal_error[] = "internal-error"; +const char afb_error_text_invalid_token[] = "invalid-token"; + diff --git a/src/afb-error-text.h b/src/afb-error-text.h new file mode 100644 index 00000000..2119b3cc --- /dev/null +++ b/src/afb-error-text.h @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2015-2019 "IoT.bzh" + * Author José Bollo + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +extern const char afb_error_text_aborted[]; +extern const char afb_error_text_disconnected[]; +extern const char afb_error_text_invalid_request[]; +extern const char afb_error_text_not_available[]; +extern const char afb_error_text_not_replied[]; +extern const char afb_error_text_unknown_api[]; +extern const char afb_error_text_unknown_session[]; +extern const char afb_error_text_unknown_verb[]; +extern const char afb_error_text_insufficient_scope[]; +extern const char afb_error_text_internal_error[]; +extern const char afb_error_text_invalid_token[]; diff --git a/src/afb-export.c b/src/afb-export.c index f96f8f81..0e06dae1 100644 --- a/src/afb-export.c +++ b/src/afb-export.c @@ -49,6 +49,7 @@ #include "afb-session.h" #include "afb-xreq.h" #include "afb-calls.h" +#include "afb-error-text.h" #include "systemd.h" #include "jobs.h" @@ -1818,7 +1819,7 @@ static void api_call_cb(void *closure, struct afb_xreq *xreq) afb_api_v3_process_call(export->desc.v3, xreq); break; default: - afb_xreq_reply(xreq, NULL, "bad-api-type", NULL); + afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, NULL); break; } } diff --git a/src/afb-hreq.c b/src/afb-hreq.c index 4d5f659c..6be2ee5c 100644 --- a/src/afb-hreq.c +++ b/src/afb-hreq.c @@ -44,6 +44,7 @@ #include "afb-session.h" #include "afb-cred.h" #include "afb-token.h" +#include "afb-error-text.h" #include "verbose.h" #include "locale-root.h" @@ -921,9 +922,13 @@ static struct json_object *req_json(struct afb_xreq *xreq) return obj; } +static inline const char *get_json_string(json_object *obj) +{ + return json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE); +} static ssize_t send_json_cb(json_object *obj, uint64_t pos, char *buf, size_t max) { - ssize_t len = stpncpy(buf, json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)+pos, max) - buf; + ssize_t len = stpncpy(buf, get_json_string(obj)+pos, max) - buf; return len ? : (ssize_t)MHD_CONTENT_READER_END_OF_STREAM; } @@ -944,8 +949,20 @@ static void req_reply(struct afb_xreq *xreq, struct json_object *object, const c if (reqid != NULL && json_object_object_get_ex(reply, "request", &sub)) json_object_object_add(sub, "reqid", json_object_new_string(reqid)); - response = MHD_create_response_from_callback((uint64_t)strlen(json_object_to_json_string_ext(reply, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)), SIZE_RESPONSE_BUFFER, (void*)send_json_cb, reply, (void*)json_object_put); - afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL); + response = MHD_create_response_from_callback( + (uint64_t)strlen(get_json_string(reply)), + SIZE_RESPONSE_BUFFER, + (void*)send_json_cb, + reply, + (void*)json_object_put); + + /* handle authorisation feedback */ + if (error == afb_error_text_invalid_token) + afb_hreq_reply(hreq, MHD_HTTP_UNAUTHORIZED, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"invalid_token\"", NULL); + else if (error == afb_error_text_insufficient_scope) + afb_hreq_reply(hreq, MHD_HTTP_FORBIDDEN, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"insufficient_scope\"", NULL); + else + afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL); } void afb_hreq_call(struct afb_hreq *hreq, struct afb_apiset *apiset, const char *api, size_t lenapi, const char *verb, size_t lenverb) diff --git a/src/afb-monitor.c b/src/afb-monitor.c index a53f75a3..7f80fbf3 100644 --- a/src/afb-monitor.c +++ b/src/afb-monitor.c @@ -31,6 +31,7 @@ #include "afb-xreq.h" #include "afb-trace.h" #include "afb-session.h" +#include "afb-error-text.h" #include "verbose.h" #include "wrap-json.h" @@ -449,7 +450,7 @@ end: #else static void f_trace(afb_req_t req) { - afb_req_reply(req, NULL, "not-available", NULL); + afb_req_reply(req, NULL, afb_error_text_not_available, NULL); } #endif diff --git a/src/afb-stub-ws.c b/src/afb-stub-ws.c index d538fc65..487873df 100644 --- a/src/afb-stub-ws.c +++ b/src/afb-stub-ws.c @@ -44,6 +44,7 @@ #include "afb-evt.h" #include "afb-xreq.h" #include "afb-token.h" +#include "afb-error-text.h" #include "verbose.h" #include "fdev.h" #include "jobs.h" @@ -262,7 +263,7 @@ static void client_api_call_cb(void * closure, struct afb_xreq *xreq) proto = client_get_proto(stubws); if (proto == NULL) { - afb_xreq_reply(xreq, NULL, "disconnected", "server hung up"); + afb_xreq_reply(xreq, NULL, afb_error_text_disconnected, NULL); return; } @@ -279,7 +280,7 @@ static void client_api_call_cb(void * closure, struct afb_xreq *xreq) xreq_on_behalf_cred_export(xreq)); } if (rc < 0) { - afb_xreq_reply(xreq, NULL, "internal", "can't send message"); + afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, "can't send message"); afb_xreq_unhooked_unref(xreq); } } @@ -539,7 +540,7 @@ out_of_memory: no_session: json_object_put(args); afb_stub_ws_unref(stubws); - afb_proto_ws_call_reply(call, NULL, "internal-error", NULL); + afb_proto_ws_call_reply(call, NULL, afb_error_text_internal_error, NULL); afb_proto_ws_call_unref(call); } diff --git a/src/afb-supervision.c b/src/afb-supervision.c index df045806..0515234f 100644 --- a/src/afb-supervision.c +++ b/src/afb-supervision.c @@ -47,6 +47,7 @@ #include "afb-stub-ws.h" #include "afb-debug.h" #include "afb-fdev.h" +#include "afb-error-text.h" #include "verbose.h" #include "wrap-json.h" #include "jobs.h" @@ -340,11 +341,11 @@ static void on_supervision_call(void *closure, struct afb_xreq *xreq) if (wrap_json_unpack(args, "s", &uuid)) wrap_json_unpack(args, "{ss}", "uuid", &uuid); if (!uuid) - afb_xreq_reply(xreq, NULL, "invalid", NULL); + afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL); else { session = afb_session_search(uuid); if (!session) - afb_xreq_reply(xreq, NULL, "not-found", NULL); + afb_xreq_reply(xreq, NULL, afb_error_text_unknown_session, NULL); else { afb_session_close(session); afb_session_unref(session); @@ -381,13 +382,13 @@ static void on_supervision_call(void *closure, struct afb_xreq *xreq) } afb_req_success(req, NULL, NULL); #else - afb_req_reply(req, NULL, "not-available", NULL); + afb_req_reply(req, NULL, afb_error_text_not_available, NULL); #endif break; case Do: sub = NULL; if (wrap_json_unpack(args, "{ss ss s?o*}", "api", &api, "verb", &verb, "args", &sub)) - afb_xreq_reply(xreq, NULL, "error", "bad request"); + afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL); else { xapi = afb_apiset_lookup_started(global.apiset, api, 1); if (!xapi) diff --git a/src/afb-xreq.c b/src/afb-xreq.c index 7621b801..a9703b7a 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -43,6 +43,7 @@ #include "afb-hook.h" #include "afb-msg-json.h" #include "afb-xreq.h" +#include "afb-error-text.h" #include "jobs.h" #include "verbose.h" @@ -52,7 +53,7 @@ static void xreq_finalize(struct afb_xreq *xreq) { if (!xreq->replied) - afb_xreq_reply(xreq, NULL, "error", "no reply"); + afb_xreq_reply(xreq, NULL, afb_error_text_not_replied, NULL); #if WITH_AFB_HOOK if (xreq->hookflags) afb_hook_xreq_end(xreq); @@ -728,6 +729,34 @@ int afb_xreq_legacy_subcall_sync(struct afb_xreq *xreq, const char *api, const c return afb_req_x2_subcall_sync_legacy(xreq_to_req_x2(xreq), api, verb, args, result); } +int afb_xreq_reply_unknown_api(struct afb_xreq *xreq) +{ + afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_api, "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb); + errno = EINVAL; + return -1; +} + +int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq) +{ + afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_verb, "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api); + errno = EINVAL; + return -1; +} + +int afb_xreq_reply_invalid_token(struct afb_xreq *xreq) +{ + afb_xreq_reply(xreq, NULL, afb_error_text_invalid_token, "invalid token"); /* TODO: or "no token" */ + errno = EINVAL; + return -1; +} + +int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope) +{ + afb_xreq_reply(xreq, NULL, afb_error_text_insufficient_scope, scope ?: "insufficient scope"); + errno = EPERM; + return -1; +} + #if WITH_LEGACY_BINDING_V1 static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags) { @@ -736,28 +765,20 @@ static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags) if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); - afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity"); - errno = EINVAL; - return -1; + return afb_xreq_reply_invalid_token(xreq); } } if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) { loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1; - if (!afb_context_check_loa(&xreq->context, loa)) { - afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA"); - errno = EPERM; - return -1; - } + if (!afb_context_check_loa(&xreq->context, loa)) + return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA"); } if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) { loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1; - if (afb_context_check_loa(&xreq->context, loa + 1)) { - afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA"); - errno = EPERM; - return -1; - } + if (afb_context_check_loa(&xreq->context, loa + 1)) + return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA"); } if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) { @@ -776,28 +797,19 @@ static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionfl if (sessionflags != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); - afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity"); - errno = EINVAL; - return -1; + return afb_xreq_reply_invalid_token(xreq); } } loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2); - if (loa && !afb_context_check_loa(&xreq->context, loa)) { - afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA"); - errno = EPERM; - return -1; - } + if (loa && !afb_context_check_loa(&xreq->context, loa)) + return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA"); - if (auth && !afb_auth_check(xreq, auth)) { - afb_xreq_reply_f(xreq, NULL, "denied", "authorisation refused"); - errno = EPERM; - return -1; - } + if (auth && !afb_auth_check(xreq, auth)) + return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */); - if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) { + if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) afb_context_close(&xreq->context); - } return 0; } @@ -841,16 +853,6 @@ void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *query xreq->queryitf = queryitf; } -void afb_xreq_reply_unknown_api(struct afb_xreq *xreq) -{ - afb_xreq_reply_f(xreq, NULL, "unknown-api", "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb); -} - -void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq) -{ - afb_xreq_reply_f(xreq, NULL, "unknown-verb", "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api); -} - #if WITH_AFB_HOOK static void init_hooking(struct afb_xreq *xreq) { @@ -872,7 +874,7 @@ static void process_async(int signum, void *arg) if (signum != 0) { /* emit the error (assumes that hooking is initialised) */ - afb_xreq_reply_f(xreq, NULL, "aborted", "signal %s(%d) caught", strsignal(signum), signum); + afb_xreq_reply_f(xreq, NULL, afb_error_text_aborted, "signal %s(%d) caught", strsignal(signum), signum); } else { #if WITH_AFB_HOOK /* init hooking */ diff --git a/src/afb-xreq.h b/src/afb-xreq.h index 5b01457a..03aeef4c 100644 --- a/src/afb-xreq.h +++ b/src/afb-xreq.h @@ -96,8 +96,12 @@ extern struct json_object *afb_xreq_json(struct afb_xreq *xreq); extern void afb_xreq_reply(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info); extern void afb_xreq_reply_f(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info, ...); -extern void afb_xreq_reply_unknown_api(struct afb_xreq *xreq); -extern void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq); +extern int afb_xreq_reply_unknown_api(struct afb_xreq *xreq); +extern int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq); + +extern int afb_xreq_reply_invalid_token(struct afb_xreq *xreq); +extern int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope); + extern const char *afb_xreq_raw(struct afb_xreq *xreq, size_t *size); -- 2.16.6