172 lines
4.8 KiB
C
172 lines
4.8 KiB
C
/*
|
|
* libwebsockets - small server side websockets and web server implementation
|
|
*
|
|
* Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to
|
|
* deal in the Software without restriction, including without limitation the
|
|
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
* sell copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
* IN THE SOFTWARE.
|
|
*/
|
|
|
|
#define LWS_DLL
|
|
#define LWS_INTERNAL
|
|
#include <libwebsockets.h>
|
|
|
|
#include <sqlite3.h>
|
|
#include <string.h>
|
|
|
|
#define LWSGS_VERIFIED_ACCEPTED 100
|
|
|
|
enum {
|
|
FGS_USERNAME,
|
|
FGS_PASSWORD,
|
|
FGS_PASSWORD2,
|
|
FGS_EMAIL,
|
|
FGS_REGISTER,
|
|
FGS_GOOD,
|
|
FGS_BAD,
|
|
FGS_REG_GOOD,
|
|
FGS_REG_BAD,
|
|
FGS_ADMIN,
|
|
FGS_FORGOT,
|
|
FGS_FORGOT_GOOD,
|
|
FGS_FORGOT_BAD,
|
|
FGS_FORGOT_POST_GOOD,
|
|
FGS_FORGOT_POST_BAD,
|
|
FGS_CHANGE,
|
|
FGS_CURPW,
|
|
FGS_DELETE,
|
|
};
|
|
|
|
struct lwsgs_user {
|
|
char username[32];
|
|
char ip[16];
|
|
lwsgw_hash pwhash;
|
|
lwsgw_hash pwsalt;
|
|
lwsgw_hash token;
|
|
time_t created;
|
|
time_t last_forgot_validated;
|
|
char email[100];
|
|
int verified;
|
|
};
|
|
|
|
struct per_vhost_data__gs {
|
|
lws_abs_t *smtp_client;
|
|
struct lwsgs_user u;
|
|
lws_token_map_t transport_tokens[3];
|
|
lws_token_map_t protocol_tokens[2];
|
|
char helo[64], ip[64];
|
|
struct lws_context *context;
|
|
char session_db[256];
|
|
char admin_user[32];
|
|
char urlroot[48];
|
|
char confounder[32];
|
|
char email_contact_person[128];
|
|
char email_title[128];
|
|
char email_template[128];
|
|
char email_confirm_url[128];
|
|
char email_from[128];
|
|
lwsgw_hash admin_password_sha256;
|
|
sqlite3 *pdb;
|
|
int timeout_idle_secs;
|
|
int timeout_absolute_secs;
|
|
int timeout_anon_absolute_secs;
|
|
int timeout_email_secs;
|
|
time_t last_session_expire;
|
|
};
|
|
|
|
struct per_session_data__gs {
|
|
struct lws_spa *spa;
|
|
lwsgw_hash login_session;
|
|
lwsgw_hash delete_session;
|
|
unsigned int login_expires;
|
|
char onward[256];
|
|
char result[500 + LWS_PRE];
|
|
char urldec[500 + LWS_PRE];
|
|
int result_len;
|
|
char ip[46];
|
|
struct lws_process_html_state phs;
|
|
int spos;
|
|
char check_response_value;
|
|
|
|
unsigned int logging_out:1;
|
|
unsigned int check_response:1;
|
|
};
|
|
|
|
/* utils.c */
|
|
|
|
int
|
|
lwsgs_lookup_callback_user(void *priv, int cols, char **col_val,
|
|
char **col_name);
|
|
void
|
|
lwsgw_cookie_from_session(lwsgw_hash *sid, time_t expires, char **p, char *end);
|
|
int
|
|
lwsgs_get_sid_from_wsi(struct lws *wsi, lwsgw_hash *sid);
|
|
int
|
|
lwsgs_lookup_session(struct per_vhost_data__gs *vhd,
|
|
const lwsgw_hash *sid, char *username, int len);
|
|
int
|
|
lwsgs_get_auth_level(struct per_vhost_data__gs *vhd,
|
|
const char *username);
|
|
int
|
|
lwsgs_check_credentials(struct per_vhost_data__gs *vhd,
|
|
const char *username, const char *password);
|
|
void
|
|
sha256_to_lwsgw_hash(unsigned char *hash, lwsgw_hash *shash);
|
|
unsigned int
|
|
lwsgs_now_secs(void);
|
|
int
|
|
lwsgw_check_admin(struct per_vhost_data__gs *vhd,
|
|
const char *username, const char *password);
|
|
int
|
|
lwsgs_hash_password(struct per_vhost_data__gs *vhd,
|
|
const char *password, struct lwsgs_user *u);
|
|
int
|
|
lwsgs_new_session_id(struct per_vhost_data__gs *vhd,
|
|
lwsgw_hash *sid, const char *username, int exp);
|
|
int
|
|
lwsgs_lookup_user(struct per_vhost_data__gs *vhd,
|
|
const char *username, struct lwsgs_user *u);
|
|
int
|
|
lwsgw_update_session(struct per_vhost_data__gs *vhd,
|
|
lwsgw_hash *hash, const char *user);
|
|
int
|
|
lwsgw_expire_old_sessions(struct per_vhost_data__gs *vhd);
|
|
|
|
|
|
/* handlers.c */
|
|
|
|
int
|
|
lwsgs_handler_confirm(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss);
|
|
int
|
|
lwsgs_handler_forgot(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss);
|
|
int
|
|
lwsgs_handler_check(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss, const char *in);
|
|
int
|
|
lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss);
|
|
int
|
|
lwsgs_handler_forgot_pw_form(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss);
|
|
int
|
|
lwsgs_handler_register_form(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss);
|
|
|