Add option for whether authentication is needed for localhost requests. Defaults to false. (API_AUTH_FOR_LOCALHOST)
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
e4c7cec349
commit
2a07c992ab
|
@ -39,10 +39,18 @@ static void generateRandomString(char *str, size_t size)
|
|||
// Can we validate this client?
|
||||
// Returns -1 if not authenticated or expired
|
||||
// Returns >= 0 for any valid authentication
|
||||
#define LOCALHOSTv4 "127.0.0.1"
|
||||
#define LOCALHOSTv6 "::1"
|
||||
int check_client_auth(struct mg_connection *conn)
|
||||
{
|
||||
int user_id = -1;
|
||||
const struct mg_request_info *request = mg_get_request_info(conn);
|
||||
|
||||
// Is the user requesting from localhost?
|
||||
if(!httpsettings.api_auth_for_localhost && (strcmp(request->remote_addr, LOCALHOSTv4) == 0 ||
|
||||
strcmp(request->remote_addr, LOCALHOSTv6) == 0))
|
||||
return API_MAX_CLIENTS;
|
||||
|
||||
// Does the client provide a user_id cookie?
|
||||
int num;
|
||||
if(http_get_cookie_int(conn, "user_id", &num) && num > -1 && num < API_MAX_CLIENTS)
|
||||
|
@ -136,10 +144,10 @@ int api_auth(struct mg_connection *conn)
|
|||
logg("Registered new user: user_id %i valid_until: %s remote_addr %s",
|
||||
user_id, timestr, auth_data[user_id].remote_addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
logg("No free user slots available, not authenticating user");
|
||||
}
|
||||
}
|
||||
if(user_id == -1)
|
||||
{
|
||||
logg("WARNING: No free slots available, not authenticating user");
|
||||
}
|
||||
}
|
||||
else if(config.debug & DEBUG_API)
|
||||
|
@ -155,6 +163,19 @@ int api_auth(struct mg_connection *conn)
|
|||
user_id = check_client_auth(conn);
|
||||
|
||||
int method = http_method(conn);
|
||||
if(user_id == API_MAX_CLIENTS)
|
||||
{
|
||||
if(config.debug & DEBUG_API)
|
||||
logg("Authentification: OK, localhost does not need auth.");
|
||||
// We still have to send a cookie for the web interface to be happy
|
||||
char *additional_headers = NULL;
|
||||
if(asprintf(&additional_headers,
|
||||
"Set-Cookie: user_id=%u; Path=/; Max-Age=%u\r\n",
|
||||
API_MAX_CLIENTS, API_SESSION_EXPIRE) < 0)
|
||||
{
|
||||
return send_json_error(conn, 500, "internal_error", "Internal server error", NULL, NULL);
|
||||
}
|
||||
}
|
||||
if(user_id > -1 && method == HTTP_GET)
|
||||
{
|
||||
if(config.debug & DEBUG_API)
|
||||
|
|
|
@ -83,7 +83,16 @@ int send_json_success(struct mg_connection *conn,
|
|||
{
|
||||
cJSON *json = JSON_NEW_OBJ();
|
||||
JSON_OBJ_REF_STR(json, "status", "success");
|
||||
JSON_SEND_OBJECT_AND_HEADERS(json, additional_headers);
|
||||
|
||||
// Send additional headers if supplied
|
||||
if(additional_headers == NULL)
|
||||
{
|
||||
JSON_SEND_OBJECT(json);
|
||||
}
|
||||
else
|
||||
{
|
||||
JSON_SEND_OBJECT_AND_HEADERS(json, additional_headers);
|
||||
}
|
||||
}
|
||||
|
||||
int send_http_internal_error(struct mg_connection *conn)
|
||||
|
|
14
src/config.c
14
src/config.c
|
@ -408,6 +408,20 @@ void read_FTLconf(void)
|
|||
logg(" WEBACL: Allowing all access.");
|
||||
}
|
||||
|
||||
// API_AUTH_FOR_LOALHOST
|
||||
// defaults to: false
|
||||
httpsettings.api_auth_for_localhost = false;
|
||||
buffer = parse_FTLconf(fp, "API_AUTH_FOR_LOALHOST");
|
||||
|
||||
if(buffer != NULL && (strcasecmp(buffer, "yes") == 0 ||
|
||||
strcasecmp(buffer, "true") == 0))
|
||||
httpsettings.api_auth_for_localhost = true;
|
||||
|
||||
if(httpsettings.api_auth_for_localhost)
|
||||
logg(" API_AUTH_FOR_LOCALHOST: Active");
|
||||
else
|
||||
logg(" API_AUTH_FOR_LOCALHOST: Inactive");
|
||||
|
||||
// Read DEBUG_... setting from pihole-FTL.conf
|
||||
// This option should be the last one as it causes
|
||||
// some rather verbose output into the log when
|
||||
|
|
|
@ -57,6 +57,7 @@ typedef struct httpsettings {
|
|||
char *webroot;
|
||||
char *webhome;
|
||||
const char *acl;
|
||||
bool api_auth_for_localhost;
|
||||
char port[20]; // enough space for 2*(maximum length of number in a uint16_t = 5 characters) + ",[::]:" + NULL
|
||||
} httpsettingsStruct;
|
||||
|
||||
|
|
Loading…
Reference in New Issue