diff --git a/ChangeLog b/ChangeLog index becab98e3..4b32c34bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2004-03-04 Alexey Shchepin + + * src/web/: Updated + 2004-03-03 Alexey Shchepin * src/web/: Minor update diff --git a/src/web/ejabberd_http.erl b/src/web/ejabberd_http.erl index 8735bffae..04aa91306 100644 --- a/src/web/ejabberd_http.erl +++ b/src/web/ejabberd_http.erl @@ -17,6 +17,7 @@ -include("ejabberd.hrl"). -include("jlib.hrl"). +-include("ejabberd_http.hrl"). -record(state, {sockmod, socket, @@ -81,20 +82,29 @@ receive_headers(State) -> end. -process_request(#state{request_method = 'GET', - request_path = {abs_path, Path}, - request_auth = undefined}) -> - make_xhtml_output( - 401, - [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], - ejabberd_web:make_xhtml([{xmlelement, "h1", [], - [{xmlcdata, "401 Unauthorized"}]}])); process_request(#state{request_method = 'GET', request_path = {abs_path, Path}, - request_auth = {User, Pass}}) -> - case ejabberd_auth:check_password(User, Pass) of - true -> + request_auth = Auth}) -> + User = case Auth of + {U, P} -> + case ejabberd_auth:check_password(U, P) of + true -> + U; + false -> + unauthorized + end; + _ -> + undefined + end, + case User of + unauthorized -> + make_xhtml_output( + 401, + [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], + ejabberd_web:make_xhtml([{xmlelement, "h1", [], + [{xmlcdata, "401 Unauthorized"}]}])); + _ -> case (catch url_decode_q_split(Path)) of {'EXIT', _} -> process_request(false); @@ -102,30 +112,45 @@ process_request(#state{request_method = 'GET', LQuery = parse_urlencoded(Query), ?INFO_MSG("path: ~p, query: ~p~n", [NPath, LQuery]), LPath = string:tokens(NPath, "/"), - case ejabberd_web:process_get(User, LPath, LQuery, "") of + Request = #request{method = 'GET', + path = LPath, + q = LQuery, + user = User}, + case ejabberd_web:process_get(Request) of El when element(1, El) == xmlelement -> make_xhtml_output(200, [], El); {Status, Headers, El} -> make_xhtml_output(Status, Headers, El) end - end; - _ -> - make_xhtml_output( - 401, - [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], - ejabberd_web:make_xhtml([{xmlelement, "h1", [], - [{xmlcdata, "401 Unauthorized"}]}])) + end end; process_request(#state{request_method = 'POST', request_path = {abs_path, Path}, - request_auth = {User, Pass}, + request_auth = Auth, request_content_length = Len, sockmod = SockMod, socket = Socket} = State) when is_integer(Len) -> - case ejabberd_auth:check_password(User, Pass) of - true -> - case SockMod of + User = case Auth of + {U, P} -> + case ejabberd_auth:check_password(U, P) of + true -> + U; + false -> + unauthorized + end; + _ -> + undefined + end, + case User of + unauthorized -> + make_xhtml_output( + 401, + [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], + ejabberd_web:make_xhtml([{xmlelement, "h1", [], + [{xmlcdata, "401 Unauthorized"}]}])); + _ -> + case SockMod of gen_tcp -> inet:setopts(Socket, [{packet, 0}]); ssl -> @@ -141,19 +166,18 @@ process_request(#state{request_method = 'POST', LPath = string:tokens(NPath, "/"), LQuery = parse_urlencoded(Data), ?INFO_MSG("client query: ~p~n", [LQuery]), - case ejabberd_web:process_get(User, LPath, LQuery, "") of + Request = #request{method = 'POST', + path = LPath, + q = LQuery, + user = User, + data = Data}, + case ejabberd_web:process_get(Request) of El when element(1, El) == xmlelement -> make_xhtml_output(200, [], El); {Status, Headers, El} -> make_xhtml_output(Status, Headers, El) end - end; - _ -> - make_xhtml_output( - 401, - [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], - ejabberd_web:make_xhtml([{xmlelement, "h1", [], - [{xmlcdata, "401 Unauthorized"}]}])) + end end; process_request(State) -> diff --git a/src/web/ejabberd_http.hrl b/src/web/ejabberd_http.hrl new file mode 100644 index 000000000..f5af2e9af --- /dev/null +++ b/src/web/ejabberd_http.hrl @@ -0,0 +1,17 @@ +%%%---------------------------------------------------------------------- +%%% File : ejabberd_http.hrl +%%% Author : Alexey Shchepin +%%% Purpose : +%%% Created : 4 Mar 2004 by Alexey Shchepin +%%% Id : $Id$ +%%%---------------------------------------------------------------------- + +-record(request, {method, + path, + q = [], + user, + lang = "", + data = "" + }). + + diff --git a/src/web/ejabberd_web.erl b/src/web/ejabberd_web.erl index 1bda488bc..4de9d067b 100644 --- a/src/web/ejabberd_web.erl +++ b/src/web/ejabberd_web.erl @@ -12,10 +12,11 @@ %% External exports -export([make_xhtml/1, - process_get/4]). + process_get/1]). -include("ejabberd.hrl"). -include("jlib.hrl"). +-include("ejabberd_http.hrl"). make_xhtml(Els) -> @@ -44,20 +45,35 @@ make_xhtml(Els) -> -define(BR, ?X("br")). -process_get(User, ["config" | RPath], Query, Lang) -> - case acl:match_rule(configure, jlib:make_jid(User, ?MYNAME, "")) of - deny -> - {401, [], make_xhtml([?XC("h1", "Not Allowed")])}; - allow -> - process_config(User, RPath, Query, Lang) + +process_get(#request{user = User, + path = ["config" | RPath], + q = Query, + lang = Lang} = Request) -> + if + User /= undefined -> + case acl:match_rule(configure, jlib:make_jid(User, ?MYNAME, "")) of + deny -> + {401, [], make_xhtml([?XC("h1", "Not Allowed")])}; + allow -> + process_config(Request#request{path = RPath}) + end; + true -> + {401, + [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], + ejabberd_web:make_xhtml([{xmlelement, "h1", [], + [{xmlcdata, "401 Unauthorized"}]}])} end; -process_get(User, Path, Query, Lang) -> +process_get(_Request) -> {404, [], make_xhtml([?XC("h1", "Not found")])}. -process_config(User, [], Query, Lang) -> +process_config(#request{user = User, + path = [], + q = Query, + lang = Lang} = Request) -> make_xhtml([?XC("h1", "ejabberd configuration"), ?XE("ul", [?LI([?AC("acls/", "Access Control Lists")]), @@ -67,7 +83,10 @@ process_config(User, [], Query, Lang) -> ]) ]); -process_config(User, ["acls"], Query, Lang) -> +process_config(#request{user = User, + path = ["acls"], + q = Query, + lang = Lang} = Request) -> case acl:match_rule(configure, jlib:make_jid(User, ?MYNAME, "")) of deny -> {401, [], make_xhtml([?XC("h1", "Not Allowed")])}; @@ -111,7 +130,7 @@ process_config(User, ["acls"], Query, Lang) -> ]) end; -process_config(User, Path, Query, Lang) -> +process_config(_Request) -> {404, [], make_xhtml([?XC("h1", "Not found")])}.