diff options
-rw-r--r-- | src/afb-hreq.c | 24 | ||||
-rw-r--r-- | src/afb-hswitch.c | 5 | ||||
-rw-r--r-- | src/afb-ws-client.c | 20 |
3 files changed, 26 insertions, 23 deletions
diff --git a/src/afb-hreq.c b/src/afb-hreq.c index a1c750b4..b1f300db 100644 --- a/src/afb-hreq.c +++ b/src/afb-hreq.c @@ -44,13 +44,11 @@ static char empty_string[] = ""; -static const char uuid_header[] = "x-afb-uuid"; -static const char uuid_arg[] = "uuid"; -static const char uuid_cookie[] = "uuid"; +static const char key_for_uuid[] = "x-afb-uuid"; +static const char old_key_for_uuid[] = "uuid"; -static const char token_header[] = "x-afb-token"; -static const char token_arg[] = "token"; -static const char token_cookie[] = "token"; +static const char key_for_token[] = "x-afb-token"; +static const char old_key_for_token[] = "token"; static char *cookie_name = NULL; static char *cookie_setter = NULL; @@ -708,17 +706,19 @@ int afb_hreq_init_context(struct afb_hreq *hreq) if (hreq->context.session != NULL) return 0; - uuid = afb_hreq_get_header(hreq, uuid_header); + uuid = afb_hreq_get_header(hreq, key_for_uuid); if (uuid == NULL) - uuid = afb_hreq_get_argument(hreq, uuid_arg); + uuid = afb_hreq_get_argument(hreq, key_for_uuid); if (uuid == NULL) uuid = afb_hreq_get_cookie(hreq, cookie_name); + if (uuid == NULL) + uuid = afb_hreq_get_argument(hreq, old_key_for_uuid); - token = afb_hreq_get_header(hreq, token_header); + token = afb_hreq_get_header(hreq, key_for_token); if (token == NULL) - token = afb_hreq_get_argument(hreq, token_arg); + token = afb_hreq_get_argument(hreq, key_for_token); if (token == NULL) - token = afb_hreq_get_cookie(hreq, token_cookie); + token = afb_hreq_get_argument(hreq, old_key_for_token); return afb_context_connect(&hreq->context, uuid, token); } @@ -733,7 +733,7 @@ int afb_hreq_init_cookie(int port, const char *path, int maxage) cookie_setter = NULL; path = path ? : "/"; - rc = asprintf(&cookie_name, "x-afb-uuid-%d", port); + rc = asprintf(&cookie_name, "%s-%d", key_for_uuid, port); if (rc < 0) return 0; rc = asprintf(&cookie_setter, "%s=%%s; Path=%s; Max-Age=%d; HttpOnly", diff --git a/src/afb-hswitch.c b/src/afb-hswitch.c index 8dee80b3..417b773e 100644 --- a/src/afb-hswitch.c +++ b/src/afb-hswitch.c @@ -86,6 +86,11 @@ int afb_hswitch_websocket_switch(struct afb_hreq *hreq, void *data) return 1; } + if (!hreq->context.validated) { + afb_hreq_reply_error(hreq, MHD_HTTP_UNAUTHORIZED); + return 1; + } + return afb_websock_check_upgrade(hreq); } diff --git a/src/afb-ws-client.c b/src/afb-ws-client.c index 32f8778e..e9c1a906 100644 --- a/src/afb-ws-client.c +++ b/src/afb-ws-client.c @@ -201,15 +201,15 @@ static int receive_response(int fd, const char **protocols, const char *ack) goto error; len = strcspn(line, " "); if (len != 8 || 0 != strncmp(line, "HTTP/1.1", 8)) - goto error; + goto abort; it = line + len; len = strspn(it, " "); if (len == 0) - goto error; + goto abort; it += len; len = strcspn(it, " "); if (len != 3 || 0 != strncmp(it, "101", 3)) - goto error; + goto abort; /* reads the rest of the response until empty line */ clen = 0; @@ -250,15 +250,13 @@ static int receive_response(int fd, const char **protocols, const char *ack) if (clen > 0) { while (read(fd, line, len) < 0 && errno == EINTR); } - if (haserr != 0) - result = -1; - else if (result < 0) { - result = 0; - while(protocols[result] != NULL) - result++; - } -error: + if (haserr != 0 || result < 0) + goto abort; return result; +abort: + errno = ECONNABORTED; +error: + return -1; } static int negociate(int fd, const char **protocols, const char *path, const char *host) |