aboutsummaryrefslogtreecommitdiffstats
path: root/src/afb-rest-api.c
blob: 80de7d6501db3716e89c8f27d32fda245210ca7b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
/*
 * Copyright (C) 2016 "IoT.bzh"
 * Author "Fulup Ar Foll"
 * Author José Bollo <jose.bollo@iot.bzh>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * Contain all generic part to handle REST/API
 * 
 *  https://www.gnu.org/software/libmicrohttpd/tutorial.html [search 'largepost.c']
 */

#define _GNU_SOURCE

#include "../include/local-def.h"

#include <dirent.h>
#include <dlfcn.h>
#include <setjmp.h>
#include <signal.h>

#include "afb-apis.h"
#include "session.h"

#define AFB_MSG_JTYPE "AJB_reply"

#define JSON_CONTENT  "application/json"
#define FORM_CONTENT  MHD_HTTP_POST_ENCODING_MULTIPART_FORMDATA

static json_object *afbJsonType;

// Because of POST call multiple time requestApi we need to free POST handle here
// Note this method is called from http-svc just before closing session
PUBLIC void endPostRequest(AFB_PostHandle * postHandle)
{

	if (postHandle->type == AFB_POST_JSON) {
		// if (verbose) fprintf(stderr, "End PostJson Request UID=%d\n", postHandle->uid);
	}

	if (postHandle->type == AFB_POST_FORM) {
		if (verbose)
			fprintf(stderr, "End PostForm Request UID=%d\n", postHandle->uid);
	}
	if (postHandle->privatebuf)
		free(postHandle->privatebuf);
	free(postHandle);
}

// Check of apiurl is declare in this plugin and call it
static AFB_error doCallPluginApi(AFB_request * request, int apiidx, int verbidx, void *context)
{
	enum AFB_sessionE session;
	json_object *jresp, *jcall, *jreqt;
	AFB_clientCtx *clientCtx = NULL;

	// Request was found and at least partially executed
	jreqt = json_object_new_object();
	json_object_object_add(jreqt, "jtype", json_object_get(afbJsonType));

	// prepare an object to store calling values
	jcall = json_object_new_object();
	json_object_object_add(jcall, "prefix", json_object_new_string(request->prefix));
	json_object_object_add(jcall, "api", json_object_new_string(request->method));

	// Out of SessionNone every call get a client context session
	session = afb_apis_get(apiidx, verbidx)->session;
	if (AFB_SESSION_NONE != session) {

		// add client context to request
		clientCtx = ctxClientGet(request);
		if (clientCtx == NULL) {
			request->errcode = MHD_HTTP_INSUFFICIENT_STORAGE;
			json_object_object_add(jcall, "status", json_object_new_string("fail"));
			json_object_object_add(jcall, "info", json_object_new_string("Client Session Context Full !!!"));
			json_object_object_add(jreqt, "request", jcall);
			goto ExitOnDone;
		}
		request->context = clientCtx->contexts[apiidx];
		request->uuid = clientCtx->uuid;

		if (verbose)
			fprintf(stderr, "Plugin=[%s] Api=[%s] Middleware=[%d] Client=[%p] Uuid=[%s] Token=[%s]\n", request->prefix, request->method, session, clientCtx, clientCtx->uuid, clientCtx->token);

		switch (session) {

		case AFB_SESSION_CREATE:
			if (clientCtx->token[0] != '\0' && request->config->token[0] != '\0') {
				request->errcode = MHD_HTTP_UNAUTHORIZED;
				json_object_object_add(jcall, "status", json_object_new_string("exist"));
				json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Session already exist"));
				json_object_object_add(jreqt, "request", jcall);
				goto ExitOnDone;
			}

			if (AFB_SUCCESS != ctxTokenCreate(clientCtx, request)) {
				request->errcode = MHD_HTTP_UNAUTHORIZED;
				json_object_object_add(jcall, "status", json_object_new_string("fail"));
				json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Invalid Initial Token"));
				json_object_object_add(jreqt, "request", jcall);
				goto ExitOnDone;
			} else {
				json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
				json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
				json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
			}
			break;

		case AFB_SESSION_RENEW:
			if (AFB_SUCCESS != ctxTokenRefresh(clientCtx, request)) {
				request->errcode = MHD_HTTP_UNAUTHORIZED;
				json_object_object_add(jcall, "status", json_object_new_string("fail"));
				json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_REFRESH Broken Exchange Token Chain"));
				json_object_object_add(jreqt, "request", jcall);
				goto ExitOnDone;
			} else {
				json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
				json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
				json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
			}
			break;

		case AFB_SESSION_CLOSE:
			if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
				request->errcode = MHD_HTTP_UNAUTHORIZED;
				json_object_object_add(jcall, "status", json_object_new_string("empty"));
				json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CLOSE Not a Valid Access Token"));
				json_object_object_add(jreqt, "request", jcall);
				goto ExitOnDone;
			} else {
				json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
			}
			break;

		case AFB_SESSION_CHECK:
		default:
			// default action is check
			if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
				request->errcode = MHD_HTTP_UNAUTHORIZED;
				json_object_object_add(jcall, "status", json_object_new_string("fail"));
				json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CHECK Invalid Active Token"));
				json_object_object_add(jreqt, "request", jcall);
				goto ExitOnDone;
			}
			break;
		}
	}

	// Effectively CALL PLUGIN API with a subset of the context
	jresp = afb_apis_get(apiidx, verbidx)->callback(request, context);

	// Store context in case it was updated by plugins
	if (request->context != NULL)
		clientCtx->contexts[apiidx] = request->context;

	// handle intermediary Post Iterates out of band
	if ((jresp == NULL) && (request->errcode == MHD_HTTP_OK))
		return AFB_SUCCESS;

	// Session close is done after the API call so API can still use session in closing API
	if (AFB_SESSION_CLOSE == session)
		ctxTokenReset(clientCtx, request);

	// API should return NULL of a valid Json Object
	if (jresp == NULL) {
		json_object_object_add(jcall, "status", json_object_new_string("null"));
		json_object_object_add(jreqt, "request", jcall);
		request->errcode = MHD_HTTP_NO_RESPONSE;

	} else {
		json_object_object_add(jcall, "status", json_object_new_string("processed"));
		json_object_object_add(jreqt, "request", jcall);
		json_object_object_add(jreqt, "response", jresp);
	}

ExitOnDone:
	request->jresp = jreqt;
	return AFB_DONE;
}

// Check of apiurl is declare in this plugin and call it
extern __thread sigjmp_buf *error_handler;
static AFB_error callPluginApi(AFB_request * request, int apiidx, int verbidx, void *context)
{
	sigjmp_buf jmpbuf, *older;

	json_object *jcall, *jreqt;
	int status;

	// save context before calling the API
	status = setjmp(jmpbuf);
	if (status != 0) {

		// Request was found and at least partially executed
		jreqt = json_object_new_object();
		json_object_object_add(jreqt, "jtype", json_object_get(afbJsonType));

		// prepare an object to store calling values
		jcall = json_object_new_object();
		json_object_object_add(jcall, "prefix", json_object_new_string(request->prefix));
		json_object_object_add(jcall, "api", json_object_new_string(request->method));

		// Plugin aborted somewhere during its execution
		json_object_object_add(jcall, "status", json_object_new_string("abort"));
		json_object_object_add(jcall, "info", json_object_new_string("Plugin broke during execution"));
		json_object_object_add(jreqt, "request", jcall);
		request->jresp = jreqt;
	} else {

		// Trigger a timer to protect from unacceptable long time execution
		if (request->config->apiTimeout > 0)
			alarm((unsigned)request->config->apiTimeout);

		older = error_handler;
		error_handler = &jmpbuf;
		doCallPluginApi(request, apiidx, verbidx, context);
		error_handler = older;

		// cancel timeout and plugin signal handle before next call
		alarm(0);
	}
	return AFB_DONE;
}

STATIC AFB_error findAndCallApi(AFB_request * request, void *context)
{
	int apiidx, verbidx;
	AFB_error status;

	if (!request->method || !request->prefix)
		return AFB_FAIL;

	/* get the plugin if any */
	apiidx = afb_apis_get_apiidx(request->prefix, 0);
	if (apiidx < 0) {
		request->jresp = jsonNewMessage(AFB_FATAL, "No Plugin=[%s] Url=%s", request->prefix, request->url);
		request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
		return AFB_FAIL;
	}

	/* get the verb if any */
	verbidx = afb_apis_get_verbidx(apiidx, request->method);
	if (verbidx < 0) {
		request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->method, request->prefix, request->url);
		request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
		return AFB_FAIL;
	}

	/* Search for a plugin with this urlpath */
	status = callPluginApi(request, apiidx, verbidx, context);

	/* plugin callback did not return a valid Json Object */
	if (status == AFB_FAIL) {
		request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->method, request->prefix, request->url);
		request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
		return AFB_FAIL;
	}
	// Everything look OK
	return status;
}

// This CB is call for every item with a form post it reformat iterator values
// and callback Plugin API for each Item within PostForm.
STATIC int doPostIterate(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *mimetype, const char *encoding, const char *data, uint64_t offset, size_t size)
{

	AFB_error status;
	AFB_PostItem item;

	// retrieve API request from Post iterator handle  
	AFB_PostHandle *postHandle = (AFB_PostHandle *) cls;
	AFB_request *request = (AFB_request *) postHandle->privatebuf;
	AFB_PostRequest postRequest;

	if (verbose)
		fprintf(stderr, "postHandle key=%s filename=%s len=%zu mime=%s\n", key, filename, size, mimetype);

	// Create and Item value for Plugin API
	item.kind = kind;
	item.key = key;
	item.filename = filename;
	item.mimetype = mimetype;
	item.encoding = encoding;
	item.len = size;
	item.data = data;
	item.offset = offset;

	// Reformat Request to make it somehow similar to GET/PostJson case
	postRequest.data = (char *)postHandle;
	postRequest.len = size;
	postRequest.type = AFB_POST_FORM;;
	request->post = &postRequest;

	// effectively call plugin API                 
	status = findAndCallApi(request, &item);
	// when returning no processing of postform stop
	if (status != AFB_SUCCESS)
		return MHD_NO;

	// let's allow iterator to move to next item
	return MHD_YES;
}

STATIC void freeRequest(AFB_request * request)
{

	free((void*)request->prefix);
	free((void*)request->method);
	free(request);
}

STATIC AFB_request *createRequest(struct MHD_Connection *connection, AFB_session * session, const char *url)
{

	AFB_request *request;

	// Start with a clean request
	request = calloc(1, sizeof(AFB_request));
	char *urlcpy1, *urlcpy2;
	char *baseapi, *baseurl;

	// Extract plugin urlpath from request and make two copy because strsep overload copy
	urlcpy1 = urlcpy2 = strdup(url);
	baseurl = strsep(&urlcpy2, "/");
	if (baseurl == NULL) {
		request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call url=[%s]", url);
		request->errcode = MHD_HTTP_BAD_REQUEST;
		goto Done;
	}
	// let's compute URL and call API
	baseapi = strsep(&urlcpy2, "/");
	if (baseapi == NULL) {
		request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call plugin=[%s] url=[%s]", baseurl, url);
		request->errcode = MHD_HTTP_BAD_REQUEST;
		goto Done;
	}
	// build request structure
//	request->connection = connection;
	request->config = session->config;
	request->url = url;
	request->prefix = strdup(baseurl);
	request->method = strdup(baseapi);

 Done:
	free(urlcpy1);
	return (request);
}















static int doRestApiPost(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
{

	static int postcount = 0;	// static counter to debug POST protocol
	json_object *errMessage;
	AFB_error status;
	struct MHD_Response *webResponse;
	const char *serialized;
	AFB_request *request = NULL;
	AFB_PostHandle *postHandle;
	AFB_PostRequest postRequest;
	int ret;

	// fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);

	// if post data may come in multiple calls
	const char *encoding, *param;
	int contentlen = -1;
	postHandle = *con_cls;

	// This is the initial post event let's create form post structure POST data come in multiple events
	if (postHandle == NULL) {

		// allocate application POST processor handle to zero
		postHandle = calloc(1, sizeof(AFB_PostHandle));
		postHandle->uid = postcount++;	// build a UID for DEBUG
		*con_cls = postHandle;	// update context with posthandle

		// Let make sure we have the right encoding and a valid length
		encoding = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_TYPE);

		// We are facing an empty post let's process it as a get
		if (encoding == NULL) {
			postHandle->type = AFB_POST_EMPTY;
			return MHD_YES;
		}

		// Form post is handle through a PostProcessor and call API once per form key
		if (strcasestr(encoding, FORM_CONTENT) != NULL) {
			if (verbose)
				fprintf(stderr, "Create doPostIterate[uid=%d posthandle=%p]\n", postHandle->uid, postHandle);

			request = createRequest(connection, session, url);
			if (request->jresp != NULL)
				goto ProcessApiCall;
			postHandle->type = AFB_POST_FORM;
			postHandle->privatebuf = (void *)request;
			postHandle->pp = MHD_create_post_processor(connection, MAX_POST_SIZE, &doPostIterate, postHandle);

			if (NULL == postHandle->pp) {
				fprintf(stderr, "OOPS: Internal error fail to allocate MHD_create_post_processor\n");
				free(postHandle);
				return MHD_NO;
			}
			return MHD_YES;
		}
		// POST json is store into a buffer and present in one piece to API
		if (strcasestr(encoding, JSON_CONTENT) != NULL) {

			param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
			if (param)
				sscanf(param, "%i", &contentlen);

			// Because PostJson are build in RAM size is constrained
			if (contentlen > MAX_POST_SIZE) {
				errMessage = jsonNewMessage(AFB_FATAL, "Post Date to big %d > %d", contentlen, MAX_POST_SIZE);
				goto ExitOnError;
			}
			// Size is OK, let's allocate a buffer to hold post data
			postHandle->type = AFB_POST_JSON;
			postHandle->privatebuf = malloc((unsigned)contentlen + 1);	// allocate memory for full POST data + 1 for '\0' enf of string

			// if (verbose) fprintf(stderr, "Create PostJson[uid=%d] Size=%d\n", postHandle->uid, contentlen);
			return MHD_YES;

		}
		// We only support Json and Form Post format
		errMessage = jsonNewMessage(AFB_FATAL, "Post Date wrong type encoding=%s != %s", encoding, JSON_CONTENT);
		goto ExitOnError;
	}

	// This time we receive partial/all Post data. Note that even if we get all POST data. We should nevertheless
	// return MHD_YES and not process the request directly. Otherwise Libmicrohttpd is unhappy and fails with
	// 'Internal application error, closing connection'.            
	if (*upload_data_size) {

		if (postHandle->type == AFB_POST_FORM) {
			// if (verbose) fprintf(stderr, "Processing PostForm[uid=%d]\n", postHandle->uid);
			MHD_post_process(postHandle->pp, upload_data, *upload_data_size);
		}
		// Process JsonPost request when buffer is completed let's call API    
		if (postHandle->type == AFB_POST_JSON) {
			// if (verbose) fprintf(stderr, "Updating PostJson[uid=%d]\n", postHandle->uid);
			memcpy(&postHandle->privatebuf[postHandle->len], upload_data, *upload_data_size);
			postHandle->len = postHandle->len + *upload_data_size;
		}

		*upload_data_size = 0;
		return MHD_YES;

	}

	if (postHandle->type == AFB_POST_FORM)
		request = postHandle->privatebuf;
	else
		// Create a request structure to finalise the request
		request = createRequest(connection, session, url);

	if (request->jresp != NULL) {
		errMessage = request->jresp;
		goto ExitOnError;
	}
	postRequest.type = postHandle->type;

	// Postform add application context handle to request
	if (postHandle->type == AFB_POST_FORM) {
		postRequest.data = (char *)postHandle;
		request->post = &postRequest;
	}

	if (postHandle->type == AFB_POST_JSON) {
		// if (verbose) fprintf(stderr, "Processing PostJson[uid=%d]\n", postHandle->uid);

		param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
		if (param)
			sscanf(param, "%i", &contentlen);

		// At this level we're may verify that we got everything and process DATA
		if (postHandle->len != contentlen) {
			errMessage = jsonNewMessage(AFB_FATAL, "Post Data Incomplete UID=%d Len %d != %d", postHandle->uid, contentlen, postHandle->len);
			goto ExitOnError;
		}
		// Before processing data, make sure buffer string is properly ended
		postHandle->privatebuf[postHandle->len] = '\0';
		postRequest.data = postHandle->privatebuf;
		request->post = &postRequest;

		// if (verbose) fprintf(stderr, "Close Post[%d] Buffer=%s\n", postHandle->uid, request->post->data);
	}

 ProcessApiCall:
	// Request is ready let's call API without any extra handle
	status = findAndCallApi(request, NULL);

	serialized = json_object_to_json_string(request->jresp);
	webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);

	// client did not pass token on URI let's use cookies 
	if ((!request->restfull) && (request->context != NULL)) {
		char cookie[256];
		snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
		MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
	}
	// if requested add an error status
	if (request->errcode != 0)
		ret = MHD_queue_response(connection, request->errcode, webResponse);
	else
		MHD_queue_response(connection, MHD_HTTP_OK, webResponse);

	MHD_destroy_response(webResponse);
	json_object_put(request->jresp);	// decrease reference rqtcount to free the json object
	freeRequest(request);
	return MHD_YES;

 ExitOnError:
	freeRequest(request);
	serialized = json_object_to_json_string(errMessage);
	webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
	MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse);
	MHD_destroy_response(webResponse);
	json_object_put(errMessage);	// decrease reference rqtcount to free the json object
	return MHD_YES;
}




















static int doRestApiGet(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
{
	AFB_error status;
	struct MHD_Response *webResponse;
	const char *serialized;
	AFB_request *request = NULL;
	int ret;

	// fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);

	// if post data may come in multiple calls
	// this is a get we only need a request
	request = createRequest(connection, session, url);

	// Request is ready let's call API without any extra handle
	status = findAndCallApi(request, NULL);

	serialized = json_object_to_json_string(request->jresp);
	webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);

	// client did not pass token on URI let's use cookies 
	if ((!request->restfull) && (request->context != NULL)) {
		char cookie[256];
		snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
		MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
	}
	// if requested add an error status
	if (request->errcode != 0)
		ret = MHD_queue_response(connection, request->errcode, webResponse);
	else
		MHD_queue_response(connection, MHD_HTTP_OK, webResponse);

	MHD_destroy_response(webResponse);
	json_object_put(request->jresp);	// decrease reference rqtcount to free the json object
	freeRequest(request);
	return MHD_YES;
}

int doRestApi(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
{
	int rc;

	if (afbJsonType == NULL)
		afbJsonType = json_object_new_string (AFB_MSG_JTYPE);

	if (0 == strcmp(method, MHD_HTTP_METHOD_POST)) {
		rc = doRestApiPost(connection, session, url, method, upload_data, upload_data_size, con_cls);
	} else {
		rc = doRestApiGet(connection, session, url, method, upload_data, upload_data_size, con_cls);
	}
	return rc;
}