Mercurial > sci
comparison scid/http.c @ 50:b474f0985e39
scictl: add API key support
author | David Demelier <markand@malikania.fr> |
---|---|
date | Wed, 17 Aug 2022 09:11:58 +0200 |
parents | e8f24896b484 |
children | 7a4112eec15b |
comparison
equal
deleted
inserted
replaced
49:9d8df0c1db63 | 50:b474f0985e39 |
---|---|
50 }; | 50 }; |
51 | 51 |
52 static int | 52 static int |
53 allowed(const struct kreq *req) | 53 allowed(const struct kreq *req) |
54 { | 54 { |
55 for (size_t i = 0; i < req->reqsz; ++i) | 55 for (size_t i = 0; i < req->reqsz; ++i) { |
56 if (strcmp(req->reqs[i].key, "X-Api-Key") == 0 && | 56 if (strcmp(req->reqs[i].key, "X-Api-Key") == 0 && |
57 strcmp(req->reqs[i].val, scid.apikey) == 0) | 57 strcmp(req->reqs[i].val, scid.apikey) == 0) |
58 return 1; | 58 return 1; |
59 } | |
59 | 60 |
60 return 0; | 61 return 0; |
61 } | 62 } |
62 | 63 |
63 static void | 64 static void |
76 }; | 77 }; |
77 | 78 |
78 /* Any API page requires authentication key. */ | 79 /* Any API page requires authentication key. */ |
79 if (req->method == KMETHOD_POST && !allowed(req)) { | 80 if (req->method == KMETHOD_POST && !allowed(req)) { |
80 log_warn("http: client not allowed"); | 81 log_warn("http: client not allowed"); |
81 pageutil_status(req, KHTTP_401); | 82 pageutil_json(req, KHTTP_401, NULL); |
82 } else { | 83 } else { |
83 for (size_t i = 0; apis[i].prefix; ++i) | 84 for (size_t i = 0; apis[i].prefix; ++i) |
84 if (strncmp(req->path, apis[i].prefix, strlen(apis[i].prefix)) == 0) | 85 if (strncmp(req->path, apis[i].prefix, strlen(apis[i].prefix)) == 0) |
85 return apis[i].handler(req); | 86 return apis[i].handler(req); |
86 | 87 |
87 pageutil_status(req, KHTTP_404); | 88 pageutil_json(req, KHTTP_404, NULL); |
88 } | 89 } |
89 } | 90 } |
90 | 91 |
91 static const char * const pages[] = { | 92 static const char * const pages[] = { |
92 [PAGE_INDEX] = "", | 93 [PAGE_INDEX] = "", |