From 5d260fd68da6937514328d712671aea77d3da4f0 Mon Sep 17 00:00:00 2001 From: Relintai Date: Thu, 21 Jul 2022 23:25:04 +0200 Subject: [PATCH] Cleanups to WebServerRequest. --- .../user_session_setup_middleware.cpp | 803 +----------------- .../user_session_setup_middleware.h | 134 +-- modules/web/http/csrf_token.cpp | 4 +- modules/web/http/http_session_manager.cpp | 4 +- modules/web/http/web_permission.cpp | 4 +- modules/web/http/web_server.cpp | 4 +- modules/web/http/web_server_request.cpp | 84 +- modules/web/http/web_server_request.h | 22 +- 8 files changed, 75 insertions(+), 984 deletions(-) diff --git a/modules/users/middleware/user_session_setup_middleware.cpp b/modules/users/middleware/user_session_setup_middleware.cpp index ef4e667cb..7aaee637f 100644 --- a/modules/users/middleware/user_session_setup_middleware.cpp +++ b/modules/users/middleware/user_session_setup_middleware.cpp @@ -1,803 +1,12 @@ #include "user_session_setup_middleware.h" -#include "web/html/form_validator.h" -#include "web/html/html_builder.h" -#include "web/http/cookie.h" -#include "web/http/http_session.h" -#include "web/http/request.h" -#include "web/http/session_manager.h" -#include "web/http/web_permission.h" - -#include "database/database.h" -#include "database/database_manager.h" -#include "database/query_builder.h" -#include "database/query_result.h" -#include "database/table_builder.h" - -#include "crypto/hash/sha256.h" - -void UserController::handle_request_main(Request *request) { - if (_web_permission.is_valid()) { - if (_web_permission->activate(request)) { - return; - } - } - - if (request->session.is_valid()) { - Ref u = request->reference_data["user"]; - - if (u.is_valid()) { - handle_request(u, request); - - return; - } - } - - const String &segment = request->get_current_path_segment(); - - if (segment == "") { - handle_login_request_default(request); - - return; - } else if (segment == "login") { - handle_login_request_default(request); - - return; - } else if (segment == "register") { - handle_register_request_default(request); - - return; - } - - handle_login_request_default(request); -} - -void UserController::handle_login_request_default(Request *request) { - LoginRequestData data; - - if (request->get_method() == HTTP_METHOD_POST) { - // this is probbaly not needed - // it's ok for now as I need to test the validators more - Vector errors; - _login_validator->validate(request, &errors); - for (int i = 0; i < errors.size(); ++i) { - data.error_str += errors[i] + "
"; - } - // not needed end - - data.uname_val = request->get_parameter("username"); - data.pass_val = request->get_parameter("password"); - - Ref user = db_get_user(data.uname_val); - - if (user.is_valid()) { - if (!check_password(user, data.pass_val)) { - data.error_str += "Invalid username or password!"; - } else { - Ref session = request->get_or_create_session(); - - session->add("user_id", user->id); - SessionManager::get_singleton()->save_session(session); - - ::Cookie c = ::Cookie("session_id", session->session_id); - c.path = "/"; - - request->add_cookie(c); - - render_login_success(request); - - return; - } - } else { - data.error_str += "Invalid username or password!"; - } - } - - render_login_request_default(request, &data); -} - -void UserController::render_login_request_default(Request *request, LoginRequestData *data) { - HTMLBuilder b; - - b.w("Login"); - b.br(); - - { - if (data->error_str.size() != 0) { - b.div()->cls("error"); - - b.w(data->error_str); - - b.cdiv(); - } - } - - b.div()->cls("login"); - { - // todo href path helper - b.form()->method("POST")->href("/user/login"); - { - b.csrf_token(request); - - b.w("Username"); - b.br(); - b.input()->type("text")->name("username")->value(data->uname_val); - b.cinput(); - b.br(); - - b.w("Password"); - b.br(); - b.input()->type("password")->name("password"); - b.cinput(); - b.br(); - - b.input()->type("submit")->value("Send"); - b.cinput(); - } - b.cform(); - } - b.cdiv(); - - request->body += b.result; - - request->compile_and_send_body(); -} - -void UserController::handle_register_request_default(Request *request) { - RegisterRequestData data; - - if (request->get_method() == HTTP_METHOD_POST) { - Vector errors; - - _registration_validator->validate(request, &errors); - - for (int i = 0; i < errors.size(); ++i) { - data.error_str += errors[i] + "
"; - } - - data.uname_val = request->get_parameter("username"); - data.email_val = request->get_parameter("email"); - data.pass_val = request->get_parameter("password"); - data.pass_check_val = request->get_parameter("password_check"); - - // todo username length etc check - // todo pw length etc check - - if (is_username_taken(data.uname_val)) { - data.error_str += "Username already taken!
"; - } - - if (is_email_taken(data.email_val)) { - data.error_str += "Email already in use!
"; - } - - if (data.pass_val != data.pass_check_val) { - data.error_str += "The passwords did not match!
"; - } - - if (data.error_str.size() == 0) { - Ref user; - user = create_user(); - - user->name_user_input = data.uname_val; - user->email_user_input = data.email_val; - - create_password(user, data.pass_val); - db_save_user(user); - - render_register_success(request); - return; - } - } - - render_register_request_default(request, &data); -} - -void UserController::render_register_success(Request *request) { - HTMLBuilder b; - - b.div()->cls("success"); - { - b.w("Registration successful! You can now log in!"); - b.br(); - b.a()->href("/user/login"); - b.w(">> Login <<"); - b.ca(); - } - b.cdiv(); - - request->body += b.result; - - request->compile_and_send_body(); -} - -void UserController::render_register_request_default(Request *request, RegisterRequestData *data) { - HTMLBuilder b; - - b.w("Registration"); - b.br(); - - { - if (data->error_str.size() != 0) { - b.div()->cls("error"); - - b.w(data->error_str); - - b.cdiv(); - } - } - - b.div()->cls("register"); - { - // todo href path helper - b.form()->method("POST")->href("/user/register"); - { - b.csrf_token(request); - - b.w("Username"); - b.br(); - b.input()->type("text")->name("username")->value(data->uname_val); - b.cinput(); - b.br(); - - b.w("Email"); - b.br(); - b.input()->type("email")->name("email")->value(data->email_val); - b.cinput(); - b.br(); - - b.w("Password"); - b.br(); - b.input()->type("password")->name("password"); - b.cinput(); - b.br(); - - b.w("Password again"); - b.br(); - b.input()->type("password")->name("password_check"); - b.cinput(); - b.br(); - - b.input()->type("submit")->value("Register"); - b.cinput(); - } - b.cform(); - } - b.cdiv(); - - request->body += b.result; - - request->compile_and_send_body(); -} - -void UserController::render_already_logged_in_error(Request *request) { - request->body += "You are already logged in."; - - request->compile_and_send_body(); -} - -void UserController::render_login_success(Request *request) { - request->body = "Login Success!
"; - - // request->compile_and_send_body(); - request->send_redirect("/user/settings"); -} - -void UserController::handle_request(Ref &user, Request *request) { - const String &segment = request->get_current_path_segment(); - - if (segment == "") { - handle_main_page_request(user, request); - } else if (segment == "settings") { - handle_settings_request(user, request); - } else if (segment == "password_reset") { - handle_password_reset_request(user, request); - } else if (segment == "logout") { - handle_logout_request(user, request); - } else if (segment == "delete") { - handle_delete_request(user, request); - } else if (segment == "login") { - render_already_logged_in_error(request); - } else if (segment == "register") { - render_already_logged_in_error(request); - } else { - request->send_error(404); - } -} - -void UserController::handle_main_page_request(Ref &user, Request *request) { - request->body += "handle_main_page_request"; - - request->compile_and_send_body(); -} - -void UserController::handle_settings_request(Ref &user, Request *request) { - SettingsRequestData data; - - if (request->get_method() == HTTP_METHOD_POST) { - data.uname_val = request->get_parameter("username"); - data.email_val = request->get_parameter("email"); - data.pass_val = request->get_parameter("password"); - data.pass_check_val = request->get_parameter("password_check"); - - bool changed = false; - - Vector errors; - - bool valid = _profile_validator->validate(request, &errors); - - for (int i = 0; i < errors.size(); ++i) { - data.error_str += errors[i] + "
"; - } - - if (valid) { - if (data.uname_val == user->name_user_input) { - data.uname_val = ""; - } - - if (data.email_val == user->email_user_input) { - data.email_val = ""; - } - - if (data.uname_val != "") { - if (is_username_taken(data.uname_val)) { - data.error_str += "Username already taken!
"; - } else { - // todo sanitize for html special chars! - user->name_user_input = data.uname_val; - changed = true; - data.uname_val = ""; - } - } - - if (data.email_val != "") { - if (is_email_taken(data.email_val)) { - data.error_str += "Email already in use!
"; - } else { - // todo sanitize for html special chars! - // also send email - user->email_user_input = data.email_val; - changed = true; - data.email_val = ""; - } - } - - if (data.pass_val != "") { - if (data.pass_val != data.pass_check_val) { - data.error_str += "The passwords did not match!
"; - } else { - create_password(user, data.pass_val); - - changed = true; - } - } - - if (changed) { - db_save_user(user); - } - } - } - - render_settings_request(user, request, &data); -} - -void UserController::render_settings_request(Ref &user, Request *request, SettingsRequestData *data) { - HTMLBuilder b; - - b.w("Settings"); - b.br(); - - { - if (data->error_str.size() != 0) { - b.div()->cls("error"); - - b.w(data->error_str); - - b.cdiv(); - } - } - - b.div()->cls("settings"); - { - // todo href path helper - b.form()->method("POST")->href("/user/settings"); - { - b.csrf_token(request); - - b.w("Username"); - b.br(); - b.input()->type("text")->name("username")->placeholder(user->name_user_input)->value(data->uname_val); - b.cinput(); - b.br(); - - b.w("Email"); - b.br(); - b.input()->type("email")->name("email")->placeholder(user->email_user_input)->value(data->email_val); - b.cinput(); - b.br(); - - b.w("Password"); - b.br(); - b.input()->type("password")->placeholder("*******")->name("password"); - b.cinput(); - b.br(); - - b.w("Password again"); - b.br(); - b.input()->type("password")->placeholder("*******")->name("password_check"); - b.cinput(); - b.br(); - - b.input()->type("submit")->value("Save"); - b.cinput(); - } - b.cform(); - } - b.cdiv(); - - request->body += b.result; - - request->compile_and_send_body(); -} - -void UserController::handle_password_reset_request(Ref &user, Request *request) { - request->body += "handle_password_reset_request"; - - request->compile_and_send_body(); -} - -void UserController::handle_logout_request(Ref &user, Request *request) { - request->remove_cookie("session_id"); - - db_save_user(user); - - SessionManager::get_singleton()->delete_session(request->session->session_id); - request->session = nullptr; - - HTMLBuilder b; - b.w("Logout successful!"); - request->body += b.result; - - request->compile_and_send_body(); -} - -void UserController::handle_delete_request(Ref &user, Request *request) { - request->body += "handle_delete_request"; - - request->compile_and_send_body(); -} - -void UserController::create_validators() { - if (!_login_validator) { - // Login - _login_validator = new FormValidator(); - - _login_validator->new_field("username", "Username")->need_to_exist()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20); - FormField *pw = _login_validator->new_field("password", "Password"); - pw->need_to_exist(); - pw->need_to_have_lowercase_character()->need_to_have_uppercase_character(); - pw->need_minimum_length(5); - } - - if (!_registration_validator) { - // Registration - _registration_validator = new FormValidator(); - - _registration_validator->new_field("username", "Username")->need_to_exist()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20); - _registration_validator->new_field("email", "Email")->need_to_exist()->need_to_be_email(); - - FormField *pw = _registration_validator->new_field("password", "Password"); - pw->need_to_exist(); - pw->need_to_have_lowercase_character()->need_to_have_uppercase_character(); - pw->need_minimum_length(5); - - _registration_validator->new_field("password_check", "Password check")->need_to_match("password"); - - _registration_validator->new_field("email", "Email")->need_to_exist()->need_to_be_email(); - } - - if (!_profile_validator) { - _profile_validator = new FormValidator(); - - _profile_validator->new_field("username", "Username")->ignore_if_not_exists()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20); - _profile_validator->new_field("email", "Email")->ignore_if_not_exists()->need_to_be_email(); - - FormField *pw = _profile_validator->new_field("password", "Password"); - pw->ignore_if_not_exists(); - pw->need_to_have_lowercase_character()->need_to_have_uppercase_character(); - pw->need_minimum_length(5); - - _profile_validator->new_field("password_check", "Password check")->ignore_if_other_field_not_exists("password")->need_to_match("password"); - } -} - -Ref UserController::db_get_user(const int id) { - if (id == 0) { - return Ref(); - } - - Ref b = get_query_builder(); - - b->select("username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked"); - b->from(_table_name); - - b->where()->wp("id", id); - - b->end_command(); - - Ref r = b->run(); - - if (!r->next_row()) { - return Ref(); - } - - Ref user; - user = create_user(); - - user->id = id; - user->name_user_input = r->get_cell(0); - user->email_user_input = r->get_cell(1); - user->rank = r->get_cell_int(2); - user->pre_salt = r->get_cell(3); - user->post_salt = r->get_cell(4); - user->password_hash = r->get_cell(5); - user->banned = r->get_cell_bool(6); - user->password_reset_token = r->get_cell(7); - user->locked = r->get_cell_bool(8); - - return user; -} - -Ref UserController::db_get_user(const String &user_name_input) { - if (user_name_input == "") { - return Ref(); - } - - Ref b = get_query_builder(); - - b->select("id, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked"); - b->from(_table_name); - b->where()->wp("username", user_name_input); - b->end_command(); - - Ref r = b->run(); - - if (!r->next_row()) { - return Ref(); - } - - Ref user; - user = create_user(); - - user->id = r->get_cell_int(0); - user->name_user_input = user_name_input; - user->email_user_input = r->get_cell(1); - user->rank = r->get_cell_int(2); - user->pre_salt = r->get_cell(3); - user->post_salt = r->get_cell(4); - user->password_hash = r->get_cell(5); - user->banned = r->get_cell_bool(6); - user->password_reset_token = r->get_cell(7); - user->locked = r->get_cell_bool(8); - - return user; -} - -void UserController::db_save_user(Ref &user) { - Ref b = get_query_builder(); - - if (user->id == 0) { - b->insert(_table_name, "username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked"); - - b->values(); - b->val(user->name_user_input); - b->val(user->email_user_input); - b->val(user->rank); - b->val(user->pre_salt); - b->val(user->post_salt); - b->val(user->password_hash); - b->val(user->banned); - b->val(user->password_reset_token); - b->val(user->locked); - b->cvalues(); - - b->end_command(); - b->select_last_insert_id(); - - Ref r = b->run(); - - user->id = r->get_last_insert_rowid(); - } else { - b->update(_table_name); - b->set(); - b->setp("username", user->name_user_input); - b->setp("email", user->email_user_input); - b->setp("rank", user->rank); - b->setp("pre_salt", user->pre_salt); - b->setp("post_salt", user->post_salt); - b->setp("password_hash", user->password_hash); - b->setp("banned", user->banned); - b->setp("password_reset_token", user->password_reset_token); - b->setp("locked", user->locked); - b->cset(); - b->where()->wp("id", user->id); - - // b->print(); - - b->run_query(); - } -} - -Vector> UserController::db_get_all() { - Ref b = get_query_builder(); - - b->select("id, username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked"); - b->from(_table_name); - b->end_command(); - // b->print(); - - Vector> users; - - Ref r = b->run(); - - while (r->next_row()) { - Ref user = create_user(); - - user->id = r->get_cell_int(0); - user->name_user_input = r->get_cell(1); - user->email_user_input = r->get_cell(2); - user->rank = r->get_cell_int(3); - user->pre_salt = r->get_cell(4); - user->post_salt = r->get_cell(5); - user->password_hash = r->get_cell(6); - user->banned = r->get_cell_bool(7); - user->password_reset_token = r->get_cell(8); - user->locked = r->get_cell_bool(9); - - users.push_back(user); - } - - return users; -} - -Ref UserController::create_user() { - Ref u; - u.instance(); - - return u; -} - -bool UserController::is_username_taken(const String &user_name_input) { - Ref b = get_query_builder(); - - b->select("id")->from(_table_name)->where("username")->like(user_name_input)->end_command(); - - Ref r = b->run(); - - return r->next_row(); -} -bool UserController::is_email_taken(const String &email_input) { - Ref b = get_query_builder(); - - b->select("id")->from(_table_name)->where("username")->like(email_input)->end_command(); - - Ref r = b->run(); - - return r->next_row(); -} - -bool UserController::check_password(const Ref &user, const String &p_password) { - return hash_password(user, p_password) == user->password_hash; -} - -void UserController::create_password(Ref &user, const String &p_password) { - if (!user.is_valid()) { - printf("Error UserController::create_password !user.is_valid()!\n"); - return; - } - - // todo improve a bit - user->pre_salt = hash_password(user, user->name_user_input + user->email_user_input); - user->post_salt = hash_password(user, user->email_user_input + user->name_user_input); - - user->password_hash = hash_password(user, p_password); -} - -String UserController::hash_password(const Ref &user, const String &p_password) { - if (!user.is_valid()) { - printf("Error UserController::hash_password !user.is_valid()!\n"); - return ""; - } - - Ref s = SHA256::get(); - - String p = user->pre_salt + p_password + user->post_salt; - - String c = s->compute(p); - - return c; -} - -void UserController::create_table() { - Ref tb = get_table_builder(); - - tb->create_table(_table_name); - tb->integer("id")->auto_increment()->next_row(); - tb->varchar("username", 60)->not_null()->next_row(); - tb->varchar("email", 100)->not_null()->next_row(); - tb->integer("rank")->not_null()->next_row(); - tb->varchar("pre_salt", 100)->next_row(); - tb->varchar("post_salt", 100)->next_row(); - tb->varchar("password_hash", 100)->next_row(); - tb->integer("banned")->next_row(); - tb->varchar("password_reset_token", 100)->next_row(); - tb->integer("locked")->next_row(); - tb->primary_key("id"); - tb->ccreate_table(); - tb->run_query(); - // tb->print(); -} -void UserController::drop_table() { - Ref tb = get_table_builder(); - - tb->drop_table_if_exists(_table_name)->run_query(); -} - -void UserController::create_default_entries() { - Ref user; - user = create_user(); - - user->rank = 3; - user->name_user_input = "admin"; - user->email_user_input = "admin@admin.com"; - - create_password(user, "Password"); - db_save_user(user); - - user = create_user(); - - user->rank = 1; - user->name_user_input = "user"; - user->email_user_input = "user@user.com"; - - create_password(user, "Password"); - db_save_user(user); -} - -UserController *UserController::get_singleton() { - return _self; -} - -UserController::UserController() : - WebNode() { - if (_self) { - printf("UserController::UserController(): Error! self is not null!/n"); - } - - _self = this; - - create_validators(); -} - -UserController::~UserController() { - if (_self == this) { - _self = nullptr; - } -} - -UserController *UserController::_self = nullptr; - -FormValidator *UserController::_login_validator = nullptr; -FormValidator *UserController::_registration_validator = nullptr; -FormValidator *UserController::_profile_validator = nullptr; - -String UserController::_path = "./"; -String UserController::_table_name = "users"; +#include "modules/web/http/http_session.h" +#include "modules/web/http/web_server_request.h" // returnring true means handled, false means continue -bool UserSessionSetupMiddleware::on_before_handle_request_main(Request *request) { - if (request->session.is_valid()) { - int user_id = request->session->get_int("user_id"); +bool UserSessionSetupMiddleware::on_before_handle_request_main(Ref request) { + if (request->get_session().is_valid()) { + int user_id = request->get_session()->get_int("user_id"); if (user_id != 0) { Ref u = UserController::get_singleton()->db_get_user(user_id); @@ -806,7 +15,7 @@ bool UserSessionSetupMiddleware::on_before_handle_request_main(Request *request) request->reference_data["user"] = u; } else { // log - request->session->remove("user_id"); + request->get_session()->remove("user_id"); } } } diff --git a/modules/users/middleware/user_session_setup_middleware.h b/modules/users/middleware/user_session_setup_middleware.h index f421c0a00..0614c8d1a 100644 --- a/modules/users/middleware/user_session_setup_middleware.h +++ b/modules/users/middleware/user_session_setup_middleware.h @@ -1,134 +1,18 @@ -#ifndef USER_CONTROLLER_H -#define USER_CONTROLLER_H +#ifndef USER_SESSION_SETUP_MIDDLEWARE_H +#define USER_SESSION_SETUP_MIDDLEWARE_H -#include "core/containers/vector.h" -#include "core/string.h" +#include "core/reference.h" +#include "core/ustring.h" -#include "web/http/web_node.h" - -#include "user.h" -#include "web/http/middleware.h" - -class Request; -class FormValidator; - -//TODO -// Break this up into multiple small webnodes (per page) -// that would make this a lot more customizable -// Only User management, save, load etc should be kept here -// and this node should be expected to be autoloaded. -// It should keep get_singleton() and c++ stuff that deal with users should expect it's presence -// they should use err macros to not crash the app though -// Rename this UserManager -// Also users are useful for not just web stuff, so don't rename them -// Make this inherit from Node instead, only inherit the web user handling from webnodes. -// Also for other webnodes that have admin functionality, break those into separate nodes. It's a lot safer, -// and I think they will work better in this setting like this. - -//Add a UserLevelWebPermission WebPermission. It should read a new projectsettings entry, and use it as an enum, that -// can be manipulated form the inspector. - -// The RBAC system can probably be removed, as WebPermissions + the editor is a lot more powerful. - -//Note move this with the user controller to it's own module. - -class UserController : public WebNode { - RCPP_OBJECT(UserController, WebNode); - -public: - void handle_request_main(Request *request); - - struct LoginRequestData { - String error_str; - String uname_val; - String pass_val; - }; - - virtual void handle_login_request_default(Request *request); - virtual void render_login_request_default(Request *request, LoginRequestData *data); - - struct RegisterRequestData { - String error_str; - String uname_val; - String email_val; - String pass_val; - String pass_check_val; - }; - - virtual void handle_register_request_default(Request *request); - virtual void render_register_request_default(Request *request, RegisterRequestData *data); - virtual void render_register_success(Request *request); - - virtual void render_already_logged_in_error(Request *request); - virtual void render_login_success(Request *request); - - virtual void handle_request(Ref &user, Request *request); - virtual void handle_main_page_request(Ref &user, Request *request); - - struct SettingsRequestData { - String error_str; - - String uname_val; - String email_val; - String pass_val; - String pass_check_val; - }; - - virtual void handle_settings_request(Ref &user, Request *request); - virtual void render_settings_request(Ref &user, Request *request, SettingsRequestData *data); - - virtual void handle_password_reset_request(Ref &user, Request *request); - virtual void handle_logout_request(Ref &user, Request *request); - virtual void handle_delete_request(Ref &user, Request *request); - - virtual void create_validators(); - - // db - - virtual Ref db_get_user(const int id); - virtual Ref db_get_user(const String &user_name_input); - virtual void db_save_user(Ref &user); - - virtual Vector> db_get_all(); - - virtual Ref create_user(); - - bool is_username_taken(const String &user_name_input); - bool is_email_taken(const String &email_input); - - virtual bool check_password(const Ref &user, const String &p_password); - virtual void create_password(Ref &user, const String &p_password); - virtual String hash_password(const Ref &user, const String &p_password); - - virtual void create_table(); - virtual void drop_table(); - virtual void create_default_entries(); - - static UserController *get_singleton(); - - UserController(); - ~UserController(); - -protected: - static UserController *_self; - - static FormValidator *_login_validator; - static FormValidator *_registration_validator; - static FormValidator *_profile_validator; - - String _file_path; - - static String _path; - static String _table_name; -}; +#include "modules/web/http/web_server_middleware.h" // just session setup -class UserSessionSetupMiddleware : public Middleware { - RCPP_OBJECT(UserSessionSetupMiddleware, Middleware); +class UserSessionSetupMiddleware : public WebServerMiddleware { + GDCLASS(UserSessionSetupMiddleware, WebServerMiddleware); public: - //returnring true means handled, false means continue - bool on_before_handle_request_main(Request *request); + //returning true means handled, false means continue + bool on_before_handle_request_main(Ref request); UserSessionSetupMiddleware(); ~UserSessionSetupMiddleware(); diff --git a/modules/web/http/csrf_token.cpp b/modules/web/http/csrf_token.cpp index aa49a5f59..135958077 100644 --- a/modules/web/http/csrf_token.cpp +++ b/modules/web/http/csrf_token.cpp @@ -23,7 +23,7 @@ bool CSRFTokenWebServerMiddleware::_on_before_handle_request_main(Refsession.is_valid()) { + if (!request->get_session().is_valid()) { request->send_error(HTTPServerEnums::HTTP_STATUS_CODE_401_UNAUTHORIZED); return true; } @@ -40,7 +40,7 @@ bool CSRFTokenWebServerMiddleware::_on_before_handle_request_main(Refsession.is_valid()) { + if (!request->get_session().is_valid()) { return false; } diff --git a/modules/web/http/http_session_manager.cpp b/modules/web/http/http_session_manager.cpp index 4bfc2b31c..03e93dc36 100644 --- a/modules/web/http/http_session_manager.cpp +++ b/modules/web/http/http_session_manager.cpp @@ -301,9 +301,9 @@ bool SessionSetupWebServerMiddleware::_on_before_handle_request_main(Refserver->get_session_manager(); + HTTPSessionManager *sm = request->get_server()->get_session_manager(); ERR_FAIL_COND_V(!sm, false); - request->session = sm->get_session(sid); + request->set_session(sm->get_session(sid)); return false; } diff --git a/modules/web/http/web_permission.cpp b/modules/web/http/web_permission.cpp index bc42d05c5..6612eabce 100644 --- a/modules/web/http/web_permission.cpp +++ b/modules/web/http/web_permission.cpp @@ -15,8 +15,8 @@ void WebPermission::handle_view_permission_missing(const Ref & } bool WebPermission::_activate(Ref request) { - request->active_permission.reference_ptr(this); - request->permissions = get_permissions(request); + request->set_active_permission(Ref(this)); + request->set_permissions(get_permissions(request)); if (!request->can_view()) { handle_view_permission_missing(request); diff --git a/modules/web/http/web_server.cpp b/modules/web/http/web_server.cpp index 5e64442a2..0b2f2a955 100644 --- a/modules/web/http/web_server.cpp +++ b/modules/web/http/web_server.cpp @@ -29,8 +29,8 @@ Node *WebServer::get_session_manager_bind() { void WebServer::server_handle_request(Ref request) { ERR_FAIL_COND(!_web_root); - request->server = this; - request->web_root = _web_root; + request->_set_server(this); + request->_set_web_root(_web_root); _rw_lock.read_lock(); _web_root->handle_request_main(request); diff --git a/modules/web/http/web_server_request.cpp b/modules/web/http/web_server_request.cpp index 44e85dda7..29962167a 100644 --- a/modules/web/http/web_server_request.cpp +++ b/modules/web/http/web_server_request.cpp @@ -41,94 +41,87 @@ void WebServerRequest::set_compiled_body(const String &val) { } bool WebServerRequest::get_connection_closed() { - return connection_closed; + return _connection_closed; } void WebServerRequest::set_connection_closed(const bool &val) { - connection_closed = val; + _connection_closed = val; } Ref WebServerRequest::get_session() { - return session; + return _session; } void WebServerRequest::set_session(const Ref &val) { - session = val; -} - -Dictionary WebServerRequest::get_data() { - return data; -} -void WebServerRequest::set_data(const Dictionary &val) { - data = val; + _session = val; } Ref WebServerRequest::get_active_permission() { - return active_permission; + return _active_permission; } void WebServerRequest::set_active_permission(const Ref &val) { - active_permission = val; + _active_permission = val; } int WebServerRequest::get_permissions() { - return permissions; + return _permissions; } void WebServerRequest::set_permissions(const int &val) { - permissions = val; + _permissions = val; } Ref WebServerRequest::get_or_create_session() { - if (session.is_valid()) { - return session; + if (_session.is_valid()) { + return _session; } - HTTPSessionManager *sm = server->get_session_manager(); + HTTPSessionManager *sm = _server->get_session_manager(); - ERR_FAIL_COND_V(!sm, session); + ERR_FAIL_COND_V(!sm, _session); - session = sm->create_session(); + _session = sm->create_session(); - return session; + return _session; } bool WebServerRequest::can_view() const { - return (permissions & WebPermission::WEB_PERMISSION_VIEW) != 0; + return (_permissions & WebPermission::WEB_PERMISSION_VIEW) != 0; } bool WebServerRequest::can_create() const { - return (permissions & WebPermission::WEB_PERMISSION_CREATE) != 0; + return (_permissions & WebPermission::WEB_PERMISSION_CREATE) != 0; } bool WebServerRequest::can_edit() const { - return (permissions & WebPermission::WEB_PERMISSION_EDIT) != 0; + return (_permissions & WebPermission::WEB_PERMISSION_EDIT) != 0; } bool WebServerRequest::can_delete() const { - return (permissions & WebPermission::WEB_PERMISSION_DELETE) != 0; + return (_permissions & WebPermission::WEB_PERMISSION_DELETE) != 0; } bool WebServerRequest::has_csrf_token() { - if (!session.is_valid()) { + if (!_session.is_valid()) { return false; } - return session->has("csrf_token"); + return _session->has("csrf_token"); } String WebServerRequest::get_csrf_token() { - if (!session.is_valid()) { + if (!_session.is_valid()) { return ""; } - const Variant &val = session->get_const("csrf_token"); + const Variant &val = _session->get_const("csrf_token"); return val; } void WebServerRequest::set_csrf_token(const String &value) { - if (session.is_valid()) { - session->add("csrf_token", value); + if (_session.is_valid()) { + _session->add("csrf_token", value); - HTTPSessionManager *sm = server->get_session_manager(); + HTTPSessionManager *sm = _server->get_session_manager(); ERR_FAIL_COND(!sm); - sm->save_session(session); + sm->save_session(_session); } } @@ -267,7 +260,7 @@ void WebServerRequest::send_file(const String &p_file_path) { } void WebServerRequest::send_error(int error_code) { - server->get_web_root()->handle_error_send_request(this, error_code); + _server->get_web_root()->handle_error_send_request(this, error_code); } String WebServerRequest::parser_get_path() { @@ -443,11 +436,11 @@ void WebServerRequest::update() { } WebServer *WebServerRequest::get_server() { - return server; + return _server; } WebNode *WebServerRequest::get_web_root() { - return web_root; + return _web_root; } WebServerRequest::WebServerRequest() { @@ -455,11 +448,11 @@ WebServerRequest::WebServerRequest() { //server = nullptr; //_path_stack.clear(); _path_stack_pointer = 0; - connection_closed = false; + _connection_closed = false; //_full_path = ""; _status_code = HTTPServerEnums::HTTP_STATUS_CODE_200_OK; // Maybe set NONE or only VIEW as default? - permissions = WebPermission::WEB_PERMISSION_ALL; + _permissions = WebPermission::WEB_PERMISSION_ALL; //active_permission.unref(); //head.clear(); @@ -468,13 +461,20 @@ WebServerRequest::WebServerRequest() { //compiled_body.clear(); //data.clear(); - server = nullptr; - web_root = nullptr; + _server = nullptr; + _web_root = nullptr; } WebServerRequest::~WebServerRequest() { } +void WebServerRequest::_set_server(WebServer *v) { + _server = v; +} +void WebServerRequest::_set_web_root(WebNode *v) { + _web_root = v; +} + void WebServerRequest::_bind_methods() { ClassDB::bind_method(D_METHOD("get_head"), &WebServerRequest::get_head); ClassDB::bind_method(D_METHOD("set_head", "val"), &WebServerRequest::set_head); @@ -500,10 +500,6 @@ void WebServerRequest::_bind_methods() { ClassDB::bind_method(D_METHOD("set_session", "val"), &WebServerRequest::set_session); ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "session", PROPERTY_HINT_RESOURCE_TYPE, "HTTPSession"), "set_session", "get_session"); - ClassDB::bind_method(D_METHOD("get_data"), &WebServerRequest::get_data); - ClassDB::bind_method(D_METHOD("set_data", "val"), &WebServerRequest::set_data); - ADD_PROPERTY(PropertyInfo(Variant::DICTIONARY, "data"), "set_data", "get_data"); - ClassDB::bind_method(D_METHOD("get_active_permission"), &WebServerRequest::get_active_permission); ClassDB::bind_method(D_METHOD("set_active_permission", "val"), &WebServerRequest::set_active_permission); ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "active_permission", PROPERTY_HINT_RESOURCE_TYPE, "WebPermission"), "set_active_permission", "get_active_permission"); diff --git a/modules/web/http/web_server_request.h b/modules/web/http/web_server_request.h index 41acb011b..a3e37a3fa 100644 --- a/modules/web/http/web_server_request.h +++ b/modules/web/http/web_server_request.h @@ -120,21 +120,13 @@ public: WebServerRequest(); ~WebServerRequest(); - WebServer *server; - WebNode *web_root; - String head; String body; String footer; String compiled_body; - bool connection_closed; - - Ref session; - Dictionary data; - - Ref active_permission; - int permissions; + void _set_server(WebServer *v); + void _set_web_root(WebNode *v); protected: static void _bind_methods(); @@ -144,6 +136,16 @@ protected: Vector _path_stack; int _path_stack_pointer; Vector> _cookies; + + Ref _active_permission; + int _permissions; + + Ref _session; + + bool _connection_closed; + + WebServer *_server; + WebNode *_web_root; }; #endif