Cleanups to WebServerRequest.

This commit is contained in:
Relintai 2022-07-21 23:25:04 +02:00
parent 9232d5b5bb
commit 5d260fd68d
8 changed files with 75 additions and 984 deletions

View File

@ -1,803 +1,12 @@
#include "user_session_setup_middleware.h" #include "user_session_setup_middleware.h"
#include "web/html/form_validator.h" #include "modules/web/http/http_session.h"
#include "web/html/html_builder.h" #include "modules/web/http/web_server_request.h"
#include "web/http/cookie.h"
#include "web/http/http_session.h"
#include "web/http/request.h"
#include "web/http/session_manager.h"
#include "web/http/web_permission.h"
#include "database/database.h"
#include "database/database_manager.h"
#include "database/query_builder.h"
#include "database/query_result.h"
#include "database/table_builder.h"
#include "crypto/hash/sha256.h"
void UserController::handle_request_main(Request *request) {
if (_web_permission.is_valid()) {
if (_web_permission->activate(request)) {
return;
}
}
if (request->session.is_valid()) {
Ref<User> u = request->reference_data["user"];
if (u.is_valid()) {
handle_request(u, request);
return;
}
}
const String &segment = request->get_current_path_segment();
if (segment == "") {
handle_login_request_default(request);
return;
} else if (segment == "login") {
handle_login_request_default(request);
return;
} else if (segment == "register") {
handle_register_request_default(request);
return;
}
handle_login_request_default(request);
}
void UserController::handle_login_request_default(Request *request) {
LoginRequestData data;
if (request->get_method() == HTTP_METHOD_POST) {
// this is probbaly not needed
// it's ok for now as I need to test the validators more
Vector<String> errors;
_login_validator->validate(request, &errors);
for (int i = 0; i < errors.size(); ++i) {
data.error_str += errors[i] + "<br>";
}
// not needed end
data.uname_val = request->get_parameter("username");
data.pass_val = request->get_parameter("password");
Ref<User> user = db_get_user(data.uname_val);
if (user.is_valid()) {
if (!check_password(user, data.pass_val)) {
data.error_str += "Invalid username or password!";
} else {
Ref<HTTPSession> session = request->get_or_create_session();
session->add("user_id", user->id);
SessionManager::get_singleton()->save_session(session);
::Cookie c = ::Cookie("session_id", session->session_id);
c.path = "/";
request->add_cookie(c);
render_login_success(request);
return;
}
} else {
data.error_str += "Invalid username or password!";
}
}
render_login_request_default(request, &data);
}
void UserController::render_login_request_default(Request *request, LoginRequestData *data) {
HTMLBuilder b;
b.w("Login");
b.br();
{
if (data->error_str.size() != 0) {
b.div()->cls("error");
b.w(data->error_str);
b.cdiv();
}
}
b.div()->cls("login");
{
// todo href path helper
b.form()->method("POST")->href("/user/login");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->value(data->uname_val);
b.cinput();
b.br();
b.w("Password");
b.br();
b.input()->type("password")->name("password");
b.cinput();
b.br();
b.input()->type("submit")->value("Send");
b.cinput();
}
b.cform();
}
b.cdiv();
request->body += b.result;
request->compile_and_send_body();
}
void UserController::handle_register_request_default(Request *request) {
RegisterRequestData data;
if (request->get_method() == HTTP_METHOD_POST) {
Vector<String> errors;
_registration_validator->validate(request, &errors);
for (int i = 0; i < errors.size(); ++i) {
data.error_str += errors[i] + "<br>";
}
data.uname_val = request->get_parameter("username");
data.email_val = request->get_parameter("email");
data.pass_val = request->get_parameter("password");
data.pass_check_val = request->get_parameter("password_check");
// todo username length etc check
// todo pw length etc check
if (is_username_taken(data.uname_val)) {
data.error_str += "Username already taken!<br>";
}
if (is_email_taken(data.email_val)) {
data.error_str += "Email already in use!<br>";
}
if (data.pass_val != data.pass_check_val) {
data.error_str += "The passwords did not match!<br>";
}
if (data.error_str.size() == 0) {
Ref<User> user;
user = create_user();
user->name_user_input = data.uname_val;
user->email_user_input = data.email_val;
create_password(user, data.pass_val);
db_save_user(user);
render_register_success(request);
return;
}
}
render_register_request_default(request, &data);
}
void UserController::render_register_success(Request *request) {
HTMLBuilder b;
b.div()->cls("success");
{
b.w("Registration successful! You can now log in!");
b.br();
b.a()->href("/user/login");
b.w(">> Login <<");
b.ca();
}
b.cdiv();
request->body += b.result;
request->compile_and_send_body();
}
void UserController::render_register_request_default(Request *request, RegisterRequestData *data) {
HTMLBuilder b;
b.w("Registration");
b.br();
{
if (data->error_str.size() != 0) {
b.div()->cls("error");
b.w(data->error_str);
b.cdiv();
}
}
b.div()->cls("register");
{
// todo href path helper
b.form()->method("POST")->href("/user/register");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->value(data->uname_val);
b.cinput();
b.br();
b.w("Email");
b.br();
b.input()->type("email")->name("email")->value(data->email_val);
b.cinput();
b.br();
b.w("Password");
b.br();
b.input()->type("password")->name("password");
b.cinput();
b.br();
b.w("Password again");
b.br();
b.input()->type("password")->name("password_check");
b.cinput();
b.br();
b.input()->type("submit")->value("Register");
b.cinput();
}
b.cform();
}
b.cdiv();
request->body += b.result;
request->compile_and_send_body();
}
void UserController::render_already_logged_in_error(Request *request) {
request->body += "You are already logged in.";
request->compile_and_send_body();
}
void UserController::render_login_success(Request *request) {
request->body = "Login Success!<br>";
// request->compile_and_send_body();
request->send_redirect("/user/settings");
}
void UserController::handle_request(Ref<User> &user, Request *request) {
const String &segment = request->get_current_path_segment();
if (segment == "") {
handle_main_page_request(user, request);
} else if (segment == "settings") {
handle_settings_request(user, request);
} else if (segment == "password_reset") {
handle_password_reset_request(user, request);
} else if (segment == "logout") {
handle_logout_request(user, request);
} else if (segment == "delete") {
handle_delete_request(user, request);
} else if (segment == "login") {
render_already_logged_in_error(request);
} else if (segment == "register") {
render_already_logged_in_error(request);
} else {
request->send_error(404);
}
}
void UserController::handle_main_page_request(Ref<User> &user, Request *request) {
request->body += "handle_main_page_request";
request->compile_and_send_body();
}
void UserController::handle_settings_request(Ref<User> &user, Request *request) {
SettingsRequestData data;
if (request->get_method() == HTTP_METHOD_POST) {
data.uname_val = request->get_parameter("username");
data.email_val = request->get_parameter("email");
data.pass_val = request->get_parameter("password");
data.pass_check_val = request->get_parameter("password_check");
bool changed = false;
Vector<String> errors;
bool valid = _profile_validator->validate(request, &errors);
for (int i = 0; i < errors.size(); ++i) {
data.error_str += errors[i] + "<br>";
}
if (valid) {
if (data.uname_val == user->name_user_input) {
data.uname_val = "";
}
if (data.email_val == user->email_user_input) {
data.email_val = "";
}
if (data.uname_val != "") {
if (is_username_taken(data.uname_val)) {
data.error_str += "Username already taken!<br>";
} else {
// todo sanitize for html special chars!
user->name_user_input = data.uname_val;
changed = true;
data.uname_val = "";
}
}
if (data.email_val != "") {
if (is_email_taken(data.email_val)) {
data.error_str += "Email already in use!<br>";
} else {
// todo sanitize for html special chars!
// also send email
user->email_user_input = data.email_val;
changed = true;
data.email_val = "";
}
}
if (data.pass_val != "") {
if (data.pass_val != data.pass_check_val) {
data.error_str += "The passwords did not match!<br>";
} else {
create_password(user, data.pass_val);
changed = true;
}
}
if (changed) {
db_save_user(user);
}
}
}
render_settings_request(user, request, &data);
}
void UserController::render_settings_request(Ref<User> &user, Request *request, SettingsRequestData *data) {
HTMLBuilder b;
b.w("Settings");
b.br();
{
if (data->error_str.size() != 0) {
b.div()->cls("error");
b.w(data->error_str);
b.cdiv();
}
}
b.div()->cls("settings");
{
// todo href path helper
b.form()->method("POST")->href("/user/settings");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->placeholder(user->name_user_input)->value(data->uname_val);
b.cinput();
b.br();
b.w("Email");
b.br();
b.input()->type("email")->name("email")->placeholder(user->email_user_input)->value(data->email_val);
b.cinput();
b.br();
b.w("Password");
b.br();
b.input()->type("password")->placeholder("*******")->name("password");
b.cinput();
b.br();
b.w("Password again");
b.br();
b.input()->type("password")->placeholder("*******")->name("password_check");
b.cinput();
b.br();
b.input()->type("submit")->value("Save");
b.cinput();
}
b.cform();
}
b.cdiv();
request->body += b.result;
request->compile_and_send_body();
}
void UserController::handle_password_reset_request(Ref<User> &user, Request *request) {
request->body += "handle_password_reset_request";
request->compile_and_send_body();
}
void UserController::handle_logout_request(Ref<User> &user, Request *request) {
request->remove_cookie("session_id");
db_save_user(user);
SessionManager::get_singleton()->delete_session(request->session->session_id);
request->session = nullptr;
HTMLBuilder b;
b.w("Logout successful!");
request->body += b.result;
request->compile_and_send_body();
}
void UserController::handle_delete_request(Ref<User> &user, Request *request) {
request->body += "handle_delete_request";
request->compile_and_send_body();
}
void UserController::create_validators() {
if (!_login_validator) {
// Login
_login_validator = new FormValidator();
_login_validator->new_field("username", "Username")->need_to_exist()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20);
FormField *pw = _login_validator->new_field("password", "Password");
pw->need_to_exist();
pw->need_to_have_lowercase_character()->need_to_have_uppercase_character();
pw->need_minimum_length(5);
}
if (!_registration_validator) {
// Registration
_registration_validator = new FormValidator();
_registration_validator->new_field("username", "Username")->need_to_exist()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20);
_registration_validator->new_field("email", "Email")->need_to_exist()->need_to_be_email();
FormField *pw = _registration_validator->new_field("password", "Password");
pw->need_to_exist();
pw->need_to_have_lowercase_character()->need_to_have_uppercase_character();
pw->need_minimum_length(5);
_registration_validator->new_field("password_check", "Password check")->need_to_match("password");
_registration_validator->new_field("email", "Email")->need_to_exist()->need_to_be_email();
}
if (!_profile_validator) {
_profile_validator = new FormValidator();
_profile_validator->new_field("username", "Username")->ignore_if_not_exists()->need_to_be_alpha_numeric()->need_minimum_length(5)->need_maximum_length(20);
_profile_validator->new_field("email", "Email")->ignore_if_not_exists()->need_to_be_email();
FormField *pw = _profile_validator->new_field("password", "Password");
pw->ignore_if_not_exists();
pw->need_to_have_lowercase_character()->need_to_have_uppercase_character();
pw->need_minimum_length(5);
_profile_validator->new_field("password_check", "Password check")->ignore_if_other_field_not_exists("password")->need_to_match("password");
}
}
Ref<User> UserController::db_get_user(const int id) {
if (id == 0) {
return Ref<User>();
}
Ref<QueryBuilder> b = get_query_builder();
b->select("username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
b->from(_table_name);
b->where()->wp("id", id);
b->end_command();
Ref<QueryResult> r = b->run();
if (!r->next_row()) {
return Ref<User>();
}
Ref<User> user;
user = create_user();
user->id = id;
user->name_user_input = r->get_cell(0);
user->email_user_input = r->get_cell(1);
user->rank = r->get_cell_int(2);
user->pre_salt = r->get_cell(3);
user->post_salt = r->get_cell(4);
user->password_hash = r->get_cell(5);
user->banned = r->get_cell_bool(6);
user->password_reset_token = r->get_cell(7);
user->locked = r->get_cell_bool(8);
return user;
}
Ref<User> UserController::db_get_user(const String &user_name_input) {
if (user_name_input == "") {
return Ref<User>();
}
Ref<QueryBuilder> b = get_query_builder();
b->select("id, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
b->from(_table_name);
b->where()->wp("username", user_name_input);
b->end_command();
Ref<QueryResult> r = b->run();
if (!r->next_row()) {
return Ref<User>();
}
Ref<User> user;
user = create_user();
user->id = r->get_cell_int(0);
user->name_user_input = user_name_input;
user->email_user_input = r->get_cell(1);
user->rank = r->get_cell_int(2);
user->pre_salt = r->get_cell(3);
user->post_salt = r->get_cell(4);
user->password_hash = r->get_cell(5);
user->banned = r->get_cell_bool(6);
user->password_reset_token = r->get_cell(7);
user->locked = r->get_cell_bool(8);
return user;
}
void UserController::db_save_user(Ref<User> &user) {
Ref<QueryBuilder> b = get_query_builder();
if (user->id == 0) {
b->insert(_table_name, "username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
b->values();
b->val(user->name_user_input);
b->val(user->email_user_input);
b->val(user->rank);
b->val(user->pre_salt);
b->val(user->post_salt);
b->val(user->password_hash);
b->val(user->banned);
b->val(user->password_reset_token);
b->val(user->locked);
b->cvalues();
b->end_command();
b->select_last_insert_id();
Ref<QueryResult> r = b->run();
user->id = r->get_last_insert_rowid();
} else {
b->update(_table_name);
b->set();
b->setp("username", user->name_user_input);
b->setp("email", user->email_user_input);
b->setp("rank", user->rank);
b->setp("pre_salt", user->pre_salt);
b->setp("post_salt", user->post_salt);
b->setp("password_hash", user->password_hash);
b->setp("banned", user->banned);
b->setp("password_reset_token", user->password_reset_token);
b->setp("locked", user->locked);
b->cset();
b->where()->wp("id", user->id);
// b->print();
b->run_query();
}
}
Vector<Ref<User>> UserController::db_get_all() {
Ref<QueryBuilder> b = get_query_builder();
b->select("id, username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
b->from(_table_name);
b->end_command();
// b->print();
Vector<Ref<User>> users;
Ref<QueryResult> r = b->run();
while (r->next_row()) {
Ref<User> user = create_user();
user->id = r->get_cell_int(0);
user->name_user_input = r->get_cell(1);
user->email_user_input = r->get_cell(2);
user->rank = r->get_cell_int(3);
user->pre_salt = r->get_cell(4);
user->post_salt = r->get_cell(5);
user->password_hash = r->get_cell(6);
user->banned = r->get_cell_bool(7);
user->password_reset_token = r->get_cell(8);
user->locked = r->get_cell_bool(9);
users.push_back(user);
}
return users;
}
Ref<User> UserController::create_user() {
Ref<User> u;
u.instance();
return u;
}
bool UserController::is_username_taken(const String &user_name_input) {
Ref<QueryBuilder> b = get_query_builder();
b->select("id")->from(_table_name)->where("username")->like(user_name_input)->end_command();
Ref<QueryResult> r = b->run();
return r->next_row();
}
bool UserController::is_email_taken(const String &email_input) {
Ref<QueryBuilder> b = get_query_builder();
b->select("id")->from(_table_name)->where("username")->like(email_input)->end_command();
Ref<QueryResult> r = b->run();
return r->next_row();
}
bool UserController::check_password(const Ref<User> &user, const String &p_password) {
return hash_password(user, p_password) == user->password_hash;
}
void UserController::create_password(Ref<User> &user, const String &p_password) {
if (!user.is_valid()) {
printf("Error UserController::create_password !user.is_valid()!\n");
return;
}
// todo improve a bit
user->pre_salt = hash_password(user, user->name_user_input + user->email_user_input);
user->post_salt = hash_password(user, user->email_user_input + user->name_user_input);
user->password_hash = hash_password(user, p_password);
}
String UserController::hash_password(const Ref<User> &user, const String &p_password) {
if (!user.is_valid()) {
printf("Error UserController::hash_password !user.is_valid()!\n");
return "";
}
Ref<SHA256> s = SHA256::get();
String p = user->pre_salt + p_password + user->post_salt;
String c = s->compute(p);
return c;
}
void UserController::create_table() {
Ref<TableBuilder> tb = get_table_builder();
tb->create_table(_table_name);
tb->integer("id")->auto_increment()->next_row();
tb->varchar("username", 60)->not_null()->next_row();
tb->varchar("email", 100)->not_null()->next_row();
tb->integer("rank")->not_null()->next_row();
tb->varchar("pre_salt", 100)->next_row();
tb->varchar("post_salt", 100)->next_row();
tb->varchar("password_hash", 100)->next_row();
tb->integer("banned")->next_row();
tb->varchar("password_reset_token", 100)->next_row();
tb->integer("locked")->next_row();
tb->primary_key("id");
tb->ccreate_table();
tb->run_query();
// tb->print();
}
void UserController::drop_table() {
Ref<TableBuilder> tb = get_table_builder();
tb->drop_table_if_exists(_table_name)->run_query();
}
void UserController::create_default_entries() {
Ref<User> user;
user = create_user();
user->rank = 3;
user->name_user_input = "admin";
user->email_user_input = "admin@admin.com";
create_password(user, "Password");
db_save_user(user);
user = create_user();
user->rank = 1;
user->name_user_input = "user";
user->email_user_input = "user@user.com";
create_password(user, "Password");
db_save_user(user);
}
UserController *UserController::get_singleton() {
return _self;
}
UserController::UserController() :
WebNode() {
if (_self) {
printf("UserController::UserController(): Error! self is not null!/n");
}
_self = this;
create_validators();
}
UserController::~UserController() {
if (_self == this) {
_self = nullptr;
}
}
UserController *UserController::_self = nullptr;
FormValidator *UserController::_login_validator = nullptr;
FormValidator *UserController::_registration_validator = nullptr;
FormValidator *UserController::_profile_validator = nullptr;
String UserController::_path = "./";
String UserController::_table_name = "users";
// returnring true means handled, false means continue // returnring true means handled, false means continue
bool UserSessionSetupMiddleware::on_before_handle_request_main(Request *request) { bool UserSessionSetupMiddleware::on_before_handle_request_main(Ref<WebServerRequest> request) {
if (request->session.is_valid()) { if (request->get_session().is_valid()) {
int user_id = request->session->get_int("user_id"); int user_id = request->get_session()->get_int("user_id");
if (user_id != 0) { if (user_id != 0) {
Ref<User> u = UserController::get_singleton()->db_get_user(user_id); Ref<User> u = UserController::get_singleton()->db_get_user(user_id);
@ -806,7 +15,7 @@ bool UserSessionSetupMiddleware::on_before_handle_request_main(Request *request)
request->reference_data["user"] = u; request->reference_data["user"] = u;
} else { } else {
// log // log
request->session->remove("user_id"); request->get_session()->remove("user_id");
} }
} }
} }

View File

@ -1,134 +1,18 @@
#ifndef USER_CONTROLLER_H #ifndef USER_SESSION_SETUP_MIDDLEWARE_H
#define USER_CONTROLLER_H #define USER_SESSION_SETUP_MIDDLEWARE_H
#include "core/containers/vector.h" #include "core/reference.h"
#include "core/string.h" #include "core/ustring.h"
#include "web/http/web_node.h" #include "modules/web/http/web_server_middleware.h"
#include "user.h"
#include "web/http/middleware.h"
class Request;
class FormValidator;
//TODO
// Break this up into multiple small webnodes (per page)
// that would make this a lot more customizable
// Only User management, save, load etc should be kept here
// and this node should be expected to be autoloaded.
// It should keep get_singleton() and c++ stuff that deal with users should expect it's presence
// they should use err macros to not crash the app though
// Rename this UserManager
// Also users are useful for not just web stuff, so don't rename them
// Make this inherit from Node instead, only inherit the web user handling from webnodes.
// Also for other webnodes that have admin functionality, break those into separate nodes. It's a lot safer,
// and I think they will work better in this setting like this.
//Add a UserLevelWebPermission WebPermission. It should read a new projectsettings entry, and use it as an enum, that
// can be manipulated form the inspector.
// The RBAC system can probably be removed, as WebPermissions + the editor is a lot more powerful.
//Note move this with the user controller to it's own module.
class UserController : public WebNode {
RCPP_OBJECT(UserController, WebNode);
public:
void handle_request_main(Request *request);
struct LoginRequestData {
String error_str;
String uname_val;
String pass_val;
};
virtual void handle_login_request_default(Request *request);
virtual void render_login_request_default(Request *request, LoginRequestData *data);
struct RegisterRequestData {
String error_str;
String uname_val;
String email_val;
String pass_val;
String pass_check_val;
};
virtual void handle_register_request_default(Request *request);
virtual void render_register_request_default(Request *request, RegisterRequestData *data);
virtual void render_register_success(Request *request);
virtual void render_already_logged_in_error(Request *request);
virtual void render_login_success(Request *request);
virtual void handle_request(Ref<User> &user, Request *request);
virtual void handle_main_page_request(Ref<User> &user, Request *request);
struct SettingsRequestData {
String error_str;
String uname_val;
String email_val;
String pass_val;
String pass_check_val;
};
virtual void handle_settings_request(Ref<User> &user, Request *request);
virtual void render_settings_request(Ref<User> &user, Request *request, SettingsRequestData *data);
virtual void handle_password_reset_request(Ref<User> &user, Request *request);
virtual void handle_logout_request(Ref<User> &user, Request *request);
virtual void handle_delete_request(Ref<User> &user, Request *request);
virtual void create_validators();
// db
virtual Ref<User> db_get_user(const int id);
virtual Ref<User> db_get_user(const String &user_name_input);
virtual void db_save_user(Ref<User> &user);
virtual Vector<Ref<User>> db_get_all();
virtual Ref<User> create_user();
bool is_username_taken(const String &user_name_input);
bool is_email_taken(const String &email_input);
virtual bool check_password(const Ref<User> &user, const String &p_password);
virtual void create_password(Ref<User> &user, const String &p_password);
virtual String hash_password(const Ref<User> &user, const String &p_password);
virtual void create_table();
virtual void drop_table();
virtual void create_default_entries();
static UserController *get_singleton();
UserController();
~UserController();
protected:
static UserController *_self;
static FormValidator *_login_validator;
static FormValidator *_registration_validator;
static FormValidator *_profile_validator;
String _file_path;
static String _path;
static String _table_name;
};
// just session setup // just session setup
class UserSessionSetupMiddleware : public Middleware { class UserSessionSetupMiddleware : public WebServerMiddleware {
RCPP_OBJECT(UserSessionSetupMiddleware, Middleware); GDCLASS(UserSessionSetupMiddleware, WebServerMiddleware);
public: public:
//returnring true means handled, false means continue //returning true means handled, false means continue
bool on_before_handle_request_main(Request *request); bool on_before_handle_request_main(Ref<WebServerRequest> request);
UserSessionSetupMiddleware(); UserSessionSetupMiddleware();
~UserSessionSetupMiddleware(); ~UserSessionSetupMiddleware();

View File

@ -23,7 +23,7 @@ bool CSRFTokenWebServerMiddleware::_on_before_handle_request_main(Ref<WebServerR
return false; return false;
} }
if (!request->session.is_valid()) { if (!request->get_session().is_valid()) {
request->send_error(HTTPServerEnums::HTTP_STATUS_CODE_401_UNAUTHORIZED); request->send_error(HTTPServerEnums::HTTP_STATUS_CODE_401_UNAUTHORIZED);
return true; return true;
} }
@ -40,7 +40,7 @@ bool CSRFTokenWebServerMiddleware::_on_before_handle_request_main(Ref<WebServerR
} }
// don't create the session itself // don't create the session itself
if (!request->session.is_valid()) { if (!request->get_session().is_valid()) {
return false; return false;
} }

View File

@ -301,9 +301,9 @@ bool SessionSetupWebServerMiddleware::_on_before_handle_request_main(Ref<WebServ
return false; return false;
} }
HTTPSessionManager *sm = request->server->get_session_manager(); HTTPSessionManager *sm = request->get_server()->get_session_manager();
ERR_FAIL_COND_V(!sm, false); ERR_FAIL_COND_V(!sm, false);
request->session = sm->get_session(sid); request->set_session(sm->get_session(sid));
return false; return false;
} }

View File

@ -15,8 +15,8 @@ void WebPermission::handle_view_permission_missing(const Ref<WebServerRequest> &
} }
bool WebPermission::_activate(Ref<WebServerRequest> request) { bool WebPermission::_activate(Ref<WebServerRequest> request) {
request->active_permission.reference_ptr(this); request->set_active_permission(Ref<WebPermission>(this));
request->permissions = get_permissions(request); request->set_permissions(get_permissions(request));
if (!request->can_view()) { if (!request->can_view()) {
handle_view_permission_missing(request); handle_view_permission_missing(request);

View File

@ -29,8 +29,8 @@ Node *WebServer::get_session_manager_bind() {
void WebServer::server_handle_request(Ref<WebServerRequest> request) { void WebServer::server_handle_request(Ref<WebServerRequest> request) {
ERR_FAIL_COND(!_web_root); ERR_FAIL_COND(!_web_root);
request->server = this; request->_set_server(this);
request->web_root = _web_root; request->_set_web_root(_web_root);
_rw_lock.read_lock(); _rw_lock.read_lock();
_web_root->handle_request_main(request); _web_root->handle_request_main(request);

View File

@ -41,94 +41,87 @@ void WebServerRequest::set_compiled_body(const String &val) {
} }
bool WebServerRequest::get_connection_closed() { bool WebServerRequest::get_connection_closed() {
return connection_closed; return _connection_closed;
} }
void WebServerRequest::set_connection_closed(const bool &val) { void WebServerRequest::set_connection_closed(const bool &val) {
connection_closed = val; _connection_closed = val;
} }
Ref<HTTPSession> WebServerRequest::get_session() { Ref<HTTPSession> WebServerRequest::get_session() {
return session; return _session;
} }
void WebServerRequest::set_session(const Ref<HTTPSession> &val) { void WebServerRequest::set_session(const Ref<HTTPSession> &val) {
session = val; _session = val;
}
Dictionary WebServerRequest::get_data() {
return data;
}
void WebServerRequest::set_data(const Dictionary &val) {
data = val;
} }
Ref<WebPermission> WebServerRequest::get_active_permission() { Ref<WebPermission> WebServerRequest::get_active_permission() {
return active_permission; return _active_permission;
} }
void WebServerRequest::set_active_permission(const Ref<WebPermission> &val) { void WebServerRequest::set_active_permission(const Ref<WebPermission> &val) {
active_permission = val; _active_permission = val;
} }
int WebServerRequest::get_permissions() { int WebServerRequest::get_permissions() {
return permissions; return _permissions;
} }
void WebServerRequest::set_permissions(const int &val) { void WebServerRequest::set_permissions(const int &val) {
permissions = val; _permissions = val;
} }
Ref<HTTPSession> WebServerRequest::get_or_create_session() { Ref<HTTPSession> WebServerRequest::get_or_create_session() {
if (session.is_valid()) { if (_session.is_valid()) {
return session; return _session;
} }
HTTPSessionManager *sm = server->get_session_manager(); HTTPSessionManager *sm = _server->get_session_manager();
ERR_FAIL_COND_V(!sm, session); ERR_FAIL_COND_V(!sm, _session);
session = sm->create_session(); _session = sm->create_session();
return session; return _session;
} }
bool WebServerRequest::can_view() const { bool WebServerRequest::can_view() const {
return (permissions & WebPermission::WEB_PERMISSION_VIEW) != 0; return (_permissions & WebPermission::WEB_PERMISSION_VIEW) != 0;
} }
bool WebServerRequest::can_create() const { bool WebServerRequest::can_create() const {
return (permissions & WebPermission::WEB_PERMISSION_CREATE) != 0; return (_permissions & WebPermission::WEB_PERMISSION_CREATE) != 0;
} }
bool WebServerRequest::can_edit() const { bool WebServerRequest::can_edit() const {
return (permissions & WebPermission::WEB_PERMISSION_EDIT) != 0; return (_permissions & WebPermission::WEB_PERMISSION_EDIT) != 0;
} }
bool WebServerRequest::can_delete() const { bool WebServerRequest::can_delete() const {
return (permissions & WebPermission::WEB_PERMISSION_DELETE) != 0; return (_permissions & WebPermission::WEB_PERMISSION_DELETE) != 0;
} }
bool WebServerRequest::has_csrf_token() { bool WebServerRequest::has_csrf_token() {
if (!session.is_valid()) { if (!_session.is_valid()) {
return false; return false;
} }
return session->has("csrf_token"); return _session->has("csrf_token");
} }
String WebServerRequest::get_csrf_token() { String WebServerRequest::get_csrf_token() {
if (!session.is_valid()) { if (!_session.is_valid()) {
return ""; return "";
} }
const Variant &val = session->get_const("csrf_token"); const Variant &val = _session->get_const("csrf_token");
return val; return val;
} }
void WebServerRequest::set_csrf_token(const String &value) { void WebServerRequest::set_csrf_token(const String &value) {
if (session.is_valid()) { if (_session.is_valid()) {
session->add("csrf_token", value); _session->add("csrf_token", value);
HTTPSessionManager *sm = server->get_session_manager(); HTTPSessionManager *sm = _server->get_session_manager();
ERR_FAIL_COND(!sm); ERR_FAIL_COND(!sm);
sm->save_session(session); sm->save_session(_session);
} }
} }
@ -267,7 +260,7 @@ void WebServerRequest::send_file(const String &p_file_path) {
} }
void WebServerRequest::send_error(int error_code) { void WebServerRequest::send_error(int error_code) {
server->get_web_root()->handle_error_send_request(this, error_code); _server->get_web_root()->handle_error_send_request(this, error_code);
} }
String WebServerRequest::parser_get_path() { String WebServerRequest::parser_get_path() {
@ -443,11 +436,11 @@ void WebServerRequest::update() {
} }
WebServer *WebServerRequest::get_server() { WebServer *WebServerRequest::get_server() {
return server; return _server;
} }
WebNode *WebServerRequest::get_web_root() { WebNode *WebServerRequest::get_web_root() {
return web_root; return _web_root;
} }
WebServerRequest::WebServerRequest() { WebServerRequest::WebServerRequest() {
@ -455,11 +448,11 @@ WebServerRequest::WebServerRequest() {
//server = nullptr; //server = nullptr;
//_path_stack.clear(); //_path_stack.clear();
_path_stack_pointer = 0; _path_stack_pointer = 0;
connection_closed = false; _connection_closed = false;
//_full_path = ""; //_full_path = "";
_status_code = HTTPServerEnums::HTTP_STATUS_CODE_200_OK; _status_code = HTTPServerEnums::HTTP_STATUS_CODE_200_OK;
// Maybe set NONE or only VIEW as default? // Maybe set NONE or only VIEW as default?
permissions = WebPermission::WEB_PERMISSION_ALL; _permissions = WebPermission::WEB_PERMISSION_ALL;
//active_permission.unref(); //active_permission.unref();
//head.clear(); //head.clear();
@ -468,13 +461,20 @@ WebServerRequest::WebServerRequest() {
//compiled_body.clear(); //compiled_body.clear();
//data.clear(); //data.clear();
server = nullptr; _server = nullptr;
web_root = nullptr; _web_root = nullptr;
} }
WebServerRequest::~WebServerRequest() { WebServerRequest::~WebServerRequest() {
} }
void WebServerRequest::_set_server(WebServer *v) {
_server = v;
}
void WebServerRequest::_set_web_root(WebNode *v) {
_web_root = v;
}
void WebServerRequest::_bind_methods() { void WebServerRequest::_bind_methods() {
ClassDB::bind_method(D_METHOD("get_head"), &WebServerRequest::get_head); ClassDB::bind_method(D_METHOD("get_head"), &WebServerRequest::get_head);
ClassDB::bind_method(D_METHOD("set_head", "val"), &WebServerRequest::set_head); ClassDB::bind_method(D_METHOD("set_head", "val"), &WebServerRequest::set_head);
@ -500,10 +500,6 @@ void WebServerRequest::_bind_methods() {
ClassDB::bind_method(D_METHOD("set_session", "val"), &WebServerRequest::set_session); ClassDB::bind_method(D_METHOD("set_session", "val"), &WebServerRequest::set_session);
ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "session", PROPERTY_HINT_RESOURCE_TYPE, "HTTPSession"), "set_session", "get_session"); ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "session", PROPERTY_HINT_RESOURCE_TYPE, "HTTPSession"), "set_session", "get_session");
ClassDB::bind_method(D_METHOD("get_data"), &WebServerRequest::get_data);
ClassDB::bind_method(D_METHOD("set_data", "val"), &WebServerRequest::set_data);
ADD_PROPERTY(PropertyInfo(Variant::DICTIONARY, "data"), "set_data", "get_data");
ClassDB::bind_method(D_METHOD("get_active_permission"), &WebServerRequest::get_active_permission); ClassDB::bind_method(D_METHOD("get_active_permission"), &WebServerRequest::get_active_permission);
ClassDB::bind_method(D_METHOD("set_active_permission", "val"), &WebServerRequest::set_active_permission); ClassDB::bind_method(D_METHOD("set_active_permission", "val"), &WebServerRequest::set_active_permission);
ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "active_permission", PROPERTY_HINT_RESOURCE_TYPE, "WebPermission"), "set_active_permission", "get_active_permission"); ADD_PROPERTY(PropertyInfo(Variant::OBJECT, "active_permission", PROPERTY_HINT_RESOURCE_TYPE, "WebPermission"), "set_active_permission", "get_active_permission");

View File

@ -120,21 +120,13 @@ public:
WebServerRequest(); WebServerRequest();
~WebServerRequest(); ~WebServerRequest();
WebServer *server;
WebNode *web_root;
String head; String head;
String body; String body;
String footer; String footer;
String compiled_body; String compiled_body;
bool connection_closed; void _set_server(WebServer *v);
void _set_web_root(WebNode *v);
Ref<HTTPSession> session;
Dictionary data;
Ref<WebPermission> active_permission;
int permissions;
protected: protected:
static void _bind_methods(); static void _bind_methods();
@ -144,6 +136,16 @@ protected:
Vector<String> _path_stack; Vector<String> _path_stack;
int _path_stack_pointer; int _path_stack_pointer;
Vector<Ref<WebServerCookie>> _cookies; Vector<Ref<WebServerCookie>> _cookies;
Ref<WebPermission> _active_permission;
int _permissions;
Ref<HTTPSession> _session;
bool _connection_closed;
WebServer *_server;
WebNode *_web_root;
}; };
#endif #endif