TomZ
01641773e1
This C++ library is a small framework which creates a full http(s) server. This is imported code from the qhttpengine open source project. I modified some core components in order to make this framework multi-threading and changed some APIs for cleanlyness. As such it is not source compatible and getting it accepted upstream is not realistic.
73 lines
2.2 KiB
C++
73 lines
2.2 KiB
C++
/* This file is part of Flowee
|
|
*
|
|
* Copyright (C) 2017 Nathan Osman
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Library General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library General Public License for more details.
|
|
*
|
|
* For the full copy of the License see <http://www.gnu.org/licenses/>
|
|
*/
|
|
|
|
#include "basicauthmiddleware.h"
|
|
#include "ibytearray.h"
|
|
#include "parser.h"
|
|
#include "socket.h"
|
|
|
|
#include "basicauthmiddleware_p.h"
|
|
|
|
using namespace HttpEngine;
|
|
|
|
BasicAuthMiddlewarePrivate::BasicAuthMiddlewarePrivate(QObject *parent, const QString &realm)
|
|
: QObject(parent),
|
|
realm(realm)
|
|
{
|
|
}
|
|
|
|
BasicAuthMiddleware::BasicAuthMiddleware(const QString &realm, QObject *parent)
|
|
: Middleware(parent),
|
|
d(new BasicAuthMiddlewarePrivate(this, realm))
|
|
{
|
|
}
|
|
|
|
void BasicAuthMiddleware::add(const QString &username, const QString &password)
|
|
{
|
|
d->map.insert(username, password);
|
|
}
|
|
|
|
bool BasicAuthMiddleware::verify(const QString &username, const QString &password)
|
|
{
|
|
return d->map.contains(username) && d->map.value(username) == password;
|
|
}
|
|
|
|
bool BasicAuthMiddleware::process(Socket *socket)
|
|
{
|
|
// Attempt to extract credentials from the header
|
|
QByteArrayList headerParts = socket->headers().value("Authorization").split(' ');
|
|
if (headerParts.count() == 2 && headerParts.at(0) == IByteArray("Basic")) {
|
|
|
|
// Decode the credentials and split into username/password
|
|
QByteArrayList parts;
|
|
Parser::split(
|
|
QByteArray::fromBase64(headerParts.at(1)),
|
|
":", 1, parts
|
|
);
|
|
|
|
// Verify credentials
|
|
if (parts.count() == 2 && verify(parts.at(0), parts.at(1))) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// Otherwise, inform the client that valid credentials are required
|
|
socket->setHeader("WWW-Authenticate", QString("Basic realm=\"%1\"").arg(d->realm).toUtf8());
|
|
socket->writeError(Socket::Unauthorized);
|
|
return false;
|
|
}
|