Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serve static files after validating cookies on request in http_callback #3302

Open
BhanuPrakash-P opened this issue Dec 24, 2024 · 1 comment
Open

Serve static files after validating cookies on request in http_callback #3302

BhanuPrakash-P opened this issue Dec 24, 2024 · 1 comment

Comments

@BhanuPrakash-P
Copy link

Hi Andy,

lws_http_mount.origin_protocol=LWSMPRO_FILE protocol is designed such a way that the static files get served automatically without hitting the http_callback.
If lws_http_mount.origin_protocol is set to LWSMPRO_CALLBACK, all the requests will hit the http_callback and files to be served using lws_serve_http_file(). For this lws_http_mount.origin is not considered, so path needs to be set properly before calling lws_serve_http_file().

Based on above understanding, I would like to get your inputs on the following.

  1. I would like to have cookie based authentication my server. So looking for any option in which static files gets served only after hitting the http_callback where I can validate the cookies and leave it to library to serve the static files. Is there any possibility to have two different protocols one for file and other for callback, still achieve the required functionality? Please share your opinions.

Sample Code of server:

static const struct lws_http_mount mount = {
	/* .mount_next */			NULL,	
	/* .mountpoint */			"/",		
	/* .origin */				"./testDir",
	/* .def */					"index.html",	
	/* .protocol */				"http-only",
	/* .cgienv */				NULL,
	/* .extra_mimetypes */		NULL,
	/* .interpret */			NULL,
	/* .cgi_timeout */			0,
	/* .cache_max_age */		0,
	/* .auth_mask */			0,
	/* .cache_reusable */		0,
	/* .cache_revalidate */		0,
	/* .cache_intermediaries */	0,
	/* .origin_protocol */		LWSMPRO_CALLBACK, 	
	/* .mountpoint_len */		1,		
	/* .basic_auth_login_file */NULL,
};

static struct lws_protocols protocols[] = {
        { "http-only", lws_callback_http, sizeof(struct per_session_data__post_demo_HTTP_CAllback), 4096, 0, NULL, 0},
      	LWS_PLUGIN_PROTOCOL_MINIMAL_SERVER_ECHO,
	LWS_PROTOCOL_LIST_TERM
};


int main(int argc, const char **argv)
{
	struct lws_context_creation_info info;
	memset(&info, 0, sizeof info);/* otherwise uninitialized garbage */
	info.options |= LWS_SERVER_OPTION_EXPLICIT_VHOSTS|
					LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS |
					LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT |
					LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT ;

	info.protocols = protocols;

	info.ssl_cert_filepath = "localhost-100y.cert";
	info.ssl_private_key_filepath = "localhost-100y.key";

	context = lws_create_context(&info);
	if(!context)
		printf("context creation failed");

	info.port = 80;
	info.mounts = &mount;
	info.vhost_name = "http";

	if(!lws_create_vhost(context, &info))
		printf("http vhost creation failed");

	info.port = 443;
	info.mounts = &mount;
	info.vhost_name = "https";
	if(!lws_create_vhost(context, &info))
		printf("https vhost creation failed");

	while (1)
	{
		n = lws_service(context,0);            
	}
	lws_context_destroy(context);		  
}
@BhanuPrakash-P
Copy link
Author

BhanuPrakash-P commented Dec 26, 2024
edited
Loading

Hi @lws-team,

I had continued my analysis and learnt that LWS_CALLBACK_FILTER_HTTP_CONNECTION event received for all the requests including for static files. So, I set the mount.origin_protocol=LWSMPRO_FILE and handled cookie validation at LWS_CALLBACK_FILTER_HTTP_CONNECTION and proceed with the existing flow as mentioned below.
Incase of invalid cookie, returning -1 to end stream.

case LWS_CALLBACK_FILTER_HTTP_CONNECTION:
      {
			const char *requested_uri = (const char*)in;
			printf("LWS_CALLBACK_FILTER_HTTP_CONNECTION: %s\n", requested_uri);
              
			//Check whether cookie validation needed for a requested URL
			bool needCookieValidation = isCookieValidationRequired(requested_uri);

			if(needCookieValidation)
			{
				//Check for cookies in the request headers
				char cookie[256] = {0};
				int n = lws_hdr_copy(wsi, cookie, sizeof(cookie), WSI_TOKEN_HTTP_COOKIE);
				if ((n > 0) && !strstr(cookie, "Cookie"))
				{
					printf("Received Cookie in the request header\r\n");
					if(!isThisValidCookie(cookie))
					{
						//Redirect to login.html
						if(lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY,
												(unsigned char *)"/login.html",
												11, &p, end)<0)
							return -1;
						return -1;
					}
				}
				else //Cookie is not part of request header
				{
						//Redirect to login.html
						if(lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY,
												(unsigned char *)"/login.html",
												11, &p, end)<0)
							return -1;
						return -1;
				}
			}
			else
			{
				printf("Cookie validation not needed.. proceeding\r\n");
			}
      }
      break;

Is this a good approach or any better option is available? Please provide your suggestions.

Thanks,
Bhanu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BhanuPrakash-P