Timesheets-Server
Timesheets server
Načítám...
Vyhledávám...
Nebylo nic nalezeno
requestauthorizer.cpp
Zobrazit dokumentaci tohoto souboru.
1
7#include "requestauthorizer.h"
8#include "httprequesthandler.h"
9#include "httprequest.h"
10#include "httpresponse.h"
11#include "httpconnection.h"
12#include "httpsession.h"
13#include "version.h"
14#include "msettings.h"
15#include "sessionstore.h"
16#include "security/guard.h"
17#include "security/roles.h"
18#include "db.h"
19#include "json.h"
20#include "pdebug.h"
21
22
23using namespace HobrasoftHttpd;
24using namespace Httpd;
25
39RequestAuthorizer::RequestAuthorizer(HobrasoftHttpd::HttpConnection *parent) : HobrasoftHttpd::HttpRequestHandler(parent) {
40 m_authenticatedUser = nullptr;
41}
42
43
44bool RequestAuthorizer::isLoggedIn(HobrasoftHttpd::HttpRequest *request, HobrasoftHttpd::HttpResponse *response) {
45 HttpSession session = SessionStore::sessionStore()->session(request, response);
46
47 if (request->path() == "/unatuhenticate") {
48 SessionStore::sessionStore()->remove(session);
49 response->setStatus(204, "OK");
50 response->flush();
51 return false;
52 }
53
54 if (!request->parameter("user").isEmpty() && !request->parameter("password").isEmpty()) {
55 session.add("user", request->parameter("user"));
56 session.add("password", request->parameter("password"));
57 }
58
59 QString user = session.value("user").toString();
60 QString password = session.value("password").toString();
61
62 m_authenticatedUser = new AuthenticatedUser(this);
63
64 if (!m_authenticatedUser->authenticate(user, password) && (
65 request->path().contains(QRegExp(R"%(\.shtml)%")) ||
66 request->path().contains(QRegExp(R"%(\.html)%")))) {
67 m_authenticatedUser->setAuthenticated(false);
68 response->setStatus(302, "Found");
69 response->setHeader("Location", "/public/login.shtml");
70 response->write("302 Found");
71 response->flush();
72 return false;
73 }
74
75 if (!m_authenticatedUser->authenticate(user, password)) {
76 response->setStatus(401, "Unauthorized");
77 response->flush();
78 m_authenticatedUser->setAuthenticated(false);
79 return false;
80 }
81
82 if (request->path() == "/api/v1/authenticate") {
83 session.add("user", user);
84 session.add("password", password);
85 Db::Database *db = Db::Database::create(this, m_authenticatedUser);
86
87 QList<Dbt::ServerInfo> list = db->serverInfo();
88 QVariantMap data;
89 data["userid"] = m_authenticatedUser->user();
90 data["username"] = m_authenticatedUser->login();
91 data["name"] = m_authenticatedUser->name();
92 data["admin"] = m_authenticatedUser->admin();
93 data["lang"] = m_authenticatedUser->lang();
94 data["server_name"] = (list.isEmpty()) ? MSETTINGS->serverName() : list.first().name;
95 data["server_description"] = (list.isEmpty()) ? MSETTINGS->serverDescription() : list.first().description;
96 data["server_git_commit"] = GIT_COMMIT;
97 data["server_git_branch"] = GIT_BRANCH;
98 data["server_version"] = VERSION;
99 data["server_qt_version"] = qtVersion();
100
101 QList<Dbt::ClientSettings> cslist = db->clientSettings();
102 if (cslist.size() == 1) {
103 const Dbt::ClientSettings& cs = cslist[0];
104 data["multiple_timesheets"] = cs.multiple_timesheets;
105 data["show_price"] = cs.show_price;
106 data["can_change_category"] = cs.can_change_category;
107 data["edit_categories"] = cs.edit_categories;
108 data["show_multiple_timesheets"] = cs.show_multiple_timesheets;
109 data["show_show_price"] = cs.show_show_price;
110 data["show_can_change_category"] = cs.show_can_change_category;
111 data["show_edit_categories"] = cs.show_edit_categories;
112 }
113 db->deleteLater();
114
115 response->setStatus(200, "OK");
116 response->setHeader("Content-Type", "application/json");
117 response->setHeader("Cache-Control", "no-cache,public");
118 response->write(JSON::json(data));
119 response->flush();
120 return false; // ano, false!
121 }
122
123 return true;
124
125}
126
127
128bool RequestAuthorizer::isAuthorized(Security::Permissions::Permission permission) const {
129 return GUARD->isGranted(permission, role());
130}
131
132
136
137
138
Httpd::RequestAuthorizer::isLoggedIn
bool isLoggedIn(HobrasoftHttpd::HttpRequest *, HobrasoftHttpd::HttpResponse *)
Řídí přihlašování k webovému rozhraní
Definition requestauthorizer.cpp:44
Httpd::RequestAuthorizer::isAuthorized
bool isAuthorized(Security::Permissions::Permission) const
Vrací true, pokud má přihlášený uživatel požadované oprávnění
Definition requestauthorizer.cpp:128
Httpd::RequestAuthorizer::RequestAuthorizer
RequestAuthorizer(HobrasoftHttpd::HttpConnection *parent)
Konstruktor, načítá konfiguraci z konfiguračního souboru.
Definition requestauthorizer.cpp:39
Httpd::RequestAuthorizer::role
Security::Roles::Role role() const
Definition requestauthorizer.cpp:133
Httpd::SessionStore::sessionStore
static SessionStore * sessionStore(const HobrasoftHttpd::HttpSettings *settings=NULL, QObject *parent=NULL)
Vrací ukazatel na singleton instanci třídy.
Definition sessionstore.cpp:20
JSON::json
static QByteArray json(const QVariant &data)
Converts data to json.
Definition json.cpp:21
Httpd
Jmenný prostor pro obsluhu konkrétních HTTP požadavků aplikace.
Definition abstractcontroller.h:39
Security::Permissions::Permission
Permission
Seznam jednotlivých oprávnění
Definition permissions.h:22
Security::Roles::Role
Role
Seznam jednotlivých rolí
Definition roles.h:23
Security::Roles::User
@ User
Obyčejný uživatel.
Definition roles.h:25
Vygenerováno dne: po 21. říj 2024 11.54:45, pro projekt: Timesheets-Server, programem doxygen 1.12.0