Add basic auth. Fixes #4

CMakeLists.txt

@@ -23,6 +23,7 @@ if (WITH_SIST2)
             src/parsing/text.h src/parsing/text.c
             src/index/web.c src/index/web.h
             src/web/serve.c src/web/serve.h
+            src/web/auth_basic.h src/web/auth_basic.c
             src/index/elastic.c src/index/elastic.h
             src/util.c src/util.h
             src/ctx.h src/types.h src/parsing/font.c src/parsing/font.h

src/cli.c

@@ -157,6 +157,12 @@ int web_args_validate(web_args_t *args, int argc, const char **argv) {
         args->port = DEFAULT_PORT;
     }
 
+    if (args->credentials != NULL) {
+        args->b64credentials = onion_base64_encode(args->credentials, (int)strlen(args->credentials));
+        //Remove trailing newline
+        *(args->b64credentials + strlen(args->b64credentials) - 1) = '\0';
+    }
+
     args->index_count = argc - 1;
     args->indices = argv + 1;
 

src/cli.h

@@ -32,6 +32,8 @@ typedef struct web_args {
     char *es_url;
     char *bind;
     char *port;
+    char *credentials;
+    char *b64credentials;
     int index_count;
     const char **indices;
 } web_args_t;

src/ctx.h

@@ -34,6 +34,7 @@ struct {
 struct {
     char *es_url;
     int index_count;
+    char* b64credentials;
     struct index_t indices[16];
 } WebCtx;
 #endif

src/main.c

@@ -10,7 +10,7 @@
 #define EPILOG "Made by simon987 <me@simon987.net>. Released under GPL-3.0"
 
 
-static const char *const Version = "1.1.5";
+static const char *const Version = "1.1.6";
 static const char *const usage[] = {
         "sist2 scan [OPTION]... PATH",
         "sist2 index [OPTION]... INDEX",
@@ -175,6 +175,7 @@ void sist2_web(web_args_t *args) {
 
     WebCtx.es_url = args->es_url;
     WebCtx.index_count = args->index_count;
+    WebCtx.b64credentials = args->b64credentials;
 
     for (int i = 0; i < args->index_count; i++) {
         char *abs_path = abspath(args->indices[i]);
@@ -243,6 +244,7 @@ int main(int argc, const char *argv[]) {
             OPT_STRING(0, "es-url", &common_es_url, "Elasticsearch url. DEFAULT=http://localhost:9200"),
             OPT_STRING(0, "bind", &web_args->bind, "Listen on this address. DEFAULT=localhost"),
             OPT_STRING(0, "port", &web_args->port, "Listen on this port. DEFAULT=4090"),
+            OPT_STRING(0, "auth", &web_args->credentials, "Basic auth in user:password format"),
             #endif
 
             OPT_END(),

src/sist.h

@@ -32,6 +32,7 @@
 #include <onion/handler.h>
 #include <onion/block.h>
 #include <onion/shortcuts.h>
+#include <onion/codecs.h>
 #include <curl/curl.h>
 #endif
 
@@ -56,6 +57,7 @@
 #include "src/index/elastic.h"
 #include "index/web.h"
 #include "web/serve.h"
+#include "web/auth_basic.h"
 #endif
 
 ;

src/web/auth_basic.c

@@ -0,0 +1,59 @@
+#import "auth_basic.h"
+
+#define UNAUTHORIZED_TEXT "Unauthorized"
+
+typedef struct auth_basic_data {
+    onion_handler *inside;
+    const char *b64credentials;
+} auth_basic_data_t;
+
+
+int authenticate(const char *expected, const char *credentials) {
+
+    if (expected == NULL) {
+        return TRUE;
+    }
+
+    if (credentials && strncmp(credentials, "Basic ", 6) == 0) {
+        if (strcmp((credentials + 6), expected) == 0) {
+            return TRUE;
+        }
+    }
+
+    return FALSE;
+}
+
+int auth_basic_handler(auth_basic_data_t *d,
+                       onion_request *req,
+                       onion_response *res) {
+
+    const char *credentials = onion_request_get_header(req, "Authorization");
+
+    if (authenticate(d->b64credentials, credentials)) {
+        return onion_handler_handle(d->inside, req, res);
+    }
+
+    onion_response_set_header(res, "WWW-Authenticate", "Basic realm=\"sist2\"");
+    onion_response_set_code(res, HTTP_UNAUTHORIZED);
+    onion_response_write(res, UNAUTHORIZED_TEXT, sizeof(UNAUTHORIZED_TEXT));
+    onion_response_set_length(res, sizeof(UNAUTHORIZED_TEXT));
+
+    return OCS_PROCESSED;
+}
+
+void auth_basic_free(auth_basic_data_t *data) {
+    onion_handler_free(data->inside);
+    free(data);
+}
+
+onion_handler *auth_basic(const char *b64credentials, onion_handler *inside_level) {
+
+    auth_basic_data_t *privdata = malloc(sizeof(auth_basic_data_t));
+
+    privdata->b64credentials = b64credentials;
+    privdata->inside = inside_level;
+
+    return onion_handler_new((onion_handler_handler) auth_basic_handler, privdata,
+                             (onion_handler_private_data_free) auth_basic_free);
+}
+

src/web/auth_basic.h

@@ -0,0 +1,4 @@
+#include "src/sist.h"
+
+
+onion_handler *auth_basic(const char *b64credentials, onion_handler *inside_level);

src/web/serve.c

@@ -245,6 +245,8 @@ int search(void *p, onion_request *req, onion_response *res) {
 
     if (r->status_code == 200) {
         onion_response_write(res, r->body, r->size);
+    } else {
+        onion_response_set_code(res, HTTP_INTERNAL_ERROR);
     }
 
     free_response(r);
@@ -391,9 +393,11 @@ void serve(const char *hostname, const char *port) {
     onion_set_hostname(o, hostname);
     onion_set_port(o, port);
 
-    onion_url *urls = onion_root_url(o);
+    onion_url *urls = onion_url_new();
 
     // Static paths
+    onion_set_root_handler(o, auth_basic(WebCtx.b64credentials, onion_url_to_handler(urls)));
+
     onion_url_add(urls, "", search_index);
     onion_url_add(urls, "css", style);
     onion_url_add(urls, "js", javascript);
@@ -410,6 +414,7 @@ void serve(const char *hostname, const char *port) {
     onion_url_add(urls, "^f/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$", file);
     onion_url_add(urls, "i", index_info);
 
+
     printf("Starting web server @ http://%s:%s\n", hostname, port);
 
     onion_listen(o);