boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

* pass cookies to Server Side Includes

Browse Source 
* User.html a bit more usable


git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@7963 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
f1ori 14 years ago
parent 6fba6e7cee
commit 97045022fa
5 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File

3
htroot/User.html
Unescape View File

@ -11,7 +11,8 @@
<p> <p>
You are not logged in.<br /> You are not logged in.<br />
<form action="User.html" method="post" accept-charset="UTF-8"> <form action="User.html" method="post" accept-charset="UTF-8">
Username: <input type="text" name="username" /><br /> <input type="hidden" name="returnto" value="#[returnto]#" />
Username: <input type="text" name="username" value="#[username]#" /><br />
Password: <input type="password" name="password" /><br /> Password: <input type="password" name="password" /><br />
<input type="submit" value="login" /> <input type="submit" value="login" />
</form> </form>

8
htroot/User.java
Unescape View File

@ -52,6 +52,8 @@ public class User{
prop.put("logged_in", "0"); prop.put("logged_in", "0");
prop.put("logged-in_limit", "0"); prop.put("logged-in_limit", "0");
prop.put("status", "0"); prop.put("status", "0");
prop.put("logged-in_username", "");
prop.put("logged-in_returnto", "");
//identified via HTTPPassword //identified via HTTPPassword
entry=sb.userDB.proxyAuth((requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx"))); entry=sb.userDB.proxyAuth((requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")));
if(entry != null){ if(entry != null){
@ -91,8 +93,11 @@ public class User{
//identified via form-login //identified via form-login
//TODO: this does not work for a static admin, yet. //TODO: this does not work for a static admin, yet.
}else if(post != null && post.containsKey("username") && post.containsKey("password")){ }else if(post != null && post.containsKey("username") && post.containsKey("password")){
if (post.containsKey("returnto"))
prop.putHTML("logged-in_returnto", post.get("returnto"));
final String username=post.get("username"); final String username=post.get("username");
final String password=post.get("password"); final String password=post.get("password");
prop.put("logged-in_username", username);
entry=sb.userDB.passwordAuth(username, password); entry=sb.userDB.passwordAuth(username, password);
final boolean staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals( final boolean staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
@ -155,6 +160,9 @@ public class User{
if(! (requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){ if(! (requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
prop.put("AUTHENTICATE","admin log-in"); prop.put("AUTHENTICATE","admin log-in");
} }
if(post.containsKey("returnto")){
prop.put("LOCATION", post.get("returnto"));
}
} }
// return rewrite properties // return rewrite properties
return prop; return prop;

2
source/de/anomic/data/UserDB.java
Unescape View File

@ -210,7 +210,7 @@ public final class UserDB {
} catch (final Exception e) { } catch (final Exception e) {
Log.logException(e); Log.logException(e);
} }
return null; return entry;
} }
return entry; return entry;
} }

11
source/de/anomic/http/server/HTTPDFileHandler.java
Unescape View File

@ -105,6 +105,7 @@ import net.yacy.kelondro.util.ByteBuffer;
import net.yacy.kelondro.util.FileUtils; import net.yacy.kelondro.util.FileUtils;
import net.yacy.kelondro.util.MemoryControl; import net.yacy.kelondro.util.MemoryControl;
import net.yacy.visualization.RasterPlotter; import net.yacy.visualization.RasterPlotter;
import de.anomic.data.UserDB;
import de.anomic.search.Switchboard; import de.anomic.search.Switchboard;
import de.anomic.search.SwitchboardConstants; import de.anomic.search.SwitchboardConstants;
import de.anomic.server.serverClassLoader; import de.anomic.server.serverClassLoader;
@ -537,7 +538,9 @@ public final class HTTPDFileHandler {
// implement proxy via url (not in servlet, because we need binary access on ouputStream) // implement proxy via url (not in servlet, because we need binary access on ouputStream)
if (path.equals("/proxy.html")) { if (path.equals("/proxy.html")) {
final List<Pattern> urlProxyAccess = Domains.makePatterns(sb.getConfig("proxyURL.access", "127.0.0.1")); final List<Pattern> urlProxyAccess = Domains.makePatterns(sb.getConfig("proxyURL.access", "127.0.0.1"));
if (sb.getConfigBool("proxyURL", false) && Domains.matchesList(clientIP, urlProxyAccess)) { UserDB.Entry user = sb.userDB.getUser(requestHeader);
boolean user_may_see_proxyurl = Domains.matchesList(clientIP, urlProxyAccess) || (user!=null && user.hasRight(UserDB.AccessRight.PROXY_RIGHT));
if (sb.getConfigBool("proxyURL", false) && user_may_see_proxyurl) {
doURLProxy(args, conProp, requestHeader, out); doURLProxy(args, conProp, requestHeader, out);
return; return;
} }
@ -991,7 +994,7 @@ public final class HTTPDFileHandler {
final ChunkedOutputStream chos = new ChunkedOutputStream(out); final ChunkedOutputStream chos = new ChunkedOutputStream(out);
// GZIPOutputStream does not implement flush (this is a bug IMHO) // GZIPOutputStream does not implement flush (this is a bug IMHO)
// so we can't compress this stuff, without loosing the cool SSI trickle feature // so we can't compress this stuff, without loosing the cool SSI trickle feature
ServerSideIncludes.writeSSI(o, chos, realmProp, clientIP); ServerSideIncludes.writeSSI(o, chos, realmProp, clientIP, requestHeader);
//chos.write(result); //chos.write(result);
chos.finish(); chos.finish();
} else { } else {
@ -1005,14 +1008,14 @@ public final class HTTPDFileHandler {
if (zipContent) { if (zipContent) {
GZIPOutputStream zippedOut = new GZIPOutputStream(o); GZIPOutputStream zippedOut = new GZIPOutputStream(o);
ServerSideIncludes.writeSSI(o1, zippedOut, realmProp, clientIP); ServerSideIncludes.writeSSI(o1, zippedOut, realmProp, clientIP, requestHeader);
//httpTemplate.writeTemplate(fis, zippedOut, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8")); //httpTemplate.writeTemplate(fis, zippedOut, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
zippedOut.finish(); zippedOut.finish();
zippedOut.flush(); zippedOut.flush();
zippedOut.close(); zippedOut.close();
zippedOut = null; zippedOut = null;
} else { } else {
ServerSideIncludes.writeSSI(o1, o, realmProp, clientIP); ServerSideIncludes.writeSSI(o1, o, realmProp, clientIP, requestHeader);
//httpTemplate.writeTemplate(fis, o, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8")); //httpTemplate.writeTemplate(fis, o, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
} }
if (method.equals(HeaderFramework.METHOD_HEAD)) { if (method.equals(HeaderFramework.METHOD_HEAD)) {

17
source/de/anomic/http/server/ServerSideIncludes.java
Unescape View File

@ -39,11 +39,11 @@ import net.yacy.kelondro.util.ByteBuffer;
public class ServerSideIncludes { public class ServerSideIncludes {
public static void writeSSI(final ByteBuffer in, final OutputStream out, final String authorization, final String requesthost) throws IOException { public static void writeSSI(final ByteBuffer in, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
writeSSI(in, 0, out, authorization, requesthost); writeSSI(in, 0, out, authorization, requesthost, requestHeader);
} }
public static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost) throws IOException { public static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
int p = in.indexOf(ASCII.getBytes("<!--#"), off); int p = in.indexOf(ASCII.getBytes("<!--#"), off);
int q; int q;
while (p >= 0) { while (p >= 0) {
@ -53,7 +53,7 @@ public class ServerSideIncludes {
} else { } else {
out.write(in.getBytes(off, p - off)); out.write(in.getBytes(off, p - off));
} }
parseSSI(in, p, out, authorization, requesthost); parseSSI(in, p, out, authorization, requesthost, requestHeader);
off = q + 3; off = q + 3;
p = in.indexOf(ASCII.getBytes("<!--#"), off); p = in.indexOf(ASCII.getBytes("<!--#"), off);
} }
@ -64,17 +64,17 @@ public class ServerSideIncludes {
} }
} }
private static void parseSSI(final ByteBuffer in, final int off, final OutputStream out, final String authorization, final String requesthost) { private static void parseSSI(final ByteBuffer in, final int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) {
if (in.startsWith(ASCII.getBytes("<!--#include virtual=\""), off)) { if (in.startsWith(ASCII.getBytes("<!--#include virtual=\""), off)) {
final int q = in.indexOf(ASCII.getBytes("\""), off + 22); final int q = in.indexOf(ASCII.getBytes("\""), off + 22);
if (q > 0) { if (q > 0) {
final String path = in.toString(off + 22, q - off - 22); final String path = in.toString(off + 22, q - off - 22);
writeContent(path, out, authorization, requesthost); writeContent(path, out, authorization, requesthost, requestHeader);
} }
} }
} }
private static void writeContent(String path, final OutputStream out, final String authorization, final String requesthost) { private static void writeContent(String path, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) {
// check if there are arguments in path string // check if there are arguments in path string
String args = ""; String args = "";
final int argpos = path.indexOf('?'); final int argpos = path.indexOf('?');
@ -92,6 +92,9 @@ public class ServerSideIncludes {
conProp.put(HeaderFramework.CONNECTION_PROP_HTTP_VER, HeaderFramework.HTTP_VERSION_0_9); conProp.put(HeaderFramework.CONNECTION_PROP_HTTP_VER, HeaderFramework.HTTP_VERSION_0_9);
conProp.put(HeaderFramework.CONNECTION_PROP_CLIENTIP, requesthost); conProp.put(HeaderFramework.CONNECTION_PROP_CLIENTIP, requesthost);
header.put(RequestHeader.AUTHORIZATION, authorization); header.put(RequestHeader.AUTHORIZATION, authorization);
if (requestHeader.containsKey(RequestHeader.COOKIE))
header.put(RequestHeader.COOKIE, requestHeader.get(RequestHeader.COOKIE));
header.put(RequestHeader.REFERER, requestHeader.get(RequestHeader.CONNECTION_PROP_PATH));
HTTPDFileHandler.doGet(conProp, header, out); HTTPDFileHandler.doGet(conProp, header, out);
} }
} }

Write Preview
Loading…
Cancel
Save