summaryrefslogtreecommitdiffstats
path: root/web/server/web_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'web/server/web_client.c')
-rw-r--r--web/server/web_client.c42
1 files changed, 34 insertions, 8 deletions
diff --git a/web/server/web_client.c b/web/server/web_client.c
index 282cfcd1..4e34ae3a 100644
--- a/web/server/web_client.c
+++ b/web/server/web_client.c
@@ -157,6 +157,10 @@ void web_client_request_done(struct web_client *w) {
w->origin[1] = '\0';
freez(w->user_agent); w->user_agent = NULL;
+ if (w->auth_bearer_token) {
+ freez(w->auth_bearer_token);
+ w->auth_bearer_token = NULL;
+ }
w->mode = WEB_CLIENT_MODE_NORMAL;
@@ -577,10 +581,17 @@ static inline int check_host_and_dashboard_acl_and_call(RRDHOST *host, struct we
return check_host_and_call(host, w, url, func);
}
+static inline int check_host_and_mgmt_acl_and_call(RRDHOST *host, struct web_client *w, char *url, int (*func)(RRDHOST *, struct web_client *, char *)) {
+ if(!web_client_can_access_mgmt(w))
+ return web_client_permission_denied(w);
+
+ return check_host_and_call(host, w, url, func);
+}
+
int web_client_api_request(RRDHOST *host, struct web_client *w, char *url)
{
// get the api version
- char *tok = mystrsep(&url, "/?&");
+ char *tok = mystrsep(&url, "/");
if(tok && *tok) {
debug(D_WEB_CLIENT, "%llu: Searching for API version '%s'.", w->id, tok);
if(strcmp(tok, "v1") == 0)
@@ -713,7 +724,7 @@ const char *web_response_code_to_string(int code) {
}
static inline char *http_header_parse(struct web_client *w, char *s, int parse_useragent) {
- static uint32_t hash_origin = 0, hash_connection = 0, hash_accept_encoding = 0, hash_donottrack = 0, hash_useragent = 0;
+ static uint32_t hash_origin = 0, hash_connection = 0, hash_accept_encoding = 0, hash_donottrack = 0, hash_useragent = 0, hash_authorization = 0;
if(unlikely(!hash_origin)) {
hash_origin = simple_uhash("Origin");
@@ -721,6 +732,7 @@ static inline char *http_header_parse(struct web_client *w, char *s, int parse_u
hash_accept_encoding = simple_uhash("Accept-Encoding");
hash_donottrack = simple_uhash("DNT");
hash_useragent = simple_uhash("User-Agent");
+ hash_authorization = simple_uhash("X-Auth-Token");
}
char *e = s;
@@ -765,6 +777,8 @@ static inline char *http_header_parse(struct web_client *w, char *s, int parse_u
}
else if(parse_useragent && hash == hash_useragent && !strcasecmp(s, "User-Agent")) {
w->user_agent = strdupz(v);
+ } else if(hash == hash_authorization&& !strcasecmp(s, "X-Auth-Token")) {
+ w->auth_bearer_token = strdupz(v);
}
#ifdef NETDATA_WITH_ZLIB
else if(hash == hash_accept_encoding && !strcasecmp(s, "Accept-Encoding")) {
@@ -1071,7 +1085,7 @@ static inline int web_client_switch_host(RRDHOST *host, struct web_client *w, ch
return 400;
}
- char *tok = mystrsep(&url, "/?&");
+ char *tok = mystrsep(&url, "/");
if(tok && *tok) {
debug(D_WEB_CLIENT, "%llu: Searching for host with name '%s'.", w->id, tok);
@@ -1163,7 +1177,7 @@ static inline int web_client_process_url(RRDHOST *host, struct web_client *w, ch
buffer_flush(w->response.data);
// get the name of the data to show
- tok = mystrsep(&url, "/?&");
+ tok = mystrsep(&url, "&");
if(tok && *tok) {
debug(D_WEB_CLIENT, "%llu: Searching for RRD data with name '%s'.", w->id, tok);
@@ -1239,9 +1253,15 @@ void web_client_process_request(struct web_client *w) {
return;
case WEB_CLIENT_MODE_OPTIONS:
- if(unlikely(!web_client_can_access_dashboard(w) && !web_client_can_access_registry(w) && !web_client_can_access_badges(w))) {
+ if(unlikely(
+ !web_client_can_access_dashboard(w) &&
+ !web_client_can_access_registry(w) &&
+ !web_client_can_access_badges(w) &&
+ !web_client_can_access_mgmt(w) &&
+ !web_client_can_access_netdataconf(w)
+ )) {
web_client_permission_denied(w);
- return;
+ break;
}
w->response.data->contenttype = CT_TEXT_PLAIN;
@@ -1252,9 +1272,15 @@ void web_client_process_request(struct web_client *w) {
case WEB_CLIENT_MODE_FILECOPY:
case WEB_CLIENT_MODE_NORMAL:
- if(unlikely(!web_client_can_access_dashboard(w) && !web_client_can_access_registry(w) && !web_client_can_access_badges(w))) {
+ if(unlikely(
+ !web_client_can_access_dashboard(w) &&
+ !web_client_can_access_registry(w) &&
+ !web_client_can_access_badges(w) &&
+ !web_client_can_access_mgmt(w) &&
+ !web_client_can_access_netdataconf(w)
+ )) {
web_client_permission_denied(w);
- return;
+ break;
}
w->response.code = web_client_process_url(localhost, w, w->decoded_url);