diff options
Diffstat (limited to 'web/server/web_client.c')
-rw-r--r-- | web/server/web_client.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/web/server/web_client.c b/web/server/web_client.c index 282cfcd1..4e34ae3a 100644 --- a/web/server/web_client.c +++ b/web/server/web_client.c @@ -157,6 +157,10 @@ void web_client_request_done(struct web_client *w) { w->origin[1] = '\0'; freez(w->user_agent); w->user_agent = NULL; + if (w->auth_bearer_token) { + freez(w->auth_bearer_token); + w->auth_bearer_token = NULL; + } w->mode = WEB_CLIENT_MODE_NORMAL; @@ -577,10 +581,17 @@ static inline int check_host_and_dashboard_acl_and_call(RRDHOST *host, struct we return check_host_and_call(host, w, url, func); } +static inline int check_host_and_mgmt_acl_and_call(RRDHOST *host, struct web_client *w, char *url, int (*func)(RRDHOST *, struct web_client *, char *)) { + if(!web_client_can_access_mgmt(w)) + return web_client_permission_denied(w); + + return check_host_and_call(host, w, url, func); +} + int web_client_api_request(RRDHOST *host, struct web_client *w, char *url) { // get the api version - char *tok = mystrsep(&url, "/?&"); + char *tok = mystrsep(&url, "/"); if(tok && *tok) { debug(D_WEB_CLIENT, "%llu: Searching for API version '%s'.", w->id, tok); if(strcmp(tok, "v1") == 0) @@ -713,7 +724,7 @@ const char *web_response_code_to_string(int code) { } static inline char *http_header_parse(struct web_client *w, char *s, int parse_useragent) { - static uint32_t hash_origin = 0, hash_connection = 0, hash_accept_encoding = 0, hash_donottrack = 0, hash_useragent = 0; + static uint32_t hash_origin = 0, hash_connection = 0, hash_accept_encoding = 0, hash_donottrack = 0, hash_useragent = 0, hash_authorization = 0; if(unlikely(!hash_origin)) { hash_origin = simple_uhash("Origin"); @@ -721,6 +732,7 @@ static inline char *http_header_parse(struct web_client *w, char *s, int parse_u hash_accept_encoding = simple_uhash("Accept-Encoding"); hash_donottrack = simple_uhash("DNT"); hash_useragent = simple_uhash("User-Agent"); + hash_authorization = simple_uhash("X-Auth-Token"); } char *e = s; @@ -765,6 +777,8 @@ static inline char *http_header_parse(struct web_client *w, char *s, int parse_u } else if(parse_useragent && hash == hash_useragent && !strcasecmp(s, "User-Agent")) { w->user_agent = strdupz(v); + } else if(hash == hash_authorization&& !strcasecmp(s, "X-Auth-Token")) { + w->auth_bearer_token = strdupz(v); } #ifdef NETDATA_WITH_ZLIB else if(hash == hash_accept_encoding && !strcasecmp(s, "Accept-Encoding")) { @@ -1071,7 +1085,7 @@ static inline int web_client_switch_host(RRDHOST *host, struct web_client *w, ch return 400; } - char *tok = mystrsep(&url, "/?&"); + char *tok = mystrsep(&url, "/"); if(tok && *tok) { debug(D_WEB_CLIENT, "%llu: Searching for host with name '%s'.", w->id, tok); @@ -1163,7 +1177,7 @@ static inline int web_client_process_url(RRDHOST *host, struct web_client *w, ch buffer_flush(w->response.data); // get the name of the data to show - tok = mystrsep(&url, "/?&"); + tok = mystrsep(&url, "&"); if(tok && *tok) { debug(D_WEB_CLIENT, "%llu: Searching for RRD data with name '%s'.", w->id, tok); @@ -1239,9 +1253,15 @@ void web_client_process_request(struct web_client *w) { return; case WEB_CLIENT_MODE_OPTIONS: - if(unlikely(!web_client_can_access_dashboard(w) && !web_client_can_access_registry(w) && !web_client_can_access_badges(w))) { + if(unlikely( + !web_client_can_access_dashboard(w) && + !web_client_can_access_registry(w) && + !web_client_can_access_badges(w) && + !web_client_can_access_mgmt(w) && + !web_client_can_access_netdataconf(w) + )) { web_client_permission_denied(w); - return; + break; } w->response.data->contenttype = CT_TEXT_PLAIN; @@ -1252,9 +1272,15 @@ void web_client_process_request(struct web_client *w) { case WEB_CLIENT_MODE_FILECOPY: case WEB_CLIENT_MODE_NORMAL: - if(unlikely(!web_client_can_access_dashboard(w) && !web_client_can_access_registry(w) && !web_client_can_access_badges(w))) { + if(unlikely( + !web_client_can_access_dashboard(w) && + !web_client_can_access_registry(w) && + !web_client_can_access_badges(w) && + !web_client_can_access_mgmt(w) && + !web_client_can_access_netdataconf(w) + )) { web_client_permission_denied(w); - return; + break; } w->response.code = web_client_process_url(localhost, w, w->decoded_url); |