[lwip-devel] [patch #9576] Adding authorization cookie management

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [patch #9576] Adding authorization cookie management

From:	Giuseppe Modugno
Subject:	[lwip-devel] [patch #9576] Adding authorization cookie management
Date:	Tue, 27 Feb 2018 04:39:01 -0500 (EST)
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

URL:
  <http://savannah.nongnu.org/patch/?9576>

                 Summary: Adding authorization cookie management
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: giusloq
            Submitted on: Tue 27 Feb 2018 09:38:58 AM UTC
                Category: apps
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None

    _______________________________________________________

Details:

I tried to add authorization cookie management to httpd. You have to enable
LWIP_HTTPD_SUPPORT_AUTH_COOKIE and define HTTP_AUTH_COOKIE_NAME (usually
"Auth") and HTTP_LOGIN_FILE (the name of the file that is returned to every
HTTP requests without a valid authorization cookie... it is usually the
login.html web page to force entering username/password).

The user should supply the function httpd_authorized_for_uri(const char
*auth_cookie, const char *uri). The function should return true if the uri can
be retrieved with that cookie.

My application creates a new session ID (random number) when the user enters
valid login data. The session ID is returned in a JSON "generated file" as the
answer to login request. The Javascript running in the client can save the
cookie, so it will be used in next requests.

The application could invalidate session IDs that aren't used for long times
(httpd_authorized_for_uri can restart the timer).

Another small change is with CGI handler function. In my application I needed
to check session ID in CGI handler, because the result changes depending on
the type of session ID (normal user, admin, and so on). In my case, I encoded
the type of the user inside the session ID.

Maybe the name of macros must be changed to be similar to the others in lwip.
I don't know lwip too much to create good macro names. Moreover, I think those
three macros must be added to httpd_opts.h with their default values.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 27 Feb 2018 09:38:58 AM UTC  Name: patch.diff  Size: 5KiB   By:
giusloq

<http://savannah.nongnu.org/patch/download.php?file_id=43407>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/patch/?9576>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno <=
- [lwip-devel] [patch #9576] Adding authorization cookie management, Mike Kleshov, 2018/02/28
  - Re: [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/02/28
    - Re: [lwip-devel] [patch #9576] Adding authorization cookie management, Simon Goldschmidt, 2018/02/28
  - [lwip-devel] [patch #9576] Adding authorization cookie management, Simon Goldschmidt, 2018/02/28
- Re: [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/02/28

Prev by Date: [lwip-devel] [patch #9575] Generic HTTP server port
Next by Date: [lwip-devel] [patch #9575] Generic HTTP server port
Previous by thread: [lwip-devel] [patch #9575] Generic HTTP server port
Next by thread: [lwip-devel] [patch #9576] Adding authorization cookie management
Index(es):
- Date
- Thread