aboutsummaryrefslogtreecommitdiff
path: root/contrib/epee/include/net/http_protocol_handler.inl
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2016-09-07 21:38:41 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2016-09-18 20:32:02 +0100
commiteeb2bbc0fcc9c5afa2c3aa12915b4d3f31115e56 (patch)
treec55799576b49814203891a6688ec2dbdf86b7bcf /contrib/epee/include/net/http_protocol_handler.inl
parentMerge pull request #1099 (diff)
downloadmonero-eeb2bbc0fcc9c5afa2c3aa12915b4d3f31115e56.tar.xz
epee: optionally restrict HTTP service to a configurable user agent
This is intended to catch traffic coming from a web browser, so we avoid issues with a web page sending a transfer RPC to the wallet. Requiring a particular user agent can act as a simple password scheme, while we wait for 0MQ and proper authentication to be merged.
Diffstat (limited to 'contrib/epee/include/net/http_protocol_handler.inl')
-rw-r--r--contrib/epee/include/net/http_protocol_handler.inl23
1 files changed, 17 insertions, 6 deletions
diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl
index 2458af047..6beff0109 100644
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@@ -285,7 +285,8 @@ namespace net_utils
}
break;
}
- analize_cached_request_header_and_invoke_state(pos);
+ if (!analize_cached_request_header_and_invoke_state(pos))
+ return false;
break;
}
case http_state_retriving_body:
@@ -387,8 +388,16 @@ namespace net_utils
{
LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): failed to anilize request header: " << m_cache);
m_state = http_state_error;
+ return false;
}
+ if (!m_config.m_required_user_agent.empty() && m_query_info.m_header_info.m_user_agent != m_config.m_required_user_agent)
+ {
+ LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): unexpected user agent: " << m_query_info.m_header_info.m_user_agent);
+ m_state = http_state_error;
+ return false;
+ }
+
m_cache.erase(0, pos);
std::string req_command_str = m_query_info.m_full_request_str;
@@ -473,10 +482,10 @@ namespace net_utils
LOG_FRAME("http_stream_filter::parse_cached_header(*)", LOG_LEVEL_3);
STATIC_REGEXP_EXPR_1(rexp_mach_field,
- "\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)"
- // 12 3 4 5 6 7 8 9
+ "\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)|(User-Agent)"
+ // 12 3 4 5 6 7 8 9 10
"|([\\w-]+?)) ?: ?((.*?)(\r?\n))[^\t ]",
- //10 1112 13
+ //11 1213 14
boost::regex::icase | boost::regex::normal);
boost::smatch result;
@@ -488,8 +497,8 @@ namespace net_utils
//lookup all fields and fill well-known fields
while( boost::regex_search( it_current_bound, it_end_bound, result, rexp_mach_field, boost::match_default) && result[0].matched)
{
- const size_t field_val = 12;
- const size_t field_etc_name = 10;
+ const size_t field_val = 13;
+ const size_t field_etc_name = 11;
int i = 2; //start position = 2
if(result[i++].matched)//"Connection"
@@ -508,6 +517,8 @@ namespace net_utils
body_info.m_host = result[field_val];
else if(result[i++].matched)//"Cookie"
body_info.m_cookie = result[field_val];
+ else if(result[i++].matched)//"User-Agent"
+ body_info.m_user_agent = result[field_val];
else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!)
body_info.m_etc_fields.push_back(std::pair<std::string, std::string>(result[field_etc_name], result[field_val]));
else