-function index()
- local function authenticator(validator, accs)
- local auth = luci.http.formvalue("auth", true)
- if auth then -- if authentication token was given
- local sdat = (luci.util.ubus("session", "get", { ubus_rpc_session = auth }) or { }).values
- if sdat then -- if given token is valid
- if sdat.user and luci.util.contains(accs, sdat.user) then
- return sdat.user, auth
- end
- end
+
+local function session_retrieve(sid, allowed_users)
+ local util = require "luci.util"
+ local sdat = util.ubus("session", "get", {
+ ubus_rpc_session = sid
+ })
+
+ if type(sdat) == "table" and
+ type(sdat.values) == "table" and
+ type(sdat.values.token) == "string" and
+ type(sdat.values.secret) == "string" and
+ type(sdat.values.username) == "string" and
+ util.contains(allowed_users, sdat.values.username)
+ then
+ return sid, sdat.values
+ end
+
+ return nil
+end
+
+local function authenticator(validator, accs)
+ local auth = luci.http.formvalue("auth", true)
+ or luci.http.getcookie("sysauth")
+
+ if auth then -- if authentication token was given
+ local sid, sdat = session_retrieve(auth, accs)
+ if sdat then -- if given token is valid
+ return sdat.username, sid