X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuhttpd.git;a=blobdiff_plain;f=ubus.c;h=f7d1f11a15037839ff1c46656ad11a37985cb623;hp=307daaafa531e40458536589e010921caa6e97ec;hb=c0a569de53db4a6cafa736386fd6feade4cd09f7;hpb=d9e7e61178ef07c741ad820d8b2f5afd4246d993

diff --git a/ubus.c b/ubus.c
index 307daaa..f7d1f11 100644
--- a/ubus.c
+++ b/ubus.c
@@ -63,6 +63,7 @@ static const struct blobmsg_policy ses_policy[__SES_MAX] = {
 
 struct rpc_data {
 	struct blob_attr *id;
+	const char *sid;
 	const char *method;
 	const char *object;
 	const char *function;
@@ -103,6 +104,13 @@ static const struct {
 	[ERROR_TIMEOUT] = { -32003, "ubus request timed out" },
 };
 
+enum cors_hdr {
+	HDR_ORIGIN,
+	HDR_ACCESS_CONTROL_REQUEST_METHOD,
+	HDR_ACCESS_CONTROL_REQUEST_HEADERS,
+	__HDR_MAX
+};
+
 static void __uh_ubus_next_batched_request(struct uloop_timeout *timeout);
 
 static void uh_ubus_next_batched_request(struct client *cl)
@@ -113,10 +121,52 @@ static void uh_ubus_next_batched_request(struct client *cl)
 	uloop_timeout_set(&du->timeout, 1);
 }
 
+static void uh_ubus_add_cors_headers(struct client *cl)
+{
+	struct blob_attr *tb[__HDR_MAX];
+	static const struct blobmsg_policy hdr_policy[__HDR_MAX] = {
+		[HDR_ORIGIN] = { "origin", BLOBMSG_TYPE_STRING },
+		[HDR_ACCESS_CONTROL_REQUEST_METHOD] = { "access-control-request-method", BLOBMSG_TYPE_STRING },
+		[HDR_ACCESS_CONTROL_REQUEST_HEADERS] = { "access-control-request-headers", BLOBMSG_TYPE_STRING },
+	};
+
+	blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
+
+	if (!tb[HDR_ORIGIN])
+		return;
+
+	if (tb[HDR_ACCESS_CONTROL_REQUEST_METHOD])
+	{
+		char *hdr = (char *) blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_METHOD]);
+
+		if (strcmp(hdr, "POST") && strcmp(hdr, "OPTIONS"))
+			return;
+	}
+
+	ustream_printf(cl->us, "Access-Control-Allow-Origin: %s\r\n",
+	               blobmsg_data(tb[HDR_ORIGIN]));
+
+	if (tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS])
+		ustream_printf(cl->us, "Access-Control-Allow-Headers: %s\r\n",
+		               blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS]));
+
+	ustream_printf(cl->us, "Access-Control-Allow-Methods: POST, OPTIONS\r\n");
+	ustream_printf(cl->us, "Access-Control-Allow-Credentials: true\r\n");
+}
+
 static void uh_ubus_send_header(struct client *cl)
 {
 	ops->http_header(cl, 200, "OK");
-	ustream_printf(cl->us, "Content-Type: application/json\r\n\r\n");
+
+	if (conf.ubus_cors)
+		uh_ubus_add_cors_headers(cl);
+
+	ustream_printf(cl->us, "Content-Type: application/json\r\n");
+
+	if (cl->request.method == UH_HTTP_MSG_OPTIONS)
+		ustream_printf(cl->us, "Content-Length: 0\r\n");
+
+	ustream_printf(cl->us, "\r\n");
 }
 
 static void uh_ubus_send_response(struct client *cl)
@@ -126,34 +176,32 @@ static void uh_ubus_send_response(struct client *cl)
 	char *str;
 
 	if (du->array && du->array_idx > 1)
-		sep = ", ";
+		sep = ",";
 
-	str = blobmsg_format_json_indent(buf.head, true, du->array);
+	str = blobmsg_format_json(buf.head, true);
 	ops->chunk_printf(cl, "%s%s", sep, str);
 	free(str);
 
 	du->jsobj_cur = NULL;
 	if (du->array)
 		uh_ubus_next_batched_request(cl);
-	else {
-		ops->chunk_printf(cl, "\n");
+	else
 		return ops->request_done(cl);
-	}
 }
 
 static void uh_ubus_init_response(struct client *cl)
 {
 	struct dispatch_ubus *du = &cl->dispatch.ubus;
-	struct json_object *obj = du->jsobj_cur;
+	struct json_object *obj = du->jsobj_cur, *obj2 = NULL;
 
 	blob_buf_init(&buf, 0);
 	blobmsg_add_string(&buf, "jsonrpc", "2.0");
 
 	if (obj)
-		obj = json_object_object_get(obj, "id");
+		json_object_object_get_ex(obj, "id", &obj2);
 
-	if (obj)
-		blobmsg_add_json_element(&buf, "id", obj);
+	if (obj2)
+		blobmsg_add_json_element(&buf, "id", obj2);
 	else
 		blobmsg_add_field(&buf, BLOBMSG_TYPE_UNSPEC, "id", NULL, 0);
 }
@@ -240,7 +288,7 @@ static void uh_ubus_single_error(struct client *cl, enum rpc_error type)
 	ops->request_done(cl);
 }
 
-static void uh_ubus_send_request(struct client *cl, json_object *obj, struct blob_attr *args)
+static void uh_ubus_send_request(struct client *cl, json_object *obj, const char *sid, struct blob_attr *args)
 {
 	struct dispatch *d = &cl->dispatch;
 	struct dispatch_ubus *du = &d->ubus;
@@ -249,8 +297,13 @@ static void uh_ubus_send_request(struct client *cl, json_object *obj, struct blo
 	int ret, rem;
 
 	blob_buf_init(&req, 0);
-	blobmsg_for_each_attr(cur, args, rem)
+	blobmsg_for_each_attr(cur, args, rem) {
+		if (!strcmp(blobmsg_name(cur), "ubus_rpc_session"))
+			return uh_ubus_json_error(cl, ERROR_PARAMS);
 		blobmsg_add_blob(&req, cur);
+	}
+
+	blobmsg_add_string(&req, "ubus_rpc_session", sid);
 
 	blob_buf_init(&du->buf, 0);
 	memset(&du->req, 0, sizeof(du->req));
@@ -326,6 +379,8 @@ static void uh_ubus_send_list(struct client *cl, json_object *obj, struct blob_a
 
 	blob_buf_init(data.buf, 0);
 
+	uh_client_ref(cl);
+
 	if (!params || blob_id(params) != BLOBMSG_TYPE_ARRAY) {
 		r = blobmsg_open_array(data.buf, "result");
 		ubus_lookup(ctx, NULL, uh_ubus_list_cb, &data);
@@ -345,6 +400,8 @@ static void uh_ubus_send_list(struct client *cl, json_object *obj, struct blob_a
 		blobmsg_close_table(data.buf, r);
 	}
 
+	uh_client_unref(cl);
+
 	uh_ubus_init_response(cl);
 	blobmsg_add_blob(&buf, blob_data(data.buf->head));
 	uh_ubus_send_response(cl);
@@ -355,10 +412,11 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
 	const struct blobmsg_policy data_policy[] = {
 		{ .type = BLOBMSG_TYPE_STRING },
 		{ .type = BLOBMSG_TYPE_STRING },
+		{ .type = BLOBMSG_TYPE_STRING },
 		{ .type = BLOBMSG_TYPE_TABLE },
 	};
 	struct blob_attr *tb[__RPC_MAX];
-	struct blob_attr *tb2[3];
+	struct blob_attr *tb2[4];
 	struct blob_attr *cur;
 
 	blobmsg_parse(rpc_policy, __RPC_MAX, tb, blob_data(data), blob_len(data));
@@ -386,12 +444,18 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
 			    blobmsg_data(d->params), blobmsg_data_len(d->params));
 
 	if (tb2[0])
-		d->object = blobmsg_data(tb2[0]);
+		d->sid = blobmsg_data(tb2[0]);
+
+	if (conf.ubus_noauth && (!d->sid || !*d->sid))
+		d->sid = UH_UBUS_DEFAULT_SID;
 
 	if (tb2[1])
-		d->function = blobmsg_data(tb2[1]);
+		d->object = blobmsg_data(tb2[1]);
+
+	if (tb2[2])
+		d->function = blobmsg_data(tb2[2]);
 
-	d->data = tb2[2];
+	d->data = tb2[3];
 
 	return true;
 }
@@ -402,12 +466,12 @@ static void uh_ubus_init_batch(struct client *cl)
 
 	du->array = true;
 	uh_ubus_send_header(cl);
-	ops->chunk_printf(cl, "[\n\t");
+	ops->chunk_printf(cl, "[");
 }
 
 static void uh_ubus_complete_batch(struct client *cl)
 {
-	ops->chunk_printf(cl, "\n]\n");
+	ops->chunk_printf(cl, "]");
 	ops->request_done(cl);
 }
 
@@ -435,7 +499,7 @@ static bool uh_ubus_allowed(const char *sid, const char *obj, const char *fun)
 		return false;
 
 	blob_buf_init(&req, 0);
-	blobmsg_add_string(&req, "sid", sid);
+	blobmsg_add_string(&req, "ubus_rpc_session", sid);
 	blobmsg_add_string(&req, "object", obj);
 	blobmsg_add_string(&req, "function", fun);
 
@@ -450,6 +514,8 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
 	struct rpc_data data = {};
 	enum rpc_error err = ERROR_PARSE;
 
+	uh_client_ref(cl);
+
 	if (json_object_get_type(obj) != json_type_object)
 		goto error;
 
@@ -462,7 +528,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
 		goto error;
 
 	if (!strcmp(data.method, "call")) {
-		if (!data.object || !data.function || !data.data)
+		if (!data.sid || !data.object || !data.function || !data.data)
 			goto error;
 
 		du->func = data.function;
@@ -471,12 +537,12 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
 			goto error;
 		}
 
-		if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) {
+		if (!conf.ubus_noauth && !uh_ubus_allowed(data.sid, data.object, data.function)) {
 			err = ERROR_ACCESS;
 			goto error;
 		}
 
-		uh_ubus_send_request(cl, obj, data.data);
+		uh_ubus_send_request(cl, obj, data.sid, data.data);
 		goto out;
 	}
 	else if (!strcmp(data.method, "list")) {
@@ -493,6 +559,8 @@ error:
 out:
 	if (data.params)
 		free(data.params);
+
+	uh_client_unref(cl);
 }
 
 static void __uh_ubus_next_batched_request(struct uloop_timeout *timeout)
@@ -549,35 +617,27 @@ error:
 static void uh_ubus_handle_request(struct client *cl, char *url, struct path_info *pi)
 {
 	struct dispatch *d = &cl->dispatch;
-	char *sid, *sep;
 
 	blob_buf_init(&buf, 0);
 
-	if (conf.ubus_noauth) {
-		sid = UH_UBUS_DEFAULT_SID;
-	}
-	else {
-		url += strlen(conf.ubus_prefix);
-		while (*url == '/')
-			url++;
-
-		sep = strchr(url, '/');
-		if (sep)
-			*sep = 0;
+	switch (cl->request.method)
+	{
+	case UH_HTTP_MSG_POST:
+		d->data_send = uh_ubus_data_send;
+		d->data_done = uh_ubus_data_done;
+		d->close_fds = uh_ubus_close_fds;
+		d->free = uh_ubus_request_free;
+		d->ubus.jstok = json_tokener_new();
+		break;
+
+	case UH_HTTP_MSG_OPTIONS:
+		uh_ubus_send_header(cl);
+		ops->request_done(cl);
+		break;
 
-		sid = url;
+	default:
+		ops->client_error(cl, 400, "Bad Request", "Invalid Request");
 	}
-
-	if (strlen(sid) != 32 ||
-	    cl->request.method != UH_HTTP_MSG_POST)
-		return ops->client_error(cl, 400, "Bad Request", "Invalid Request");
-
-	d->close_fds = uh_ubus_close_fds;
-	d->free = uh_ubus_request_free;
-	d->data_send = uh_ubus_data_send;
-	d->data_done = uh_ubus_data_done;
-	d->ubus.jstok = json_tokener_new();
-	d->ubus.sid = sid;
 }
 
 static bool
@@ -619,7 +679,7 @@ static void uh_ubus_post_init(void)
 	ubus_add_uloop(ctx);
 }
 
-const struct uhttpd_plugin uhttpd_plugin = {
+struct uhttpd_plugin uhttpd_plugin = {
 	.init = uh_ubus_plugin_init,
 	.post_init = uh_ubus_post_init,
 };