-local function authenticator(validator, accs)
- local auth = luci.http.formvalue("auth", true)
- or luci.http.getcookie("sysauth")
+function index()
+ local function session_retrieve(sid, allowed_users)
+ local util = require "luci.util"
+ local sdat = util.ubus("session", "get", {
+ ubus_rpc_session = sid
+ })
+
+ if type(sdat) == "table" and
+ type(sdat.values) == "table" and
+ type(sdat.values.token) == "string" and
+ type(sdat.values.secret) == "string" and
+ type(sdat.values.username) == "string" and
+ util.contains(allowed_users, sdat.values.username)
+ then
+ return sid, sdat.values
+ end
+
+ return nil
+ end
+
+ local function authenticator(validator, accs)
+ local http = require "luci.http"
+ local auth = http.formvalue("auth", true) or http.getcookie("sysauth")