--- LuCI web dispatcher.
module("luci.dispatcher", package.seeall)
+require("luci.util")
require("luci.init")
require("luci.http")
require("luci.sys")
context = luci.util.threadlocal()
+authenticator = {}
+
-- Index table
local index = nil
return false
end
---- Render and evaluate the system authentication login form.
--- @param default Default username
--- @return Authentication status
-function sysauth(default)
+function authenticator.htmlauth(validator, accs, default)
local user = luci.http.formvalue("username")
local pass = luci.http.formvalue("password")
- if user and luci.sys.user.checkpasswd(user, pass) then
- local sid = luci.sys.uniqueid(16)
- luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
- luci.sauth.write(sid, user)
- return true
- else
- require("luci.i18n")
- require("luci.template")
- context.path = {}
- luci.template.render("sysauth", {duser=default, fuser=user})
- return false
+ if user and validator(user, pass) then
+ return user
end
+
+ require("luci.i18n")
+ require("luci.template")
+ context.path = {}
+ luci.template.render("sysauth", {duser=default, fuser=user})
+ return false
+
end
--- Dispatch an HTTP request.
local c = context.tree
local track = {}
local args = {}
+ context.args = args
local n
for i, s in ipairs(request) do
c = c.nodes[s]
n = i
- if not c or c.leaf then
+ if not c then
break
end
for k, v in pairs(c) do
track[k] = v
end
+
+ if c.leaf then
+ break
+ end
end
if c and c.leaf then
tpl.context.viewns = viewns
viewns.write = luci.http.write
viewns.translate = function(...) return require("luci.i18n").translate(...) end
+ viewns.striptags = luci.util.striptags
viewns.controller = luci.http.getenv("SCRIPT_NAME")
viewns.media = luci.config.main.mediaurlbase
viewns.resource = luci.config.main.resourcebase
- viewns.REQUEST_URI = luci.http.getenv("SCRIPT_NAME") .. (luci.http.getenv("PATH_INFO") or "")
+ viewns.REQUEST_URI = (luci.http.getenv("SCRIPT_NAME") or "") .. (luci.http.getenv("PATH_INFO") or "")
if track.dependent then
local stat, err = pcall(assert, not track.auto)
if track.sysauth then
require("luci.sauth")
+ local authen = type(track.sysauth_authenticator) == "function"
+ and track.sysauth_authenticator
+ or authenticator[track.sysauth_authenticator]
local def = (type(track.sysauth) == "string") and track.sysauth
local accs = def and {track.sysauth} or track.sysauth
- local user = luci.sauth.read(luci.http.getcookie("sysauth"))
-
+ local sess = luci.http.getcookie("sysauth")
+ sess = sess and sess:match("^[A-F0-9]+$")
+ local user = luci.sauth.read(sess)
if not luci.util.contains(accs, user) then
- if not sysauth(def) then
+ if authen then
+ local user, sess = authen(luci.sys.user.checkpasswd, accs, def)
+ if not user or not luci.util.contains(accs, user) then
+ return
+ else
+ local sid = sess or luci.sys.uniqueid(16)
+ luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+ if not sess then
+ luci.sauth.write(sid, user)
+ end
+ end
+ else
+ luci.http.status(403, "Forbidden")
return
end
end