Accueil Explorer Aide
Connexion
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 815e877c4f
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
libwebsockets-v2.1-stable
/
plugins
/
generic-sessions
/
protocol_generic_sessions.c

protocol_generic_sessions.c 24 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903 
  1. /*
    2. 

  2.  * ws protocol handler plugin for "generic sessions"
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or
    7. 

  7.  * modify it under the terms of the GNU General Public
    8. 

  8.  * License as published by the Free Software Foundation:
    9. 

  9.  * version 2.1 of the License.
    10. 

  10.  *
    11. 

  11.  * This library is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14.  * General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public
    17. 

  17.  * License along with this library; if not, write to the Free Software
    18. 

  18.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
    19. 

  19.  * MA  02110-1301  USA
    20. 

  20.  */
    21. 

  21. 

  22. #include "private-lwsgs.h"
    23. 

  23. 

  24. /* keep changes in sync with the enum in lwsgs.h */
    25. 

  25. static const char * const param_names[] = {
    26. 

  26. 	"username",
    27. 

  27. 	"password",
    28. 

  28. 	"password2",
    29. 

  29. 	"email",
    30. 

  30. 	"register",
    31. 

  31. 	"good",
    32. 

  32. 	"bad",
    33. 

  33. 	"reg-good",
    34. 

  34. 	"reg-bad",
    35. 

  35. 	"admin",
    36. 

  36. 	"forgot",
    37. 

  37. 	"forgot-good",
    38. 

  38. 	"forgot-bad",
    39. 

  39. 	"forgot-post-good",
    40. 

  40. 	"forgot-post-bad",
    41. 

  41. 	"change",
    42. 

  42. 	"curpw",
    43. 

  43. 	"delete"
    44. 

  44. };
    45. 

  45. 

  46. struct lwsgs_fill_args {
    47. 

  47. 	char *buf;
    48. 

  48. 	int len;
    49. 

  49. };
    50. 

  50. 

  51. static const struct lws_protocols protocols[];
    52. 

  52. 

  53. static int
    54. 

  54. lwsgs_lookup_callback_email(void *priv, int cols, char **col_val,
    55. 

  55. 			    char **col_name)
    56. 

  56. {
    57. 

  57. 	struct lwsgs_fill_args *a = (struct lwsgs_fill_args *)priv;
    58. 

  58. 	int n;
    59. 

  59. 

  60. 	for (n = 0; n < cols; n++) {
    61. 

  61. 		if (!strcmp(col_name[n], "content")) {
    62. 

  62. 			strncpy(a->buf, col_val[n], a->len - 1);
    63. 

  63. 			a->buf[a->len - 1] = '\0';
    64. 

  64. 			continue;
    65. 

  65. 		}
    66. 

  66. 	}
    67. 

  67. 	return 0;
    68. 

  68. }
    69. 

  69. 

  70. static int
    71. 

  71. lwsgs_email_cb_get_body(struct lws_email *email, char *buf, int len)
    72. 

  72. {
    73. 

  73. 	struct per_vhost_data__gs *vhd = (struct per_vhost_data__gs *)email->data;
    74. 

  74. 	struct lwsgs_fill_args a;
    75. 

  75. 	char ss[150], esc[50];
    76. 

  76. 

  77. 	a.buf = buf;
    78. 

  78. 	a.len = len;
    79. 

  79. 

  80. 	lws_snprintf(ss, sizeof(ss) - 1,
    81. 

  81. 		 "select content from email where username='%s';",
    82. 

  82. 		 lws_sql_purify(esc, vhd->u.username, sizeof(esc) - 1));
    83. 

  83. 

  84. 	strncpy(buf, "failed", len);
    85. 

  85. 	if (sqlite3_exec(vhd->pdb, ss, lwsgs_lookup_callback_email, &a,
    86. 

  86. 			 NULL) != SQLITE_OK) {
    87. 

  87. 		lwsl_err("Unable to lookup email: %s\n",
    88. 

  88. 			 sqlite3_errmsg(vhd->pdb));
    89. 

  89. 

  90. 		return 1;
    91. 

  91. 	}
    92. 

  92. 

  93. 	return 0;
    94. 

  94. }
    95. 

  95. 

  96. static int
    97. 

  97. lwsgs_email_cb_sent(struct lws_email *email)
    98. 

  98. {
    99. 

  99. 	struct per_vhost_data__gs *vhd = (struct per_vhost_data__gs *)email->data;
    100. 

  100. 	char s[200], esc[50];
    101. 

  101. 

  102. 	/* mark the user as having sent the verification email */
    103. 

  103. 	lws_snprintf(s, sizeof(s) - 1,
    104. 

  104. 		 "update users set verified=1 where username='%s' and verified==0;",
    105. 

  105. 		 lws_sql_purify(esc, vhd->u.username, sizeof(esc) - 1));
    106. 

  106. 	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
    107. 

  107. 		lwsl_err("%s: Unable to update user: %s\n", __func__,
    108. 

  108. 			 sqlite3_errmsg(vhd->pdb));
    109. 

  109. 		return 1;
    110. 

  110. 	}
    111. 

  111. 

  112. 	lws_snprintf(s, sizeof(s) - 1,
    113. 

  113. 		 "delete from email where username='%s';",
    114. 

  114. 		 lws_sql_purify(esc, vhd->u.username, sizeof(esc) - 1));
    115. 

  115. 	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
    116. 

  116. 		lwsl_err("%s: Unable to delete email text: %s\n", __func__,
    117. 

  117. 			 sqlite3_errmsg(vhd->pdb));
    118. 

  118. 		return 1;
    119. 

  119. 	}
    120. 

  120. 

  121. 	return 0;
    122. 

  122. }
    123. 

  123. 

  124. static int
    125. 

  125. lwsgs_email_cb_on_next(struct lws_email *email)
    126. 

  126. {
    127. 

  127. 	struct per_vhost_data__gs *vhd = lws_container_of(email,
    128. 

  128. 			struct per_vhost_data__gs, email);
    129. 

  129. 	char s[LWSGS_EMAIL_CONTENT_SIZE], esc[50];
    130. 

  130. 	time_t now = lws_now_secs();
    131. 

  131. 

  132. 	/*
    133. 

  133. 	 * users not verified in 24h get deleted
    134. 

  134. 	 */
    135. 

  135. 	lws_snprintf(s, sizeof(s) - 1, "delete from users where ((verified != %d)"
    136. 

  136. 		 " and (creation_time <= %lu));", LWSGS_VERIFIED_ACCEPTED,
    137. 

  137. 		 (unsigned long)now - vhd->timeout_email_secs);
    138. 

  138. 	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
    139. 

  139. 		lwsl_err("Unable to expire users: %s\n",
    140. 

  140. 			 sqlite3_errmsg(vhd->pdb));
    141. 

  141. 		return 1;
    142. 

  142. 	}
    143. 

  143. 

  144. 	lws_snprintf(s, sizeof(s) - 1, "update users set token_time=0 where "
    145. 

  145. 		 "(token_time <= %lu);",
    146. 

  146. 		 (unsigned long)now - vhd->timeout_email_secs);
    147. 

  147. 	if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
    148. 

  148. 		lwsl_err("Unable to expire users: %s\n",
    149. 

  149. 			 sqlite3_errmsg(vhd->pdb));
    150. 

  150. 		return 1;
    151. 

  151. 	}
    152. 

  152. 

  153. 	vhd->u.username[0] = '\0';
    154. 

  154. 	lws_snprintf(s, sizeof(s) - 1, "select username from email limit 1;");
    155. 

  155. 	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &vhd->u,
    156. 

  156. 			 NULL) != SQLITE_OK) {
    157. 

  157. 		lwsl_err("Unable to lookup user: %s\n", sqlite3_errmsg(vhd->pdb));
    158. 

  158. 		return 1;
    159. 

  159. 	}
    160. 

  160. 

  161. 	lws_snprintf(s, sizeof(s) - 1,
    162. 

  162. 		 "select username, creation_time, email, ip, verified, token"
    163. 

  163. 		 " from users where username='%s' limit 1;",
    164. 

  164. 		 lws_sql_purify(esc, vhd->u.username, sizeof(esc) - 1));
    165. 

  165. 	if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &vhd->u,
    166. 

  166. 			 NULL) != SQLITE_OK) {
    167. 

  167. 		lwsl_err("Unable to lookup user: %s\n",
    168. 

  168. 			 sqlite3_errmsg(vhd->pdb));
    169. 

  169. 		return 1;
    170. 

  170. 	}
    171. 

  171. 

  172. 	if (!vhd->u.username[0])
    173. 

  173. 		/*
    174. 

  174. 		 * nothing to do, we are idle and no suitable
    175. 

  175. 		 * accounts waiting for verification.  When a new user
    176. 

  176. 		 * is added we will get kicked to try again.
    177. 

  177. 		 */
    178. 

  178. 		return 1;
    179. 

  179. 

  180. 	strncpy(email->email_to, vhd->u.email, sizeof(email->email_to) - 1);
    181. 

  181. 

  182. 	return 0;
    183. 

  183. }
    184. 

  184. 

  185. 

  186. struct lwsgs_subst_args
    187. 

  187. {
    188. 

  188. 	struct per_session_data__gs *pss;
    189. 

  189. 	struct per_vhost_data__gs *vhd;
    190. 

  190. 	struct lws *wsi;
    191. 

  191. };
    192. 

  192. 

  193. static const char *
    194. 

  194. lwsgs_subst(void *data, int index)
    195. 

  195. {
    196. 

  196. 	struct lwsgs_subst_args *a = (struct lwsgs_subst_args *)data;
    197. 

  197. 	struct lwsgs_user u;
    198. 

  198. 	lwsgw_hash sid;
    199. 

  199. 	char esc[50], s[100];
    200. 

  200. 	int n;
    201. 

  201. 

  202. 	a->pss->result[0] = '\0';
    203. 

  203. 	u.email[0] = '\0';
    204. 

  204. 	if (!lwsgs_get_sid_from_wsi(a->wsi, &sid)) {
    205. 

  205. 		if (lwsgs_lookup_session(a->vhd, &sid, a->pss->result, 31)) {
    206. 

  206. 			lwsl_notice("sid lookup for %s failed\n", sid.id);
    207. 

  207. 			a->pss->delete_session = sid;
    208. 

  208. 			return NULL;
    209. 

  209. 		}
    210. 

  210. 		lws_snprintf(s, sizeof(s) - 1, "select username,email "
    211. 

  211. 			 "from users where username = '%s';",
    212. 

  212. 			 lws_sql_purify(esc, a->pss->result, sizeof(esc) - 1));
    213. 

  213. 		if (sqlite3_exec(a->vhd->pdb, s, lwsgs_lookup_callback_user,
    214. 

  214. 				 &u, NULL) != SQLITE_OK) {
    215. 

  215. 			lwsl_err("Unable to lookup token: %s\n",
    216. 

  216. 				 sqlite3_errmsg(a->vhd->pdb));
    217. 

  217. 			a->pss->delete_session = sid;
    218. 

  218. 			return NULL;
    219. 

  219. 		}
    220. 

  220. 	} else
    221. 

  221. 		lwsl_notice("no sid\n");
    222. 

  222. 

  223. 	strncpy(a->pss->result + 32, u.email, 100);
    224. 

  224. 

  225. 	switch (index) {
    226. 

  226. 	case 0:
    227. 

  227. 		return a->pss->result;
    228. 

  228. 

  229. 	case 1:
    230. 

  230. 		n = lwsgs_get_auth_level(a->vhd, a->pss->result);
    231. 

  231. 		sprintf(a->pss->result, "%d", n);
    232. 

  232. 		return a->pss->result;
    233. 

  233. 	case 2:
    234. 

  234. 		return a->pss->result + 32;
    235. 

  235. 	}
    236. 

  236. 

  237. 	return NULL;
    238. 

  238. }
    239. 

  239. 

  240. static int
    241. 

  241. callback_generic_sessions(struct lws *wsi, enum lws_callback_reasons reason,
    242. 

  242. 			  void *user, void *in, size_t len)
    243. 

  243. {
    244. 

  244. 	struct per_session_data__gs *pss = (struct per_session_data__gs *)user;
    245. 

  245. 	const struct lws_protocol_vhost_options *pvo;
    246. 

  246. 	struct per_vhost_data__gs *vhd = (struct per_vhost_data__gs *)
    247. 

  247. 			lws_protocol_vh_priv_get(lws_get_vhost(wsi),
    248. 

  248. 					&protocols[0]);
    249. 

  249. 	char cookie[1024], username[32], *pc = cookie;
    250. 

  250. 	unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE];
    251. 

  251. 	struct lws_process_html_args *args;
    252. 

  252. 	struct lws_session_info *sinfo;
    253. 

  253. 	char s[LWSGS_EMAIL_CONTENT_SIZE];
    254. 

  254. 	unsigned char *p, *start, *end;
    255. 

  255. 	sqlite3_stmt *sm;
    256. 

  256. 	lwsgw_hash sid;
    257. 

  257. 	const char *cp;
    258. 

  258. 	int n;
    259. 

  259. 

  260. 	switch (reason) {
    261. 

  261. 	case LWS_CALLBACK_PROTOCOL_INIT: /* per vhost */
    262. 

  262. 

  263. 		vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi),
    264. 

  264. 			&protocols[0], sizeof(struct per_vhost_data__gs));
    265. 

  265. 		if (!vhd)
    266. 

  266. 			return 1;
    267. 

  267. 		vhd->context = lws_get_context(wsi);
    268. 

  268. 

  269. 		/* defaults */
    270. 

  270. 		vhd->timeout_idle_secs = 600;
    271. 

  271. 		vhd->timeout_absolute_secs = 36000;
    272. 

  272. 		vhd->timeout_anon_absolute_secs = 1200;
    273. 

  273. 		vhd->timeout_email_secs = 24 * 3600;
    274. 

  274. 		strcpy(vhd->email.email_helo, "unconfigured.com");
    275. 

  275. 		strcpy(vhd->email.email_from, "noreply@unconfigured.com");
    276. 

  276. 		strcpy(vhd->email_title, "Registration Email from unconfigured");
    277. 

  277. 		strcpy(vhd->email.email_smtp_ip, "127.0.0.1");
    278. 

  278. 

  279. 		vhd->email.on_next = lwsgs_email_cb_on_next;
    280. 

  280. 		vhd->email.on_get_body = lwsgs_email_cb_get_body;
    281. 

  281. 		vhd->email.on_sent = lwsgs_email_cb_sent;
    282. 

  282. 		vhd->email.data = (void *)vhd;
    283. 

  283. 

  284. 		pvo = (const struct lws_protocol_vhost_options *)in;
    285. 

  285. 		while (pvo) {
    286. 

  286. 			if (!strcmp(pvo->name, "admin-user"))
    287. 

  287. 				strncpy(vhd->admin_user, pvo->value,
    288. 

  288. 					sizeof(vhd->admin_user) - 1);
    289. 

  289. 			if (!strcmp(pvo->name, "admin-password-sha1"))
    290. 

  290. 				strncpy(vhd->admin_password_sha1.id, pvo->value,
    291. 

  291. 					sizeof(vhd->admin_password_sha1.id) - 1);
    292. 

  292. 			if (!strcmp(pvo->name, "session-db"))
    293. 

  293. 				strncpy(vhd->session_db, pvo->value,
    294. 

  294. 					sizeof(vhd->session_db) - 1);
    295. 

  295. 			if (!strcmp(pvo->name, "confounder"))
    296. 

  296. 				strncpy(vhd->confounder, pvo->value,
    297. 

  297. 					sizeof(vhd->confounder) - 1);
    298. 

  298. 			if (!strcmp(pvo->name, "email-from"))
    299. 

  299. 				strncpy(vhd->email.email_from, pvo->value,
    300. 

  300. 					sizeof(vhd->email.email_from) - 1);
    301. 

  301. 			if (!strcmp(pvo->name, "email-helo"))
    302. 

  302. 				strncpy(vhd->email.email_helo, pvo->value,
    303. 

  303. 					sizeof(vhd->email.email_helo) - 1);
    304. 

  304. 			if (!strcmp(pvo->name, "email-template"))
    305. 

  305. 				strncpy(vhd->email_template, pvo->value,
    306. 

  306. 					sizeof(vhd->email_template) - 1);
    307. 

  307. 			if (!strcmp(pvo->name, "email-title"))
    308. 

  308. 				strncpy(vhd->email_title, pvo->value,
    309. 

  309. 					sizeof(vhd->email_title) - 1);
    310. 

  310. 			if (!strcmp(pvo->name, "email-contact-person"))
    311. 

  311. 				strncpy(vhd->email_contact_person, pvo->value,
    312. 

  312. 					sizeof(vhd->email_contact_person) - 1);
    313. 

  313. 			if (!strcmp(pvo->name, "email-confirm-url-base"))
    314. 

  314. 				strncpy(vhd->email_confirm_url, pvo->value,
    315. 

  315. 					sizeof(vhd->email_confirm_url) - 1);
    316. 

  316. 			if (!strcmp(pvo->name, "email-server-ip"))
    317. 

  317. 				strncpy(vhd->email.email_smtp_ip, pvo->value,
    318. 

  318. 					sizeof(vhd->email.email_smtp_ip) - 1);
    319. 

  319. 

  320. 			if (!strcmp(pvo->name, "timeout-idle-secs"))
    321. 

  321. 				vhd->timeout_idle_secs = atoi(pvo->value);
    322. 

  322. 			if (!strcmp(pvo->name, "timeout-absolute-secs"))
    323. 

  323. 				vhd->timeout_absolute_secs = atoi(pvo->value);
    324. 

  324. 			if (!strcmp(pvo->name, "timeout-anon-absolute-secs"))
    325. 

  325. 				vhd->timeout_anon_absolute_secs = atoi(pvo->value);
    326. 

  326. 			if (!strcmp(pvo->name, "email-expire"))
    327. 

  327. 				vhd->timeout_email_secs = atoi(pvo->value);
    328. 

  328. 			pvo = pvo->next;
    329. 

  329. 		}
    330. 

  330. 		if (!vhd->admin_user[0] ||
    331. 

  331. 		    !vhd->admin_password_sha1.id[0] ||
    332. 

  332. 		    !vhd->session_db[0]) {
    333. 

  333. 			lwsl_err("generic-sessions: "
    334. 

  334. 				 "You must give \"admin-user\", "
    335. 

  335. 				 "\"admin-password-sha1\", "
    336. 

  336. 				 "and \"session_db\" per-vhost options\n");
    337. 

  337. 			return 1;
    338. 

  338. 		}
    339. 

  339. 

  340. 		if (sqlite3_open_v2(vhd->session_db, &vhd->pdb,
    341. 

  341. 				    SQLITE_OPEN_READWRITE |
    342. 

  342. 				    SQLITE_OPEN_CREATE, NULL) != SQLITE_OK) {
    343. 

  343. 			lwsl_err("Unable to open session db %s: %s\n",
    344. 

  344. 				 vhd->session_db, sqlite3_errmsg(vhd->pdb));
    345. 

  345. 

  346. 			return 1;
    347. 

  347. 		}
    348. 

  348. 

  349. 		if (sqlite3_prepare(vhd->pdb,
    350. 

  350. 				    "create table if not exists sessions ("
    351. 

  351. 				    " name char(40),"
    352. 

  352. 				    " username varchar(32),"
    353. 

  353. 				    " expire integer"
    354. 

  354. 				    ");",
    355. 

  355. 				    -1, &sm, NULL) != SQLITE_OK) {
    356. 

  356. 			lwsl_err("Unable to prepare session table init: %s\n",
    357. 

  357. 				 sqlite3_errmsg(vhd->pdb));
    358. 

  358. 

  359. 			return 1;
    360. 

  360. 		}
    361. 

  361. 

  362. 		if (sqlite3_step(sm) != SQLITE_DONE) {
    363. 

  363. 			lwsl_err("Unable to run session table init: %s\n",
    364. 

  364. 				 sqlite3_errmsg(vhd->pdb));
    365. 

  365. 

  366. 			return 1;
    367. 

  367. 		}
    368. 

  368. 		sqlite3_finalize(sm);
    369. 

  369. 

  370. 		if (sqlite3_exec(vhd->pdb,
    371. 

  371. 				 "create table if not exists users ("
    372. 

  372. 				 " username varchar(32),"
    373. 

  373. 				 " creation_time integer,"
    374. 

  374. 				 " ip varchar(46),"
    375. 

  375. 				 " email varchar(100),"
    376. 

  376. 				 " pwhash varchar(42),"
    377. 

  377. 				 " pwsalt varchar(42),"
    378. 

  378. 				 " pwchange_time integer,"
    379. 

  379. 				 " token varchar(42),"
    380. 

  380. 				 " verified integer,"
    381. 

  381. 				 " token_time integer,"
    382. 

  382. 				 " last_forgot_validated integer,"
    383. 

  383. 				 " primary key (username)"
    384. 

  384. 				 ");",
    385. 

  385. 				 NULL, NULL, NULL) != SQLITE_OK) {
    386. 

  386. 			lwsl_err("Unable to create user table: %s\n",
    387. 

  387. 				 sqlite3_errmsg(vhd->pdb));
    388. 

  388. 

  389. 			return 1;
    390. 

  390. 		}
    391. 

  391. 

  392. 		sprintf(s, "create table if not exists email ("
    393. 

  393. 				 " username varchar(32),"
    394. 

  394. 				 " content blob,"
    395. 

  395. 				 " primary key (username)"
    396. 

  396. 				 ");");
    397. 

  397. 		if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
    398. 

  398. 			lwsl_err("Unable to create user table: %s\n",
    399. 

  399. 				 sqlite3_errmsg(vhd->pdb));
    400. 

  400. 

  401. 			return 1;
    402. 

  402. 		}
    403. 

  403. 

  404. 		lws_email_init(&vhd->email, lws_uv_getloop(vhd->context, 0),
    405. 

  405. 				LWSGS_EMAIL_CONTENT_SIZE);
    406. 

  406. 		break;
    407. 

  407. 

  408. 	case LWS_CALLBACK_PROTOCOL_DESTROY:
    409. 

  409. 		if (vhd->pdb) {
    410. 

  410. 			sqlite3_close(vhd->pdb);
    411. 

  411. 			vhd->pdb = NULL;
    412. 

  412. 		}
    413. 

  413. 		lws_email_destroy(&vhd->email);
    414. 

  414. 		break;
    415. 

  415. 

  416. 	case LWS_CALLBACK_HTTP:
    417. 

  417. 		lwsl_info("LWS_CALLBACK_HTTP: %s\n", in);
    418. 

  418. 

  419. 		pss->login_session.id[0] = '\0';
    420. 

  420. 		pss->phs.pos = 0;
    421. 

  421. 		strncpy(pss->onward, (char *)in, sizeof(pss->onward) - 1);
    422. 

  422. 		pss->onward[sizeof(pss->onward) - 1] = '\0';
    423. 

  423. 

  424. 		if (!strcmp((const char *)in, "/lwsgs-forgot")) {
    425. 

  425. 			lwsgs_handler_forgot(vhd, wsi, pss);
    426. 

  426. 			goto redirect_with_cookie;
    427. 

  427. 		}
    428. 

  428. 

  429. 		if (!strcmp((const char *)in, "/lwsgs-confirm")) {
    430. 

  430. 			lwsgs_handler_confirm(vhd, wsi, pss);
    431. 

  431. 			goto redirect_with_cookie;
    432. 

  432. 		}
    433. 

  433. 		if (!strcmp((const char *)in, "/lwsgs-check")) {
    434. 

  434. 			lwsgs_handler_check(vhd, wsi, pss);
    435. 

  435. 			goto try_to_reuse;
    436. 

  436. 		}
    437. 

  437. 

  438. 		if (!strcmp((const char *)in, "/lwsgs-login"))
    439. 

  439. 			break;
    440. 

  440. 		if (!strcmp((const char *)in, "/lwsgs-logout"))
    441. 

  441. 			break;
    442. 

  442. 		if (!strcmp((const char *)in, "/lwsgs-forgot"))
    443. 

  443. 			break;
    444. 

  444. 		if (!strcmp((const char *)in, "/lwsgs-change"))
    445. 

  445. 			break;
    446. 

  446. 

  447. 		/* if no legitimate url for GET, return 404 */
    448. 

  448. 

  449. 		lwsl_err("http doing 404 on %s\n", in);
    450. 

  450. 		lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL);
    451. 

  451. 		goto try_to_reuse;
    452. 

  452. 

  453. 	case LWS_CALLBACK_CHECK_ACCESS_RIGHTS:
    454. 

  454. 		n = 0;
    455. 

  455. 		username[0] = '\0';
    456. 

  456. 		sid.id[0] = '\0';
    457. 

  457. 		args = (struct lws_process_html_args *)in;
    458. 

  458. 		lwsl_debug("LWS_CALLBACK_CHECK_ACCESS_RIGHTS\n");
    459. 

  459. 		if (!lwsgs_get_sid_from_wsi(wsi, &sid)) {
    460. 

  460. 			if (lwsgs_lookup_session(vhd, &sid, username, sizeof(username))) {
    461. 

  461. 				static const char * const oprot[] = {
    462. 

  462. 					"http://", "https://"
    463. 

  463. 				};
    464. 

  464. 				lwsl_notice("session lookup for %s failed, probably expired\n", sid.id);
    465. 

  465. 				pss->delete_session = sid;
    466. 

  466. 				args->final = 1; /* signal we dealt with it */
    467. 

  467. 				if (lws_hdr_copy(wsi, cookie, sizeof(cookie) - 1,
    468. 

  468. 					     WSI_TOKEN_HOST) < 0)
    469. 

  469. 					return 1;
    470. 

  470. 				lws_snprintf(pss->onward, sizeof(pss->onward) - 1,
    471. 

  471. 					 "%s%s%s", oprot[lws_is_ssl(wsi)],
    472. 

  472. 					    cookie, args->p);
    473. 

  473. 				lwsl_notice("redirecting to ourselves with cookie refresh\n");
    474. 

  474. 				/* we need a redirect to ourselves, session cookie is expired */
    475. 

  475. 				goto redirect_with_cookie;
    476. 

  476. 			}
    477. 

  477. 		} else
    478. 

  478. 			lwsl_notice("failed to get sid from wsi\n");
    479. 

  479. 

  480. 		n = lwsgs_get_auth_level(vhd, username);
    481. 

  481. 

  482. 		if ((args->max_len & n) != args->max_len) {
    483. 

  483. 			lwsl_notice("Access rights fail 0x%X vs 0x%X (cookie %s)\n",
    484. 

  484. 					args->max_len, n, sid.id);
    485. 

  485. 			return 1;
    486. 

  486. 		}
    487. 

  487. 		lwsl_debug("Access rights OK\n");
    488. 

  488. 		break;
    489. 

  489. 

  490. 	case LWS_CALLBACK_SESSION_INFO:
    491. 

  491. 	{
    492. 

  492. 		struct lwsgs_user u;
    493. 

  493. 		sinfo = (struct lws_session_info *)in;
    494. 

  494. 		sinfo->username[0] = '\0';
    495. 

  495. 		sinfo->email[0] = '\0';
    496. 

  496. 		sinfo->ip[0] = '\0';
    497. 

  497. 		sinfo->session[0] = '\0';
    498. 

  498. 		sinfo->mask = 0;
    499. 

  499. 

  500. 		sid.id[0] = '\0';
    501. 

  501. 		lwsl_debug("LWS_CALLBACK_SESSION_INFO\n");
    502. 

  502. 		if (lwsgs_get_sid_from_wsi(wsi, &sid))
    503. 

  503. 			break;
    504. 

  504. 		if (lwsgs_lookup_session(vhd, &sid, username, sizeof(username)))
    505. 

  505. 			break;
    506. 

  506. 

  507. 		lws_snprintf(s, sizeof(s) - 1,
    508. 

  508. 			 "select username, email from users where username='%s';",
    509. 

  509. 			 username);
    510. 

  510. 		if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
    511. 

  511. 		    SQLITE_OK) {
    512. 

  512. 			lwsl_err("Unable to lookup token: %s\n",
    513. 

  513. 				 sqlite3_errmsg(vhd->pdb));
    514. 

  514. 			break;
    515. 

  515. 		}
    516. 

  516. 		strncpy(sinfo->username, u.username, sizeof(sinfo->username) - 1);
    517. 

  517. 		sinfo->username[sizeof(sinfo->username) - 1] = '\0';
    518. 

  518. 		strncpy(sinfo->email, u.email, sizeof(sinfo->email) - 1);
    519. 

  519. 		strncpy(sinfo->session, sid.id, sizeof(sinfo->session) - 1);
    520. 

  520. 		sinfo->mask = lwsgs_get_auth_level(vhd, username);
    521. 

  521. 		lws_get_peer_simple(wsi, sinfo->ip, sizeof(sinfo->ip));
    522. 

  522. 	}
    523. 

  523. 

  524. 		break;
    525. 

  525. 

  526. 	case LWS_CALLBACK_PROCESS_HTML:
    527. 

  527. 

  528. 		args = (struct lws_process_html_args *)in;
    529. 

  529. 		{
    530. 

  530. 			static const char * const vars[] = {
    531. 

  531. 				"$lwsgs_user",
    532. 

  532. 				"$lwsgs_auth",
    533. 

  533. 				"$lwsgs_email"
    534. 

  534. 			};
    535. 

  535. 			struct lwsgs_subst_args a;
    536. 

  536. 

  537. 			a.vhd = vhd;
    538. 

  538. 			a.pss = pss;
    539. 

  539. 			a.wsi = wsi;
    540. 

  540. 

  541. 			pss->phs.vars = vars;
    542. 

  542. 			pss->phs.count_vars = ARRAY_SIZE(vars);
    543. 

  543. 			pss->phs.replace = lwsgs_subst;
    544. 

  544. 			pss->phs.data = &a;
    545. 

  545. 

  546. 			if (lws_chunked_html_process(args, &pss->phs))
    547. 

  547. 				return -1;
    548. 

  548. 		}
    549. 

  549. 		break;
    550. 

  550. 

  551. 	case LWS_CALLBACK_HTTP_BODY:
    552. 

  552. 		if (len < 2)
    553. 

  553. 			break;
    554. 

  554. 

  555. 		if (!pss->spa) {
    556. 

  556. 			pss->spa = lws_spa_create(wsi, param_names,
    557. 

  557. 						ARRAY_SIZE(param_names), 1024,
    558. 

  558. 						NULL, NULL);
    559. 

  559. 			if (!pss->spa)
    560. 

  560. 				return -1;
    561. 

  561. 		}
    562. 

  562. 

  563. 		if (lws_spa_process(pss->spa, in, len)) {
    564. 

  564. 			lwsl_notice("spa process blew\n");
    565. 

  565. 			return -1;
    566. 

  566. 		}
    567. 

  567. 		break;
    568. 

  568. 

  569. 	case LWS_CALLBACK_HTTP_BODY_COMPLETION:
    570. 

  570. 

  571. 		if (!pss->spa)
    572. 

  572. 			break;
    573. 

  573. 

  574. 		lwsl_info("LWS_CALLBACK_HTTP_BODY_COMPLETION: %s\n", pss->onward);
    575. 

  575. 		lws_spa_finalize(pss->spa);
    576. 

  576. 

  577. 		if (!strcmp((char *)pss->onward, "/lwsgs-change")) {
    578. 

  578. 			if (!lwsgs_handler_change_password(vhd, wsi, pss)) {
    579. 

  579. 				cp = lws_spa_get_string(pss->spa, FGS_GOOD);
    580. 

  580. 				goto pass;
    581. 

  581. 			}
    582. 

  582. 

  583. 			cp = lws_spa_get_string(pss->spa, FGS_BAD);
    584. 

  584. 			lwsl_notice("user/password no good %s\n",
    585. 

  585. 				lws_spa_get_string(pss->spa, FGS_USERNAME));
    586. 

  586. 			strncpy(pss->onward, cp, sizeof(pss->onward) - 1);
    587. 

  587. 			pss->onward[sizeof(pss->onward) - 1] = '\0';
    588. 

  588. 			goto completion_flow;
    589. 

  589. 		}
    590. 

  590. 

  591. 		if (!strcmp((char *)pss->onward, "/lwsgs-login")) {
    592. 

  592. 			if (lws_spa_get_string(pss->spa, FGS_FORGOT) &&
    593. 

  593. 			    lws_spa_get_string(pss->spa, FGS_FORGOT)[0]) {
    594. 

  594. 				if (lwsgs_handler_forgot_pw_form(vhd, wsi, pss)) {
    595. 

  595. 					n = FGS_FORGOT_BAD;
    596. 

  596. 					goto reg_done;
    597. 

  597. 				}
    598. 

  598. 				/* get the email monitor to take a look */
    599. 

  599. 				lws_email_check(&vhd->email);
    600. 

  600. 				n = FGS_FORGOT_GOOD;
    601. 

  601. 				goto reg_done;
    602. 

  602. 			}
    603. 

  603. 

  604. 			if (!lws_spa_get_string(pss->spa, FGS_USERNAME) ||
    605. 

  605. 			    !lws_spa_get_string(pss->spa, FGS_PASSWORD)) {
    606. 

  606. 				lwsl_notice("username '%s' or pw '%s' missing\n",
    607. 

  607. 						lws_spa_get_string(pss->spa, FGS_USERNAME),
    608. 

  608. 						lws_spa_get_string(pss->spa, FGS_PASSWORD));
    609. 

  609. 				return -1;
    610. 

  610. 			}
    611. 

  611. 

  612. 			if (lws_spa_get_string(pss->spa, FGS_REGISTER) &&
    613. 

  613. 			    lws_spa_get_string(pss->spa, FGS_REGISTER)[0]) {
    614. 

  614. 

  615. 				if (lwsgs_handler_register_form(vhd, wsi, pss))
    616. 

  616. 					n = FGS_REG_BAD;
    617. 

  617. 				else {
    618. 

  618. 					n = FGS_REG_GOOD;
    619. 

  619. 

  620. 					/* get the email monitor to take a look */
    621. 

  621. 					lws_email_check(&vhd->email);
    622. 

  622. 				}
    623. 

  623. reg_done:
    624. 

  624. 				strncpy(pss->onward, lws_spa_get_string(pss->spa, n),
    625. 

  625. 					sizeof(pss->onward) - 1);
    626. 

  626. 				pss->onward[sizeof(pss->onward) - 1] = '\0';
    627. 

  627. 				pss->login_expires = 0;
    628. 

  628. 				pss->logging_out = 1;
    629. 

  629. 				goto completion_flow;
    630. 

  630. 			}
    631. 

  631. 

  632. 			/* we have the username and password... check if admin */
    633. 

  633. 			if (lwsgw_check_admin(vhd, lws_spa_get_string(pss->spa, FGS_USERNAME),
    634. 

  634. 					      lws_spa_get_string(pss->spa, FGS_PASSWORD))) {
    635. 

  635. 				if (lws_spa_get_string(pss->spa, FGS_ADMIN))
    636. 

  636. 					cp = lws_spa_get_string(pss->spa, FGS_ADMIN);
    637. 

  637. 				else
    638. 

  638. 					if (lws_spa_get_string(pss->spa, FGS_GOOD))
    639. 

  639. 						cp = lws_spa_get_string(pss->spa, FGS_GOOD);
    640. 

  640. 					else {
    641. 

  641. 						lwsl_info("No admin or good target url in form\n");
    642. 

  642. 						return -1;
    643. 

  643. 					}
    644. 

  644. 				lwsl_debug("admin\n");
    645. 

  645. 				goto pass;
    646. 

  646. 			}
    647. 

  647. 

  648. 			/* check users in database */
    649. 

  649. 

  650. 			if (!lwsgs_check_credentials(vhd, lws_spa_get_string(pss->spa, FGS_USERNAME),
    651. 

  651. 						     lws_spa_get_string(pss->spa, FGS_PASSWORD))) {
    652. 

  652. 				lwsl_info("pw hash check met\n");
    653. 

  653. 				cp = lws_spa_get_string(pss->spa, FGS_GOOD);
    654. 

  654. 				goto pass;
    655. 

  655. 			} else
    656. 

  656. 				lwsl_notice("user/password no good %s\n",
    657. 

  657. 						lws_spa_get_string(pss->spa, FGS_USERNAME));
    658. 

  658. 

  659. 			if (!lws_spa_get_string(pss->spa, FGS_BAD)) {
    660. 

  660. 				lwsl_info("No admin or good target url in form\n");
    661. 

  661. 				return -1;
    662. 

  662. 			}
    663. 

  663. 

  664. 			strncpy(pss->onward, lws_spa_get_string(pss->spa, FGS_BAD),
    665. 

  665. 				sizeof(pss->onward) - 1);
    666. 

  666. 			pss->onward[sizeof(pss->onward) - 1] = '\0';
    667. 

  667. 			lwsl_debug("failed\n");
    668. 

  668. 

  669. 			goto completion_flow;
    670. 

  670. 		}
    671. 

  671. 

  672. 		if (!strcmp((char *)pss->onward, "/lwsgs-logout")) {
    673. 

  673. 

  674. 			lwsl_notice("/logout\n");
    675. 

  675. 

  676. 			if (lwsgs_get_sid_from_wsi(wsi, &pss->login_session)) {
    677. 

  677. 				lwsl_notice("not logged in...\n");
    678. 

  678. 				return 1;
    679. 

  679. 			}
    680. 

  680. 

  681. 			lwsgw_update_session(vhd, &pss->login_session, "");
    682. 

  682. 

  683. 			if (!lws_spa_get_string(pss->spa, FGS_GOOD)) {
    684. 

  684. 				lwsl_info("No admin or good target url in form\n");
    685. 

  685. 				return -1;
    686. 

  686. 			}
    687. 

  687. 

  688. 			strncpy(pss->onward, lws_spa_get_string(pss->spa, FGS_GOOD), sizeof(pss->onward) - 1);
    689. 

  689. 			pss->onward[sizeof(pss->onward) - 1] = '\0';
    690. 

  690. 

  691. 			pss->login_expires = 0;
    692. 

  692. 			pss->logging_out = 1;
    693. 

  693. 

  694. 			goto completion_flow;
    695. 

  695. 		}
    696. 

  696. 

  697. 		break;
    698. 

  698. 

  699. pass:
    700. 

  700. 		strncpy(pss->onward, cp, sizeof(pss->onward) - 1);
    701. 

  701. 		pss->onward[sizeof(pss->onward) - 1] = '\0';
    702. 

  702. 

  703. 		if (lwsgs_get_sid_from_wsi(wsi, &sid))
    704. 

  704. 			sid.id[0] = '\0';
    705. 

  705. 

  706. 		pss->login_expires = lws_now_secs() +
    707. 

  707. 				     vhd->timeout_absolute_secs;
    708. 

  708. 

  709. 		if (!sid.id[0]) {
    710. 

  710. 			/* we need to create a new, authorized session */
    711. 

  711. 

  712. 			if (lwsgs_new_session_id(vhd, &pss->login_session,
    713. 

  713. 						 lws_spa_get_string(pss->spa, FGS_USERNAME),
    714. 

  714. 						 pss->login_expires))
    715. 

  715. 				goto try_to_reuse;
    716. 

  716. 

  717. 			lwsl_info("Creating new session: %s\n",
    718. 

  718. 				    pss->login_session.id);
    719. 

  719. 		} else {
    720. 

  720. 			/*
    721. 

  721. 			 * we can just update the existing session to be
    722. 

  722. 			 * authorized
    723. 

  723. 			 */
    724. 

  724. 			lwsl_info("Authorizing existing session %s", sid.id);
    725. 

  725. 			lwsgw_update_session(vhd, &sid,
    726. 

  726. 				lws_spa_get_string(pss->spa, FGS_USERNAME));
    727. 

  727. 			pss->login_session = sid;
    728. 

  728. 		}
    729. 

  729. 

  730. completion_flow:
    731. 

  731. 		lwsgw_expire_old_sessions(vhd);
    732. 

  732. 		goto redirect_with_cookie;
    733. 

  733. 

  734. 	case LWS_CALLBACK_HTTP_DROP_PROTOCOL:
    735. 

  735. 		if (pss && pss->spa) {
    736. 

  736. 			lws_spa_destroy(pss->spa);
    737. 

  737. 			pss->spa = NULL;
    738. 

  738. 		}
    739. 

  739. 		break;
    740. 

  740. 

  741. 	case LWS_CALLBACK_ADD_HEADERS:
    742. 

  742. 		lwsgw_expire_old_sessions(vhd);
    743. 

  743. 

  744. 		args = (struct lws_process_html_args *)in;
    745. 

  745. 

  746. 		if (pss->delete_session.id[0]) {
    747. 

  747. 			pc = cookie;
    748. 

  748. 			lwsgw_cookie_from_session(&pss->delete_session, 0, &pc,
    749. 

  749. 						  cookie + sizeof(cookie) - 1);
    750. 

  750. 

  751. 			lwsl_info("deleting cookie '%s'\n", cookie);
    752. 

  752. 

  753. 			if (lws_add_http_header_by_name(wsi,
    754. 

  754. 					(unsigned char *)"set-cookie:",
    755. 

  755. 					(unsigned char *)cookie, pc - cookie,
    756. 

  756. 					(unsigned char **)&args->p,
    757. 

  757. 					(unsigned char *)args->p + args->max_len))
    758. 

  758. 				return 1;
    759. 

  759. 		}
    760. 

  760. 

  761. 		if (!pss->login_session.id[0])
    762. 

  762. 			lwsgs_get_sid_from_wsi(wsi, &pss->login_session);
    763. 

  763. 

  764. 		if (!pss->login_session.id[0] && !pss->logging_out) {
    765. 

  765. 

  766. 			pss->login_expires = lws_now_secs() +
    767. 

  767. 					     vhd->timeout_anon_absolute_secs;
    768. 

  768. 			if (lwsgs_new_session_id(vhd, &pss->login_session, "",
    769. 

  769. 						 pss->login_expires))
    770. 

  770. 				goto try_to_reuse;
    771. 

  771. 			pc = cookie;
    772. 

  772. 			lwsgw_cookie_from_session(&pss->login_session,
    773. 

  773. 						  pss->login_expires, &pc,
    774. 

  774. 						  cookie + sizeof(cookie) - 1);
    775. 

  775. 

  776. 			lwsl_info("LWS_CALLBACK_ADD_HEADERS: setting cookie '%s'\n", cookie);
    777. 

  777. 			if (lws_add_http_header_by_name(wsi,
    778. 

  778. 					(unsigned char *)"set-cookie:",
    779. 

  779. 					(unsigned char *)cookie, pc - cookie,
    780. 

  780. 					(unsigned char **)&args->p,
    781. 

  781. 					(unsigned char *)args->p + args->max_len))
    782. 

  782. 				return 1;
    783. 

  783. 		}
    784. 

  784. 		break;
    785. 

  785. 

  786. 	default:
    787. 

  787. 		break;
    788. 

  788. 	}
    789. 

  789. 

  790. 	return 0;
    791. 

  791. 

  792. redirect_with_cookie:
    793. 

  793. 	p = buffer + LWS_PRE;
    794. 

  794. 	start = p;
    795. 

  795. 	end = p + sizeof(buffer) - LWS_PRE;
    796. 

  796. 

  797. 	if (lws_add_http_header_status(wsi, HTTP_STATUS_SEE_OTHER, &p, end))
    798. 

  798. 		return 1;
    799. 

  799. 

  800. 	if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_LOCATION,
    801. 

  801. 			(unsigned char *)pss->onward,
    802. 

  802. 			strlen(pss->onward), &p, end))
    803. 

  803. 		return 1;
    804. 

  804. 

  805. 	if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
    806. 

  806. 			(unsigned char *)"text/html", 9, &p, end))
    807. 

  807. 		return 1;
    808. 

  808. 	if (lws_add_http_header_content_length(wsi, 0, &p, end))
    809. 

  809. 		return 1;
    810. 

  810. 

  811. 	if (pss->delete_session.id[0]) {
    812. 

  812. 		lwsgw_cookie_from_session(&pss->delete_session, 0, &pc,
    813. 

  813. 					  cookie + sizeof(cookie) - 1);
    814. 

  814. 

  815. 		lwsl_notice("deleting cookie '%s'\n", cookie);
    816. 

  816. 

  817. 		if (lws_add_http_header_by_name(wsi,
    818. 

  818. 				(unsigned char *)"set-cookie:",
    819. 

  819. 				(unsigned char *)cookie, pc - cookie,
    820. 

  820. 				&p, end))
    821. 

  821. 			return 1;
    822. 

  822. 	}
    823. 

  823. 

  824. 	if (!pss->login_session.id[0]) {
    825. 

  825. 		pss->login_expires = lws_now_secs() +
    826. 

  826. 				     vhd->timeout_anon_absolute_secs;
    827. 

  827. 		if (lwsgs_new_session_id(vhd, &pss->login_session, "",
    828. 

  828. 					 pss->login_expires))
    829. 

  829. 			return 1;
    830. 

  830. 	} else
    831. 

  831. 		pss->login_expires = lws_now_secs() +
    832. 

  832. 				     vhd->timeout_absolute_secs;
    833. 

  833. 

  834. 	if (pss->login_session.id[0] || pss->logging_out) {
    835. 

  835. 		/*
    836. 

  836. 		 * we succeeded to login, we must issue a login
    837. 

  837. 		 * cookie with the prepared data
    838. 

  838. 		 */
    839. 

  839. 		pc = cookie;
    840. 

  840. 

  841. 		lwsgw_cookie_from_session(&pss->login_session,
    842. 

  842. 					  pss->login_expires, &pc,
    843. 

  843. 					  cookie + sizeof(cookie) - 1);
    844. 

  844. 

  845. 		lwsl_info("setting cookie '%s'\n", cookie);
    846. 

  846. 

  847. 		pss->logging_out = 0;
    848. 

  848. 

  849. 		if (lws_add_http_header_by_name(wsi,
    850. 

  850. 				(unsigned char *)"set-cookie:",
    851. 

  851. 				(unsigned char *)cookie, pc - cookie,
    852. 

  852. 				&p, end))
    853. 

  853. 			return 1;
    854. 

  854. 	}
    855. 

  855. 

  856. 	if (lws_finalize_http_header(wsi, &p, end))
    857. 

  857. 		return 1;
    858. 

  858. 

  859. 	n = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS);
    860. 

  860. 	if (n < 0)
    861. 

  861. 		return 1;
    862. 

  862. 

  863. 	/* fallthru */
    864. 

  864. 

  865. try_to_reuse:
    866. 

  866. 	if (lws_http_transaction_completed(wsi))
    867. 

  867. 		return -1;
    868. 

  868. 

  869. 	return 0;
    870. 

  870. }
    871. 

  871. 

  872. static const struct lws_protocols protocols[] = {
    873. 

  873. 	{
    874. 

  874. 		"protocol-generic-sessions",
    875. 

  875. 		callback_generic_sessions,
    876. 

  876. 		sizeof(struct per_session_data__gs),
    877. 

  877. 		1024,
    878. 

  878. 	},
    879. 

  879. };
    880. 

  880. 

  881. LWS_EXTERN LWS_VISIBLE int
    882. 

  882. init_protocol_generic_sessions(struct lws_context *context,
    883. 

  883. 			struct lws_plugin_capability *c)
    884. 

  884. {
    885. 

  885. 	if (c->api_magic != LWS_PLUGIN_API_MAGIC) {
    886. 

  886. 		lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC,
    887. 

  887. 			 c->api_magic);
    888. 

  888. 		return 1;
    889. 

  889. 	}
    890. 

  890. 

  891. 	c->protocols = protocols;
    892. 

  892. 	c->count_protocols = ARRAY_SIZE(protocols);
    893. 

  893. 	c->extensions = NULL;
    894. 

  894. 	c->count_extensions = 0;
    895. 

  895. 

  896. 	return 0;
    897. 

  897. }
    898. 

  898. 

  899. LWS_EXTERN LWS_VISIBLE int
    900. 

  900. destroy_protocol_generic_sessions(struct lws_context *context)
    901. 

  901. {
    902. 

  902. 	return 0;
    903. 

  903. }
    904.