webserver: Refactor apikey into a class var

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 1b2706c990fb2a0b3895fd8373ecb5f31e38080f..f71a144071f5dc6e1334d0f4a11bc48796bfc3db 100644 (file)
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -125,18 +125,16 @@ static bool optionsHandler(HttpRequest* req, HttpResponse* resp) {
   return false;
 }
 
-static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
-  const string& api_key = arg()["api-key"];
-
+static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, const string &apikey) {
   if (optionsHandler(req, resp)) return;
 
   resp->headers["access-control-allow-origin"] = "*";
 
-  if (api_key.empty()) {
+  if (apikey.empty()) {
     g_log<<Logger::Error<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
     throw HttpUnauthorizedException("X-API-Key");
   }
-  bool auth_ok = req->compareHeader("x-api-key", api_key) || req->getvars["api-key"]==api_key;
+  bool auth_ok = req->compareHeader("x-api-key", apikey) || req->getvars["api-key"] == apikey;
   
   if (!auth_ok) {
     g_log<<Logger::Error<<"HTTP Request \"" << req->url.path << "\": Authentication by API Key failed" << endl;
@@ -172,8 +170,9 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
 }
 
 void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
-  HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2);
+  HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2, d_apikey);
   registerBareHandler(url, f);
+  d_registerApiHandlerCalled = true;
 }
 
 static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {

diff --git a/pdns/webserver.hh b/pdns/webserver.hh
index 16d41e1197e0bc4add2b86fc548843ab877ad5fa..42714572333a4a3295c91127bca761ddc46d7c2d 100644 (file)
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -144,6 +144,14 @@ class WebServer : public boost::noncopyable
 public:
   WebServer(const string &listenaddress, int port);
   virtual ~WebServer() { };
+
+  void setApiKey(const string &apikey) {
+    if (d_registerApiHandlerCalled) {
+      throw PDNSException("registerApiHandler has been called, can not change apikey");
+    }
+    d_apikey = apikey;
+  }
+
   void bind();
   void go();
 
@@ -165,6 +173,9 @@ protected:
   int d_port;
   string d_password;
   std::shared_ptr<Server> d_server;
+
+  std::string d_apikey;
+  bool d_registerApiHandlerCalled{false};
 };
 
 #endif /* WEBSERVER_HH */

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 1df76b16689b0d6872a466aca8ac6361c2623a1f..48e89777377c3d868396b32bb02559d1b85481a5 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -62,6 +62,7 @@ AuthWebServer::AuthWebServer()
   d_tid = 0;
   if(arg().mustDo("webserver") || arg().mustDo("api")) {
     d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
+    d_ws->setApiKey(arg()["api-key"]);
     d_ws->bind();
   }
 }

diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 3c3697fe5ff12c59a3b4f24b7d094844f191ebfb..e9d48615cc45b01294c84018acd499ae5fafb725 100644 (file)
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -450,6 +450,7 @@ RecursorWebServer::RecursorWebServer(FDMultiplexer* fdm)
   registerAllStats();
 
   d_ws = new AsyncWebServer(fdm, arg()["webserver-address"], arg().asNum("webserver-port"));
+  d_ws->setApiKey(arg()["api-key"]);
   d_ws->bind();
 
   // legacy dispatch