From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 8 Nov 2018 16:16:37 +0000 (+0100)
Subject: webserver: Refactor apikey into a class var
X-Git-Tag: auth-4.2.0-alpha1~31^2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29997a3c56120dd13aa231098e13a25348d6e73e;p=thirdparty%2Fpdns.git

webserver: Refactor apikey into a class var
---

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 1b2706c990..f71a144071 100644
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -125,18 +125,16 @@ static bool optionsHandler(HttpRequest* req, HttpResponse* resp) {
   return false;
 }
 
-static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
-  const string& api_key = arg()["api-key"];
-
+static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, const string &apikey) {
   if (optionsHandler(req, resp)) return;
 
   resp->headers["access-control-allow-origin"] = "*";
 
-  if (api_key.empty()) {
+  if (apikey.empty()) {
     g_log<<Logger::Error<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
     throw HttpUnauthorizedException("X-API-Key");
   }
-  bool auth_ok = req->compareHeader("x-api-key", api_key) || req->getvars["api-key"]==api_key;
+  bool auth_ok = req->compareHeader("x-api-key", apikey) || req->getvars["api-key"] == apikey;
   
   if (!auth_ok) {
     g_log<<Logger::Error<<"HTTP Request \"" << req->url.path << "\": Authentication by API Key failed" << endl;
@@ -172,8 +170,9 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
 }
 
 void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
-  HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2);
+  HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2, d_apikey);
   registerBareHandler(url, f);
+  d_registerApiHandlerCalled = true;
 }
 
 static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
diff --git a/pdns/webserver.hh b/pdns/webserver.hh
index 16d41e1197..4271457233 100644
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -144,6 +144,14 @@ class WebServer : public boost::noncopyable
 public:
   WebServer(const string &listenaddress, int port);
   virtual ~WebServer() { };
+
+  void setApiKey(const string &apikey) {
+    if (d_registerApiHandlerCalled) {
+      throw PDNSException("registerApiHandler has been called, can not change apikey");
+    }
+    d_apikey = apikey;
+  }
+
   void bind();
   void go();
 
@@ -165,6 +173,9 @@ protected:
   int d_port;
   string d_password;
   std::shared_ptr<Server> d_server;
+
+  std::string d_apikey;
+  bool d_registerApiHandlerCalled{false};
 };
 
 #endif /* WEBSERVER_HH */
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 1df76b1668..48e8977737 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -62,6 +62,7 @@ AuthWebServer::AuthWebServer()
   d_tid = 0;
   if(arg().mustDo("webserver") || arg().mustDo("api")) {
     d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
+    d_ws->setApiKey(arg()["api-key"]);
     d_ws->bind();
   }
 }
diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 3c3697fe5f..e9d48615cc 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -450,6 +450,7 @@ RecursorWebServer::RecursorWebServer(FDMultiplexer* fdm)
   registerAllStats();
 
   d_ws = new AsyncWebServer(fdm, arg()["webserver-address"], arg().asNum("webserver-port"));
+  d_ws->setApiKey(arg()["api-key"]);
   d_ws->bind();
 
   // legacy dispatch