mirror of
https://github.com/IT4Change/gradido.git
synced 2025-12-13 07:45:54 +00:00
346 lines
12 KiB
C++
346 lines
12 KiB
C++
#include "PageRequestHandlerFactory.h"
|
|
|
|
#include "Poco/Net/HTTPServerRequest.h"
|
|
#include "Poco/Net/HTMLForm.h"
|
|
#include "Poco/DateTime.h"
|
|
#include "Poco/DateTimeFormatter.h"
|
|
|
|
#include "ConfigPage.h"
|
|
#include "LoginPage.h"
|
|
#include "HandleFileRequest.h"
|
|
#include "DashboardPage.h"
|
|
#include "CheckEmailPage.h"
|
|
#include "PassphrasePage.h"
|
|
#include "SaveKeysPage.h"
|
|
#include "ElopageWebhook.h"
|
|
#include "ElopageWebhookLight.h"
|
|
#include "UserUpdatePasswordPage.h"
|
|
#include "UserUpdateGroupPage.h"
|
|
#include "Error500Page.h"
|
|
#include "CheckTransactionPage.h"
|
|
#include "ResetPasswordPage.h"
|
|
#include "RegisterAdminPage.h"
|
|
#include "DebugPassphrasePage.h"
|
|
#include "DebugMnemonicPage.h"
|
|
#include "AdminCheckUserBackupPage.h"
|
|
#include "TranslatePassphrasePage.h"
|
|
#include "AdminUserPasswordResetPage.h"
|
|
#include "RegisterDirectPage.h"
|
|
#include "AdminGroupsPage.h"
|
|
|
|
#include "DecodeTransactionPage.h"
|
|
|
|
|
|
#include "../SingletonManager/SessionManager.h"
|
|
|
|
#include "../lib/Profiler.h"
|
|
#include "../lib/DataTypeConverter.h"
|
|
|
|
#include "../ServerConfig.h"
|
|
#include "../Crypto/DRRandom.h"
|
|
|
|
PageRequestHandlerFactory::PageRequestHandlerFactory()
|
|
: mRemoveGETParameters("^/([a-zA-Z0-9_-]*)"), mLogging(Poco::Logger::get("requestLog"))
|
|
{
|
|
ServerConfig::g_ServerKeySeed->put(8, DRRandom::r64());
|
|
}
|
|
|
|
Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::basicSetup(PageRequestMessagedHandler* handler, const Poco::Net::HTTPServerRequest& request, Profiler profiler)
|
|
{
|
|
handler->setHost(request.getHost());
|
|
handler->setProfiler(profiler);
|
|
auto login_server_path = request.find("grd-login-server-path");
|
|
if (login_server_path != request.end()) {
|
|
handler->setLoginServerPath("/" + login_server_path->second);
|
|
}
|
|
return handler;
|
|
}
|
|
|
|
Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(const Poco::Net::HTTPServerRequest& request)
|
|
{
|
|
//printf("request uri: %s\n", request.getURI().data());
|
|
Profiler timeUsed;
|
|
std::string uri = request.getURI();
|
|
std::string url_first_part;
|
|
std::string dateTimeString = Poco::DateTimeFormatter::format(Poco::DateTime(), "%d.%m.%y %H:%M:%S");
|
|
mRemoveGETParameters.extract(uri, url_first_part);
|
|
|
|
std::string externReferer;
|
|
|
|
if (uri != "/favicon.ico") {
|
|
//printf("[PageRequestHandlerFactory] uri: %s, first part: %s\n", uri.data(), url_first_part.data());
|
|
auto referer = request.find("Referer");
|
|
auto host = request.find("Host");
|
|
if (referer != request.end() && host != request.end()) {
|
|
//printf("referer: %s\n", referer->second.data());
|
|
auto refererString = referer->second;
|
|
auto hostString = host->second;
|
|
if (refererString.find(hostString) == refererString.npos) {
|
|
externReferer = refererString;
|
|
}
|
|
}//*/
|
|
}
|
|
|
|
if (url_first_part == "/elopage_webhook_261") {
|
|
mLogging.information(dateTimeString + " call from elopage");
|
|
return basicSetup(new ElopageWebhook, request, timeUsed);
|
|
}
|
|
|
|
if (url_first_part == "/elopage_webhook_211") {
|
|
mLogging.information(dateTimeString + " call from elopage light");
|
|
return basicSetup(new ElopageWebhookLight, request, timeUsed);
|
|
}
|
|
|
|
// check if user has valid session
|
|
Poco::Net::NameValueCollection cookies;
|
|
request.getCookies(cookies);
|
|
|
|
int session_id = 0;
|
|
|
|
try {
|
|
session_id = atoi(cookies.get("GRADIDO_LOGIN").data());
|
|
} catch (...) {}
|
|
|
|
auto sm = SessionManager::getInstance();
|
|
auto s = sm->getSession(session_id);
|
|
|
|
// for debugging
|
|
std::stringstream logStream;
|
|
auto referer = request.find("Referer");
|
|
logStream << dateTimeString << " call " << uri;
|
|
if (s) {logStream << ", with session: " << std::to_string(s->getHandle()); }
|
|
if (referer != request.end()) { logStream << ", from: " << referer->second;}
|
|
mLogging.information(logStream.str());
|
|
// end debugging
|
|
|
|
// TODO: count invalid session requests from IP and block IP for some time to prevent brute force session hijacking
|
|
// or use log file and configure fail2ban for this to do
|
|
|
|
if (url_first_part == "/checkEmail") {
|
|
//return new CheckEmailPage(s);
|
|
//printf("url checkEmail\n");
|
|
// if (!s) {
|
|
return handleCheckEmail(s, uri, request, timeUsed);
|
|
// }
|
|
//printf("skip handleCheckEmail\n");
|
|
}
|
|
/*if (url_first_part == "/register") {
|
|
auto pageRequestHandler = new RegisterPage;
|
|
pageRequestHandler->setProfiler(timeUsed);
|
|
return pageRequestHandler;
|
|
}*/
|
|
if (url_first_part.size() >= 9 && url_first_part.substr(0,9) == "/register") {
|
|
//if (url_first_part == "/register" || url_first_part == "/registerDirect" ) {
|
|
return basicSetup(new RegisterDirectPage, request, timeUsed);
|
|
}
|
|
if (url_first_part == "/resetPassword") {
|
|
return basicSetup(new ResetPasswordPage, request, timeUsed);
|
|
}
|
|
|
|
if (url_first_part == "/decode_transaction") {
|
|
mLogging.information(dateTimeString + " decode");
|
|
return basicSetup(new DecodeTransactionPage(s), request, timeUsed);
|
|
}
|
|
|
|
|
|
if (s) {
|
|
if (externReferer != "") {
|
|
|
|
s->setLastReferer(externReferer);
|
|
}
|
|
model::table::User* userModel = nullptr;
|
|
auto newUser = s->getNewUser();
|
|
if (newUser) userModel = newUser->getModel();
|
|
if (s->errorCount() || (userModel && userModel->errorCount())) {
|
|
if (userModel && userModel->errorCount()) {
|
|
s->getErrors(userModel);
|
|
}
|
|
s->sendErrorsAsEmail();
|
|
return basicSetup(new Error500Page(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/error500") {
|
|
return basicSetup(new Error500Page(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/userUpdateGroup") {
|
|
return basicSetup(new UserUpdateGroupPage(s), request, timeUsed);
|
|
}
|
|
|
|
if (url_first_part == "/transform_passphrase") {
|
|
return basicSetup(new TranslatePassphrasePage(s), request, timeUsed);
|
|
}
|
|
if (userModel && userModel->getRole() == model::table::ROLE_ADMIN) {
|
|
if (url_first_part == "/adminRegister") {
|
|
return basicSetup(new RegisterAdminPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/debugPassphrase") {
|
|
return basicSetup(new DebugPassphrasePage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/debugMnemonic") {
|
|
return basicSetup(new DebugMnemonicPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/checkUserBackups") {
|
|
return basicSetup(new AdminCheckUserBackupPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/adminUserPasswordReset") {
|
|
return basicSetup(new AdminUserPasswordResetPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/groups") {
|
|
return basicSetup(new AdminGroupsPage(s), request, timeUsed);
|
|
}
|
|
}
|
|
|
|
if(url_first_part == "/logout") {
|
|
sm->releaseSession(s);
|
|
// remove cookie(s)
|
|
|
|
//printf("session released\n");
|
|
return basicSetup(new LoginPage(nullptr), request, timeUsed);
|
|
}
|
|
if(url_first_part == "/user_delete") {
|
|
if(s->deleteUser()) {
|
|
sm->releaseSession(s);
|
|
|
|
return basicSetup(new LoginPage(nullptr), request, timeUsed);
|
|
}
|
|
}
|
|
auto sessionState = s->getSessionState();
|
|
//printf("session state: %s\n", s->getSessionStateString());
|
|
if (url_first_part == "/updateUserPassword") {
|
|
return basicSetup(new UserUpdatePasswordPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/checkTransactions") {
|
|
return basicSetup(new CheckTransactionPage(s), request, timeUsed);
|
|
|
|
}
|
|
if(s && newUser && newUser->hasPassword() && newUser->hasPublicKey()) {
|
|
//printf("[PageRequestHandlerFactory] go to dashboard page with user\n");
|
|
return basicSetup(new DashboardPage(s), request, timeUsed);
|
|
}
|
|
if (url_first_part == "/login" || url_first_part == "/") {
|
|
return basicSetup(new LoginPage(s), request, timeUsed);
|
|
}
|
|
|
|
} else {
|
|
|
|
if (url_first_part == "/config") {
|
|
return new ConfigPage;
|
|
}
|
|
else if (url_first_part == "/login") {
|
|
return basicSetup(new LoginPage(nullptr), request, timeUsed);
|
|
}
|
|
}
|
|
return basicSetup(new LoginPage(nullptr), request, timeUsed);
|
|
//return new HandleFileRequest;
|
|
//return new PageRequestHandlerFactory;
|
|
}
|
|
|
|
Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request, Profiler timeUsed)
|
|
{
|
|
Poco::Net::HTMLForm form(request);
|
|
unsigned long long verificationCode = 0;
|
|
Languages lang = LANG_DE;
|
|
|
|
// if verification code is valid, go to next page, passphrase
|
|
// login via verification code, if no session is active
|
|
// try to get code from form get parameter
|
|
if (!form.empty()) {
|
|
try {
|
|
verificationCode = stoull(form.get("email-verification-code", "0"));
|
|
} catch (...) {}
|
|
lang = LanguageManager::languageFromString(form.get("lang-btn", "de"));
|
|
}
|
|
// try to get code from uri parameter
|
|
if (!verificationCode) {
|
|
size_t pos = uri.find_last_of("/");
|
|
auto str = uri.substr(pos + 1);
|
|
DataTypeConverter::strToInt(str, verificationCode);
|
|
}
|
|
|
|
// if no verification code given or error with given code, show form
|
|
if (!verificationCode) {
|
|
return basicSetup(new CheckEmailPage(session), request, timeUsed);
|
|
}
|
|
|
|
// we have a verification code, now let's check that thing
|
|
auto sm = SessionManager::getInstance();
|
|
|
|
// no session or active session don't belong to verification code
|
|
if (!session || session->getEmailVerificationCode() != verificationCode) {
|
|
//sm->releaseSession(session);
|
|
//session = nullptr;
|
|
// it is maybe unsafe
|
|
session = sm->findByEmailVerificationCode(verificationCode);
|
|
}
|
|
// no suitable session in memory, try to create one from db data
|
|
if (!session) {
|
|
session = sm->getNewSession();
|
|
session->setLanguage(lang);
|
|
if (session->loadFromEmailVerificationCode(verificationCode)) {
|
|
// login not possible in this function, forwarded to PassphrasePage
|
|
/*auto cookie_id = session->getHandle();
|
|
auto user_host = request.clientAddress().host();
|
|
session->setClientIp(user_host);
|
|
response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
|
|
*/
|
|
}
|
|
else {
|
|
//sm->releaseSession(session);
|
|
return basicSetup(new CheckEmailPage(session), request, timeUsed);
|
|
}
|
|
}
|
|
// suitable session found or created
|
|
if (session) {
|
|
auto user_host = request.clientAddress().host();
|
|
session->setClientIp(user_host);
|
|
assert(session->getNewUser());
|
|
if (!session->getNewUser()->hasPassword()) {
|
|
// user has no password, maybe account created from elopage webhook
|
|
return basicSetup(new UserUpdatePasswordPage(session), request, timeUsed);
|
|
}
|
|
/*
|
|
//! \return 1 = konto already exist
|
|
//! -1 = invalid code
|
|
//! -2 = critical error
|
|
//! 0 = ok
|
|
*/
|
|
// update session, mark as verified
|
|
int retUpdateEmailVerification = session->updateEmailVerification(verificationCode);
|
|
printf("[%s] return from update email verification: %d\n", __FUNCTION__, retUpdateEmailVerification);
|
|
if (0 == retUpdateEmailVerification) {
|
|
//printf("[PageRequestHandlerFactory::handleCheckEmail] timeUsed: %s\n", timeUsed.string().data());
|
|
SessionHTTPRequestHandler* pageRequestHandler = nullptr;
|
|
if (model::table::EMAIL_OPT_IN_REGISTER_DIRECT == session->getEmailVerificationType()) {
|
|
printf("return check email page\n");
|
|
pageRequestHandler = new CheckEmailPage(session);
|
|
} else if(SESSION_STATE_RESET_PASSWORD_REQUEST == session->getSessionState()) {
|
|
pageRequestHandler = new UserUpdatePasswordPage(session);
|
|
} else {
|
|
pageRequestHandler = new PassphrasePage(session);
|
|
}
|
|
return basicSetup(pageRequestHandler, request, timeUsed);
|
|
|
|
}
|
|
else if (1 == retUpdateEmailVerification) {
|
|
//auto user = session->getUser();
|
|
//LoginPage* loginPage = new LoginPage(session);
|
|
//loginPage->setProfiler(timeUsed);
|
|
return basicSetup(new CheckEmailPage(session), request, timeUsed);
|
|
}
|
|
else if (-1 == retUpdateEmailVerification) {
|
|
auto checkEmail = new CheckEmailPage(session);
|
|
checkEmail->getErrors(session);
|
|
sm->releaseSession(session);
|
|
|
|
return basicSetup(checkEmail, request, timeUsed);
|
|
}
|
|
else if (-2 == retUpdateEmailVerification) {
|
|
return basicSetup(new Error500Page(session), request, timeUsed);
|
|
}
|
|
|
|
}
|
|
if (session) {
|
|
sm->releaseSession(session);
|
|
}
|
|
return basicSetup(new CheckEmailPage(nullptr), request, timeUsed);
|
|
}
|