summaryrefslogtreecommitdiffhomepage
path: root/modules
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-12-14 21:43:10 +0000
committerSteven Barth <steven@midlink.org>2008-12-14 21:43:10 +0000
commit271c53a4af7a79414a440b3a4d90ef7dbc48fd77 (patch)
tree34223ecf89d402db4b5222e1e2ee70f738a5e53b /modules
parent509a3daadbfcd9cbe550ff9c70a6f7af55dd2a0f (diff)
Implement URL tokens
Add basic XSRF protection
Diffstat (limited to 'modules')
-rw-r--r--modules/rpc/luasrc/controller/rpc.lua23
1 files changed, 18 insertions, 5 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index 2eef7a0eb..d83c26d45 100644
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -52,20 +52,33 @@ function rpc_auth()
local http = require "luci.http"
local sys = require "luci.sys"
local ltn12 = require "luci.ltn12"
+ local util = require "luci.util"
local loginstat
local server = {}
- server.login = function(user, pass)
- local sid
-
+ server.challenge = function(user, pass)
+ local sid, token, secret
+
if sys.user.checkpasswd(user, pass) then
sid = sys.uniqueid(16)
+ token = sys.uniqueid(16)
+ secret = sys.uniqueid(16)
+
http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
- sauth.write(sid, user)
+ sauth.write(sid, util.get_bytecode({
+ user=user,
+ token=token,
+ secret=secret
+ }))
end
- return sid
+ return sid and {sid=sid, token=token, secret=secret}
+ end
+
+ server.login = function(...)
+ local challenge = server.challenge(...)
+ return challenge and challenge.sid
end
http.prepare_content("application/json")