summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/dispatcher.lua
diff options
context:
space:
mode:
Diffstat (limited to 'modules/luci-base/luasrc/dispatcher.lua')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua1393
1 files changed, 908 insertions, 485 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index b43b94fdef..57b4e12d17 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -17,138 +17,374 @@ _M.fs = fs
-- Index table
local index = nil
--- Fastindex
-local fi
+local function check_fs_depends(spec)
+ local fs = require "nixio.fs"
+
+ for path, kind in pairs(spec) do
+ if kind == "directory" then
+ local empty = true
+ for entry in (fs.dir(path) or function() end) do
+ empty = false
+ break
+ end
+ if empty then
+ return false
+ end
+ elseif kind == "executable" then
+ if fs.stat(path, "type") ~= "reg" or not fs.access(path, "x") then
+ return false
+ end
+ elseif kind == "file" then
+ if fs.stat(path, "type") ~= "reg" then
+ return false
+ end
+ end
+ end
+ return true
+end
-function build_url(...)
- local path = {...}
- local url = { http.getenv("SCRIPT_NAME") or "" }
+local function check_uci_depends_options(conf, s, opts)
+ local uci = require "luci.model.uci"
- local p
- for _, p in ipairs(path) do
- if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
- url[#url+1] = "/"
- url[#url+1] = p
+ if type(opts) == "string" then
+ return (s[".type"] == opts)
+ elseif opts == true then
+ for option, value in pairs(s) do
+ if option:byte(1) ~= 46 then
+ return true
+ end
+ end
+ elseif type(opts) == "table" then
+ for option, value in pairs(opts) do
+ local sval = s[option]
+ if type(sval) == "table" then
+ local found = false
+ for _, v in ipairs(sval) do
+ if v == value then
+ found = true
+ break
+ end
+ end
+ if not found then
+ return false
+ end
+ elseif value == true then
+ if sval == nil then
+ return false
+ end
+ else
+ if sval ~= value then
+ return false
+ end
+ end
end
end
- if #path == 0 then
- url[#url+1] = "/"
+ return true
+end
+
+local function check_uci_depends_section(conf, sect)
+ local uci = require "luci.model.uci"
+
+ for section, options in pairs(sect) do
+ local stype = section:match("^@([A-Za-z0-9_%-]+)$")
+ if stype then
+ local found = false
+ uci:foreach(conf, stype, function(s)
+ if check_uci_depends_options(conf, s, options) then
+ found = true
+ return false
+ end
+ end)
+ if not found then
+ return false
+ end
+ else
+ local s = uci:get_all(conf, section)
+ if not s or not check_uci_depends_options(conf, s, options) then
+ return false
+ end
+ end
end
- return table.concat(url, "")
+ return true
end
-function _ordered_children(node)
- local name, child, children = nil, nil, {}
+local function check_uci_depends(conf)
+ local uci = require "luci.model.uci"
- for name, child in pairs(node.nodes) do
- children[#children+1] = {
- name = name,
- node = child,
- order = child.order or 100
- }
+ for config, values in pairs(conf) do
+ if values == true then
+ local found = false
+ uci:foreach(config, nil, function(s)
+ found = true
+ return false
+ end)
+ if not found then
+ return false
+ end
+ elseif type(values) == "table" then
+ if not check_uci_depends_section(config, values) then
+ return false
+ end
+ end
end
- table.sort(children, function(a, b)
- if a.order == b.order then
- return a.name < b.name
- else
- return a.order < b.order
+ return true
+end
+
+local function check_acl_depends(require_groups, groups)
+ if type(require_groups) == "table" and #require_groups > 0 then
+ local writable = false
+
+ for _, group in ipairs(require_groups) do
+ local read = false
+ local write = false
+ if type(groups) == "table" and type(groups[group]) == "table" then
+ for _, perm in ipairs(groups[group]) do
+ if perm == "read" then
+ read = true
+ elseif perm == "write" then
+ write = true
+ end
+ end
+ end
+ if not read and not write then
+ return nil
+ elseif write then
+ writable = true
+ end
end
- end)
- return children
+ return writable
+ end
+
+ return true
end
-local function dependencies_satisfied(node)
- if type(node.file_depends) == "table" then
- for _, file in ipairs(node.file_depends) do
- local ftype = fs.stat(file, "type")
- if ftype == "dir" then
- local empty = true
- for e in (fs.dir(file) or function() end) do
- empty = false
- end
- if empty then
- return false
- end
- elseif ftype == nil then
- return false
+local function check_depends(spec)
+ if type(spec.depends) ~= "table" then
+ return true
+ end
+
+ if type(spec.depends.fs) == "table" then
+ local satisfied = false
+ local alternatives = (#spec.depends.fs > 0) and spec.depends.fs or { spec.depends.fs }
+ for _, alternative in ipairs(alternatives) do
+ if check_fs_depends(alternative) then
+ satisfied = true
+ break
end
end
+ if not satisfied then
+ return false
+ end
end
- if type(node.uci_depends) == "table" then
- for config, expect_sections in pairs(node.uci_depends) do
- if type(expect_sections) == "table" then
- for section, expect_options in pairs(expect_sections) do
- if type(expect_options) == "table" then
- for option, expect_value in pairs(expect_options) do
- local val = uci:get(config, section, option)
- if expect_value == true and val == nil then
- return false
- elseif type(expect_value) == "string" then
- if type(val) == "table" then
- local found = false
- for _, subval in ipairs(val) do
- if subval == expect_value then
- found = true
- end
- end
- if not found then
- return false
- end
- elseif val ~= expect_value then
- return false
- end
- end
- end
+ if type(spec.depends.uci) == "table" then
+ local satisfied = false
+ local alternatives = (#spec.depends.uci > 0) and spec.depends.uci or { spec.depends.uci }
+ for _, alternative in ipairs(alternatives) do
+ if check_uci_depends(alternative) then
+ satisfied = true
+ break
+ end
+ end
+ if not satisfied then
+ return false
+ end
+ end
+
+ return true
+end
+
+local function target_to_json(target, module)
+ local action
+
+ if target.type == "call" then
+ action = {
+ ["type"] = "call",
+ ["module"] = module,
+ ["function"] = target.name,
+ ["parameters"] = target.argv
+ }
+ elseif target.type == "view" then
+ action = {
+ ["type"] = "view",
+ ["path"] = target.view
+ }
+ elseif target.type == "template" then
+ action = {
+ ["type"] = "template",
+ ["path"] = target.view
+ }
+ elseif target.type == "cbi" then
+ action = {
+ ["type"] = "cbi",
+ ["path"] = target.model,
+ ["config"] = target.config
+ }
+ elseif target.type == "form" then
+ action = {
+ ["type"] = "form",
+ ["path"] = target.model
+ }
+ elseif target.type == "firstchild" then
+ action = {
+ ["type"] = "firstchild"
+ }
+ elseif target.type == "firstnode" then
+ action = {
+ ["type"] = "firstchild",
+ ["recurse"] = true
+ }
+ elseif target.type == "arcombine" then
+ if type(target.targets) == "table" then
+ action = {
+ ["type"] = "arcombine",
+ ["targets"] = {
+ target_to_json(target.targets[1], module),
+ target_to_json(target.targets[2], module)
+ }
+ }
+ end
+ elseif target.type == "alias" then
+ action = {
+ ["type"] = "alias",
+ ["path"] = table.concat(target.req, "/")
+ }
+ elseif target.type == "rewrite" then
+ action = {
+ ["type"] = "rewrite",
+ ["path"] = table.concat(target.req, "/"),
+ ["remove"] = target.n
+ }
+ end
+
+ if target.post and action then
+ action.post = target.post
+ end
+
+ return action
+end
+
+local function tree_to_json(node, json)
+ local fs = require "nixio.fs"
+ local util = require "luci.util"
+
+ if type(node.nodes) == "table" then
+ for subname, subnode in pairs(node.nodes) do
+ local spec = {
+ title = util.striptags(subnode.title),
+ order = subnode.order
+ }
+
+ if subnode.leaf then
+ spec.wildcard = true
+ end
+
+ if subnode.cors then
+ spec.cors = true
+ end
+
+ if subnode.setuser then
+ spec.setuser = subnode.setuser
+ end
+
+ if subnode.setgroup then
+ spec.setgroup = subnode.setgroup
+ end
+
+ if type(subnode.target) == "table" then
+ spec.action = target_to_json(subnode.target, subnode.module)
+ end
+
+ if type(subnode.file_depends) == "table" then
+ for _, v in ipairs(subnode.file_depends) do
+ spec.depends = spec.depends or {}
+ spec.depends.fs = spec.depends.fs or {}
+
+ local ft = fs.stat(v, "type")
+ if ft == "dir" then
+ spec.depends.fs[v] = "directory"
+ elseif v:match("/s?bin/") then
+ spec.depends.fs[v] = "executable"
else
- local val = uci:get(config, section)
- if expect_options == true and val == nil then
- return false
- elseif type(expect_options) == "string" and val ~= expect_options then
- return false
- end
+ spec.depends.fs[v] = "file"
end
end
- elseif expect_sections == true then
- if not uci:get_first(config) then
- return false
+ end
+
+ if type(subnode.uci_depends) == "table" then
+ for k, v in pairs(subnode.uci_depends) do
+ spec.depends = spec.depends or {}
+ spec.depends.uci = spec.depends.uci or {}
+ spec.depends.uci[k] = v
+ end
+ end
+
+ if type(subnode.acl_depends) == "table" then
+ for _, acl in ipairs(subnode.acl_depends) do
+ spec.depends = spec.depends or {}
+ spec.depends.acl = spec.depends.acl or {}
+ spec.depends.acl[#spec.depends.acl + 1] = acl
end
end
+
+ if (subnode.sysauth_authenticator ~= nil) or
+ (subnode.sysauth ~= nil and subnode.sysauth ~= false)
+ then
+ if subnode.sysauth_authenticator == "htmlauth" then
+ spec.auth = {
+ login = true,
+ methods = { "cookie:sysauth" }
+ }
+ elseif subname == "rpc" and subnode.module == "luci.controller.rpc" then
+ spec.auth = {
+ login = false,
+ methods = { "query:auth", "cookie:sysauth" }
+ }
+ elseif subnode.module == "luci.controller.admin.uci" then
+ spec.auth = {
+ login = false,
+ methods = { "param:sid" }
+ }
+ end
+ elseif subnode.sysauth == false then
+ spec.auth = {}
+ end
+
+ if not spec.action then
+ spec.title = nil
+ end
+
+ spec.satisfied = check_depends(spec)
+ json.children = json.children or {}
+ json.children[subname] = tree_to_json(subnode, spec)
end
end
- return true
+ return json
end
-function node_visible(node)
- if node then
- return not (
- (not dependencies_satisfied(node)) or
- (not node.title or #node.title == 0) or
- (not node.target or node.hidden == true) or
- (type(node.target) == "table" and node.target.type == "firstchild" and
- (type(node.nodes) ~= "table" or not next(node.nodes)))
- )
- end
- return false
-end
+function build_url(...)
+ local path = {...}
+ local url = { http.getenv("SCRIPT_NAME") or "" }
-function node_childs(node)
- local rv = { }
- if node then
- local _, child
- for _, child in ipairs(_ordered_children(node)) do
- if node_visible(child.node) then
- rv[#rv+1] = child.name
- end
+ local p
+ for _, p in ipairs(path) do
+ if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
+ url[#url+1] = "/"
+ url[#url+1] = p
end
end
- return rv
+
+ if #path == 0 then
+ url[#url+1] = "/"
+ end
+
+ return table.concat(url, "")
end
@@ -185,6 +421,38 @@ function error500(message)
return false
end
+local function determine_request_language()
+ local conf = require "luci.config"
+ assert(conf.main, "/etc/config/luci seems to be corrupt, unable to find section 'main'")
+
+ local lang = conf.main.lang or "auto"
+ if lang == "auto" then
+ local aclang = http.getenv("HTTP_ACCEPT_LANGUAGE") or ""
+ for aclang in aclang:gmatch("[%w_-]+") do
+ local country, culture = aclang:match("^([a-z][a-z])[_-]([a-zA-Z][a-zA-Z])$")
+ if country and culture then
+ local cc = "%s_%s" %{ country, culture:lower() }
+ if conf.languages[cc] then
+ lang = cc
+ break
+ elseif conf.languages[country] then
+ lang = country
+ break
+ end
+ elseif conf.languages[aclang] then
+ lang = aclang
+ break
+ end
+ end
+ end
+
+ if lang == "auto" then
+ lang = i18n.default
+ end
+
+ i18n.setlanguage(lang)
+end
+
function httpdispatch(request, prefix)
http.context.request = request
@@ -204,6 +472,8 @@ function httpdispatch(request, prefix)
r[#r+1] = node
end
+ determine_request_language()
+
local stat, err = util.coxpcall(function()
dispatch(context.request)
end, error500)
@@ -260,6 +530,7 @@ end
local function session_retrieve(sid, allowed_users)
local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+ local sacl = util.ubus("session", "access", { ubus_rpc_session = sid })
if type(sdat) == "table" and
type(sdat.values) == "table" and
@@ -268,227 +539,333 @@ local function session_retrieve(sid, allowed_users)
util.contains(allowed_users, sdat.values.username))
then
uci:set_session_id(sid)
- return sid, sdat.values
+ return sid, sdat.values, type(sacl) == "table" and sacl or {}
end
- return nil, nil
+ return nil, nil, nil
end
-local function session_setup(user, pass, allowed_users)
- if util.contains(allowed_users, user) then
- local login = util.ubus("session", "login", {
- username = user,
- password = pass,
- timeout = tonumber(luci.config.sauth.sessiontime)
+local function session_setup(user, pass)
+ local login = util.ubus("session", "login", {
+ username = user,
+ password = pass,
+ timeout = tonumber(luci.config.sauth.sessiontime)
+ })
+
+ local rp = context.requestpath
+ and table.concat(context.requestpath, "/") or ""
+
+ if type(login) == "table" and
+ type(login.ubus_rpc_session) == "string"
+ then
+ util.ubus("session", "set", {
+ ubus_rpc_session = login.ubus_rpc_session,
+ values = { token = sys.uniqueid(16) }
})
- local rp = context.requestpath
- and table.concat(context.requestpath, "/") or ""
+ io.stderr:write("luci: accepted login on /%s for %s from %s\n"
+ %{ rp, user or "?", http.getenv("REMOTE_ADDR") or "?" })
- if type(login) == "table" and
- type(login.ubus_rpc_session) == "string"
- then
- util.ubus("session", "set", {
- ubus_rpc_session = login.ubus_rpc_session,
- values = { token = sys.uniqueid(16) }
- })
+ return session_retrieve(login.ubus_rpc_session)
+ end
- io.stderr:write("luci: accepted login on /%s for %s from %s\n"
- %{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+ io.stderr:write("luci: failed login on /%s for %s from %s\n"
+ %{ rp, user or "?", http.getenv("REMOTE_ADDR") or "?" })
+end
- return session_retrieve(login.ubus_rpc_session)
- end
+local function check_authentication(method)
+ local auth_type, auth_param = method:match("^(%w+):(.+)$")
+ local sid, sdat
- io.stderr:write("luci: failed login on /%s for %s from %s\n"
- %{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+ if auth_type == "cookie" then
+ sid = http.getcookie(auth_param)
+ elseif auth_type == "param" then
+ sid = http.formvalue(auth_param)
+ elseif auth_type == "query" then
+ sid = http.formvalue(auth_param, true)
end
- return nil, nil
+ return session_retrieve(sid)
end
-function dispatch(request)
- --context._disable_memtrace = require "luci.debug".trap_memtrace("l")
- local ctx = context
- ctx.path = request
+local function get_children(node)
+ local children = {}
- local conf = require "luci.config"
- assert(conf.main,
- "/etc/config/luci seems to be corrupt, unable to find section 'main'")
+ if not node.wildcard and type(node.children) == "table" then
+ for name, child in pairs(node.children) do
+ children[#children+1] = {
+ name = name,
+ node = child,
+ order = child.order or 1000
+ }
+ end
- local i18n = require "luci.i18n"
- local lang = conf.main.lang or "auto"
- if lang == "auto" then
- local aclang = http.getenv("HTTP_ACCEPT_LANGUAGE") or ""
- for aclang in aclang:gmatch("[%w_-]+") do
- local country, culture = aclang:match("^([a-z][a-z])[_-]([a-zA-Z][a-zA-Z])$")
- if country and culture then
- local cc = "%s_%s" %{ country, culture:lower() }
- if conf.languages[cc] then
- lang = cc
- break
- elseif conf.languages[country] then
- lang = country
- break
- end
- elseif conf.languages[aclang] then
- lang = aclang
- break
+ table.sort(children, function(a, b)
+ if a.order == b.order then
+ return a.name < b.name
+ else
+ return a.order < b.order
end
- end
- end
- if lang == "auto" then
- lang = i18n.default
+ end)
end
- i18n.setlanguage(lang)
- local c = ctx.tree
- local stat
- if not c then
- c = createtree()
- end
+ return children
+end
- local track = {}
- local args = {}
- ctx.args = args
- ctx.requestargs = ctx.requestargs or args
- local n
- local preq = {}
- local freq = {}
+local function find_subnode(root, prefix, recurse, descended)
+ local children = get_children(root)
- for i, s in ipairs(request) do
- preq[#preq+1] = s
- freq[#freq+1] = s
- c = c.nodes[s]
- n = i
- if not c then
- break
+ if #children > 0 and (not descended or recurse) then
+ local sub_path = { unpack(prefix) }
+
+ if recurse == false then
+ recurse = nil
end
- util.update(track, c)
+ for _, child in ipairs(children) do
+ sub_path[#prefix+1] = child.name
- if c.leaf then
- break
+ local res_path = find_subnode(child.node, sub_path, recurse, true)
+
+ if res_path then
+ return res_path
+ end
end
end
- if c and c.leaf then
- for j=n+1, #request do
- args[#args+1] = request[j]
- freq[#freq+1] = request[j]
+ if descended then
+ if not recurse or
+ root.action.type == "cbi" or
+ root.action.type == "form" or
+ root.action.type == "view" or
+ root.action.type == "template" or
+ root.action.type == "arcombine"
+ then
+ return prefix
end
end
+end
- ctx.requestpath = ctx.requestpath or freq
- ctx.path = preq
+local function merge_trees(node_a, node_b)
+ for k, v in pairs(node_b) do
+ if k == "children" then
+ node_a.children = node_a.children or {}
- -- Init template engine
- if (c and c.index) or not track.notemplate then
- local tpl = require("luci.template")
- local media = track.mediaurlbase or luci.config.main.mediaurlbase
- if not pcall(tpl.Template, "themes/%s/header" % fs.basename(media)) then
- media = nil
- for name, theme in pairs(luci.config.themes) do
- if name:sub(1,1) ~= "." and pcall(tpl.Template,
- "themes/%s/header" % fs.basename(theme)) then
- media = theme
- end
+ for name, spec in pairs(v) do
+ node_a.children[name] = merge_trees(node_a.children[name] or {}, spec)
end
- assert(media, "No valid theme found")
+ else
+ node_a[k] = v
end
+ end
- local function _ifattr(cond, key, val, noescape)
- if cond then
- local env = getfenv(3)
- local scope = (type(env.self) == "table") and env.self
- if type(val) == "table" then
- if not next(val) then
- return ''
- else
- val = util.serialize_json(val)
- end
- end
+ if type(node_a.action) == "table" and
+ node_a.action.type == "firstchild" and
+ node_a.children == nil
+ then
+ node_a.satisfied = false
+ end
- val = tostring(val or
- (type(env[key]) ~= "function" and env[key]) or
- (scope and type(scope[key]) ~= "function" and scope[key]) or "")
+ return node_a
+end
- if noescape ~= true then
- val = util.pcdata(val)
- end
+local function apply_tree_acls(node, acl)
+ if type(node.children) == "table" then
+ for _, child in pairs(node.children) do
+ apply_tree_acls(child, acl)
+ end
+ end
- return string.format(' %s="%s"', tostring(key), val)
- else
- return ''
+ local perm
+ if type(node.depends) == "table" then
+ perm = check_acl_depends(node.depends.acl, acl["access-group"])
+ else
+ perm = true
+ end
+
+ if perm == nil then
+ node.satisfied = false
+ elseif perm == false then
+ node.readonly = true
+ end
+end
+
+function menu_json(acl)
+ local tree = context.tree or createtree()
+ local lua_tree = tree_to_json(tree, {
+ action = {
+ ["type"] = "firstchild",
+ ["recurse"] = true
+ }
+ })
+
+ local json_tree = createtree_json()
+ local menu_tree = merge_trees(lua_tree, json_tree)
+
+ if acl then
+ apply_tree_acls(menu_tree, acl)
+ end
+
+ return menu_tree
+end
+
+local function init_template_engine(ctx)
+ local tpl = require "luci.template"
+ local media = luci.config.main.mediaurlbase
+
+ if not pcall(tpl.Template, "themes/%s/header" % fs.basename(media)) then
+ media = nil
+ for name, theme in pairs(luci.config.themes) do
+ if name:sub(1,1) ~= "." and pcall(tpl.Template,
+ "themes/%s/header" % fs.basename(theme)) then
+ media = theme
end
end
+ assert(media, "No valid theme found")
+ end
- tpl.context.viewns = setmetatable({
- write = http.write;
- include = function(name) tpl.Template(name):render(getfenv(2)) end;
- translate = i18n.translate;
- translatef = i18n.translatef;
- export = function(k, v) if tpl.context.viewns[k] == nil then tpl.context.viewns[k] = v end end;
- striptags = util.striptags;
- pcdata = util.pcdata;
- media = media;
- theme = fs.basename(media);
- resource = luci.config.main.resourcebase;
- ifattr = function(...) return _ifattr(...) end;
- attr = function(...) return _ifattr(true, ...) end;
- url = build_url;
- }, {__index=function(tbl, key)
- if key == "controller" then
- return build_url()
- elseif key == "REQUEST_URI" then
- return build_url(unpack(ctx.requestpath))
- elseif key == "FULL_REQUEST_URI" then
- local url = { http.getenv("SCRIPT_NAME") or "", http.getenv("PATH_INFO") }
- local query = http.getenv("QUERY_STRING")
- if query and #query > 0 then
- url[#url+1] = "?"
- url[#url+1] = query
+ local function _ifattr(cond, key, val, noescape)
+ if cond then
+ local env = getfenv(3)
+ local scope = (type(env.self) == "table") and env.self
+ if type(val) == "table" then
+ if not next(val) then
+ return ''
+ else
+ val = util.serialize_json(val)
end
- return table.concat(url, "")
- elseif key == "token" then
- return ctx.authtoken
- else
- return rawget(tbl, key) or _G[key]
end
- end})
- end
- track.dependent = (track.dependent ~= false)
- assert(not track.dependent or not track.auto,
- "Access Violation\nThe page at '" .. table.concat(request, "/") .. "/' " ..
- "has no parent node so the access to this location has been denied.\n" ..
- "This is a software bug, please report this message at " ..
- "https://github.com/openwrt/luci/issues"
- )
+ val = tostring(val or
+ (type(env[key]) ~= "function" and env[key]) or
+ (scope and type(scope[key]) ~= "function" and scope[key]) or "")
- if track.sysauth and not ctx.authsession then
- local authen = track.sysauth_authenticator
- local _, sid, sdat, default_user, allowed_users
+ if noescape ~= true then
+ val = util.pcdata(val)
+ end
- if type(authen) == "string" and authen ~= "htmlauth" then
- error500("Unsupported authenticator %q configured" % authen)
- return
+ return string.format(' %s="%s"', tostring(key), val)
+ else
+ return ''
end
+ end
- if type(track.sysauth) == "table" then
- default_user, allowed_users = nil, track.sysauth
+ tpl.context.viewns = setmetatable({
+ write = http.write;
+ include = function(name) tpl.Template(name):render(getfenv(2)) end;
+ translate = i18n.translate;
+ translatef = i18n.translatef;
+ export = function(k, v) if tpl.context.viewns[k] == nil then tpl.context.viewns[k] = v end end;
+ striptags = util.striptags;
+ pcdata = util.pcdata;
+ media = media;
+ theme = fs.basename(media);
+ resource = luci.config.main.resourcebase;
+ ifattr = function(...) return _ifattr(...) end;
+ attr = function(...) return _ifattr(true, ...) end;
+ url = build_url;
+ }, {__index=function(tbl, key)
+ if key == "controller" then
+ return build_url()
+ elseif key == "REQUEST_URI" then
+ return build_url(unpack(ctx.requestpath))
+ elseif key == "FULL_REQUEST_URI" then
+ local url = { http.getenv("SCRIPT_NAME") or "", http.getenv("PATH_INFO") }
+ local query = http.getenv("QUERY_STRING")
+ if query and #query > 0 then
+ url[#url+1] = "?"
+ url[#url+1] = query
+ end
+ return table.concat(url, "")
+ elseif key == "token" then
+ return ctx.authtoken
else
- default_user, allowed_users = track.sysauth, { track.sysauth }
+ return rawget(tbl, key) or _G[key]
end
+ end})
- if type(authen) == "function" then
- _, sid = authen(sys.user.checkpasswd, allowed_users)
- else
- sid = http.getcookie("sysauth")
+ return tpl
+end
+
+function dispatch(request)
+ --context._disable_memtrace = require "luci.debug".trap_memtrace("l")
+ local ctx = context
+
+ local auth, cors, suid, sgid
+ local menu = menu_json()
+ local page = menu
+
+ local requested_path_full = {}
+ local requested_path_node = {}
+ local requested_path_args = {}
+
+ local required_path_acls = {}
+
+ for i, s in ipairs(request) do
+ if type(page.children) ~= "table" or not page.children[s] then
+ page = nil
+ break
+ end
+
+ if not page.children[s].satisfied then
+ page = nil
+ break
+ end
+
+ page = page.children[s]
+ auth = page.auth or auth
+ cors = page.cors or cors
+ suid = page.setuser or suid
+ sgid = page.setgroup or sgid
+
+ if type(page.depends) == "table" and type(page.depends.acl) == "table" then
+ for _, group in ipairs(page.depends.acl) do
+ local found = false
+ for _, item in ipairs(required_path_acls) do
+ if item == group then
+ found = true
+ break
+ end
+ end
+ if not found then
+ required_path_acls[#required_path_acls + 1] = group
+ end
+ end
+ end
+
+ requested_path_full[i] = s
+ requested_path_node[i] = s
+
+ if page.wildcard then
+ for j = i + 1, #request do
+ requested_path_args[j - i] = request[j]
+ requested_path_full[j] = request[j]
+ end
+ break
end
+ end
+
+ local tpl = init_template_engine(ctx)
- sid, sdat = session_retrieve(sid, allowed_users)
+ ctx.args = requested_path_args
+ ctx.path = requested_path_node
+ ctx.dispatched = page
- if not (sid and sdat) and authen == "htmlauth" then
+ ctx.requestpath = ctx.requestpath or requested_path_full
+ ctx.requestargs = ctx.requestargs or requested_path_args
+ ctx.requested = ctx.requested or page
+
+ if type(auth) == "table" and type(auth.methods) == "table" and #auth.methods > 0 then
+ local sid, sdat, sacl
+ for _, method in ipairs(auth.methods) do
+ sid, sdat, sacl = check_authentication(method)
+
+ if sid and sdat and sacl then
+ break
+ end
+ end
+
+ if not (sid and sdat and sacl) and auth.login then
local user = http.getenv("HTTP_AUTH_USER")
local pass = http.getenv("HTTP_AUTH_PASS")
@@ -497,30 +874,33 @@ function dispatch(request)
pass = http.formvalue("luci_password")
end
- sid, sdat = session_setup(user, pass, allowed_users)
+ if user and pass then
+ sid, sdat, sacl = session_setup(user, pass)
+ end
if not sid then
- local tmpl = require "luci.template"
-
context.path = {}
http.status(403, "Forbidden")
http.header("X-LuCI-Login-Required", "yes")
- tmpl.render(track.sysauth_template or "sysauth", {
- duser = default_user,
- fuser = user
- })
- return
+ local scope = { duser = "root", fuser = user }
+ local ok, res = util.copcall(tpl.render_string, [[<% include("themes/" .. theme .. "/sysauth") %>]], scope)
+ if ok then
+ return res
+ end
+ return tpl.render("sysauth", scope)
end
- http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
+ http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
})
+
http.redirect(build_url(unpack(ctx.requestpath)))
+ return
end
- if not sid or not sdat then
+ if not sid or not sdat or not sacl then
http.status(403, "Forbidden")
http.header("X-LuCI-Login-Required", "yes")
return
@@ -529,89 +909,165 @@ function dispatch(request)
ctx.authsession = sid
ctx.authtoken = sdat.token
ctx.authuser = sdat.username
+ ctx.authacl = sacl
+ end
+
+ if #required_path_acls > 0 then
+ local perm = check_acl_depends(required_path_acls, ctx.authacl and ctx.authacl["access-group"])
+ if perm == nil then
+ http.status(403, "Forbidden")
+ return
+ end
+
+ page.readonly = not perm
end
- if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
+ local action = (page and type(page.action) == "table") and page.action or {}
+
+ if action.type == "arcombine" then
+ action = (#requested_path_args > 0) and action.targets[2] or action.targets[1]
+ end
+
+ if cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
luci.http.status(200, "OK")
luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
return
end
- if c and require_post_security(c.target, args) then
- if not test_post_security(c) then
+ if require_post_security(action) then
+ if not test_post_security() then
return
end
end
- if track.setgroup then
- sys.process.setgroup(track.setgroup)
+ if sgid then
+ sys.process.setgroup(sgid)
end
- if track.setuser then
- sys.process.setuser(track.setuser)
+ if suid then
+ sys.process.setuser(suid)
end
- local target = nil
- if c then
- if type(c.target) == "function" then
- target = c.target
- elseif type(c.target) == "table" then
- target = c.target.target
+ if action.type == "view" then
+ tpl.render("view", { view = action.path })
+
+ elseif action.type == "call" then
+ local ok, mod = util.copcall(require, action.module)
+ if not ok then
+ error500(mod)
+ return
end
- end
- if c and (c.index or type(target) == "function") then
- ctx.dispatched = c
- ctx.requested = ctx.requested or ctx.dispatched
- end
+ local func = mod[action["function"]]
- if c and c.index then
- local tpl = require "luci.template"
+ assert(func ~= nil,
+ 'Cannot resolve function "' .. action["function"] .. '". Is it misspelled or local?')
- if util.copcall(tpl.render, "indexer", {}) then
- return true
+ assert(type(func) == "function",
+ 'The symbol "' .. action["function"] .. '" does not refer to a function but data ' ..
+ 'of type "' .. type(func) .. '".')
+
+ local argv = (type(action.parameters) == "table" and #action.parameters > 0) and { unpack(action.parameters) } or {}
+ for _, s in ipairs(requested_path_args) do
+ argv[#argv + 1] = s
end
- end
- if type(target) == "function" then
- util.copcall(function()
- local oldenv = getfenv(target)
- local module = require(c.module)
- local env = setmetatable({}, {__index=
+ local ok, err = util.copcall(func, unpack(argv))
+ if not ok then
+ error500(err)
+ end
- function(tbl, key)
- return rawget(tbl, key) or module[key] or oldenv[key]
- end})
+ elseif action.type == "firstchild" then
+ local sub_request = find_subnode(page, requested_path_full, action.recurse)
+ if sub_request then
+ dispatch(sub_request)
+ else
+ tpl.render("empty_node_placeholder", getfenv(1))
+ end
- setfenv(target, env)
- end)
+ elseif action.type == "alias" then
+ local sub_request = {}
+ for name in action.path:gmatch("[^/]+") do
+ sub_request[#sub_request + 1] = name
+ end
- local ok, err
- if type(c.target) == "table" then
- ok, err = util.copcall(target, c.target, unpack(args))
- else
- ok, err = util.copcall(target, unpack(args))
+ for _, s in ipairs(requested_path_args) do
+ sub_request[#sub_request + 1] = s
end
- if not ok then
- error500("Failed to execute " .. (type(c.target) == "function" and "function" or c.target.type or "unknown") ..
- " dispatcher target for entry '/" .. table.concat(request, "/") .. "'.\n" ..
- "The called action terminated with an exception:\n" .. tostring(err or "(unknown)"))
+
+ dispatch(sub_request)
+
+ elseif action.type == "rewrite" then
+ local sub_request = { unpack(request) }
+ for i = 1, action.remove do
+ table.remove(sub_request, 1)
+ end
+
+ local n = 1
+ for s in action.path:gmatch("[^/]+") do
+ table.insert(sub_request, n, s)
+ n = n + 1
+ end
+
+ for _, s in ipairs(requested_path_args) do
+ sub_request[#sub_request + 1] = s
end
+
+ dispatch(sub_request)
+
+ elseif action.type == "template" then
+ tpl.render(action.path, getfenv(1))
+
+ elseif action.type == "cbi" then
+ _cbi({ config = action.config, model = action.path }, unpack(requested_path_args))
+
+ elseif action.type == "form" then
+ _form({ model = action.path }, unpack(requested_path_args))
+
else
- local root = node()
- if not root or not root.target then
+ local root = find_subnode(menu, {}, true)
+ if not root then
error404("No root node was registered, this usually happens if no module was installed.\n" ..
"Install luci-mod-admin-full and retry. " ..
"If the module is already installed, try removing the /tmp/luci-indexcache file.")
else
- error404("No page is registered at '/" .. table.concat(request, "/") .. "'.\n" ..
+ error404("No page is registered at '/" .. table.concat(requested_path_full, "/") .. "'.\n" ..
"If this url belongs to an extension, make sure it is properly installed.\n" ..
"If the extension was recently installed, try removing the /tmp/luci-indexcache file.")
end
end
end
+local function hash_filelist(files)
+ local fprint = {}
+ local n = 0
+
+ for i, file in ipairs(files) do
+ local st = fs.stat(file)
+ if st then
+ fprint[n + 1] = '%x' % st.ino
+ fprint[n + 2] = '%x' % st.mtime
+ fprint[n + 3] = '%x' % st.size
+ n = n + 3
+ end
+ end
+
+ return nixio.crypt(table.concat(fprint, "|"), "$1$"):sub(5):gsub("/", ".")
+end
+
+local function read_cachefile(file, reader)
+ local euid = sys.process.info("uid")
+ local fuid = fs.stat(file, "uid")
+ local mode = fs.stat(file, "modestr")
+
+ if euid ~= fuid or mode ~= "rw-------" then
+ return nil
+ end
+
+ return reader(file)
+end
+
function createindex()
local controllers = { }
local base = "%s/controller/" % util.libpath()
@@ -625,25 +1081,19 @@ function createindex()
controllers[#controllers+1] = path
end
+ local cachefile
+
if indexcache then
- local cachedate = fs.stat(indexcache, "mtime")
- if cachedate then
- local realdate = 0
- for _, obj in ipairs(controllers) do
- local omtime = fs.stat(obj, "mtime")
- realdate = (omtime and omtime > realdate) and omtime or realdate
- end
+ cachefile = "%s.%s.lua" %{ indexcache, hash_filelist(controllers) }
- if cachedate > realdate and sys.process.info("uid") == 0 then
- assert(
- sys.process.info("uid") == fs.stat(indexcache, "uid")
- and fs.stat(indexcache, "modestr") == "rw-------",
- "Fatal: Indexcache is not sane!"
- )
+ local res = read_cachefile(cachefile, function(path) return loadfile(path)() end)
+ if res then
+ index = res
+ return res
+ end
- index = loadfile(indexcache)()
- return index
- end
+ for file in (fs.glob("%s.*.lua" % indexcache) or function() end) do
+ fs.unlink(file)
end
end
@@ -659,20 +1109,93 @@ function createindex()
"' - It must correspond to the file path!")
local idx = mod.index
- assert(type(idx) == "function",
- "Invalid controller file found\n" ..
- "The file '" .. path .. "' contains no index() function.\n" ..
- "Please make sure that the controller contains a valid " ..
- "index function and verify the spelling!")
+ if type(idx) == "function" then
+ index[modname] = idx
+ end
+ end
- index[modname] = idx
+ if cachefile then
+ local f = nixio.open(cachefile, "w", 600)
+ f:writeall(util.get_bytecode(index))
+ f:close()
+ end
+end
+
+function createtree_json()
+ local json = require "luci.jsonc"
+ local tree = {}
+
+ local schema = {
+ action = "table",
+ auth = "table",
+ cors = "boolean",
+ depends = "table",
+ order = "number",
+ setgroup = "string",
+ setuser = "string",
+ title = "string",
+ wildcard = "boolean"
+ }
+
+ local files = {}
+ local cachefile
+
+ for file in (fs.glob("/usr/share/luci/menu.d/*.json") or function() end) do
+ files[#files+1] = file
end
if indexcache then
- local f = nixio.open(indexcache, "w", 600)
- f:writeall(util.get_bytecode(index))
+ cachefile = "%s.%s.json" %{ indexcache, hash_filelist(files) }
+
+ local res = read_cachefile(cachefile, function(path) return json.parse(fs.readfile(path) or "") end)
+ if res then
+ return res
+ end
+
+ for file in (fs.glob("%s.*.json" % indexcache) or function() end) do
+ fs.unlink(file)
+ end
+ end
+
+ for _, file in ipairs(files) do
+ local data = json.parse(fs.readfile(file) or "")
+ if type(data) == "table" then
+ for path, spec in pairs(data) do
+ if type(spec) == "table" then
+ local node = tree
+
+ for s in path:gmatch("[^/]+") do
+ if s == "*" then
+ node.wildcard = true
+ break
+ end
+
+ node.children = node.children or {}
+ node.children[s] = node.children[s] or {}
+ node = node.children[s]
+ end
+
+ if node ~= tree then
+ for k, t in pairs(schema) do
+ if type(spec[k]) == t then
+ node[k] = spec[k]
+ end
+ end
+
+ node.satisfied = check_depends(spec)
+ end
+ end
+ end
+ end
+ end
+
+ if cachefile then
+ local f = nixio.open(cachefile, "w", 600)
+ f:writeall(json.stringify(tree))
f:close()
end
+
+ return tree
end
-- Build the index before if it does not exist yet.
@@ -767,16 +1290,6 @@ function _create_node(path)
c = {nodes={}, auto=true, inreq=true}
- local _, n
- for _, n in ipairs(path) do
- if context.path[_] ~= n then
- c.inreq = false
- break
- end
- end
-
- c.inreq = c.inreq and (context.path[#path + 1] == last)
-
parent.nodes[last] = c
context.treecache[name] = c
end
@@ -786,119 +1299,24 @@ end
-- Subdispatchers --
-function _find_eligible_node(root, prefix, deep, types, descend)
- local children = _ordered_children(root)
-
- if not root.leaf and deep ~= nil then
- local sub_path = { unpack(prefix) }
-
- if deep == false then
- deep = nil
- end
-
- local _, child
- for _, child in ipairs(children) do
- sub_path[#prefix+1] = child.name
-
- local res_path = _find_eligible_node(child.node, sub_path,
- deep, types, true)
-
- if res_path then
- return res_path
- end
- end
- end
-
- if descend and
- (not types or
- (type(root.target) == "table" and
- util.contains(types, root.target.type)))
- then
- return prefix
- end
-end
-
-function _find_node(recurse, types)
- local path = { unpack(context.path) }
- local name = table.concat(path, ".")
- local node = context.treecache[name]
-
- path = _find_eligible_node(node, path, recurse, types)
-
- if path then
- dispatch(path)
- else
- require "luci.template".render("empty_node_placeholder")
- end
-end
-
-function _firstchild()
- return _find_node(false, nil)
-end
-
function firstchild()
- return { type = "firstchild", target = _firstchild }
-end
-
-function _firstnode()
- return _find_node(true, { "cbi", "form", "template", "arcombine" })
+ return { type = "firstchild" }
end
function firstnode()
- return { type = "firstnode", target = _firstnode }
+ return { type = "firstnode" }
end
function alias(...)
- local req = {...}
- return function(...)
- for _, r in ipairs({...}) do
- req[#req+1] = r
- end
-
- dispatch(req)
- end
+ return { type = "alias", req = { ... } }
end
function rewrite(n, ...)
- local req = {...}
- return function(...)
- local dispatched = util.clone(context.dispatched)
-
- for i=1,n do
- table.remove(dispatched, 1)
- end
-
- for i, r in ipairs(req) do
- table.insert(dispatched, i, r)
- end
-
- for _, r in ipairs({...}) do
- dispatched[#dispatched+1] = r
- end
-
- dispatch(dispatched)
- end
-end
-
-
-local function _call(self, ...)
- local func = getfenv()[self.name]
- assert(func ~= nil,
- 'Cannot resolve function "' .. self.name .. '". Is it misspelled or local?')
-
- assert(type(func) == "function",
- 'The symbol "' .. self.name .. '" does not refer to a function but data ' ..
- 'of type "' .. type(func) .. '".')
-
- if #self.argv > 0 then
- return func(unpack(self.argv), ...)
- else
- return func(...)
- end
+ return { type = "rewrite", n = n, req = { ... } }
end
function call(name, ...)
- return {type = "call", argv = {...}, name = name, target = _call}
+ return { type = "call", argv = {...}, name = name }
end
function post_on(params, name, ...)
@@ -906,8 +1324,7 @@ function post_on(params, name, ...)
type = "call",
post = params,
argv = { ... },
- name = name,
- target = _call
+ name = name
}
end
@@ -916,34 +1333,36 @@ function post(...)
end
-local _template = function(self, ...)
- require "luci.template".render(self.view)
-end
-
function template(name)
- return {type = "template", view = name, target = _template}
-end
-
-
-local _view = function(self, ...)
- require "luci.template".render("view", { view = self.view })
+ return { type = "template", view = name }
end
function view(name)
- return {type = "view", view = name, target = _view}
+ return { type = "view", view = name }
end
-local function _cbi(self, ...)
+function _cbi(self, ...)
local cbi = require "luci.cbi"
local tpl = require "luci.template"
local http = require "luci.http"
+ local util = require "luci.util"
local config = self.config or {}
local maps = cbi.load(self.model, ...)
local state = nil
+ local function has_uci_access(config, level)
+ local rv = util.ubus("session", "access", {
+ ubus_rpc_session = context.authsession,
+ scope = "uci", object = config,
+ ["function"] = level
+ })
+
+ return (type(rv) == "table" and rv.access == true) or false
+ end
+
local i, res
for i, res in ipairs(maps) do
if util.instanceof(res, cbi.SimpleForm) then
@@ -997,6 +1416,7 @@ local function _cbi(self, ...)
local applymap = false
local pageaction = true
local parsechain = { }
+ local writable = false
for i, res in ipairs(maps) do
if res.apply_needed and res.parsechain then
@@ -1022,12 +1442,19 @@ local function _cbi(self, ...)
end
for i, res in ipairs(maps) do
+ local is_readable_map = has_uci_access(res.config, "read")
+ local is_writable_map = has_uci_access(res.config, "write")
+
+ writable = writable or is_writable_map
+
res:render({
firstmap = (i == 1),
redirect = redirect,
messages = messages,
pageaction = pageaction,
- parsechain = parsechain
+ parsechain = parsechain,
+ readable = is_readable_map,
+ writable = is_writable_map
})
end
@@ -1038,7 +1465,8 @@ local function _cbi(self, ...)
redirect = redirect,
state = state,
autoapply = config.autoapply,
- trigger_apply = applymap
+ trigger_apply = applymap,
+ writable = writable
})
end
end
@@ -1048,25 +1476,21 @@ function cbi(model, config)
type = "cbi",
post = { ["cbi.submit"] = true },
config = config,
- model = model,
- target = _cbi
+ model = model
}
end
-local function _arcombine(self, ...)
- local argv = {...}
- local target = #argv > 0 and self.targets[2] or self.targets[1]
- setfenv(target.target, self.env)
- target:target(unpack(argv))
-end
-
function arcombine(trg1, trg2)
- return {type = "arcombine", env = getfenv(), target = _arcombine, targets = {trg1, trg2}}
+ return {
+ type = "arcombine",
+ env = getfenv(),
+ targets = {trg1, trg2}
+ }
end
-local function _form(self, ...)
+function _form(self, ...)
local cbi = require "luci.cbi"
local tpl = require "luci.template"
local http = require "luci.http"
@@ -1092,10 +1516,9 @@ end
function form(model)
return {
- type = "cbi",
+ type = "form",
post = { ["cbi.submit"] = true },
- model = model,
- target = _form
+ model = model
}
end