summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/controller
AgeCommit message (Collapse)Author
2022-07-08luci-base: use different cookie names for HTTP and HTTPSJo-Philipp Wich
Since HTTP cookies may not overwrite HTTPS ("secure") ones, users are frequently unable to log into LuCI when a stale, "secure" `sysauth` cookie is still present in the browser as it commonly happens after e.g. a sysupgrade operation or when frequently jumping between HTTP and HTTPS access. Rework the dispatcher to set either a `sysauth_http` or `sysauth_https` cookie, depending on the HTTPS state of the server connection and accept both cookie names when verifying the session ID. This allows users to log into a HTTP-only LuCI instance while a stale, "secure" HTTPS cookie is still present. Requires commit 2b0539ef9d ("lucihttp: update to latest Git HEAD") to function properly. Fixes: #5843 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-16luci-base: implement JSON endpoint to fetch menu informationJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: convert menu nodes to JSONJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01luci-base: remove unused Lua codeJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-12luci-base: fix list method handling in ubus-rpc protocol proxyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-15luci-base: use native ubus-rpc authorization protocolJo-Philipp Wich
Instead of granting complete ubus access under the active sysauth session, implement the ubus-rpc authorization mechanism and make the ubus proxy endpoint unauthenticated. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06luci-base: add vpn menu sectionFlorian Eckert
There is always more vpn services. To make the LuCI menu look cleaner, a new top level menu "VPN" will be added with this commit. All luci-app-* that have something to do with VPN should move to this new menu entry. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-07luci-base: fix handling of large ubus HTTP requestsJo-Philipp Wich
Properly handle ubus POST requests exceeding the default chunk size and fix a possible nil dereference when rejecting incoming requests due to bad JSON message framing. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-07luci-base: replace uci change pages with client side modal dialogJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-07luci-base: add ubus-http gatewayJo-Philipp Wich
Add an admin/ubus route mimicking the native uhttpd-mod-ubus protocol. The main difference to the native protocol is that this gateway requires no additional per-object/procedure ACL setup on the router side and that it is located under the same prefix as LuCI itself, allowing the reuse of the session login cookie. This route is meant to be a transitional mechanism until client side RPC calls are eventually migrated to uhttpd-mod-ubus completely. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-15luci-base: support disconnecting (deauthenticating) wireless clientsWang805447391
Add a button to each row in the wireless assoclist table to allow disconnecting clients using the ubus del_client method if the underlying radio interface supports it. Ref: https://github.com/openwrt/luci/pull/2271 Submitted-by: Wang805447391 <805447391@qq.com> [move deauth function to luci-base next to the existing assoclist function, require post security, fix parameter check condition, hide button if not supported by the radio, disable button after call, squash commits, fix whitespace, reword subject, add commit message] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-05luci-base: expose system translations to JavaScriptJo-Philipp Wich
Add a new /admin/translations/ endpoint which exposes the loaded system translations as JavaScript file. Once referenced by <script>, the endpoint will create a `window.TR` object containing the entire translation string table for use on the client side. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-27luci-base: fix sysauth cookie not removed on logoutKyle Rogers
Signed-off-by: Kyle Rogers <7157021+kyle30312@users.noreply.github.com>
2018-09-19luci-base: switch admin category node to firstnode() actionJo-Philipp Wich
After this change, luci-base will render the first module or application page installed on the system, instead of rendering a "Component not found" message when the status category is unavailable. This allows for single-purpose LuCI installations like e.g. luci-base with luci-app-travelmate which only presents application specific views without any of the standard system pages. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-19modules: Split luci-mod-fullDaniel F. Dickinson
Move some common elements to luci-base, and otherwise make three packages out of status, system, and network. They were mostly separated already, but there were some shared elements between status and network that are now in luci-base. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2018-09-19modules: Make luci-base sufficient to use luci appsDaniel F. Dickinson
Per the discussion in https://github.com/openwrt/luci/issues/869, make luci-base sufficient to login, logout, and review and apply or revert uci changes. This allows most luci-app-xxx to work without having luci-mod-admin-full installed. It has been tested with some apps and not luci-mod-admin-full, as well as with luci-mod-admin-full (to make sure the usual case doesn't break). Instead of creating a new module namespace (e.g. 'Base') we reduce the opportunities for breakage by having luci-base take over the 'shell' of the 'Administration' (admin/....) namespace. Since admin is assumed by all current building LuCI components (including Freifunk), this doesn't introduce the 'Administration' tab into any situation where it would not already be present (but includes it where it was before). We also add a "Component not installed" page to avoid fatal errors and backtrace when e.g. luci-mod-admin-full is not installed. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2018-05-05treewide: rework uci apply workflowJo-Philipp Wich
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft- bricking devices by requiring an explicit confirmation call after config apply. When a user now clicks "Save & Apply", LuCI first issues a call to uci apply which commits and reloads configuration, then goes into a polling countdown mode where it repeatedly attempts to call uci confirm. If the committed configuration is sane, the confirm call will go through and cancel rpcd's pending rollback timer. If the configuration change leads to a loss of connectivity (e.g. due to bad firewall rules or similar), the rollback mechanism will kick in after the timeout and revert configuration files and pending changes to the pre-apply state. In order to cover such rare cases where a lost of connectivity is expected and desired, the user is offered an "unchecked" apply option after timing out, which allows committing and applying the changes anyway, without the extra safety checks. As a consequence of this change, the luci-reload mechanism is now completely unsused since rpcd uses ubus config reload signals to reload affected services, which means that only procd-enabled services will receive proper reload treatment with the new workflow. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2015-10-06luci-base: switch to POST action for service reloadJo-Philipp Wich
Switches the service reload calls to CSRF token protected POST action. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Update my email addresses in the license headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Globally reduce copyright headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-08Rework LuCI build systemJo-Philipp Wich
* Rename subdirectories to their repective OpenWrt package names * Make each LuCI module its own standalone package * Deploy a shared luci.mk which is used by each module Makefile Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>