summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/dispatcher.lua
AgeCommit message (Collapse)Author
2022-07-08luci-base: use different cookie names for HTTP and HTTPSJo-Philipp Wich
Since HTTP cookies may not overwrite HTTPS ("secure") ones, users are frequently unable to log into LuCI when a stale, "secure" `sysauth` cookie is still present in the browser as it commonly happens after e.g. a sysupgrade operation or when frequently jumping between HTTP and HTTPS access. Rework the dispatcher to set either a `sysauth_http` or `sysauth_https` cookie, depending on the HTTPS state of the server connection and accept both cookie names when verifying the session ID. This allows users to log into a HTTP-only LuCI instance while a stale, "secure" HTTPS cookie is still present. Requires commit 2b0539ef9d ("lucihttp: update to latest Git HEAD") to function properly. Fixes: #5843 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-04-27luci-base: dispatcher.lua: support "absent" fs dependency for menu nodesJo-Philipp Wich
The "absent" dependency type requires the given path to not exist on the local system for the condition to be satisified. This is useful to disable menu nodes depending on the presence of specific files. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-11luci-base: dispatcher: rework dispatching and menu filtering logicJo-Philipp Wich
- Prefer nodes that do not require authentication over nodes that do - Honour ACL dependencies while resolving firstchild nodes - Consider currently active session while scanning menu tree instead of only loading effective ACLs when a login node is encountered - Do not consider nodes for firstchild dispatching which specify a special "firstchild_ineligible" property - Hide menu nodes that have no accessible children Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-11luci-base: dispatcher: fix null access on dispatching unknown urlsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-04-30luci-base: send failed/successfull login to syslogJan Pavlinec
Note: This change is relevant for systems that don't use uhttpd for LuCI. This log can be later used for fail2ban etc. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-08-31Merge pull request #4239 from etactica/error404-messagesFlorian Eckert
luci-base: dispatcher: error404: flow message into template
2020-07-19treewide: adapt to new luci.xml classSven Roederer
In the previous commit the luci.xml module was created, Let's change all references to the old functions to the new xml-module. Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2020-07-07error404: flow message into templateKarl Palsson
message was only being shown in the plain text case when the render failed. Signed-off-by: Karl Palsson <karlp@etactica.com>
2020-06-30luci-base: allow themes to provide sysauth.htmKarl Palsson
Support for sysauth_template was (inadvertently) dropped in refactorings to support the json menu construction. This does not restore that functionality, which allowed different templates for every node in the dispatcher tree, but provides an alternative mechanism that allows a theme to provide a sysauth.htm template file instead. Tested-by: Karl Palsson <karlp@etactica.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-14luci-base: dispatcher.lua: improve bytecode cache invalidationJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-20luci-base: dispatcher.lua: pass permission state to legacy CBI templatesJo-Philipp Wich
Ref: https://github.com/openwrt/luci/issues/3937 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-19luci-base: dispatcher.lua: honour acl_depends annotations in Lua controllersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-16luci-base: dispatcher.lua: add support for handling menu ACL annotationsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-18luci-base: Add missed config parameter for cbi when converting to JSONAnton Kikin
The cbi() function has a second argument 'config' in which various configuration parameters can be passed. When converting the lua menu to JSON, we must also convert this parameter. Signed-off-by: Anton Kikin <a.kikin@tano-systems.com>
2020-02-05luci-base: dispatcher.lua: remove redundant check_fs_depends() callJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-30luci-base: dispatcher.lua: fix filesystem dependency checksJo-Philipp Wich
A variable clash led to declarative `fs` dependencies being ineffective. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29luci-base: add another magic security attribute to the sysauth cookieJo-Philipp Wich
Fixes: #3585 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-10luci-base: dispatcher: remove empty firstchild nodes from menuJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-07luci-base: dispatcher: fix rpc controller regressionJo-Philipp Wich
When testing the luci-rpc authnetication, avoid clobbering the HTTP post request body. Fixes: #3470 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: dispatcher.lua: add support for loading JSON menu filesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: dispatcher.lua: refactor dispatch logicJo-Philipp Wich
Refactor the dispatch logic to operate on the internal JSON representation of the menu tree. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: dispatcher.lua: factor out template class init into own functionJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: dispatcher.lua: factor out language check into own functionJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-16luci-base: dispatcher.lua: introduce dispatch tree JSON conversionJo-Philipp Wich
Introduce a new method menu_json() which converts the current dispatch tree into JSON structure. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01luci-base: dispatcher.lua: support declarative node dependenciesJo-Philipp Wich
Introduce two new properties for page nodes to allow for declaratively specifiying system dependencies which is useful to e.g. make certain views depend on specific uci values or the presence of certain files. The recognized properties are: - `uci_depends` - a nested table in one of the following forms: 1) `{ config = { section = { option = "exact_value" } }` 2) `{ config = { section = { option = true } }` 3) `{ config = { section = "exact_type" } }` 4) `{ config = { section = true } }` 5) `{ config = true }` Depending on the declaration, the uci option or section type must either match the given "exact_value" or "exact_type" values or be a non-nil value in case boolean "true" is specified. - `file_depends` - a flat lists of file paths that must be accessible If a path listed in `file_depends` points to a directory, that directory must be not empty, otherwise it suffices if the path exists. Examples: - Only display the node if an /etc/config/wireless file exists with a "config wifi-device radio0" section. node = page(...) node.uci_depends = { wireless = { radio0 = "wifi-device" } } - Only display the node when swconfig is installed. node = page(...) node.file_depends = { "/sbin/swconfig" } Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-09luci-base: fix CSRF prevention for arcombine targetsJo-Philipp Wich
The dispatcher failed to propagate the child target post security requirements to the arcombine() dispatch target so far - fix this by recursively testing the post security requirements. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-07luci-base: add client based view actionsJo-Philipp Wich
Introduce a new view() target for CBI dispatch nodes, as long with the required template and plumbing work in luci.js to allow requiring view classes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-02-12luci-base: dispatcher: support raw values in attr() and ifattr()Jo-Philipp Wich
Extend the attr() and ifattr() template functions to take an optional further parameter indicating that the passed value should not be escaped. This is needed for cases where the input already is escaped through other means, e.g. when the value was previously filtered through the striptags() template helper. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-27luci-base: dispatcher: use consistent orderingJo-Philipp Wich
Use the same ordering logic for building the dispatch tree and for querying the children of a given node. Fixes #2338. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-27luci-base: dispatcher: remove tree modifier supportJo-Philipp Wich
This feature was never used, is hardly documented and appears to be designed to fiddle with the internal dispatch tree state. Given that, simply drop the related code to simplify the dispatcher class somewhat. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-16luci-base: dispatcher: add login indication on 403 errorsJo-Philipp Wich
Send a custom LuCI X-Header to indicate that a login is required to access the requested resource. This is mainly intended for xhr.js to be able to intercept such responses and popup an authentication dialog. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-05luci-base: remove references to luci.i18n.loadc()Jo-Philipp Wich
The i18n.loadc() function has been a no-op since almost six years so it makes no sense to invoke it anymore. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-19luci-base: dispatcher: introduce firstnode() dispatching targetJo-Philipp Wich
The firstnode target will dispatch the request to the first eligible menu subtree node that is not a redirect to another node, a special action or post security enabled page. That action is specifically useful for global category toplevel nodes like "admin" which are supposed to simply direct access to the first installed page node without having to hardcode specific choices. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-19modules: Make luci-base sufficient to use luci appsDaniel F. Dickinson
Per the discussion in https://github.com/openwrt/luci/issues/869, make luci-base sufficient to login, logout, and review and apply or revert uci changes. This allows most luci-app-xxx to work without having luci-mod-admin-full installed. It has been tested with some apps and not luci-mod-admin-full, as well as with luci-mod-admin-full (to make sure the usual case doesn't break). Instead of creating a new module namespace (e.g. 'Base') we reduce the opportunities for breakage by having luci-base take over the 'shell' of the 'Administration' (admin/....) namespace. Since admin is assumed by all current building LuCI components (including Freifunk), this doesn't introduce the 'Administration' tab into any situation where it would not already be present (but includes it where it was before). We also add a "Component not installed" page to avoid fatal errors and backtrace when e.g. luci-mod-admin-full is not installed. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2018-07-27treewide: rework rollback/apply workflowJo-Philipp Wich
Rework the apply confirmation mechanism to be session agnostic in order to circumvent cross domain restrictions which prevent the JS code from issuing apply confirm requests in some cases, e.g. when changing the LAN IP. Confirmation calls may now be done from unauthenticated pages, as long as a matching confirmation token is sent along with the request. The reasoning behind this is that there is little security impact in confirming pending apply sessions, especially since those sessions can only be initiated while being authenticated. After this change, LuCI will now launch a confirmation process on every rendered page when a rollback is pending. The confirmation will happen regardless of whether the user is logged in or not, or if the current page is a CBI form or static template. A confirmation request now also requires a random one-time token which is rendered along with the confirmation JavaScript code in order to succeed. This token is not meant to provide security but to ensure that the confirm was triggered from an interactive browser session and not some background HTTP requests that happened to end up in the admin ui. As a consequence, the different apply/confirm/rollback code paths in CBI maps and the UCI change/revert pages have been consolidated into one common implementation residing in the common global theme agnostic footer template. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-02luci-base: rework "in request" flagging logic for menu nodesJo-Philipp Wich
The previous implementation failed to mark active nodes under some circumstances. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-31luci-base: update coxpcall() implementation, fix runtime error reportingJo-Philipp Wich
Sync our coxpcall() implementation to the newest upstream version in order to get access to the inner backtrace information and propagate these traces to the browser in luci.dispatcher.dispatch(). This should make tracking down runtime errors much easier. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23luci-base: fix dispacher failAnsuel Smith
http.getenv("SCRIPT_NAME") fail if it's not provided. This can happen in the login screen when we don't have any script to load. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-05-18Merge pull request #1769 from jow-/masterJo-Philipp Wich
UCI apply/rollback workflow
2018-05-13luci-base: harden cookie sysauth=Yousong Zhou
A simple scan of the code indicates that currently no code in the repo is accessing the sysauth= cookie Closes openwrt/luci#1555 Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-05treewide: rework uci apply workflowJo-Philipp Wich
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft- bricking devices by requiring an explicit confirmation call after config apply. When a user now clicks "Save & Apply", LuCI first issues a call to uci apply which commits and reloads configuration, then goes into a polling countdown mode where it repeatedly attempts to call uci confirm. If the committed configuration is sane, the confirm call will go through and cancel rpcd's pending rollback timer. If the configuration change leads to a loss of connectivity (e.g. due to bad firewall rules or similar), the rollback mechanism will kick in after the timeout and revert configuration files and pending changes to the pre-apply state. In order to cover such rare cases where a lost of connectivity is expected and desired, the user is offered an "unchecked" apply option after timing out, which allows committing and applying the changes anyway, without the extra safety checks. As a consequence of this change, the luci-reload mechanism is now completely unsused since rpcd uses ubus config reload signals to reload affected services, which means that only procd-enabled services will receive proper reload treatment with the new workflow. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-base: enable uci session isolationJo-Philipp Wich
Switch to per-session save directories to decouple LuCI configuration changes from system wide ones. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26luci-base: add simple CORS handling to luci.dispatcherJo-Philipp Wich
Support a new boolean property `cors` which - if set to true - causes the dispatcher to positively answer CORS OPTIONS requests after authentication without actually running the dispatching target. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: fix rendering of 404 HTML error templateJo-Philipp Wich
This 404 error template rendering has been broken for a long time due to bad function environment level in luci.template when invoking the rendering from the toplevel dispatcher context. Fix this issue by adding a local function indirection, essentially adding an additional stack frame. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: don't propagate null bytes in path informationJo-Philipp Wich
It is possible to inject unescaped markup using a double encoded null byte via PATH_INFO on certain leaf nodes. Since there is no legitimate reason to handle null bytes in any part of the requested url, simply skip over such bytes when parsing the PATH_INFO value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-09luci-base: consider empty parameters as well when testing POST requirementJo-Philipp Wich
The cbi class will react on an empty "cbi.submit" parameter as well so we must intercept GET requests using that too. Fixes 186e690c0 ("luci-base: dispatcher: reject non-POST requests with any cbi.submit value") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-base: emit a warning if cbi() delegates a SimpleForm instanceJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: introduce luci.dispatcher.lookup()Jo-Philipp Wich
The lookup function takes multiple, possibly malformed path fragments, splits them on slashes, constructs a temporary path and looks up the result in the dispatch tree. If a matching node has been found, the function will return both the node reference and the canonical url to it. If no corresponding node is found, the function returns nil. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: dispatcher: reject non-POST requests with any cbi.submit valueJo-Philipp Wich
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while the dispatcher only required POST for cbi.submit == 1, the CSRF token protection could be bypassed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: add FULL_REQUEST_URI template propertyJo-Philipp Wich
Introduce a new template property FULL_REQUEST_URI which returns the full canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING. This new property is safer to use compared to using the raw REQUEST_URI CGI environment variable directly as this value is essentially untrusted user input which may contain embedded escaped slashes, double forward slashes and other oddities allowing XSS exploitation or request redirection. Signed-off-by: Jo-Philipp Wich <jo@mein.io>