summaryrefslogtreecommitdiffhomepage
path: root/modules/rpc/luasrc
AgeCommit message (Collapse)Author
2012-08-08modules/rpc: adapt rpc controller to sauth api changesJo-Philipp Wich
2012-08-07Rework authentication systemJo-Philipp Wich
The validity of authentication tokens was determined by the mtime of respective authentication tokens on filesystem stored in $sessionpath. Talking about hardware without RTC or without a prior connection to a time server, date/time usually around 1970 - so is the mtime of the authentication token file in $sessionpath. When now configuring an internet connection via LuCI, the system might fetch the current date/time (e.g. via ntp) which invalidates the token, returns "403 Forbidden" and kicks the user out of the interface. This patch changes the authentication system to use time values based on the uptime of the machine - rather than values based upon gettimeofday() and {a|m}time values - and save them inside the token. That way can always determine the difference between login (last interaction respectively) and the current time, in- dependant of the system clock jumping backwards/forwards. Warning: This patch removes the clean() function and respective calls. This means, invalid tokens will NOT be determined and removed from filesystem automatically anymore. Before, every HTTP-call caused a scan for invalid tokens, which is quite expensive. Instead consider using a cron job deleting all stalled files periodically. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org>
2012-08-07return "403 Forbidden" if authentication token was given, however is invalidJo-Philipp Wich
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org>
2011-01-02modules/rpc: remove uvl bindingsJo-Philipp Wich
2009-07-19convert luci.fs users to nixio.fs apiJo-Philipp Wich
2008-12-15Refined urltokens and XSRF protectionSteven Barth
2008-12-14Implement URL tokensSteven Barth
Add basic XSRF protection
2008-09-05Fixed last commitSteven Barth
2008-09-05Move RPC-bidnings out of the way to prevent the indexer to require themSteven Barth
2008-09-05Fix UVL RPC-APISteven Barth
2008-09-05Fixed UVL bindingsSteven Barth
2008-09-05Fixed JSON-RPC API, added uvl API-BindingsSteven Barth
2008-08-29General optimizations, simplifications and improvementsSteven Barth
2008-08-29Fixed RPC-APISteven Barth
2008-08-29modules/rpc: Check for existence of external librariesSteven Barth
libs/sys: Small fix for API-Documentation
2008-08-29Publish luci.model.ipkg via JSON-RPCSteven Barth
2008-08-29Completed first version of JSON-RPC APISteven Barth
2008-08-26UCI API changesSteven Barth
2008-08-26libs/json: Completed JSON librarySteven Barth
modules/rpc: Added experimental JSON-RPC API
2008-08-26libs/core: Reworked some basic libraries to not use package.seeallSteven Barth
libs/json: Implemented own JSON-Decoder (Encoder will follow) modules/rpc: Preliminary implemented RPC-Exports for luci.fs, luci.sys and luci.model.uci
2008-08-22RPC initial authentication API completedSteven Barth
2008-08-22RPC part #2Steven Barth
2008-08-22Updated XML translation system, fixed some errors with multiline-translationsSteven Barth
Thanks: Alina Friedrichsen