From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Fri, 15 Feb 2019 21:06:24 +0000 (+0100)
Subject: Webserver: simplify access to apikey/password
X-Git-Tag: dnsdist-1.4.0-beta1~17^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7579a7b9f61d6355bbdb600bee35ea39b1ccc9ef;p=pdns

Webserver: simplify access to apikey/password
---

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index a168559e1..5c221d1e7 100644
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -125,16 +125,17 @@ static bool optionsHandler(HttpRequest* req, HttpResponse* resp) {
   return false;
 }
 
-static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, const string &apikey) {
+void WebServer::apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
   if (optionsHandler(req, resp)) return;
 
   resp->headers["access-control-allow-origin"] = "*";
 
-  if (apikey.empty()) {
+  if (d_apikey.empty()) {
     g_log<<Logger::Error<<req->logprefix<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
     throw HttpUnauthorizedException("X-API-Key");
   }
-  bool auth_ok = req->compareHeader("x-api-key", apikey) || req->getvars["api-key"] == apikey;
+
+  bool auth_ok = req->compareHeader("x-api-key", d_apikey) || req->getvars["api-key"] == d_apikey;
   
   if (!auth_ok) {
     g_log<<Logger::Error<<req->logprefix<<"HTTP Request \"" << req->url.path << "\": Authentication by API Key failed" << endl;
@@ -170,14 +171,13 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
 }
 
 void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
-  HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2, d_apikey);
+  HandlerFunction f = boost::bind(&WebServer::apiWrapper, this, handler, _1, _2);
   registerBareHandler(url, f);
-  d_registerApiHandlerCalled = true;
 }
 
-static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, const string &password) {
-  if (!password.empty()) {
-    bool auth_ok = req->compareAuthorization(password);
+void WebServer::webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
+  if (!d_webserverPassword.empty()) {
+    bool auth_ok = req->compareAuthorization(d_webserverPassword);
     if (!auth_ok) {
       g_log<<Logger::Debug<<req->logprefix<<"HTTP Request \"" << req->url.path << "\": Web Authentication failed" << endl;
       throw HttpUnauthorizedException("Basic");
@@ -188,7 +188,7 @@ static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
 }
 
 void WebServer::registerWebHandler(const string& url, HandlerFunction handler) {
-  HandlerFunction f = boost::bind(&webWrapper, handler, _1, _2, d_webserverPassword);
+  HandlerFunction f = boost::bind(&WebServer::webWrapper, this, handler, _1, _2);
   registerBareHandler(url, f);
 }
 
diff --git a/pdns/webserver.hh b/pdns/webserver.hh
index 500f15704..e7d94b948 100644
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -158,16 +158,10 @@ public:
   virtual ~WebServer() { };
 
   void setApiKey(const string &apikey) {
-    if (d_registerApiHandlerCalled) {
-      throw PDNSException("registerApiHandler has been called, can not change apikey");
-    }
     d_apikey = apikey;
   }
 
   void setPassword(const string &password) {
-    if (d_registerWebHandlerCalled) {
-      throw PDNSException("registerWebHandler has been called, can not change password");
-    }
     d_webserverPassword = password;
   }
 
@@ -233,10 +227,9 @@ protected:
   std::shared_ptr<Server> d_server;
 
   std::string d_apikey;
-  bool d_registerApiHandlerCalled{false};
-
+  void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp);
   std::string d_webserverPassword;
-  bool d_registerWebHandlerCalled{false};
+  void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp);
 
   NetmaskGroup d_acl;