diff options
Diffstat (limited to 'src/token_authorization_middleware.cpp')
-rw-r--r-- | src/token_authorization_middleware.cpp | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp new file mode 100644 index 0000000000..61ac28debd --- /dev/null +++ b/src/token_authorization_middleware.cpp @@ -0,0 +1,49 @@ +#include <unordered_map> + +#include <boost/algorithm/string/predicate.hpp> + +#include <token_authorization_middleware.hpp> + +namespace crow +{ + std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key) + { + if (cookie_sessions.count(key)) + return cookie_sessions[key]; + return {}; + } + + void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value) + { + cookies_to_push_to_client.emplace(key, value); + } + + + void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx) + { + if (req.url == "/login"){ + return; + } + + // Check for an authorization header, reject if not present + if (req.headers.count("Authorization") != 1) { + res.code = 400; + res.end(); + return; + } + std::string auth_header = req.get_header_value("Authorization"); + // If the user is attempting any kind of auth other than token, reject + if (!boost::starts_with(auth_header, "Token ")) { + res.code = 400; + res.end(); + } + } + + void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx) + { + for (auto& cookie : ctx.cookies_to_push_to_client) { + res.add_header("Set-Cookie", cookie.first + "=" + cookie.second); + } + } + +}
\ No newline at end of file |