share/www/script/jsbn.js share/www/script/jsbn2.js share/www/script/prng4.js share/www/script/rng.js share/www/script/sha1.js share/www/script/srp.js share/www/script/test/cookie_auth.js src/couchdb/couch_httpd_auth.erl @@ -11,9 +11,13 @@ Build and System Integration: * Changed `couchdb` script configuration options. * Added default.d and local.d configuration directories to load sequence. * Updated ownership and permission advice in `README` for better security. - * The SysV/BSD daemon script now creates the PID directory on each invokation + * The SysV/BSD daemon script now creates the PID directory on each invocation because PREFIX/var/run might be a temporary filesystem. +HTTP Interface: + + * Added optional cookie-based authentication handler. + Version 0.9.0 ------------- CHANGES @@ -16,7 +16,7 @@ batch_save_interval = 1000 ; milliseconds after which to save batches [httpd] port = 5984 bind_address = 127.0.0.1 -authentication_handler = {couch_httpd, default_authentication_handler} +authentication_handler = {couch_httpd_auth, default_authentication_handler} default_handler = {couch_httpd_db, handle_request} WWW-Authenticate = Basic realm="administrator" @@ -66,6 +66,8 @@ _sleep = {couch_httpd_misc_handlers, handle_sleep_req} [httpd_db_handlers] _compact = {couch_httpd_db, handle_compact_req} _design = {couch_httpd_db, handle_design_req} +_login = {couch_httpd_auth, handle_login_req} +_logout = {couch_httpd_auth, handle_logout_req} _temp_view = {couch_httpd_view, handle_temp_view_req} _changes = {couch_httpd_db, handle_changes_req} etc/couchdb/default.ini.tpl.in @@ -92,6 +92,12 @@ nobase_dist_localdata_DATA = \ www/script/jquery.resizer.js \ www/script/jquery.suggest.js \ www/script/json2.js \ + www/script/srp.js \ + www/script/jsbn.js \ + www/script/jsbn2.js \ + www/script/rng.js \ + www/script/prng4.js \ + www/script/sha1.js \ www/script/test/basics.js \ www/script/test/delayed_commits.js \ www/script/test/all_docs.js \ @@ -136,6 +142,7 @@ nobase_dist_localdata_DATA = \ www/script/test/purge.js \ www/script/test/config.js \ www/script/test/security_validation.js \ + www/script/test/cookie_auth.js \ www/script/test/stats.js \ www/script/test/changes.js \ www/style/layout.css share/Makefile.am @@ -22,6 +22,12 @@ specific language governing permissions and limitations under the License. <script src="script/jquery.js?1.3.1"></script> <script src="script/jquery.cookies.js?0.9.0"></script> <script src="script/jquery.couch.js?0.9.0"></script> + <script src="script/jsbn.js"></script> + <script src="script/jsbn2.js"></script> + <script src="script/prng4.js"></script> + <script src="script/rng.js"></script> + <script src="script/sha1.js?2.1a"></script> + <script src="script/srp.js"></script> <script src="script/couch.js?0.9.0"></script> <script src="script/futon.js?0.9.0"></script> <script src="script/couch_test_runner.js"></script> share/www/couch_tests.html @@ -241,7 +241,25 @@ function CouchDB(name, httpHeaders) { CouchDB.maybeThrowError(this.last_req); return JSON.parse(this.last_req.responseText); } - + + this.login = function(username, password) { + var _db = this; + function req(body, callback) { + _db.last_req = _db.request("POST", _db.uri + "_login", { + body: body + }); + return callback(JSON.parse(_db.last_req.responseText)); + } + var data = {}; + authSRP(req, username, password, function(_data) { data = _data; }); + return data; + } + + this.logout = function(username, password) { + this.last_req = this.request("POST", this.uri + "_logout", {}); + return JSON.parse(this.last_req.responseText); + } + // Convert a options object to an url query string. // ex: {key:'value',key2:'value2'} becomes '?key="value"&key2="value2"' function encodeOptions(options) { @@ -395,4 +413,4 @@ CouchDB.params = function(options) { returnArray.push(key + "=" + value); } return returnArray.join("&"); -} \ No newline at end of file +} share/www/script/couch.js @@ -73,6 +73,7 @@ loadTest("purge.js"); loadTest("config.js"); loadTest("form_submit.js"); loadTest("security_validation.js"); +loadTest("cookie_auth.js"); loadTest("stats.js"); loadTest("rev_stemming.js"); share/www/script/couch_tests.js @@ -82,6 +82,41 @@ }); }, + // TODO make login/logout and db.login/db.logout DRY + login: function(options) { + options = options || {}; + $.ajax({ + type: "POST", url: this.uri + "_login", dataType: "json", + data: {username: options.username, password: options.password}, + complete: function(req) { + var resp = $.httpData(req, "json"); + if (req.status == 200) { + if (options.success) options.success(resp); + } else if (options.error) { + options.error(req.status, resp.error, resp.reason); + } else { + alert("An error occurred logging in: " + resp.reason); + } + } + }); + }, + logout: function(options) { + options = options || {}; + $.ajax({ + type: "POST", url: this.uri + "_logout", dataType: "json", + complete: function(req) { + var resp = $.httpData(req, "json"); + if (req.status == 200) { + if (options.success) options.success(resp); + } else if (options.error) { + options.error(req.status, resp.error, resp.reason); + } else { + alert("An error occurred logging out: " + resp.reason); + } + } + }); + }, + db: function(name) { return { name: name, @@ -332,6 +367,39 @@ } } }); + }, + login: function(options) { + options = options || {}; + $.ajax({ + type: "POST", url: this.uri + "_login", dataType: "json", + data: {username: options.username, password: options.password}, + complete: function(req) { + var resp = $.httpData(req, "json"); + if (req.status == 200) { + if (options.success) options.success(resp); + } else if (options.error) { + options.error(req.status, resp.error, resp.reason); + } else { + alert("An error occurred logging in: " + resp.reason); + } + } + }); + }, + logout: function(options) { + options = options || {}; + $.ajax({ + type: "POST", url: this.uri + "_logout", dataType: "json", + complete: function(req) { + var resp = $.httpData(req, "json"); + if (req.status == 200) { + if (options.success) options.success(resp); + } else if (options.error) { + options.error(req.status, resp.error, resp.reason); + } else { + alert("An error occurred logging out: " + resp.reason); + } + } + }); } }; }, share/www/script/jquery.couch.js @@ -41,13 +41,13 @@ couchTests.security_validation = function(debug) { run_on_modified_server( [{section: "httpd", key: "authentication_handler", - value: "{couch_httpd, special_test_authentication_handler}"}, + value: "{couch_httpd_auth, special_test_authentication_handler}"}, {section:"httpd", key: "WWW-Authenticate", value: "X-Couch-Test-Auth"}], function () { - // try saving document usin the wrong credentials + // try saving document using the wrong credentials var wrongPasswordDb = new CouchDB("test_suite_db", {"WWW-Authenticate": "X-Couch-Test-Auth Damien Katz:foo"} ); share/www/script/test/security_validation.js @@ -318,7 +318,7 @@ couchTests.show_documents = function(debug) { var doc2 = {_id:"foo", a:2}; db.save(doc1); - //create the conflict with a all_or_nothing bulk docs request + // create the conflict with an all_or_nothing bulk docs request var docs = [doc2]; db.bulkSave(docs, {all_or_nothing:true}); share/www/script/test/show_documents.js @@ -55,6 +55,7 @@ source_files = \ couch_file.erl \ couch_httpd.erl \ couch_httpd_db.erl \ + couch_httpd_auth.erl \ couch_httpd_external.erl \ couch_httpd_show.erl \ couch_httpd_view.erl \ @@ -99,6 +100,7 @@ compiled_files = \ couch_file.beam \ couch_httpd.beam \ couch_httpd_db.beam \ + couch_httpd_auth.beam \ couch_httpd_external.beam \ couch_httpd_show.beam \ couch_httpd_view.beam \ src/couchdb/Makefile.am @@ -67,7 +67,8 @@ db_url_handlers, user_ctx, req_body = undefined, - design_url_handlers + design_url_handlers, + auth }). src/couchdb/couch_db.hrl @@ -23,8 +23,8 @@ -export([start_json_response/2, start_json_response/3, end_json_response/1]). -export([send_response/4,send_method_not_allowed/2,send_error/4, send_redirect/2,send_chunked_error/2]). -export([send_json/2,send_json/3,send_json/4]). --export([default_authentication_handler/1,special_test_authentication_handler/1]). --export([null_authentication_handler/1]). + +-import(couch_httpd_auth, [cookie_auth_header/2]). start_link() -> % read config and register for configuration changes @@ -171,7 +171,7 @@ handle_request(MochiReq, DefaultFun, {ok, Resp} = try - HandlerFun(HttpReq#httpd{user_ctx=AuthenticationFun(HttpReq)}) + HandlerFun(AuthenticationFun(HttpReq)) catch throw:Error -> % ?LOG_DEBUG("Minor error in HTTP request: ~p",[Error]), @@ -197,48 +197,6 @@ handle_request(MochiReq, DefaultFun, increment_method_stats(Method) -> couch_stats_collector:increment({httpd_request_methods, Method}). -special_test_authentication_handler(Req) -> - case header_value(Req, "WWW-Authenticate") of - "X-Couch-Test-Auth " ++ NamePass -> - % NamePass is a colon separated string: "joe schmoe:a password". - {ok, [Name, Pass]} = regexp:split(NamePass, ":"), - case {Name, Pass} of - {"Jan Lehnardt", "apple"} -> ok; - {"Christopher Lenz", "dog food"} -> ok; - {"Noah Slater", "biggiesmalls endian"} -> ok; - {"Chris Anderson", "mp3"} -> ok; - {"Damien Katz", "pecan pie"} -> ok; - {_, _} -> - throw({unauthorized, <<"Name or password is incorrect.">>}) - end, - #user_ctx{name=?l2b(Name)}; - _ -> - % No X-Couch-Test-Auth credentials sent, give admin access so the - % previous authentication can be restored after the test - #user_ctx{roles=[<<"_admin">>]} - end. - -default_authentication_handler(Req) -> - case basic_username_pw(Req) of - {User, Pass} -> - case couch_server:is_admin(User, Pass) of - true -> - #user_ctx{name=?l2b(User), roles=[<<"_admin">>]}; - false -> - throw({unauthorized, <<"Name or password is incorrect.">>}) - end; - nil -> - case couch_server:has_admins() of - true -> - #user_ctx{}; - false -> - % if no admins, then everyone is admin! Yay, admin party! - #user_ctx{roles=[<<"_admin">>]} - end - end. - -null_authentication_handler(_Req) -> - #user_ctx{roles=[<<"_admin">>]}. % Utilities @@ -257,8 +215,9 @@ header_value(#httpd{mochi_req=MochiReq}, Key, Default) -> primary_header_value(#httpd{mochi_req=MochiReq}, Key) -> MochiReq:get_primary_header_value(Key). -serve_file(#httpd{mochi_req=MochiReq}, RelativePath, DocumentRoot) -> - {ok, MochiReq:serve_file(RelativePath, DocumentRoot, server_header())}. +serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot) -> + {ok, MochiReq:serve_file(RelativePath, DocumentRoot, + server_header() ++ cookie_auth_header(Req, []))}. qs_value(Req, Key) -> qs_value(Req, Key, undefined). @@ -349,37 +308,21 @@ verify_is_server_admin(#httpd{user_ctx=#user_ctx{roles=Roles}}) -> -basic_username_pw(Req) -> - case header_value(Req, "Authorization") of - "Basic " ++ Base64Value -> - case string:tokens(?b2l(couch_util:decodeBase64(Base64Value)),":") of - [User, Pass] -> - {User, Pass}; - [User] -> - {User, ""}; - _ -> - nil - end; - _ -> - nil - end. - - -start_chunked_response(#httpd{mochi_req=MochiReq}, Code, Headers) -> +start_chunked_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers) -> couch_stats_collector:increment({httpd_status_codes, Code}), - {ok, MochiReq:respond({Code, Headers ++ server_header(), chunked})}. + {ok, MochiReq:respond({Code, Headers ++ server_header() ++ cookie_auth_header(Req, Headers), chunked})}. send_chunk(Resp, Data) -> Resp:write_chunk(Data), {ok, Resp}. -send_response(#httpd{mochi_req=MochiReq}, Code, Headers, Body) -> +send_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers, Body) -> couch_stats_collector:increment({httpd_status_codes, Code}), if Code >= 400 -> ?LOG_DEBUG("httpd ~p error response:~n ~s", [Code, Body]); true -> ok end, - {ok, MochiReq:respond({Code, Headers ++ server_header(), Body})}. + {ok, MochiReq:respond({Code, Headers ++ server_header() ++ cookie_auth_header(Req, Headers), Body})}. send_method_not_allowed(Req, Methods) -> send_response(Req, 405, [{"Allow", Methods}], <<>>). @@ -500,12 +443,17 @@ error_info(Error) -> send_error(_Req, {already_sent, Resp, _Error}) -> {ok, Resp}; -send_error(Req, Error) -> +send_error(#httpd{mochi_req=MochiReq}=Req, Error) -> {Code, ErrorStr, ReasonStr} = error_info(Error), if Code == 401 -> - case couch_config:get("httpd", "WWW-Authenticate", nil) of - nil -> - Headers = []; + case MochiReq:get_header_value("X-CouchDB-WWW-Authenticate") of + undefined -> + case couch_config:get("httpd", "WWW-Authenticate", nil) of + nil -> + Headers = []; + Type -> + Headers = [{"WWW-Authenticate", Type}] + end; Type -> Headers = [{"WWW-Authenticate", Type}] end; src/couchdb/couch_httpd.erl @@ -57,7 +57,8 @@ process_external_req(HttpReq, Db, Name) -> json_req_obj(#httpd{mochi_req=Req, method=Verb, path_parts=Path, - req_body=ReqBody + req_body=ReqBody, + user_ctx=#user_ctx{name=UserName, roles=UserRoles} }, Db) -> Body = case ReqBody of undefined -> Req:recv_body(); @@ -69,6 +70,10 @@ json_req_obj(#httpd{mochi_req=Req, _ -> [] end, + UserCtx = case UserName of + null -> {[{<<"roles">>, UserRoles}]}; + _Else -> {[{<<"name">>, UserName}, {<<"roles">>, UserRoles}]} + end, Headers = Req:get(headers), Hlist = mochiweb_headers:to_list(Headers), {ok, Info} = couch_db:get_db_info(Db), @@ -80,7 +85,8 @@ json_req_obj(#httpd{mochi_req=Req, {<<"headers">>, to_json_terms(Hlist)}, {<<"body">>, Body}, {<<"form">>, to_json_terms(ParsedForm)}, - {<<"cookie">>, to_json_terms(Req:parse_cookie())}]}. + {<<"cookie">>, to_json_terms(Req:parse_cookie())}, + {<<"userCtx">>, UserCtx}]}. to_json_terms(Data) -> to_json_terms(Data, []). src/couchdb/couch_httpd_external.erl @@ -38,7 +38,6 @@ handle_doc_show_req(#httpd{ send_doc_show_response(Lang, ShowSrc, DocId, Doc, Req, Db); handle_doc_show_req(#httpd{ - method='GET', path_parts=[_DbName, _Design, DesignName, _Show, ShowName] }=Req, Db) -> DesignId = <<"_design/", DesignName/binary>>, @@ -51,7 +50,7 @@ handle_doc_show_req(#httpd{method='GET'}=Req, _Db) -> send_error(Req, 404, <<"show_error">>, <<"Invalid path.">>); handle_doc_show_req(Req, _Db) -> - send_method_not_allowed(Req, "GET,HEAD"). + send_method_not_allowed(Req, "GET,POST,HEAD"). handle_view_list_req(#httpd{method='GET', path_parts=[_DbName, _Design, DesignName, _List, ListName, ViewName]}=Req, Db) -> @@ -159,7 +158,7 @@ make_map_send_row_fun(QueryServer, Req) -> end end. -output_map_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, nil) -> +output_map_list(#httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, nil) -> #view_query_args{ limit = Limit, direction = Dir, @@ -172,7 +171,7 @@ output_map_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Quer Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept}), + CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept, UserCtx}), couch_httpd:etag_respond(Req, CurrentEtag, fun() -> % get the os process here % pass it into the view fold with closures @@ -192,7 +191,7 @@ output_map_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Quer finish_list(Req, Db, QueryServer, CurrentEtag, FoldResult, StartListRespFun, RowCount) end); -output_map_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, Keys) -> +output_map_list(#httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, Keys) -> #view_query_args{ limit = Limit, direction = Dir, @@ -203,7 +202,7 @@ output_map_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Quer Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept}), + CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept, UserCtx}), couch_httpd:etag_respond(Req, CurrentEtag, fun() -> % get the os process here % pass it into the view fold with closures @@ -271,7 +270,7 @@ make_reduce_send_row_fun(QueryServer, Req, Db) -> end end. -output_reduce_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, nil) -> +output_reduce_list(#httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, nil) -> #view_query_args{ limit = Limit, direction = Dir, @@ -288,7 +287,7 @@ output_reduce_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Q Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept}), + CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept, UserCtx}), couch_httpd:etag_respond(Req, CurrentEtag, fun() -> StartListRespFun = make_reduce_start_resp_fun(QueryServer, Req, Db, CurrentEtag), SendListRowFun = make_reduce_send_row_fun(QueryServer, Req, Db), @@ -306,7 +305,7 @@ output_reduce_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Q finish_list(Req, Db, QueryServer, CurrentEtag, FoldResult, StartListRespFun, null) end); -output_reduce_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, Keys) -> +output_reduce_list(#httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Lang, ListSrc, View, Group, Db, QueryArgs, Keys) -> #view_query_args{ limit = Limit, direction = Dir, @@ -321,7 +320,7 @@ output_reduce_list(#httpd{mochi_req=MReq}=Req, Lang, ListSrc, View, Group, Db, Q Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept, Keys}), + CurrentEtag = couch_httpd_view:view_group_etag(Group, {Lang, ListSrc, Accept, UserCtx, Keys}), couch_httpd:etag_respond(Req, CurrentEtag, fun() -> StartListRespFun = make_reduce_start_resp_fun(QueryServer, Req, Db, CurrentEtag), @@ -366,12 +365,12 @@ render_head_for_empty_list(StartListRespFun, Req, Etag, null) -> render_head_for_empty_list(StartListRespFun, Req, Etag, TotalRows) -> StartListRespFun(Req, Etag, TotalRows, null, []). -send_doc_show_response(Lang, ShowSrc, DocId, nil, #httpd{mochi_req=MReq}=Req, Db) -> +send_doc_show_response(Lang, ShowSrc, DocId, nil, #httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Db) -> % compute etag with no doc Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd:make_etag({Lang, ShowSrc, nil, Accept}), + CurrentEtag = couch_httpd:make_etag({Lang, ShowSrc, nil, Accept, UserCtx}), couch_httpd:etag_respond(Req, CurrentEtag, fun() -> ExternalResp = couch_query_servers:render_doc_show(Lang, ShowSrc, DocId, nil, Req, Db), @@ -379,12 +378,12 @@ send_doc_show_response(Lang, ShowSrc, DocId, nil, #httpd{mochi_req=MReq}=Req, Db couch_httpd_external:send_external_response(Req, JsonResp) end); -send_doc_show_response(Lang, ShowSrc, DocId, #doc{revs=Revs}=Doc, #httpd{mochi_req=MReq}=Req, Db) -> +send_doc_show_response(Lang, ShowSrc, DocId, #doc{revs=Revs}=Doc, #httpd{mochi_req=MReq, user_ctx=UserCtx}=Req, Db) -> % calculate the etag Headers = MReq:get(headers), Hlist = mochiweb_headers:to_list(Headers), Accept = proplists:get_value('Accept', Hlist), - CurrentEtag = couch_httpd:make_etag({Lang, ShowSrc, Revs, Accept}), + CurrentEtag = couch_httpd:make_etag({Lang, ShowSrc, Revs, Accept, UserCtx}), % We know our etag now couch_httpd:etag_respond(Req, CurrentEtag, fun() -> ExternalResp = couch_query_servers:render_doc_show(Lang, ShowSrc, src/couchdb/couch_httpd_show.erl @@ -16,7 +16,8 @@ -export([should_flush/0, should_flush/1, to_existing_atom/1, to_binary/1]). -export([new_uuid/0, rand32/0, implode/2, collate/2, collate/3]). -export([abs_pathname/1,abs_pathname/2, trim/1, ascii_lower/1]). --export([encodeBase64/1, decodeBase64/1, to_hex/1,parse_term/1,dict_find/3]). +-export([encodeBase64/1, decodeBase64/1, encodeBase64Url/1, decodeBase64Url/1, + to_hex/1,parse_term/1, dict_find/3]). -export([file_read_size/1]). -include("couch_db.hrl"). @@ -255,6 +256,23 @@ encodeBase64(<<B:1/binary>>, Acc) -> encodeBase64(<<>>, Acc) -> Acc. +encodeBase64Url(Bs) when list(Bs) -> + encodeBase64Url(list_to_binary(Bs), <<>>); +encodeBase64Url(Bs) -> + encodeBase64Url(Bs, <<>>). + +encodeBase64Url(<<B:3/binary, Bs/binary>>, Acc) -> + <<C1:6, C2:6, C3:6, C4:6>> = B, + encodeBase64Url(Bs, <<Acc/binary, (encUrl(C1)), (encUrl(C2)), (encUrl(C3)), (encUrl(C4))>>); +encodeBase64Url(<<B:2/binary>>, Acc) -> + <<C1:6, C2:6, C3:6, _:6>> = <<B/binary, 0>>, + <<Acc/binary, (encUrl(C1)), (encUrl(C2)), (encUrl(C3))>>; +encodeBase64Url(<<B:1/binary>>, Acc) -> + <<C1:6, C2:6, _:12>> = <<B/binary, 0, 0>>, + <<Acc/binary, (encUrl(C1)), (encUrl(C2))>>; +encodeBase64Url(<<>>, Acc) -> + Acc. + %% %% decodeBase64(BinaryChars) -> Binary %% @@ -275,6 +293,23 @@ decode1(<<C1, C2, C3, C4, Cs/binary>>, Acc) -> decode1(<<>>, Acc) -> Acc. +decodeBase64Url(Cs) when is_list(Cs)-> + decodeBase64Url(list_to_binary(Cs)); +decodeBase64Url(Cs) -> + decode1Url(Cs, <<>>). + +decode1Url(<<C1, C2>>, Acc) -> + <<B1, _:16>> = <<(decUrl(C1)):6, (decUrl(C2)):6, 0:12>>, + <<Acc/binary, B1>>; +decode1Url(<<C1, C2, C3>>, Acc) -> + <<B1, B2, _:8>> = <<(decUrl(C1)):6, (decUrl(C2)):6, (decUrl(C3)):6, (decUrl(0)):6>>, + <<Acc/binary, B1, B2>>; +decode1Url(<<C1, C2, C3, C4, Cs/binary>>, Acc) -> + Bin = <<Acc/binary, (decUrl(C1)):6, (decUrl(C2)):6, (decUrl(C3)):6, (decUrl(C4)):6>>, + decode1Url(Cs, Bin); +decode1Url(<<>>, Acc) -> + Acc. + %% enc/1 and dec/1 %% %% Mapping: 0-25 -> A-Z, 26-51 -> a-z, 52-61 -> 0-9, 62 -> +, 63 -> / @@ -285,6 +320,15 @@ enc(C) -> dec(C) -> 62*?st(C,43) + ?st(C,47) + (C-59)*?st(C,48) - 69*?st(C,65) - 6*?st(C,97). +%% encUrl/1 and decUrl/1 +%% +%% Mapping: 0-25 -> A-Z, 26-51 -> a-z, 52-61 -> 0-9, 62 -> -, 63 -> _ +%% +encUrl(C) -> + 65 + C + 6*?st(C,26) - 75*?st(C,52) -13*?st(C,62) + 49*?st(C,63). + +decUrl(C) -> + 62*?st(C,45) + (C-58)*?st(C,48) - 69*?st(C,65) + 33*?st(C,95) - 39*?st(C,97). dict_find(Key, Dict, DefaultValue) -> case dict:find(Key, Dict) of src/couchdb/couch_util.erl @@ -32,7 +32,7 @@ cookie(Key, Value) -> %% @spec cookie(Key::string(), Value::string(), Options::[Option]) -> header() %% where Option = {max_age, integer()} | {local_time, {date(), time()}} %% | {domain, string()} | {path, string()} -%% | {secure, true | false} +%% | {secure, true | false} | {http_only, true | false} %% %% @doc Generate a Set-Cookie header field tuple. cookie(Key, Value, Options) -> @@ -83,7 +83,14 @@ cookie(Key, Value, Options) -> Path -> ["; Path=", quote(Path)] end, - CookieParts = [Cookie, ExpiresPart, SecurePart, DomainPart, PathPart], + HttpOnlyPart = + case proplists:get_value(http_only, Options) of + true -> + "; HttpOnly"; + _ -> + "" + end, + CookieParts = [Cookie, ExpiresPart, SecurePart, DomainPart, PathPart, HttpOnlyPart], {"Set-Cookie", lists:flatten(CookieParts)}. src/mochiweb/mochiweb_cookies.erl 1e4460ed33bce939ca96c42dac549f9074c2d91c Jason Davies jason@jason-daviess-macbook-pro.local http://github.com/jasondavies/couchdb/commit/6ec463c11750cc45118dba4da9ee51edcc6b3d4a 6ec463c11750cc45118dba4da9ee51edcc6b3d4a 2009-05-26T14:03:01-07:00 2009-05-07T16:50:06-07:00 Support for cookie-based authentication. Currently the auth protocol used is SRP, but this will be swapped out for SCRAM shortly as it is more efficient. b660d2236914b3ca31e54adad620a71c18d0f0da Jason Davies jason@jdd.local