Added HTTP basic authentication

OpenIPC · Jun 17, 2024 · 915133d · 915133d
1 parent 21daca4
commit 915133d
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 1 deletion.
diff --git a/divinus.yaml b/divinus.yaml
@@ -1,6 +1,9 @@
 system:
   sensor_config: /etc/sensors/imx415.bin
   web_port: 80
+  web_enable_auth: false
+  web_auth_user: admin
+  web_auth_pass: 12345
   web_enable_static: false
   isp_thread_stack_size: 16384
   venc_stream_thread_stack_size: 16384

diff --git a/src/app_config.c b/src/app_config.c
@@ -11,6 +11,7 @@ enum ConfigError parse_app_config(void) {
     memset(&app_config, 0, sizeof(struct AppConfig));
 
     app_config.web_port = 8080;
+    app_config.web_enable_auth = false;
     app_config.web_enable_static = false;
     app_config.isp_thread_stack_size = 16 * 1024;
     app_config.venc_stream_thread_stack_size = 16 * 1024;
@@ -66,6 +67,11 @@ enum ConfigError parse_app_config(void) {
     if (err != CONFIG_OK)
         goto RET_ERR;
     app_config.web_port = (unsigned short)port;
+    parse_bool(&ini, "system", "web_enable_auth", &app_config.web_enable_auth);
+    parse_param_value(
+        &ini, "system", "web_auth_user", app_config.web_auth_user);
+    parse_param_value(
+        &ini, "system", "web_auth_pass", app_config.web_auth_pass);
     err = parse_bool(
         &ini, "system", "web_enable_static", &app_config.web_enable_static);
     if (err != CONFIG_OK)

diff --git a/src/app_config.h b/src/app_config.h
@@ -7,6 +7,9 @@ struct AppConfig {
     // [system]
     char sensor_config[128];
     unsigned short web_port;
+    bool web_enable_auth;
+    char web_auth_user[32];
+    char web_auth_pass[32];
     bool web_enable_static;
     unsigned int isp_thread_stack_size;
     unsigned int venc_stream_thread_stack_size;

diff --git a/src/server.c b/src/server.c
@@ -433,7 +433,7 @@ char *request_header(const char *name)
 {
     header_t *h = reqhdr;
     for (; h->name; h++)
-        if (!strcmp(h->name, name))
+        if (!strcasecmp(h->name, name))
             return h->value;
     return NULL;
 }
@@ -529,6 +529,29 @@ void *server_thread(void *vargp) {
 
         parse_request(client_fd, request);
 
+        if (app_config.web_enable_auth) {
+            char *auth = request_header("Authorization");
+            char cred[65], valid[256];
+
+            strcpy(cred, app_config.web_auth_user);
+            strcpy(cred + strlen(app_config.web_auth_user), ":");
+            strcpy(cred + strlen(app_config.web_auth_user) + 1, app_config.web_auth_pass);
+            strcpy(valid, "Basic ");
+            base64_encode(valid + 6, cred, strlen(cred));
+
+            if (!auth || !equals(auth, valid)) {
+                int respLen = sprintf(response,
+                    "HTTP/1.1 401 Unauthorized\r\n" \
+                    "Content-Type: text/plain\r\n" \
+                    "WWW-Authenticate: Basic realm=\"Access the camera services\"\r\n" \
+                    "Connection: close\r\n\r\n"
+                );
+                send_to_fd(client_fd, response, respLen);
+                close_socket_fd(client_fd);
+                continue;
+            }
+        }
+
         if (equals(uri, "/exit")) {
             // exit
             char response2[] = "HTTP/1.1 200 OK\r\nContent-Length: "