/
session.tcl
117 lines (94 loc) · 2.72 KB
/
session.tcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/tclsh
package require http
set LOGIN_URL 127.0.0.1/login.htm
array set USER_LEVEL ""
set USER_LEVEL(NONE) 0
set USER_LEVEL(GUEST) 1
set USER_LEVEL(USER) 2
set USER_LEVEL(ADMIN) 8
set USER_LEVEL(0) NONE
set USER_LEVEL(1) GUEST
set USER_LEVEL(2) USER
set USER_LEVEL(8) ADMIN
proc session_getHttpHeader { pRequest headerName } {
upvar $pRequest request
set headerName [string toupper $headerName]
array set meta $request(meta)
foreach header [array names meta] {
if {$headerName == [string toupper $header] } then {
return $meta($header)
}
}
return ""
}
proc session_login { username password } {
global LOGIN_URL
# Schritt 1: Benutzeranmeldung und Session erstellen
set query [::http::formatQuery tbUsername $username tbPassword $password]
set request [::http::geturl $LOGIN_URL -query $query]
set location [session_getHttpHeader $request location]
set code [::http::code $request]
::http::cleanup $request
if { -1 != [string first 503 $code] } then {
error [openapi::createError 500 "Internal Server Error" "Invalid session id"]
}
if { ![regexp {sid=@([^@]*)@} $location dummy sid] } then {
hmscript::run "system.ClearSessionID(\"$sid\");"
error [openapi::createError 401 "Unauthorized" "Invalid username oder password"]
}
return $sid
}
##
# session_logout
# Schließt eine laufende Sitzung.
#
# @param sid [string] Session-Id
##
proc session_logout { sid } {
if { [session_isValid $sid] == "true" } {
hmscript::run "system.ClearSessionID(\"$sid\");"
}
}
##
# session_isValid
# Prüft, ob eine Sitzung gültig ist
#
# @param sid [string] Session-Id
# @return [bool] true, falls die Session-Id gültig ist
##
proc session_isValid { sid } {
set script "var _session_id_ = \"$sid\";"
append script {
var result = false;
var s = system.GetSessionVarStr(_session_id_);
if (s) { result = true; }
Write(result);
}
set result [hmscript::run $script]
if { $result != "true" } {
error [openapi::createError 401 "Unauthorized" "Invalid session id: $sid"]
}
return
}
proc session_checkPermissions { sid level } {
if { $level >= 0 } {
global USER_LEVEL
session_isValid $sid
set hm_script "var _session_id_ = \"$sid\";"
append hm_script {
var upl = 0;
if ( system.IsVar("_session_id_") )
{
var id = system.GetVar("_session_id_");
var s = system.GetSessionVarStr(id);
if (s) { upl = s.StrValueByIndex(";", 1); }
}
Write(upl);
}
set userLevel [hmscript::run $hm_script]
if { $USER_LEVEL($level) > $userLevel } {
error [openapi::createError 403 "Forbidden" "Access denied"]
}
}
return
}