Redirect to login when session expires

ntop · Mar 27, 2018 · 3a17284 · 3a17284
1 parent e49fe2e
commit 3a17284
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/include/ntop_defines.h b/include/ntop_defines.h
@@ -116,6 +116,7 @@
 #define CHANGE_PASSWORD_ULR       "/lua/change_password.lua"
 #define GRAFANA_URL               "/lua/modules/grafana"
 #define POOL_MEMBERS_ASSOC_URL    "/lua/admin/manage_pool_members.lua"
+#define NETWORK_LOAD_URL          "/lua/network_load.lua"
 #define HTTP_SESSION_DURATION     43200
 #define CONST_HTTPS_CERT_NAME     "ntopng-cert.pem"
 #define CONST_NTOP_INTERFACE      "ntop_interface"

diff --git a/scripts/lua/inc/footer.lua b/scripts/lua/inc/footer.lua
@@ -445,6 +445,11 @@ print [[/lua/logout.lua");  */
       });
 }
 
+$(document).ajaxError(function(err, response, ajaxSettings, thrownError) {
+  if((response.status == 403) && (response.responseText == "Login Required"))
+    window.location.href = "]] print(ntop.getHttpPrefix().."/login.lua") print[[";
+});
+
 footerRefresh();  /* call immediately to give the UI a more responsive look */
 setInterval(footerRefresh, ]]
 

diff --git a/src/HTTPserver.cpp b/src/HTTPserver.cpp
@@ -382,6 +382,20 @@ static int isCaptiveURL(char *url) {
   else
     return(0);
 }
+
+/* ****************************************** */
+
+static bool isStaticResourceUrl(const struct mg_request_info *request_info, u_int len) {
+  if((len >= 3 && (!strncmp(&request_info->uri[len - 3], ".js", 3)))
+     || (len >= 4 && (!strncmp(&request_info->uri[len - 4], ".css", 4)
+		      || !strncmp(&request_info->uri[len - 4], ".map", 4)
+		      || !strncmp(&request_info->uri[len - 4], ".ttf", 4)))
+     || (len >= 6 && (!strncmp(&request_info->uri[len - 6], ".woff2", 6))))
+    return true;
+
+  return false;
+}
+
 /* ****************************************** */
 
 // Redirect user to the login form. In the cookie, store the original URL
@@ -656,11 +670,7 @@ static int handle_lua_request(struct mg_connection *conn) {
   whitelisted = isWhitelistedURI(request_info->uri);
   authorized = is_authorized(conn, request_info, username, sizeof(username));
 
-  if((len >= 3 && (!strncmp(&request_info->uri[len - 3], ".js", 3)))
-     || (len >= 4 && (!strncmp(&request_info->uri[len - 4], ".css", 4)
-		      || !strncmp(&request_info->uri[len - 4], ".map", 4)
-		      || !strncmp(&request_info->uri[len - 4], ".ttf", 4)))
-     || (len >= 6 && (!strncmp(&request_info->uri[len - 6], ".woff2", 6))))
+  if(isStaticResourceUrl(request_info, len))
     ;
   else if((!whitelisted) && (!authorized)) {
     if(conn->client.lsa.sin.sin_port == ntop->get_HTTPserver()->getSplashPort())
@@ -669,7 +679,10 @@ static int handle_lua_request(struct mg_connection *conn) {
 		"Location: %s%s?referer=%s\r\n\r\n",
 		ntop->getPrefs()->get_http_prefix(), BANNED_SITE_URL,
 		mg_get_header(conn, "Host"));
-    else
+    else if(strcmp(request_info->uri, NETWORK_LOAD_URL) == 0) {
+      // avoid sending login redirect to allow js itself to redirect the user
+      return(send_error(conn, 403 /* Forbidden */, request_info->uri, "Login Required"));
+    } else
       redirect_to_login(conn, request_info, mg_get_header(conn, "Host") ?
 			mg_get_header(conn, "Host"): (char*)"");