From 3a1728414dcfc4eecccf14f3d982b83ea2ba1771 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Tue, 27 Mar 2018 15:16:30 +0200 Subject: [PATCH] Redirect to login when session expires --- include/ntop_defines.h | 1 + scripts/lua/inc/footer.lua | 5 +++++ src/HTTPserver.cpp | 25 +++++++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/include/ntop_defines.h b/include/ntop_defines.h index 2a2722812276..e2ff8637ebab 100644 --- a/include/ntop_defines.h +++ b/include/ntop_defines.h @@ -116,6 +116,7 @@ #define CHANGE_PASSWORD_ULR "/lua/change_password.lua" #define GRAFANA_URL "/lua/modules/grafana" #define POOL_MEMBERS_ASSOC_URL "/lua/admin/manage_pool_members.lua" +#define NETWORK_LOAD_URL "/lua/network_load.lua" #define HTTP_SESSION_DURATION 43200 #define CONST_HTTPS_CERT_NAME "ntopng-cert.pem" #define CONST_NTOP_INTERFACE "ntop_interface" diff --git a/scripts/lua/inc/footer.lua b/scripts/lua/inc/footer.lua index dbaafd3fc3bc..25dc9710e62a 100644 --- a/scripts/lua/inc/footer.lua +++ b/scripts/lua/inc/footer.lua @@ -445,6 +445,11 @@ print [[/lua/logout.lua"); */ }); } +$(document).ajaxError(function(err, response, ajaxSettings, thrownError) { + if((response.status == 403) && (response.responseText == "Login Required")) + window.location.href = "]] print(ntop.getHttpPrefix().."/login.lua") print[["; +}); + footerRefresh(); /* call immediately to give the UI a more responsive look */ setInterval(footerRefresh, ]] diff --git a/src/HTTPserver.cpp b/src/HTTPserver.cpp index 079af263b08b..6ee3607971b6 100644 --- a/src/HTTPserver.cpp +++ b/src/HTTPserver.cpp @@ -382,6 +382,20 @@ static int isCaptiveURL(char *url) { else return(0); } + +/* ****************************************** */ + +static bool isStaticResourceUrl(const struct mg_request_info *request_info, u_int len) { + if((len >= 3 && (!strncmp(&request_info->uri[len - 3], ".js", 3))) + || (len >= 4 && (!strncmp(&request_info->uri[len - 4], ".css", 4) + || !strncmp(&request_info->uri[len - 4], ".map", 4) + || !strncmp(&request_info->uri[len - 4], ".ttf", 4))) + || (len >= 6 && (!strncmp(&request_info->uri[len - 6], ".woff2", 6)))) + return true; + + return false; +} + /* ****************************************** */ // Redirect user to the login form. In the cookie, store the original URL @@ -656,11 +670,7 @@ static int handle_lua_request(struct mg_connection *conn) { whitelisted = isWhitelistedURI(request_info->uri); authorized = is_authorized(conn, request_info, username, sizeof(username)); - if((len >= 3 && (!strncmp(&request_info->uri[len - 3], ".js", 3))) - || (len >= 4 && (!strncmp(&request_info->uri[len - 4], ".css", 4) - || !strncmp(&request_info->uri[len - 4], ".map", 4) - || !strncmp(&request_info->uri[len - 4], ".ttf", 4))) - || (len >= 6 && (!strncmp(&request_info->uri[len - 6], ".woff2", 6)))) + if(isStaticResourceUrl(request_info, len)) ; else if((!whitelisted) && (!authorized)) { if(conn->client.lsa.sin.sin_port == ntop->get_HTTPserver()->getSplashPort()) @@ -669,7 +679,10 @@ static int handle_lua_request(struct mg_connection *conn) { "Location: %s%s?referer=%s\r\n\r\n", ntop->getPrefs()->get_http_prefix(), BANNED_SITE_URL, mg_get_header(conn, "Host")); - else + else if(strcmp(request_info->uri, NETWORK_LOAD_URL) == 0) { + // avoid sending login redirect to allow js itself to redirect the user + return(send_error(conn, 403 /* Forbidden */, request_info->uri, "Login Required")); + } else redirect_to_login(conn, request_info, mg_get_header(conn, "Host") ? mg_get_header(conn, "Host"): (char*)"");