HTTP server: use cookie to remember the logout state

tvheadend · Sep 16, 2014 · 972306d · 972306d
1 parent b55b9c9
commit 972306d
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/src/http.c b/src/http.c
@@ -252,6 +252,11 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
 
   if(rc == HTTP_STATUS_UNAUTHORIZED)
     htsbuf_qprintf(&hdrs, "WWW-Authenticate: Basic realm=\"tvheadend\"\r\n");
+  if (hc->hc_logout_cookie == 1) {
+    htsbuf_qprintf(&hdrs, "Set-Cookie: logout=1; Path=\"/logout\"\r\n");
+  } else if (hc->hc_logout_cookie == 2) {
+    htsbuf_qprintf(&hdrs, "Set-Cookie: logout=0; Path=\"/logout'\"; expires=Thu, 01 Jan 1970 00:00:00 GMT\r\n");
+  }
 
   htsbuf_qprintf(&hdrs, "Connection: %s\r\n", 
 	      hc->hc_keep_alive ? "Keep-Alive" : "Close");
@@ -918,6 +923,8 @@ http_serve_requests(http_connection_t *hc, htsbuf_queue_t *spill)
     free(hc->hc_password);
     hc->hc_password = NULL;
 
+    hc->hc_logout_cookie = 0;
+
   } while(hc->hc_keep_alive && http_server);
 
 error:

diff --git a/src/http.h b/src/http.h
@@ -137,6 +137,7 @@ typedef struct http_connection {
   struct config_head *hc_user_config;
 
   int hc_no_output;
+  int hc_logout_cookie;
 
   /* Support for HTTP POST */
 

diff --git a/src/webui/webui.c b/src/webui/webui.c
@@ -182,9 +182,22 @@ page_logout(http_connection_t *hc, const char *remain, void *opaque)
   if (hc->hc_access == NULL ||
       hc->hc_access->aa_username == NULL ||
       hc->hc_access->aa_username == '\0') {
+redirect:
     http_redirect(hc, "/", &hc->hc_req_args);
     return 0;
   } else {
+    const char *s = http_arg_get(&hc->hc_args, "Cookie");
+    if (s) {
+      while (*s && *s != ';')
+        s++;
+      if (*s) s++;
+      while (*s && *s <= ' ') s++;
+      if (!strncmp(s, "logout=1", 8)) {
+        hc->hc_logout_cookie = 2;
+        goto redirect;
+      }
+      hc->hc_logout_cookie = 1;
+    }
     return HTTP_STATUS_UNAUTHORIZED;
   }
 }