Basic auth

UML1/superpoohREST.cpp

@@ -307,38 +307,76 @@ void message_callback(struct mosquitto* mosq, void* obj, const struct mosquitto_
     }
 }*/
 
+bool is_authentificated(http_request message) {
+    auto headers = message.headers();
+    if (message.headers().find("Authorization") == headers.end()) return false;
+    auto authHeader = headers["Authorization"];
+    auto credsPos = authHeader.find("Basic");
+    if (credsPos == std::string::npos) 
+        return false;
+    
+    auto base64 = authHeader.substr(credsPos + std::string("Basic").length() + 1);
+    if (base64.empty()) return false;
+    auto bytes = utility::conversions::from_base64(base64);
+    std::string creds(bytes.begin(), bytes.end());
+    auto colonPos = creds.find(":");
+    if (colonPos == std::string::npos) return false;
+    auto user = creds.substr(0, colonPos);
+    auto password = creds.substr(colonPos + 1, creds.size()  - colonPos - 1);
+
+    if (user == "pooh" && password == "honey") {
+        return true;
+    } else {
+        return false;
+    }
+}
+
 void handle_get(http_request message){
 	cout<<"Handle get: "<<message.to_string()<<endl;
-	json::value jsonObject;
-	jsonObject[U("target_height")] = json::value::number(targetH);
-	message.reply(status_codes::OK,jsonObject);
+    if (is_authentificated(message)) {
+        json::value jsonObject;
+        jsonObject[U("target_height")] = json::value::number(targetH);
+        message.reply(status_codes::OK,jsonObject);
+    } else {
+        message.reply(status_codes::Forbidden);
+    }
 }
 
 void handle_post(http_request message){
-	cout<<"Handle post: "<<message.to_string()<<endl;
-	json::value jsonObject;
-	try{
-		message.extract_json()
-			.then([&jsonObject](json::value jo){
-				cout<<"Val:"<<jo.serialize() << endl;
-				jsonObject = jo;
-                mtx.lock();
-                targetH = jsonObject.at(U("target_height")).as_number().to_double();
-				cout<<"Val:"<<targetH<< endl;
-                mtx.unlock();
-			})
-			.wait();
-	}
-	catch (const std::exception & e) {
-		printf("Error exception:%s\n", e.what());
-	}
-	message.reply(status_codes::OK,jsonObject);
+	cout<<"Handle post: "<<message.to_string()<<endl;          
+            
+    if (is_authentificated(message)) {
+        json::value jsonObject;
+        try{
+            message.extract_json()
+                .then([&jsonObject](json::value jo){
+                    cout<<"Val:"<<jo.serialize() << endl;
+                    jsonObject = jo;
+                    mtx.lock();
+                    targetH = jsonObject.at(U("target_height")).as_number().to_double();
+                    cout<<"Val:"<<targetH<< endl;
+                    mtx.unlock();
+                })
+                .wait();
+        }
+        catch (const std::exception & e) {
+            printf("Error exception:%s\n", e.what());
+        }
+        message.reply(status_codes::OK,jsonObject);
+    } else {
+        message.reply(status_codes::Forbidden);
+    }
+
 }
 
 void handle_quit(http_request message){
 	cout<<"Handle quit: "<<message.to_string()<<endl;
-    cmd = EExit;
-	message.reply(status_codes::OK);
+    if (is_authentificated(message)) {
+        cmd = EExit;
+        message.reply(status_codes::OK);
+    } else {
+        message.reply(status_codes::Forbidden);
+    }
 }
 
 int main()
@@ -347,7 +385,7 @@ int main()
     int rc = 0;
 
     web::http::experimental::listener::http_listener 
-		listener(U("http://localhost:8080/cpprest"));
+		listener(U("http://localhost:8080/"));
 	listener.support(methods::GET,handle_get);
 	listener.support(methods::POST,handle_post);
 	listener.support(methods::DEL,handle_quit);