changed: making a redirect from SSL connection to non SSL

if either use_ssl in the config if false
         or if use_ssl_only_for_logged_users is true
         and a user is not logged
added:   base url redirect HTTP codes to the config
         // if current connection is without SSL and should be made through SSL
         // or if is via SSL and should be done in plain text
         // then we make a redirect
         // default: 303
         int use_ssl_redirect_code;

         // when the HOST_HTTP environment variable is not equal to 'base_url'
         // (the part 'http://' and the last slash is removed)
         // the server will redirect into base_url + 'REQUEST_URI'
         // it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
         // set this option to false if you have multiple subdomains
         // default: false
         bool base_url_redirect;




git-svn-id: svn://ttmath.org/publicrep/winix/trunk@847 e52654a7-88a9-db11-a3e9-0013d4bc506e

core/app.cpp

@@ -174,9 +174,16 @@ void App::Close()
 }
 
 
-void App::BaseUrlRedirect(int code)
+void App::BaseUrlRedirect(int code, bool add_subdomain)
 {
 	system.PutUrlProto(config.use_ssl, cur.request->redirect_to);
+
+	if( add_subdomain && !cur.request->subdomain.empty() )
+	{
+		cur.request->redirect_to += cur.request->subdomain;
+		cur.request->redirect_to += '.';
+	}
+
 	cur.request->redirect_to += config.base_url;
 	AssignString(cur.request->env_request_uri, cur.request->redirect_to, false);
 	// cur.request->env_request_uri should not be UrlEncoded because it contains slashes
@@ -204,21 +211,51 @@ bool App::BaseUrlRedirect()
 	if( Equal(config.base_url.c_str(), cur.request->env_http_host) )
 		return false;
 
-	BaseUrlRedirect(301);
+	BaseUrlRedirect(config.base_url_redirect_code, false);
 	log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend;
 	
 return true;
 }
 
 
-bool App::ShouldChangeToSSL()
+
+
+/*
+	if this method returns true then we make a redirect
+*/
+bool App::ShouldNotUseSSL()
 {
 	if( cur.request->method == Request::post )
 		return false;
 
-	if( !config.use_ssl || cur.request->using_ssl )
+	if( !config.use_ssl )
+		return true;
+
+	// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
+	if( cur.request->function == &functions.fun_login ||
+		cur.request->function == &functions.fun_adduser )
 		return false;
 
+	if( config.use_ssl_only_for_logged_users && !cur.session->puser )
+		return true;
+
+return false;
+}
+
+
+
+/*
+	if this method returns true then we make a redirect
+*/
+bool App::ShouldUseSSL()
+{
+	if( cur.request->method == Request::post )
+		return false;
+
+	if( !config.use_ssl )
+		return false;
+
+	// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
 	if( cur.request->function == &functions.fun_login ||
 		cur.request->function == &functions.fun_adduser )
 		return true;
@@ -230,6 +267,32 @@ return true;
 }
 
 
+bool App::CheckSSLcorrectness()
+{
+bool status = true;
+
+	if( cur.request->using_ssl )
+	{
+		if( ShouldNotUseSSL() )
+		{
+			BaseUrlRedirect(config.use_ssl_redirect_code, true);
+			log << log3 << "App: this operation should NOT be used in SSL connection" << logend;
+			status = false;
+		}
+	}
+	else
+	if( ShouldUseSSL() )
+	{
+		BaseUrlRedirect(config.use_ssl_redirect_code, true);
+		log << log3 << "App: this operation should be used in SSL connection" << logend;
+		status = false;
+	}
+
+return status;
+}
+
+
+
 void App::ProcessRequestThrow()
 {
 	ReadRequest();
@@ -251,12 +314,8 @@ void App::ProcessRequestThrow()
 		plugin.Call(WINIX_SESSION_CHANGED);
 		functions.Parse(); // parsing directories,files,functions and parameters
 
-		if( ShouldChangeToSSL() )
-		{
-			BaseUrlRedirect(303);
-			log << log3 << "App: this operation should be used in SSL connection" << logend;
-		}
-		else
+
+		if( CheckSSLcorrectness() )
 		{
 			cur.mount = system.mounts.CalcCurMount();
 
@@ -524,6 +583,7 @@ void App::CheckFCGIRole()
 
 void App::CheckSSL()
 {
+	// !! CHECK ME
 	// value "on" exists in lighttpd server
 	// make sure that for other servers is "on" too
 
@@ -547,6 +607,9 @@ void App::LogAccess()
 		<< cur.request->env_http_host
 		<< cur.request->env_request_uri		<< ' '
 		<< cur.request->env_http_user_agent	<< logend;
+
+	if( !cur.request->subdomain.empty() )
+		log << log3 << "Subdomain: " << cur.request->subdomain << logend;
 }
 
 

core/app.h

@@ -124,9 +124,11 @@ private:
 
 	void ProcessRequestThrow();
 	void ProcessRequest();
-	void BaseUrlRedirect(int code);
+	void BaseUrlRedirect(int code, bool add_subdomain);
 	bool BaseUrlRedirect();
-	bool ShouldChangeToSSL();
+	bool ShouldUseSSL();
+	bool ShouldNotUseSSL();
+	bool CheckSSLcorrectness();
 	void MakePage();
 	void Make();
 	void SaveSessionsIfNeeded(); // !! wywalic do menagera sesji??

core/config.cpp

@@ -162,12 +162,14 @@ void Config::AssignValues(bool stdout_is_closed)
 	use_ssl_static                = Bool(L"use_ssl_static", false);
 	use_ssl_common                = Bool(L"use_ssl_common", false);
 	use_ssl_only_for_logged_users = Bool(L"use_ssl_only_for_logged_users", true);
+	use_ssl_redirect_code         = Int(L"use_ssl_redirect_code", 303);
 
 	base_url              = Text(L"base_url");
 	base_url_static       = Text(L"base_url_static");
 	base_url_common       = Text(L"base_url_common");
 
-	base_url_redirect     = Bool(L"base_url_redirect");
+	base_url_redirect      = Bool(L"base_url_redirect", false);
+	base_url_redirect_code = Int(L"base_url_redirect_code", 301);
 
 	NoLastSlash(base_url);
 	NoLastSlash(base_url_static);

core/config.h

@@ -321,15 +321,17 @@ public:
 	std::wstring url_ssl_proto;
 
 	// enables SSL
-	// this is related to [doc_base_url] ezc function
+	// it means this site should be accessed through SSL encrypted connection
 	// default: false
 	bool use_ssl;
 
-	// enables SSL with [doc_base_url_static]
+	// enables SSL for static content
+	// used mainly in templates, look at doc_base_url_static ezc function
 	// default: false
 	bool use_ssl_static;
 
-	// enables SSL with [doc_base_url_common]
+	// enables SSL for common content
+	// used mainly in templates, look at doc_base_url_common ezc function
 	// default: false
 	bool use_ssl_common;
 
@@ -338,11 +340,24 @@ public:
 	// default: true
 	bool use_ssl_only_for_logged_users;
 
-	// when the HOST_HTTP environment variable doesn't point into 'base_url' (the part 'http://' and the last slash is removed)
-	// the server will redirect into 'base_url' + 'REQUEST_URI'
+	// if current connection is without SSL and should be made through SSL
+	// or if is via SSL and should be done in plain text
+	// then we make a redirect
+	// default: 303
+	int use_ssl_redirect_code;
+
+	// when the HOST_HTTP environment variable is not equal to 'base_url'
+	// (the part 'http://' and the last slash is removed)
+	// the server will redirect into base_url + 'REQUEST_URI'
 	// it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
+	// set this option to false if you have multiple subdomains
+	// default: false
 	bool base_url_redirect;
 
+	// the HTTP code used during the base redirect
+	// default: 301
+	int base_url_redirect_code;
+
 	// the main address of the site (e.g. www.someserver.com)
 	// (without http:// prefix)
 	std::wstring base_url;