diff --git a/core/app.cpp b/core/app.cpp index 79b01a8..88c5da3 100755 --- a/core/app.cpp +++ b/core/app.cpp @@ -174,9 +174,16 @@ void App::Close() } -void App::BaseUrlRedirect(int code) +void App::BaseUrlRedirect(int code, bool add_subdomain) { system.PutUrlProto(config.use_ssl, cur.request->redirect_to); + + if( add_subdomain && !cur.request->subdomain.empty() ) + { + cur.request->redirect_to += cur.request->subdomain; + cur.request->redirect_to += '.'; + } + cur.request->redirect_to += config.base_url; AssignString(cur.request->env_request_uri, cur.request->redirect_to, false); // cur.request->env_request_uri should not be UrlEncoded because it contains slashes @@ -204,21 +211,51 @@ bool App::BaseUrlRedirect() if( Equal(config.base_url.c_str(), cur.request->env_http_host) ) return false; - BaseUrlRedirect(301); + BaseUrlRedirect(config.base_url_redirect_code, false); log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend; return true; } -bool App::ShouldChangeToSSL() + + +/* + if this method returns true then we make a redirect +*/ +bool App::ShouldNotUseSSL() { if( cur.request->method == Request::post ) return false; - if( !config.use_ssl || cur.request->using_ssl ) + if( !config.use_ssl ) + return true; + + // !! IMPROVE ME add a flag to functions to indicate if the function need SSL + if( cur.request->function == &functions.fun_login || + cur.request->function == &functions.fun_adduser ) return false; + if( config.use_ssl_only_for_logged_users && !cur.session->puser ) + return true; + +return false; +} + + + +/* + if this method returns true then we make a redirect +*/ +bool App::ShouldUseSSL() +{ + if( cur.request->method == Request::post ) + return false; + + if( !config.use_ssl ) + return false; + + // !! IMPROVE ME add a flag to functions to indicate if the function need SSL if( cur.request->function == &functions.fun_login || cur.request->function == &functions.fun_adduser ) return true; @@ -230,6 +267,32 @@ return true; } +bool App::CheckSSLcorrectness() +{ +bool status = true; + + if( cur.request->using_ssl ) + { + if( ShouldNotUseSSL() ) + { + BaseUrlRedirect(config.use_ssl_redirect_code, true); + log << log3 << "App: this operation should NOT be used in SSL connection" << logend; + status = false; + } + } + else + if( ShouldUseSSL() ) + { + BaseUrlRedirect(config.use_ssl_redirect_code, true); + log << log3 << "App: this operation should be used in SSL connection" << logend; + status = false; + } + +return status; +} + + + void App::ProcessRequestThrow() { ReadRequest(); @@ -251,12 +314,8 @@ void App::ProcessRequestThrow() plugin.Call(WINIX_SESSION_CHANGED); functions.Parse(); // parsing directories,files,functions and parameters - if( ShouldChangeToSSL() ) - { - BaseUrlRedirect(303); - log << log3 << "App: this operation should be used in SSL connection" << logend; - } - else + + if( CheckSSLcorrectness() ) { cur.mount = system.mounts.CalcCurMount(); @@ -524,6 +583,7 @@ void App::CheckFCGIRole() void App::CheckSSL() { + // !! CHECK ME // value "on" exists in lighttpd server // make sure that for other servers is "on" too @@ -547,6 +607,9 @@ void App::LogAccess() << cur.request->env_http_host << cur.request->env_request_uri << ' ' << cur.request->env_http_user_agent << logend; + + if( !cur.request->subdomain.empty() ) + log << log3 << "Subdomain: " << cur.request->subdomain << logend; } diff --git a/core/app.h b/core/app.h index 18079a0..e22aaf4 100755 --- a/core/app.h +++ b/core/app.h @@ -124,9 +124,11 @@ private: void ProcessRequestThrow(); void ProcessRequest(); - void BaseUrlRedirect(int code); + void BaseUrlRedirect(int code, bool add_subdomain); bool BaseUrlRedirect(); - bool ShouldChangeToSSL(); + bool ShouldUseSSL(); + bool ShouldNotUseSSL(); + bool CheckSSLcorrectness(); void MakePage(); void Make(); void SaveSessionsIfNeeded(); // !! wywalic do menagera sesji?? diff --git a/core/config.cpp b/core/config.cpp index fb7bdf1..cde1eb9 100755 --- a/core/config.cpp +++ b/core/config.cpp @@ -162,12 +162,14 @@ void Config::AssignValues(bool stdout_is_closed) use_ssl_static = Bool(L"use_ssl_static", false); use_ssl_common = Bool(L"use_ssl_common", false); use_ssl_only_for_logged_users = Bool(L"use_ssl_only_for_logged_users", true); + use_ssl_redirect_code = Int(L"use_ssl_redirect_code", 303); base_url = Text(L"base_url"); base_url_static = Text(L"base_url_static"); base_url_common = Text(L"base_url_common"); - base_url_redirect = Bool(L"base_url_redirect"); + base_url_redirect = Bool(L"base_url_redirect", false); + base_url_redirect_code = Int(L"base_url_redirect_code", 301); NoLastSlash(base_url); NoLastSlash(base_url_static); diff --git a/core/config.h b/core/config.h index 69d1d95..bf82411 100755 --- a/core/config.h +++ b/core/config.h @@ -321,15 +321,17 @@ public: std::wstring url_ssl_proto; // enables SSL - // this is related to [doc_base_url] ezc function + // it means this site should be accessed through SSL encrypted connection // default: false bool use_ssl; - // enables SSL with [doc_base_url_static] + // enables SSL for static content + // used mainly in templates, look at doc_base_url_static ezc function // default: false bool use_ssl_static; - // enables SSL with [doc_base_url_common] + // enables SSL for common content + // used mainly in templates, look at doc_base_url_common ezc function // default: false bool use_ssl_common; @@ -338,11 +340,24 @@ public: // default: true bool use_ssl_only_for_logged_users; - // when the HOST_HTTP environment variable doesn't point into 'base_url' (the part 'http://' and the last slash is removed) - // the server will redirect into 'base_url' + 'REQUEST_URI' + // if current connection is without SSL and should be made through SSL + // or if is via SSL and should be done in plain text + // then we make a redirect + // default: 303 + int use_ssl_redirect_code; + + // when the HOST_HTTP environment variable is not equal to 'base_url' + // (the part 'http://' and the last slash is removed) + // the server will redirect into base_url + 'REQUEST_URI' // it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc. + // set this option to false if you have multiple subdomains + // default: false bool base_url_redirect; + // the HTTP code used during the base redirect + // default: 301 + int base_url_redirect_code; + // the main address of the site (e.g. www.someserver.com) // (without http:// prefix) std::wstring base_url;