changed: making a redirect from SSL connection to non SSL
if either use_ssl in the config if false
or if use_ssl_only_for_logged_users is true
and a user is not logged
added: base url redirect HTTP codes to the config
// if current connection is without SSL and should be made through SSL
// or if is via SSL and should be done in plain text
// then we make a redirect
// default: 303
int use_ssl_redirect_code;
// when the HOST_HTTP environment variable is not equal to 'base_url'
// (the part 'http://' and the last slash is removed)
// the server will redirect into base_url + 'REQUEST_URI'
// it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
// set this option to false if you have multiple subdomains
// default: false
bool base_url_redirect;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@847 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
83
core/app.cpp
83
core/app.cpp
@@ -174,9 +174,16 @@ void App::Close()
|
||||
}
|
||||
|
||||
|
||||
void App::BaseUrlRedirect(int code)
|
||||
void App::BaseUrlRedirect(int code, bool add_subdomain)
|
||||
{
|
||||
system.PutUrlProto(config.use_ssl, cur.request->redirect_to);
|
||||
|
||||
if( add_subdomain && !cur.request->subdomain.empty() )
|
||||
{
|
||||
cur.request->redirect_to += cur.request->subdomain;
|
||||
cur.request->redirect_to += '.';
|
||||
}
|
||||
|
||||
cur.request->redirect_to += config.base_url;
|
||||
AssignString(cur.request->env_request_uri, cur.request->redirect_to, false);
|
||||
// cur.request->env_request_uri should not be UrlEncoded because it contains slashes
|
||||
@@ -204,21 +211,51 @@ bool App::BaseUrlRedirect()
|
||||
if( Equal(config.base_url.c_str(), cur.request->env_http_host) )
|
||||
return false;
|
||||
|
||||
BaseUrlRedirect(301);
|
||||
BaseUrlRedirect(config.base_url_redirect_code, false);
|
||||
log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool App::ShouldChangeToSSL()
|
||||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
*/
|
||||
bool App::ShouldNotUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
return false;
|
||||
|
||||
if( !config.use_ssl || cur.request->using_ssl )
|
||||
if( !config.use_ssl )
|
||||
return true;
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
return false;
|
||||
|
||||
if( config.use_ssl_only_for_logged_users && !cur.session->puser )
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
*/
|
||||
bool App::ShouldUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
return false;
|
||||
|
||||
if( !config.use_ssl )
|
||||
return false;
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
return true;
|
||||
@@ -230,6 +267,32 @@ return true;
|
||||
}
|
||||
|
||||
|
||||
bool App::CheckSSLcorrectness()
|
||||
{
|
||||
bool status = true;
|
||||
|
||||
if( cur.request->using_ssl )
|
||||
{
|
||||
if( ShouldNotUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should NOT be used in SSL connection" << logend;
|
||||
status = false;
|
||||
}
|
||||
}
|
||||
else
|
||||
if( ShouldUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||
status = false;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void App::ProcessRequestThrow()
|
||||
{
|
||||
ReadRequest();
|
||||
@@ -251,12 +314,8 @@ void App::ProcessRequestThrow()
|
||||
plugin.Call(WINIX_SESSION_CHANGED);
|
||||
functions.Parse(); // parsing directories,files,functions and parameters
|
||||
|
||||
if( ShouldChangeToSSL() )
|
||||
{
|
||||
BaseUrlRedirect(303);
|
||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||
}
|
||||
else
|
||||
|
||||
if( CheckSSLcorrectness() )
|
||||
{
|
||||
cur.mount = system.mounts.CalcCurMount();
|
||||
|
||||
@@ -524,6 +583,7 @@ void App::CheckFCGIRole()
|
||||
|
||||
void App::CheckSSL()
|
||||
{
|
||||
// !! CHECK ME
|
||||
// value "on" exists in lighttpd server
|
||||
// make sure that for other servers is "on" too
|
||||
|
||||
@@ -547,6 +607,9 @@ void App::LogAccess()
|
||||
<< cur.request->env_http_host
|
||||
<< cur.request->env_request_uri << ' '
|
||||
<< cur.request->env_http_user_agent << logend;
|
||||
|
||||
if( !cur.request->subdomain.empty() )
|
||||
log << log3 << "Subdomain: " << cur.request->subdomain << logend;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user