changed: making a redirect from SSL connection to non SSL
if either use_ssl in the config if false or if use_ssl_only_for_logged_users is true and a user is not logged added: base url redirect HTTP codes to the config // if current connection is without SSL and should be made through SSL // or if is via SSL and should be done in plain text // then we make a redirect // default: 303 int use_ssl_redirect_code; // when the HOST_HTTP environment variable is not equal to 'base_url' // (the part 'http://' and the last slash is removed) // the server will redirect into base_url + 'REQUEST_URI' // it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc. // set this option to false if you have multiple subdomains // default: false bool base_url_redirect; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@847 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
parent
2c38fe180e
commit
e0dd85ca99
83
core/app.cpp
83
core/app.cpp
|
@ -174,9 +174,16 @@ void App::Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void App::BaseUrlRedirect(int code)
|
void App::BaseUrlRedirect(int code, bool add_subdomain)
|
||||||
{
|
{
|
||||||
system.PutUrlProto(config.use_ssl, cur.request->redirect_to);
|
system.PutUrlProto(config.use_ssl, cur.request->redirect_to);
|
||||||
|
|
||||||
|
if( add_subdomain && !cur.request->subdomain.empty() )
|
||||||
|
{
|
||||||
|
cur.request->redirect_to += cur.request->subdomain;
|
||||||
|
cur.request->redirect_to += '.';
|
||||||
|
}
|
||||||
|
|
||||||
cur.request->redirect_to += config.base_url;
|
cur.request->redirect_to += config.base_url;
|
||||||
AssignString(cur.request->env_request_uri, cur.request->redirect_to, false);
|
AssignString(cur.request->env_request_uri, cur.request->redirect_to, false);
|
||||||
// cur.request->env_request_uri should not be UrlEncoded because it contains slashes
|
// cur.request->env_request_uri should not be UrlEncoded because it contains slashes
|
||||||
|
@ -204,21 +211,51 @@ bool App::BaseUrlRedirect()
|
||||||
if( Equal(config.base_url.c_str(), cur.request->env_http_host) )
|
if( Equal(config.base_url.c_str(), cur.request->env_http_host) )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
BaseUrlRedirect(301);
|
BaseUrlRedirect(config.base_url_redirect_code, false);
|
||||||
log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend;
|
log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool App::ShouldChangeToSSL()
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
if this method returns true then we make a redirect
|
||||||
|
*/
|
||||||
|
bool App::ShouldNotUseSSL()
|
||||||
{
|
{
|
||||||
if( cur.request->method == Request::post )
|
if( cur.request->method == Request::post )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if( !config.use_ssl || cur.request->using_ssl )
|
if( !config.use_ssl )
|
||||||
|
return true;
|
||||||
|
|
||||||
|
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||||
|
if( cur.request->function == &functions.fun_login ||
|
||||||
|
cur.request->function == &functions.fun_adduser )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if( config.use_ssl_only_for_logged_users && !cur.session->puser )
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
if this method returns true then we make a redirect
|
||||||
|
*/
|
||||||
|
bool App::ShouldUseSSL()
|
||||||
|
{
|
||||||
|
if( cur.request->method == Request::post )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if( !config.use_ssl )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||||
if( cur.request->function == &functions.fun_login ||
|
if( cur.request->function == &functions.fun_login ||
|
||||||
cur.request->function == &functions.fun_adduser )
|
cur.request->function == &functions.fun_adduser )
|
||||||
return true;
|
return true;
|
||||||
|
@ -230,6 +267,32 @@ return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool App::CheckSSLcorrectness()
|
||||||
|
{
|
||||||
|
bool status = true;
|
||||||
|
|
||||||
|
if( cur.request->using_ssl )
|
||||||
|
{
|
||||||
|
if( ShouldNotUseSSL() )
|
||||||
|
{
|
||||||
|
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||||
|
log << log3 << "App: this operation should NOT be used in SSL connection" << logend;
|
||||||
|
status = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if( ShouldUseSSL() )
|
||||||
|
{
|
||||||
|
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||||
|
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||||
|
status = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void App::ProcessRequestThrow()
|
void App::ProcessRequestThrow()
|
||||||
{
|
{
|
||||||
ReadRequest();
|
ReadRequest();
|
||||||
|
@ -251,12 +314,8 @@ void App::ProcessRequestThrow()
|
||||||
plugin.Call(WINIX_SESSION_CHANGED);
|
plugin.Call(WINIX_SESSION_CHANGED);
|
||||||
functions.Parse(); // parsing directories,files,functions and parameters
|
functions.Parse(); // parsing directories,files,functions and parameters
|
||||||
|
|
||||||
if( ShouldChangeToSSL() )
|
|
||||||
{
|
if( CheckSSLcorrectness() )
|
||||||
BaseUrlRedirect(303);
|
|
||||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
cur.mount = system.mounts.CalcCurMount();
|
cur.mount = system.mounts.CalcCurMount();
|
||||||
|
|
||||||
|
@ -524,6 +583,7 @@ void App::CheckFCGIRole()
|
||||||
|
|
||||||
void App::CheckSSL()
|
void App::CheckSSL()
|
||||||
{
|
{
|
||||||
|
// !! CHECK ME
|
||||||
// value "on" exists in lighttpd server
|
// value "on" exists in lighttpd server
|
||||||
// make sure that for other servers is "on" too
|
// make sure that for other servers is "on" too
|
||||||
|
|
||||||
|
@ -547,6 +607,9 @@ void App::LogAccess()
|
||||||
<< cur.request->env_http_host
|
<< cur.request->env_http_host
|
||||||
<< cur.request->env_request_uri << ' '
|
<< cur.request->env_request_uri << ' '
|
||||||
<< cur.request->env_http_user_agent << logend;
|
<< cur.request->env_http_user_agent << logend;
|
||||||
|
|
||||||
|
if( !cur.request->subdomain.empty() )
|
||||||
|
log << log3 << "Subdomain: " << cur.request->subdomain << logend;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -124,9 +124,11 @@ private:
|
||||||
|
|
||||||
void ProcessRequestThrow();
|
void ProcessRequestThrow();
|
||||||
void ProcessRequest();
|
void ProcessRequest();
|
||||||
void BaseUrlRedirect(int code);
|
void BaseUrlRedirect(int code, bool add_subdomain);
|
||||||
bool BaseUrlRedirect();
|
bool BaseUrlRedirect();
|
||||||
bool ShouldChangeToSSL();
|
bool ShouldUseSSL();
|
||||||
|
bool ShouldNotUseSSL();
|
||||||
|
bool CheckSSLcorrectness();
|
||||||
void MakePage();
|
void MakePage();
|
||||||
void Make();
|
void Make();
|
||||||
void SaveSessionsIfNeeded(); // !! wywalic do menagera sesji??
|
void SaveSessionsIfNeeded(); // !! wywalic do menagera sesji??
|
||||||
|
|
|
@ -162,12 +162,14 @@ void Config::AssignValues(bool stdout_is_closed)
|
||||||
use_ssl_static = Bool(L"use_ssl_static", false);
|
use_ssl_static = Bool(L"use_ssl_static", false);
|
||||||
use_ssl_common = Bool(L"use_ssl_common", false);
|
use_ssl_common = Bool(L"use_ssl_common", false);
|
||||||
use_ssl_only_for_logged_users = Bool(L"use_ssl_only_for_logged_users", true);
|
use_ssl_only_for_logged_users = Bool(L"use_ssl_only_for_logged_users", true);
|
||||||
|
use_ssl_redirect_code = Int(L"use_ssl_redirect_code", 303);
|
||||||
|
|
||||||
base_url = Text(L"base_url");
|
base_url = Text(L"base_url");
|
||||||
base_url_static = Text(L"base_url_static");
|
base_url_static = Text(L"base_url_static");
|
||||||
base_url_common = Text(L"base_url_common");
|
base_url_common = Text(L"base_url_common");
|
||||||
|
|
||||||
base_url_redirect = Bool(L"base_url_redirect");
|
base_url_redirect = Bool(L"base_url_redirect", false);
|
||||||
|
base_url_redirect_code = Int(L"base_url_redirect_code", 301);
|
||||||
|
|
||||||
NoLastSlash(base_url);
|
NoLastSlash(base_url);
|
||||||
NoLastSlash(base_url_static);
|
NoLastSlash(base_url_static);
|
||||||
|
|
|
@ -321,15 +321,17 @@ public:
|
||||||
std::wstring url_ssl_proto;
|
std::wstring url_ssl_proto;
|
||||||
|
|
||||||
// enables SSL
|
// enables SSL
|
||||||
// this is related to [doc_base_url] ezc function
|
// it means this site should be accessed through SSL encrypted connection
|
||||||
// default: false
|
// default: false
|
||||||
bool use_ssl;
|
bool use_ssl;
|
||||||
|
|
||||||
// enables SSL with [doc_base_url_static]
|
// enables SSL for static content
|
||||||
|
// used mainly in templates, look at doc_base_url_static ezc function
|
||||||
// default: false
|
// default: false
|
||||||
bool use_ssl_static;
|
bool use_ssl_static;
|
||||||
|
|
||||||
// enables SSL with [doc_base_url_common]
|
// enables SSL for common content
|
||||||
|
// used mainly in templates, look at doc_base_url_common ezc function
|
||||||
// default: false
|
// default: false
|
||||||
bool use_ssl_common;
|
bool use_ssl_common;
|
||||||
|
|
||||||
|
@ -338,11 +340,24 @@ public:
|
||||||
// default: true
|
// default: true
|
||||||
bool use_ssl_only_for_logged_users;
|
bool use_ssl_only_for_logged_users;
|
||||||
|
|
||||||
// when the HOST_HTTP environment variable doesn't point into 'base_url' (the part 'http://' and the last slash is removed)
|
// if current connection is without SSL and should be made through SSL
|
||||||
// the server will redirect into 'base_url' + 'REQUEST_URI'
|
// or if is via SSL and should be done in plain text
|
||||||
|
// then we make a redirect
|
||||||
|
// default: 303
|
||||||
|
int use_ssl_redirect_code;
|
||||||
|
|
||||||
|
// when the HOST_HTTP environment variable is not equal to 'base_url'
|
||||||
|
// (the part 'http://' and the last slash is removed)
|
||||||
|
// the server will redirect into base_url + 'REQUEST_URI'
|
||||||
// it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
|
// it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
|
||||||
|
// set this option to false if you have multiple subdomains
|
||||||
|
// default: false
|
||||||
bool base_url_redirect;
|
bool base_url_redirect;
|
||||||
|
|
||||||
|
// the HTTP code used during the base redirect
|
||||||
|
// default: 301
|
||||||
|
int base_url_redirect_code;
|
||||||
|
|
||||||
// the main address of the site (e.g. www.someserver.com)
|
// the main address of the site (e.g. www.someserver.com)
|
||||||
// (without http:// prefix)
|
// (without http:// prefix)
|
||||||
std::wstring base_url;
|
std::wstring base_url;
|
||||||
|
|
Loading…
Reference in New Issue