changed: making a redirect from SSL connection to non SSL
if either use_ssl in the config if false or if use_ssl_only_for_logged_users is true and a user is not logged added: base url redirect HTTP codes to the config // if current connection is without SSL and should be made through SSL // or if is via SSL and should be done in plain text // then we make a redirect // default: 303 int use_ssl_redirect_code; // when the HOST_HTTP environment variable is not equal to 'base_url' // (the part 'http://' and the last slash is removed) // the server will redirect into base_url + 'REQUEST_URI' // it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc. // set this option to false if you have multiple subdomains // default: false bool base_url_redirect; git-svn-id: svn://ttmath.org/publicrep/winix/trunk@847 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
parent
2c38fe180e
commit
e0dd85ca99
83
core/app.cpp
83
core/app.cpp
|
@ -174,9 +174,16 @@ void App::Close()
|
|||
}
|
||||
|
||||
|
||||
void App::BaseUrlRedirect(int code)
|
||||
void App::BaseUrlRedirect(int code, bool add_subdomain)
|
||||
{
|
||||
system.PutUrlProto(config.use_ssl, cur.request->redirect_to);
|
||||
|
||||
if( add_subdomain && !cur.request->subdomain.empty() )
|
||||
{
|
||||
cur.request->redirect_to += cur.request->subdomain;
|
||||
cur.request->redirect_to += '.';
|
||||
}
|
||||
|
||||
cur.request->redirect_to += config.base_url;
|
||||
AssignString(cur.request->env_request_uri, cur.request->redirect_to, false);
|
||||
// cur.request->env_request_uri should not be UrlEncoded because it contains slashes
|
||||
|
@ -204,21 +211,51 @@ bool App::BaseUrlRedirect()
|
|||
if( Equal(config.base_url.c_str(), cur.request->env_http_host) )
|
||||
return false;
|
||||
|
||||
BaseUrlRedirect(301);
|
||||
BaseUrlRedirect(config.base_url_redirect_code, false);
|
||||
log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool App::ShouldChangeToSSL()
|
||||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
*/
|
||||
bool App::ShouldNotUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
return false;
|
||||
|
||||
if( !config.use_ssl || cur.request->using_ssl )
|
||||
if( !config.use_ssl )
|
||||
return true;
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
return false;
|
||||
|
||||
if( config.use_ssl_only_for_logged_users && !cur.session->puser )
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
if this method returns true then we make a redirect
|
||||
*/
|
||||
bool App::ShouldUseSSL()
|
||||
{
|
||||
if( cur.request->method == Request::post )
|
||||
return false;
|
||||
|
||||
if( !config.use_ssl )
|
||||
return false;
|
||||
|
||||
// !! IMPROVE ME add a flag to functions to indicate if the function need SSL
|
||||
if( cur.request->function == &functions.fun_login ||
|
||||
cur.request->function == &functions.fun_adduser )
|
||||
return true;
|
||||
|
@ -230,6 +267,32 @@ return true;
|
|||
}
|
||||
|
||||
|
||||
bool App::CheckSSLcorrectness()
|
||||
{
|
||||
bool status = true;
|
||||
|
||||
if( cur.request->using_ssl )
|
||||
{
|
||||
if( ShouldNotUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should NOT be used in SSL connection" << logend;
|
||||
status = false;
|
||||
}
|
||||
}
|
||||
else
|
||||
if( ShouldUseSSL() )
|
||||
{
|
||||
BaseUrlRedirect(config.use_ssl_redirect_code, true);
|
||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||
status = false;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void App::ProcessRequestThrow()
|
||||
{
|
||||
ReadRequest();
|
||||
|
@ -251,12 +314,8 @@ void App::ProcessRequestThrow()
|
|||
plugin.Call(WINIX_SESSION_CHANGED);
|
||||
functions.Parse(); // parsing directories,files,functions and parameters
|
||||
|
||||
if( ShouldChangeToSSL() )
|
||||
{
|
||||
BaseUrlRedirect(303);
|
||||
log << log3 << "App: this operation should be used in SSL connection" << logend;
|
||||
}
|
||||
else
|
||||
|
||||
if( CheckSSLcorrectness() )
|
||||
{
|
||||
cur.mount = system.mounts.CalcCurMount();
|
||||
|
||||
|
@ -524,6 +583,7 @@ void App::CheckFCGIRole()
|
|||
|
||||
void App::CheckSSL()
|
||||
{
|
||||
// !! CHECK ME
|
||||
// value "on" exists in lighttpd server
|
||||
// make sure that for other servers is "on" too
|
||||
|
||||
|
@ -547,6 +607,9 @@ void App::LogAccess()
|
|||
<< cur.request->env_http_host
|
||||
<< cur.request->env_request_uri << ' '
|
||||
<< cur.request->env_http_user_agent << logend;
|
||||
|
||||
if( !cur.request->subdomain.empty() )
|
||||
log << log3 << "Subdomain: " << cur.request->subdomain << logend;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -124,9 +124,11 @@ private:
|
|||
|
||||
void ProcessRequestThrow();
|
||||
void ProcessRequest();
|
||||
void BaseUrlRedirect(int code);
|
||||
void BaseUrlRedirect(int code, bool add_subdomain);
|
||||
bool BaseUrlRedirect();
|
||||
bool ShouldChangeToSSL();
|
||||
bool ShouldUseSSL();
|
||||
bool ShouldNotUseSSL();
|
||||
bool CheckSSLcorrectness();
|
||||
void MakePage();
|
||||
void Make();
|
||||
void SaveSessionsIfNeeded(); // !! wywalic do menagera sesji??
|
||||
|
|
|
@ -162,12 +162,14 @@ void Config::AssignValues(bool stdout_is_closed)
|
|||
use_ssl_static = Bool(L"use_ssl_static", false);
|
||||
use_ssl_common = Bool(L"use_ssl_common", false);
|
||||
use_ssl_only_for_logged_users = Bool(L"use_ssl_only_for_logged_users", true);
|
||||
use_ssl_redirect_code = Int(L"use_ssl_redirect_code", 303);
|
||||
|
||||
base_url = Text(L"base_url");
|
||||
base_url_static = Text(L"base_url_static");
|
||||
base_url_common = Text(L"base_url_common");
|
||||
|
||||
base_url_redirect = Bool(L"base_url_redirect");
|
||||
base_url_redirect = Bool(L"base_url_redirect", false);
|
||||
base_url_redirect_code = Int(L"base_url_redirect_code", 301);
|
||||
|
||||
NoLastSlash(base_url);
|
||||
NoLastSlash(base_url_static);
|
||||
|
|
|
@ -321,15 +321,17 @@ public:
|
|||
std::wstring url_ssl_proto;
|
||||
|
||||
// enables SSL
|
||||
// this is related to [doc_base_url] ezc function
|
||||
// it means this site should be accessed through SSL encrypted connection
|
||||
// default: false
|
||||
bool use_ssl;
|
||||
|
||||
// enables SSL with [doc_base_url_static]
|
||||
// enables SSL for static content
|
||||
// used mainly in templates, look at doc_base_url_static ezc function
|
||||
// default: false
|
||||
bool use_ssl_static;
|
||||
|
||||
// enables SSL with [doc_base_url_common]
|
||||
// enables SSL for common content
|
||||
// used mainly in templates, look at doc_base_url_common ezc function
|
||||
// default: false
|
||||
bool use_ssl_common;
|
||||
|
||||
|
@ -338,11 +340,24 @@ public:
|
|||
// default: true
|
||||
bool use_ssl_only_for_logged_users;
|
||||
|
||||
// when the HOST_HTTP environment variable doesn't point into 'base_url' (the part 'http://' and the last slash is removed)
|
||||
// the server will redirect into 'base_url' + 'REQUEST_URI'
|
||||
// if current connection is without SSL and should be made through SSL
|
||||
// or if is via SSL and should be done in plain text
|
||||
// then we make a redirect
|
||||
// default: 303
|
||||
int use_ssl_redirect_code;
|
||||
|
||||
// when the HOST_HTTP environment variable is not equal to 'base_url'
|
||||
// (the part 'http://' and the last slash is removed)
|
||||
// the server will redirect into base_url + 'REQUEST_URI'
|
||||
// it's useful when you want to redirect from 'mydomain.tld' into 'www.mydomain.tld' etc.
|
||||
// set this option to false if you have multiple subdomains
|
||||
// default: false
|
||||
bool base_url_redirect;
|
||||
|
||||
// the HTTP code used during the base redirect
|
||||
// default: 301
|
||||
int base_url_redirect_code;
|
||||
|
||||
// the main address of the site (e.g. www.someserver.com)
|
||||
// (without http:// prefix)
|
||||
std::wstring base_url;
|
||||
|
|
Loading…
Reference in New Issue