Merge #8788: [RPC] Give RPC commands more information about the RPC request

e7156ad [RPC] pass HTTP basic authentication username to the JSONRequest object (Jonas Schnelli) 69d1c25 [RPC] Give RPC commands more information about the RPC request (Jonas Schnelli) 23c32a9 rpc: Change JSONRPCRequest to JSONRPCRequestObj (Wladimir J. van der Laan)
author: Wladimir J. van der Laan <[email protected]> 2016-10-19 15:01:33 +0200
committer: Wladimir J. van der Laan <[email protected]> 2016-10-19 15:15:49 +0200
commit: 97c7f7362f9b59247753d6e8fa8022a6205f9c09 (patch)
tree: 19dcb95789fea3e6d168a7b2e1ecb7d66a5e006f /src/httprpc.cpp
parent: Merge #8972: [Qt] make warnings label selectable (jonasschnelli) (diff)
parent: [RPC] pass HTTP basic authentication username to the JSONRequest object (diff)
download: discoin-97c7f7362f9b59247753d6e8fa8022a6205f9c09.tar.xz
discoin-97c7f7362f9b59247753d6e8fa8022a6205f9c09.zip
1 files changed, 11 insertions, 5 deletions
diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 6a6c5276c..e35acb6cd 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass)
     return false;
 }
 
-static bool RPCAuthorized(const std::string& strAuth)
+static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
 {
     if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
         return false;
@@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth)
     std::string strUserPass64 = strAuth.substr(6);
     boost::trim(strUserPass64);
     std::string strUserPass = DecodeBase64(strUserPass64);
-    
+
+    if (strUserPass.find(":") != std::string::npos)
+        strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":"));
+
     //Check if authorized under single-user field
     if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
         return true;
@@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
         return false;
     }
 
-    if (!RPCAuthorized(authHeader.second)) {
+    JSONRPCRequest jreq;
+    if (!RPCAuthorized(authHeader.second, jreq.authUser)) {
         LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
 
         /* Deter brute-forcing
@@ -172,19 +176,21 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
         return false;
     }
 
-    JSONRequest jreq;
     try {
         // Parse request
         UniValue valRequest;
         if (!valRequest.read(req->ReadBody()))
             throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");
 
+        // Set the URI
+        jreq.URI = req->GetURI();
+
         std::string strReply;
         // singleton request
         if (valRequest.isObject()) {
             jreq.parse(valRequest);
 
-            UniValue result = tableRPC.execute(jreq.strMethod, jreq.params);
+            UniValue result = tableRPC.execute(jreq);
 
             // Send reply
             strReply = JSONRPCReply(result, NullUniValue, jreq.id);
author	Wladimir J. van der Laan <[email protected]>	2016-10-19 15:01:33 +0200
committer	Wladimir J. van der Laan <[email protected]>	2016-10-19 15:15:49 +0200
commit	97c7f7362f9b59247753d6e8fa8022a6205f9c09 (patch)
tree	19dcb95789fea3e6d168a7b2e1ecb7d66a5e006f /src/httprpc.cpp
parent	Merge #8972: [Qt] make warnings label selectable (jonasschnelli) (diff)
parent	[RPC] pass HTTP basic authentication username to the JSONRequest object (diff)
download	discoin-97c7f7362f9b59247753d6e8fa8022a6205f9c09.tar.xz discoin-97c7f7362f9b59247753d6e8fa8022a6205f9c09.zip