aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIvan Lisenkov <[email protected]>2013-01-30 00:30:05 +0400
committerIvan Lisenkov <[email protected]>2013-01-30 00:30:05 +0400
commit54c6d3fa3aada272839a431a45318d33dbc6b9e5 (patch)
treed702271731de3dff8e5af1863dc210280a5f961c
parentfd5a977a39ec99d0aa57a2864f91cca7af5c67d6 (diff)
downloadcowboy-54c6d3fa3aada272839a431a45318d33dbc6b9e5.tar.gz
cowboy-54c6d3fa3aada272839a431a45318d33dbc6b9e5.tar.bz2
cowboy-54c6d3fa3aada272839a431a45318d33dbc6b9e5.zip
Implement authorization header parsing
Basic HTTP authorization according to RFC 2617 is implemented. Added an example of its usage with REST handler.
-rw-r--r--examples/README.md3
-rw-r--r--examples/basic_auth/README.md44
-rw-r--r--examples/basic_auth/rebar.config4
-rw-r--r--examples/basic_auth/src/basic_auth.app.src15
-rw-r--r--examples/basic_auth/src/basic_auth.erl14
-rw-r--r--examples/basic_auth/src/basic_auth_app.erl25
-rw-r--r--examples/basic_auth/src/basic_auth_sup.erl23
-rw-r--r--examples/basic_auth/src/toppage_handler.erl32
-rwxr-xr-xexamples/basic_auth/start.sh4
-rw-r--r--src/cowboy_http.erl59
-rw-r--r--src/cowboy_req.erl5
11 files changed, 228 insertions, 0 deletions
diff --git a/examples/README.md b/examples/README.md
index d50ebc9..f2b0c64 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -1,6 +1,9 @@
Cowboy Examples
===============
+ * [basic_auth](./examples/basic_auth):
+ basic HTTP authorization with REST
+
* [chunked_hello_world](./examples/chunked_hello_world):
demonstrates chunked data transfer with two one-second delays
diff --git a/examples/basic_auth/README.md b/examples/basic_auth/README.md
new file mode 100644
index 0000000..74662cd
--- /dev/null
+++ b/examples/basic_auth/README.md
@@ -0,0 +1,44 @@
+Cowboy Basic Authorization Rest Hello World.
+============================================
+
+To compile this example you need rebar in your PATH.
+
+Type the following command:
+```
+$ rebar get-deps compile
+```
+
+You can then start the Erlang node with the following command:
+```
+./start.sh
+```
+
+Then run any given command or point your browser to the indicated URL.
+
+Examples
+--------
+
+### Get 401
+``` bash
+$ curl -i http://localhost:8080
+HTTP/1.1 401 Unauthorized
+connection: keep-alive
+server: Cowboy
+date: Sun, 20 Jan 2013 14:10:27 GMT
+content-length: 0
+www-authenticate: Restricted
+```
+
+### Get 200
+``` bash
+$ curl -i -u "Alladin:open sesame" http://localhost:8080
+HTTP/1.1 200 OK
+connection: keep-alive
+server: Cowboy
+date: Sun, 20 Jan 2013 14:11:12 GMT
+content-length: 16
+content-type: text/plain
+
+Hello, Alladin!
+```
+
diff --git a/examples/basic_auth/rebar.config b/examples/basic_auth/rebar.config
new file mode 100644
index 0000000..6ad3062
--- /dev/null
+++ b/examples/basic_auth/rebar.config
@@ -0,0 +1,4 @@
+{deps, [
+ {cowboy, ".*",
+ {git, "git://github.com/extend/cowboy.git", "master"}}
+]}.
diff --git a/examples/basic_auth/src/basic_auth.app.src b/examples/basic_auth/src/basic_auth.app.src
new file mode 100644
index 0000000..cbf4ea1
--- /dev/null
+++ b/examples/basic_auth/src/basic_auth.app.src
@@ -0,0 +1,15 @@
+%% Feel free to use, reuse and abuse the code in this file.
+
+{application, basic_auth, [
+ {description, "Cowboy Basic HTTP Authorization example."},
+ {vsn, "1"},
+ {modules, []},
+ {registered, []},
+ {applications, [
+ kernel,
+ stdlib,
+ cowboy
+ ]},
+ {mod, {basic_auth_app, []}},
+ {env, []}
+]}.
diff --git a/examples/basic_auth/src/basic_auth.erl b/examples/basic_auth/src/basic_auth.erl
new file mode 100644
index 0000000..9294c77
--- /dev/null
+++ b/examples/basic_auth/src/basic_auth.erl
@@ -0,0 +1,14 @@
+%% Feel free to use, reuse and abuse the code in this file.
+
+-module(basic_auth).
+
+%% API.
+-export([start/0]).
+
+%% API.
+
+start() ->
+ ok = application:start(crypto),
+ ok = application:start(ranch),
+ ok = application:start(cowboy),
+ ok = application:start(basic_auth).
diff --git a/examples/basic_auth/src/basic_auth_app.erl b/examples/basic_auth/src/basic_auth_app.erl
new file mode 100644
index 0000000..c60a574
--- /dev/null
+++ b/examples/basic_auth/src/basic_auth_app.erl
@@ -0,0 +1,25 @@
+%% Feel free to use, reuse and abuse the code in this file.
+
+%% @private
+-module(basic_auth_app).
+-behaviour(application).
+
+%% API.
+-export([start/2]).
+-export([stop/1]).
+
+%% API.
+
+start(_Type, _Args) ->
+ Dispatch = [
+ {'_', [
+ {[], toppage_handler, []}
+ ]}
+ ],
+ {ok, _} = cowboy:start_http(http, 100, [{port, 8080}], [
+ {env, [{dispatch, Dispatch}]}
+ ]),
+ basic_auth_sup:start_link().
+
+stop(_State) ->
+ ok.
diff --git a/examples/basic_auth/src/basic_auth_sup.erl b/examples/basic_auth/src/basic_auth_sup.erl
new file mode 100644
index 0000000..6219b5f
--- /dev/null
+++ b/examples/basic_auth/src/basic_auth_sup.erl
@@ -0,0 +1,23 @@
+%% Feel free to use, reuse and abuse the code in this file.
+
+%% @private
+-module(basic_auth_sup).
+-behaviour(supervisor).
+
+%% API.
+-export([start_link/0]).
+
+%% supervisor.
+-export([init/1]).
+
+%% API.
+
+-spec start_link() -> {ok, pid()}.
+start_link() ->
+ supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+%% supervisor.
+
+init([]) ->
+ Procs = [],
+ {ok, {{one_for_one, 10, 10}, Procs}}.
diff --git a/examples/basic_auth/src/toppage_handler.erl b/examples/basic_auth/src/toppage_handler.erl
new file mode 100644
index 0000000..94383d4
--- /dev/null
+++ b/examples/basic_auth/src/toppage_handler.erl
@@ -0,0 +1,32 @@
+%% Feel free to use, reuse and abuse the code in this file.
+
+%% @doc Basic authorization Hello world handler.
+-module(toppage_handler).
+
+-export([init/3]).
+-export([content_types_provided/2]).
+-export([is_authorized/2]).
+-export([hello_to_text/2]).
+
+init(_Transport, _Req, []) ->
+ {upgrade, protocol, cowboy_rest}.
+
+
+is_authorized(Req, S) ->
+ {ok, Auth, Req1} = cowboy_req:parse_header(<<"authorization">>, Req),
+ case Auth of
+ {<<"basic">>, {User = <<"Alladin">>, <<"open sesame">>}} ->
+ {true, Req1, User};
+ _ ->
+ {{false, <<"Restricted">>}, Req1, S}
+ end.
+
+content_types_provided(Req, State) ->
+ {[
+ {<<"text/plain">>, hello_to_text}
+ ], Req, State}.
+
+
+hello_to_text(Req, User) ->
+ {<< <<"Hello, ">>/binary, User/binary, <<"!\n">>/binary >>, Req, User}.
+
diff --git a/examples/basic_auth/start.sh b/examples/basic_auth/start.sh
new file mode 100755
index 0000000..9e8a30b
--- /dev/null
+++ b/examples/basic_auth/start.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+erl -pa ebin deps/*/ebin -s basic_auth \
+ -eval "io:format(\"Get 401: curl -i http://localhost:8080~n\")." \
+ -eval "io:format(\"Get 200: curl -i -u \\\"Alladin:open sesame\\\" http://localhost:8080~n\")."
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index 6f42ab9..67d3f70 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -36,6 +36,7 @@
-export([token/2]).
-export([token_ci/2]).
-export([quoted_string/2]).
+-export([authorization/2]).
%% Decoding.
-export([te_chunked/2]).
@@ -801,6 +802,52 @@ qvalue(<< C, Rest/binary >>, Fun, Q, M)
qvalue(Data, Fun, Q, _M) ->
Fun(Data, Q).
+%% @doc Parse user credentials.
+-spec authorization_basic_userid(binary(), fun()) -> any().
+authorization_basic_userid(Data, Fun) ->
+ authorization_basic_userid(Data, Fun, <<>>).
+
+authorization_basic_userid(<<>>, _Fun, _Acc) ->
+ {error, badarg};
+authorization_basic_userid(<<C, _Rest/binary>>, _Fun, Acc)
+ when C < 32; C =:= 127; (C =:=$: andalso Acc =:= <<>>) ->
+ {error, badarg};
+authorization_basic_userid(<<$:, Rest/binary>>, Fun, Acc) ->
+ Fun(Rest, Acc);
+authorization_basic_userid(<<C, Rest/binary>>, Fun, Acc) ->
+ authorization_basic_userid(Rest, Fun, <<Acc/binary, C>>).
+
+-spec authorization_basic_password(binary(), fun()) -> any().
+authorization_basic_password(Data, Fun) ->
+ authorization_basic_password(Data, Fun, <<>>).
+
+authorization_basic_password(<<>>, _Fun, <<>>) ->
+ {error, badarg};
+authorization_basic_password(<<C, _Rest/binary>>, _Fun, _Acc)
+ when C < 32; C=:= 127 ->
+ {error, badarg};
+authorization_basic_password(<<>>, Fun, Acc) ->
+ Fun(Acc);
+authorization_basic_password(<<C, Rest/binary>>, Fun, Acc) ->
+ authorization_basic_password(Rest, Fun, <<Acc/binary, C>>).
+
+%% @doc Parse authorization value according rfc 2617.
+%% Only Basic authorization is supported so far.
+-spec authorization(binary(), binary()) -> {binary(), any()} | {error, badarg}.
+authorization(UserPass, Type = <<"basic">>) ->
+ cowboy_http:whitespace(UserPass,
+ fun(D) ->
+ authorization_basic_userid(base64:mime_decode(D),
+ fun(Rest, Userid) ->
+ authorization_basic_password(Rest,
+ fun(Password) ->
+ {Type, {Userid, Password}}
+ end)
+ end)
+ end);
+authorization(String, Type) ->
+ {Type, String}.
+
%% Decoding.
%% @doc Decode a stream of chunks.
@@ -1294,4 +1341,16 @@ urlencode_test_() ->
?_assertEqual(<<"%ff+">>, urlencode(<<255, " ">>))
].
+http_authorization_test_() ->
+ [?_assertEqual({<<"basic">>, {<<"Alladin">>, <<"open sesame">>}},
+ authorization(<<"QWxsYWRpbjpvcGVuIHNlc2FtZQ==">>, <<"basic">>)),
+ ?_assertEqual({error, badarg},
+ authorization(<<"dXNlcm5hbWUK">>, <<"basic">>)),
+ ?_assertEqual({error, badarg},
+ authorization(<<"_[]@#$%^&*()-AA==">>, <<"basic">>)),
+ ?_assertEqual({error, badarg},
+ authorization(<<"dXNlcjpwYXNzCA==">>, <<"basic">>)) %% user:pass\010
+ ].
+
+
-endif.
diff --git a/src/cowboy_req.erl b/src/cowboy_req.erl
index 4ae28e9..5cb7aa3 100644
--- a/src/cowboy_req.erl
+++ b/src/cowboy_req.erl
@@ -441,6 +441,11 @@ parse_header(Name, Req, Default) when Name =:= <<"accept-language">> ->
fun (Value) ->
cowboy_http:nonempty_list(Value, fun cowboy_http:language_range/2)
end);
+parse_header(Name, Req, Default) when Name =:= <<"authorization">> ->
+ parse_header(Name, Req, Default,
+ fun (Value) ->
+ cowboy_http:token_ci(Value, fun cowboy_http:authorization/2)
+ end);
parse_header(Name, Req, Default) when Name =:= <<"content-length">> ->
parse_header(Name, Req, Default, fun cowboy_http:digits/1);
parse_header(Name, Req, Default) when Name =:= <<"content-type">> ->