ghostter
/
portal_user
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ajout sessions

This commit is contained in:
kitoy 2022-02-17 07:14:05 +01:00
parent 4d8cb8d5c1
commit 7c2d1a82ca
11 changed files with 493 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md
View File

5
assets/private_test.html Normal file
View File

@ -0,0 +1,5 @@
<html>
<body>
<h1> BRAVO </h1>
</body>
</html>

16
conf/sqlite3.conf
View File

@ -1,11 +1,11 @@
# portal_user configuration
server notls {
bind 192.168.1.6 8888
bind 127.0.0.1 8888
tls no
}
load ./sqlite3.so
load ./sqlite3.so init
http_body_max 1024000000
http_body_disk_offload 1024000
@ -15,7 +15,18 @@ workers 1
validator v_login regex ^[-_.a-zA-Z0-9]*$
validator v_password function v_password_func
validator v_session function v_session_validate
pledge wpath cpath flock
authentication auth_example {
authentication_type cookie
authentication_value session_id
authentication_validator v_session
authentication_uri /
}
domain * {
attach notls
@ -27,6 +38,7 @@ domain * {
route /css/style.css asset_serve_style_css
route /js/theme-switcher.js asset_serve_theme_switcher_js
route /signup create_user
route /portal/bienvenue asset_serve_private_test_html auth_example
params post / {
validate login v_login

BIN
kore.core
View File

Binary file not shown.

84
kore_access.log
View File

@ -404,19 +404,71 @@
192.168.1.100 - - [14/Feb/2022:20:32:58 +0700] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [14/Feb/2022:20:32:58 +0700] "GET /css/style.css HTTP/1.1" 200 67719 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [14/Feb/2022:20:32:58 +0700] "GET /js/theme-switcher.js HTTP/1.1" 200 807 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:08:53 +0700] "GET / HTTP/1.1" 200 1640 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:09:02 +0700] "POST / HTTP/1.1" 200 1656 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:09:02 +0700] "GET /css/style.css HTTP/1.1" 304 0 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:09:02 +0700] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:13:50 +0700] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:13:50 +0700] "GET /css/style.css HTTP/1.1" 304 0 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:13:50 +0700] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:42 +0700] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:42 +0700] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:42 +0700] "GET /css/style.css HTTP/1.1" 200 67719 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:53 +0700] "POST /signup HTTP/1.1" 200 1661 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:53 +0700] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:23:53 +0700] "GET /css/style.css HTTP/1.1" 304 0 "http://192.168.1.6:8888/signup" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:27:14 +0700] "POST / HTTP/1.1" 200 1656 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:27:14 +0700] "GET /css/style.css HTTP/1.1" 304 0 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.100 - - [15/Feb/2022:11:27:14 +0700] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://192.168.1.6:8888/" "Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"
127.0.0.1 - - [15/Feb/2022:05:03:33 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:03:33 +0100] "GET /css/style.css HTTP/1.1" 200 67719 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:03:33 +0100] "GET /js/theme-switcher.js HTTP/1.1" 200 807 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:03:44 +0100] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:03:44 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:03:44 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"
127.0.0.1 - - [15/Feb/2022:05:42:53 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:42:53 +0100] "GET /css/style.css HTTP/1.1" 200 67719 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:42:53 +0100] "GET /js/theme-switcher.js HTTP/1.1" 200 807 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:42:58 +0100] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:42:58 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:42:58 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:43:12 +0100] "POST /signup HTTP/1.1" 200 1661 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:43:12 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:43:12 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:13 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:13 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:13 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:23 +0100] "POST / HTTP/1.1" 200 1656 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:23 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:44:23 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:47:29 +0100] "POST / HTTP/1.1" 200 1660 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:47:29 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:05:47:29 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:42:55 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:42:55 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:42:55 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:45:35 +0100] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:45:35 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [15/Feb/2022:07:45:35 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:15:22 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:15:22 +0100] "GET /css/style.css HTTP/1.1" 200 67719 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:15:22 +0100] "GET /js/theme-switcher.js HTTP/1.1" 200 807 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:12 +0100] "GET /portal/bienvenue HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:12 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:12 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:12 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:19 +0100] "POST / HTTP/1.1" 0 25 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:16:19 +0100] "POST / HTTP/1.1" 0 25 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:27:41 +0100] "GET /signup HTTP/1.1" 200 1660 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:27:41 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:27:41 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:27:56 +0100] "POST /signup HTTP/1.1" 0 25 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:28:00 +0100] "POST /signup HTTP/1.1" 0 25 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:30:08 +0100] "POST /signup HTTP/1.1" 0 25 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:30:12 +0100] "POST /signup HTTP/1.1" 0 25 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:47:55 +0100] "POST /signup HTTP/1.1" 200 1661 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:47:55 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:47:55 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/signup" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:48:01 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:48:01 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:48:01 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:53:27 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:53:27 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:53:27 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:54:36 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:54:36 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:54:36 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:58:47 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:58:47 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:05:58:47 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:23 +0100] "GET / HTTP/1.1" 200 1640 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:23 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:23 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:33 +0100] "POST / HTTP/1.1" 200 1656 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:33 +0100] "GET /css/style.css HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:33 +0100] "GET /js/theme-switcher.js HTTP/1.1" 304 0 "http://127.0.0.1:8888/" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"
127.0.0.1 - - [17/Feb/2022:06:17:51 +0100] "GET /portal/bienvenue HTTP/1.1" 200 63 "-" "Mozilla/5.0 (X11; OpenBSD amd64; rv:95.0) Gecko/20100101 Firefox/95.0"

BIN
ktrace.out
View File

Binary file not shown.

221
src/sessions.h Normal file
View File

@ -0,0 +1,221 @@
#include <stdlib.h>
#include <stdio.h>
#include <limits.h>
#include <string.h>
#include <time.h>
struct session_s {
char *session_id;
char *user;
struct session_s *next;
};
typedef struct session_s session_t;
struct hashtable_s {
int size;
struct session_s **table;
};
typedef struct hashtable_s hashtable_t;
static hashtable_t *ht_create( int size );
static int ht_hash( hashtable_t *hashtable, char *session_id );
static session_t *ht_newpair( char *session_id, char *user );
static char *ht_get( hashtable_t *hashtable, char *session_id );
static void ht_set( hashtable_t *hashtable, char *session_id, char *user );
static void ht_delete (hashtable_t *hashtable, char *key);
static char *gen_session_id(int len);
static char *set_cookie_header( const char *champ, const char separator,
const char *session_id);
/* Create a new hashtable. */
hashtable_t *ht_create( int size ) {
hashtable_t *hashtable = NULL;
int i;
if( size < 1 ) return NULL;
/* Allocate the table itself. */
if( ( hashtable = malloc( sizeof( hashtable_t ) ) ) == NULL ) {
return NULL;
}
/* Allocate pointers to the head nodes. */
if( ( hashtable->table = malloc( sizeof( session_t * ) * size ) ) == NULL ) {
return NULL;
}
for( i = 0; i < size; i++ ) {
hashtable->table[i] = NULL;
}
hashtable->size = size;
return hashtable;
}
/* Hash a string for a particular hash table. */
int ht_hash( hashtable_t *hashtable, char *session_id ) {
unsigned long int hashval = 0;
int i = 0;
/* Convert our string to an integer */
while( hashval < ULONG_MAX && i < strlen( session_id ) ) {
hashval = hashval << 8;
hashval += session_id[ i ];
i++;
}
return hashval % hashtable->size;
}
/* Create a key-value pair. */
session_t *ht_newpair( char *session_id, char *user ) {
session_t *newpair;
if( ( newpair = malloc( sizeof( session_t ) ) ) == NULL ) {
return NULL;
}
if( ( newpair->session_id = strdup( session_id ) ) == NULL ) {
return NULL;
}
if( ( newpair->user = strdup( user ) ) == NULL ) {
return NULL;
}
newpair->next = NULL;
return newpair;
}
/* Insert a key-value pair into a hash table. */
static void ht_set( hashtable_t *hashtable, char *session_id, char *user ) {
int bin = 0;
session_t *newpair = NULL;
session_t *next = NULL;
session_t *last = NULL;
bin = ht_hash( hashtable, session_id );
next = hashtable->table[ bin ];
while( next != NULL && next->session_id != NULL && strcmp( session_id, next->session_id ) > 0 ) {
last = next;
next = next->next;
}
/* There's already a pair. Let's replace that string. */
if( next != NULL && next->session_id != NULL && strcmp( session_id, next->session_id ) == 0 ) {
free( next->user );
next->user = strdup( user );
/* Nope, could't find it. Time to grow a pair. */
} else {
newpair = ht_newpair( session_id, user );
/* We're at the start of the linked list in this bin. */
if( next == hashtable->table[ bin ] ) {
newpair->next = next;
hashtable->table[ bin ] = newpair;
/* We're at the end of the linked list in this bin. */
} else if ( next == NULL ) {
last->next = newpair;
/* We're in the middle of the list. */
} else {
newpair->next = next;
last->next = newpair;
}
}
}
/* Retrieve a key-value pair from a hash table. */
static char *ht_get( hashtable_t *hashtable, char *session_id ) {
int bin = 0;
session_t *pair;
bin = ht_hash( hashtable, session_id );
/* Step through the bin, looking for our value. */
pair = hashtable->table[ bin ];
while( pair != NULL && pair->session_id != NULL && strcmp( session_id, pair->session_id ) > 0 ) {
pair = pair->next;
}
/* Did we actually find anything? */
if( pair == NULL || pair->session_id == NULL || strcmp( session_id, pair->session_id ) != 0 ) {
return NULL;
} else {
return pair->user;
}
}
void ht_delete (hashtable_t *hashtable, char *key){
int bin = 0;
session_t *pair;
session_t *prec;
bin = ht_hash( hashtable, key );
/* Step through the bin, looking for our value. */
pair = hashtable->table[ bin ];
while( pair != NULL && pair->session_id != NULL && strcmp( key, pair->session_id ) > 0 ) {
prec = pair;
pair = pair->next;
}
/* Did we actually find anything? */
if( pair != NULL || pair->session_id != NULL || strcmp( key, pair->session_id ) == 0 ) {
free(pair->session_id);
free(pair->user);
}
}
char *gen_session_id(int len){
int index = 0;
char session_id[len];
char char1[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/,.-+=~`<>:";
int c_tmp = 0;
char *res;
srand((unsigned int)(time(NULL)));
for(index = 0; index < len; index++)
{
c_tmp = rand() % sizeof(char1) - 1;
session_id[index] = char1[c_tmp];
}
res = strdup(session_id);
return res;
}
char *set_cookie_header( const char *champ, const char separator,
const char *session_id) {
int lch, lse;
int ls = 0;
char *result;
lch = strlen(champ);
lse = strlen(session_id);
if (separator)
ls = 1;
if ( (result = calloc(lch + ls + lse + 1, sizeof *result)) == NULL )
return NULL;
memcpy (result, champ, lch);
if (separator)
result[lch] = separator;
memcpy (result + lch + ls, session_id, lse + 1 );
return result;
}

323
src/sqlite3.c
View File

@ -5,36 +5,55 @@
#include <unistd.h>
#include <sqlite3.h>
#include "assets.h"
#include "sessions.h"
#include <pwd.h>
#if defined(__linux__)
#include <kore/seccomp.h>
#include <crypt.h>
KORE_SECCOMP_FILTER("sqlite3",
KORE_SYSCALL_ALLOW(newfstatat),
KORE_SYSCALL_ALLOW(pread64),
KORE_SYSCALL_ALLOW(pwrite64),
KORE_SYSCALL_ALLOW(fdatasync),
KORE_SYSCALL_ALLOW_ARG(write, 0, STDOUT_FILENO)
);
KORE_SYSCALL_ALLOW(newfstatat),
KORE_SYSCALL_ALLOW(pread64),
KORE_SYSCALL_ALLOW(pwrite64),
KORE_SYSCALL_ALLOW(fdatasync),
KORE_SYSCALL_ALLOW_ARG(write, 0, STDOUT_FILENO)
);
#endif
int init(int state);
int portal_user_load(struct http_request *);
int v_password_func(struct http_request *, char *);
int create_user(struct http_request *);
int v_session_validate(struct http_request *, char *);
hashtable_t *hashtable = NULL;
int init(int state){
hashtable = ht_create( 65536 );
if( hashtable == NULL )
kore_log(LOG_ERR, "Can't create hastable sessions");
return (KORE_RESULT_ERROR);
return (KORE_RESULT_OK);
}
int create_user(struct http_request *req)
{
struct kore_buf *b;
u_int8_t *d;
size_t len;
char *salt, *cryptpwd;
char *err_msg = 0;
char *user,*pwd,name[10];
sqlite3_stmt *res;
sqlite3 *db;
struct kore_buf *b = NULL;
u_int8_t *d = NULL;
size_t len = 0;
char *salt = NULL, *cryptpwd = NULL;
char *err_msg = NULL;
char *user = NULL, *pwd = NULL, name[10];
sqlite3_stmt *res = NULL;
sqlite3 *db = NULL;
if (req->method == HTTP_METHOD_GET)
http_populate_get(req);
@ -46,7 +65,7 @@ int create_user(struct http_request *req)
if (req->method == HTTP_METHOD_GET) {
kore_buf_replace_string(b, "$msg$", "Toto", 4);
kore_buf_replace_string(b, "$msg$", "GO", 4);
http_response_header(req, "content-type", "text/html");
d = kore_buf_release(b, &len);
@ -56,83 +75,88 @@ int create_user(struct http_request *req)
return (KORE_RESULT_OK);
}
if (req->method == HTTP_METHOD_POST)
if (req->method == HTTP_METHOD_POST)
{
int rc = sqlite3_open("test.db", &db);
if (rc != SQLITE_OK) {
kore_log(LOG_ERR, "Cannot open database: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
return (KORE_RESULT_ERROR);
}
//salt = crypt_gensalt("$2b$", 15, NULL, 0); //-> linux
salt = bcrypt_gensalt(15); //-> openbsd
if (salt == NULL) {
kore_log(LOG_ERR, "crypt_gensalt");
exit(EXIT_FAILURE);
}
kore_log(LOG_NOTICE, "bcrypt_salt réussi");
(void)snprintf(name, sizeof(name), "login");
http_argument_get_string(req, name, &user);
(void)snprintf(name, sizeof(name), "password");
http_argument_get_string(req, name, &pwd);
cryptpwd = crypt(pwd, salt);
if (cryptpwd == NULL) {
kore_log(LOG_PERROR, "Can't encrypt password");
exit(EXIT_FAILURE);
}
int rc = sqlite3_open("test.db", &db);
kore_log(LOG_NOTICE, "Encrypted called %s", cryptpwd );
char *sql = "INSERT INTO users VALUES(?,?);";
if (rc != SQLITE_OK) {
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
if (rc == SQLITE_OK)
{
sqlite3_bind_text(res, 1, user, -1, NULL);
sqlite3_bind_text(res, 2, cryptpwd, -1, NULL);
}
else {
kore_log(LOG_ERR, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
}
return 1;
}
//salt = crypt_gensalt("$2b$", 15, NULL, 0); //-> linux
salt = bcrypt_gensalt(15); //-> openbsd
sqlite3_step(res);
if (rc != SQLITE_OK ) {
kore_log(LOG_ERR, "SQL error: %s\n", err_msg);
sqlite3_finalize(res);
sqlite3_free(err_msg);
sqlite3_close(db);
return (KORE_RESULT_ERROR);
}
if (salt == NULL) {
perror("crypt_gensalt");
exit(EXIT_FAILURE);
}
sqlite3_close(db);
http_response_header(req, "content-type", "text/html");
d = kore_buf_release(b, &len);
http_response(req, 200, d, len);
kore_free(d);
(void)snprintf(name, sizeof(name), "login");
http_argument_get_string(req, name, &user);
(void)snprintf(name, sizeof(name), "password");
http_argument_get_string(req, name, &pwd);
cryptpwd = crypt(pwd, salt);
if (cryptpwd == NULL) {
perror("crypt_gensalt");
exit(EXIT_FAILURE);
}
printf("Encrypted: %s\n", cryptpwd);
char *sql ="INSERT INTO users VALUES(?,?);";
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
if (rc == SQLITE_OK) {
sqlite3_bind_text(res, 1, user, -1, NULL);
sqlite3_bind_text(res, 2, cryptpwd, -1, NULL);
}else {
fprintf(stderr, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
}
sqlite3_step(res);
if (rc != SQLITE_OK ) {
fprintf(stderr, "SQL error: %s\n", err_msg);
sqlite3_finalize(res);
sqlite3_free(err_msg);
sqlite3_close(db);
return 1;
}
sqlite3_close(db);
http_response_header(req, "content-type", "text/html");
d = kore_buf_release(b, &len);
http_response(req, 200, d, len);
kore_free(d);
return (KORE_RESULT_OK);
return (KORE_RESULT_OK);
}
return (KORE_RESULT_ERROR);
}
int portal_user_load(struct http_request *req)
{
struct kore_buf *b;
u_int8_t *d;
size_t len;
char *login,*pwd, name[10];
struct kore_buf *b = NULL;
u_int8_t *d = NULL;
size_t len = 0;
char *login = NULL, *pwd = NULL, name[10];
char *err_msg = 0;
char salt[29], *cryptpwd;
int rc;
sqlite3_stmt *res;
sqlite3 *db;
char salt[29], *cryptpwd = NULL;
int rc = 0;
sqlite3_stmt *res= NULL;
sqlite3 *db = NULL;
char *cookie = NULL;
char *session_id = NULL;
if (req->method == HTTP_METHOD_GET)
http_populate_get(req);
@ -145,7 +169,7 @@ int portal_user_load(struct http_request *req)
if (req->method == HTTP_METHOD_GET) {
kore_buf_replace_string(b, "$login$", NULL, 0);
kore_buf_replace_string(b, "$password$", NULL, 0);
kore_buf_replace_string(b, "$msg$", "Toto", 4);
kore_buf_replace_string(b, "$msg$", "Toto", 4);
http_response_header(req, "content-type", "text/html");
d = kore_buf_release(b, &len);
@ -155,74 +179,86 @@ int portal_user_load(struct http_request *req)
return (KORE_RESULT_OK);
}
if (req->method == HTTP_METHOD_POST)
if (req->method == HTTP_METHOD_POST)
{
rc = sqlite3_open("test.db", &db);
if (rc != SQLITE_OK)
{
fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
return 1;
}
rc = sqlite3_open("test.db", &db);
char *sql = "SELECT email_address, password FROM users WHERE email_address = ?";
if (rc != SQLITE_OK)
{
kore_log(LOG_ERR, "Cannot open database: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
return (KORE_RESULT_ERROR);
}
if (rc == SQLITE_OK)
{
(void)snprintf(name, sizeof(name), "login");
http_argument_get_string(req, name, &login);
sqlite3_bind_text(res, 1, login , -1, NULL);
}
else
{
fprintf(stderr, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
}
char *sql = "SELECT email_address, password FROM users WHERE email_address = ?";
sqlite3_step(res);
if (rc != SQLITE_OK ) {
fprintf(stderr, "SQL error: %s\n", err_msg);
sqlite3_finalize(res);
sqlite3_free(err_msg);
sqlite3_close(db);
return 1;
}
(void)snprintf(name, sizeof(name), "password");
http_argument_get_string(req, name, &pwd);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
strncpy (salt,(const char *)sqlite3_column_text(res, 1),29);
if (rc == SQLITE_OK)
{
(void)snprintf(name, sizeof(name), "login");
http_argument_get_string(req, name, &login);
sqlite3_bind_text(res, 1, login , -1, NULL);
}
else
{
kore_log(LOG_ERR, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
}
sqlite3_step(res);
if (rc != SQLITE_OK ) {
kore_log(LOG_ERR, "SQL error: %s\n", err_msg);
sqlite3_finalize(res);
sqlite3_free(err_msg);
sqlite3_close(db);
return (KORE_RESULT_ERROR);
}
(void)snprintf(name, sizeof(name), "password");
http_argument_get_string(req, name, &pwd);
cryptpwd = crypt(pwd, salt);
if (cryptpwd == NULL) {
perror("crypt_gensalt");
exit(EXIT_FAILURE);
}
strncpy (salt,(const char *)sqlite3_column_text(res, 1),29);
if ( strcmp( (const char *)sqlite3_column_text(res, 1), cryptpwd) )
{
printf("mauvais mot de passe\n");
kore_buf_replace_string(b, "$msg$", "Erreur connection", 17);
}else
{
kore_buf_replace_string(b, "$msg$", "Connection ok", 13);
}
sqlite3_finalize(res);
sqlite3_close(db);
cryptpwd = crypt(pwd, salt);
if (cryptpwd == NULL) {
kore_log(LOG_PERROR, "Can't encrypt password");
exit(EXIT_FAILURE);
}
http_response_header(req, "content-type", "text/html");
d = kore_buf_release(b, &len);
http_response(req, 200, d, len);
kore_free(d);
return (KORE_RESULT_OK);
if ( strcmp( (const char *)sqlite3_column_text(res, 1), cryptpwd) )
{
printf("mauvais mot de passe\n");
kore_buf_replace_string(b, "$msg$", "Erreur de login ou mot de passe ", 17);
}
else
{
kore_log(LOG_NOTICE, "on va faire le set cookie");
session_id = gen_session_id(30);
ht_set(hashtable, session_id, login);
kore_log(LOG_NOTICE, "on a ajouté le sessions dans la hastable");
cookie = set_cookie_header("session_id", '=', session_id);
kore_log(LOG_NOTICE, "on a set le cookie dans les headers");
kore_buf_replace_string(b, "$msg$", "BRAVO !!!", 13);
free(session_id);
kore_log(LOG_NOTICE, "set cookie OK");
}
sqlite3_finalize(res);
sqlite3_close(db);
http_response_header(req, "content-type", "text/html");
if (cookie != NULL)
http_response_header(req, "set-cookie", cookie);
d = kore_buf_release(b, &len);
http_response(req, 200, d, len);
kore_free(d);
return (KORE_RESULT_OK);
}
return (KORE_RESULT_ERROR);
@ -233,9 +269,20 @@ int v_password_func(struct http_request *req, char *data)
{
kore_log(LOG_NOTICE, "v_password_func called %s", data);
if ( strlen(data) < 128 )
if ( strlen(data) < 128 )
return (KORE_RESULT_OK);
return (KORE_RESULT_ERROR);
return (KORE_RESULT_ERROR);
}
int
v_session_validate(struct http_request *req, char *data)
{
kore_log(LOG_NOTICE, "v_session_validate: %s", data);
if ( ht_get(hashtable, data) != NULL )
return (KORE_RESULT_OK);
return (KORE_RESULT_ERROR);
}

BIN
test.db
View File

Binary file not shown.

BIN
test.db.1
View File

Binary file not shown.

BIN
tt.db
View File

Binary file not shown.