ws_thread add fw_allow client from auth server side

Signed-off-by: staylightblow8 <[email protected]>
liudf0716 · Feb 23, 2024 · a854f02 · a854f02
1 parent 69b04e6
commit a854f02
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 5 deletions.
diff --git a/src/conf.h b/src/conf.h
@@ -72,7 +72,7 @@
 #define DEFAULT_AUTHSERVMSGPATHFRAGMENT 	"gw_message?"
 #define DEFAULT_AUTHSERVPINGPATHFRAGMENT 	"ping/?"
 #define DEFAULT_AUTHSERVAUTHPATHFRAGMENT 	"auth/?"
-#define	DEFAULT_AUTHSERVWSPATHFRAGMENT		"apfree-ws"
+#define	DEFAULT_AUTHSERVWSPATHFRAGMENT		"/ws/wifidogx"
 /** Note that DEFAULT_AUTHSERVSSLNOPEERVER must be 0 or 1, even if the config file syntax is yes or no */
 #define DEFAULT_AUTHSERVSSLPEERVER 1    /* 0 means: Enable peer verification */
 #define DEFAULT_DELTATRAFFIC 0    /* 0 means: Enable peer verification */

diff --git a/src/ws_thread.c b/src/ws_thread.c
@@ -23,6 +23,8 @@
 #include "ws_thread.h"
 #include "debug.h"
 #include "conf.h"
+#include "firewall.h"
+#include "client_list.h"
 
 #define MAX_OUTPUT (512*1024)
 #define htonll(x) ((1==htonl(1)) ? (x) : ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32))
@@ -34,6 +36,49 @@ static char *fixed_key = "dGhlIHNhbXBsZSBub25jZQ==";
 static char *fixed_accept = "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=";
 static bool upgraded = false;
 
+static void
+process_ws_msg(const char *msg)
+{
+	debug(LOG_DEBUG, "process_ws_msg %s\n", msg);
+	// parse json data, the msg is json data and like this
+	// {"type":"auth", "token":"xxxxx", "client_ip":"ip address", "client_mac":"mac address"}
+	json_object *jobj = json_tokener_parse(msg);
+	if(jobj == NULL){
+		debug(LOG_ERR, "parse json data failed\n");
+		return;
+	}
+
+	json_object *type = json_object_object_get(jobj, "type");
+	if(type == NULL){
+		debug(LOG_ERR, "parse json data failed\n");
+		json_object_put(jobj);
+		return;
+	}
+
+	const char *type_str = json_object_get_string(type);
+	if (strcmp(type_str, "auth") == 0) {
+		json_object *token = json_object_object_get(jobj, "token");
+		json_object *client_ip = json_object_object_get(jobj, "client_ip");
+		json_object *client_mac = json_object_object_get(jobj, "client_mac");
+		if(token == NULL || client_ip == NULL || client_mac == NULL){
+			debug(LOG_ERR, "parse json data failed\n");
+			json_object_put(jobj);
+			return;
+		}
+		const char *token_str = json_object_get_string(token);
+		const char *client_ip_str = json_object_get_string(client_ip);
+		const char *client_mac_str = json_object_get_string(client_mac);
+		debug(LOG_DEBUG, "fw_allow client: token %s, client_ip %s, client_mac %s\n", token_str, client_ip_str, client_mac_str);
+		// permit the client in firewall
+		t_client *client = client_list_add(client_ip_str, client_mac_str, token_str);
+		fw_allow(client, FW_MARK_KNOWN);
+	} else {
+		debug(LOG_ERR, "unknown type %s\n", type_str);
+	}
+
+	json_object_put(jobj);
+}
+
 
 static void 
 ws_send(struct evbuffer *buf, const char *msg, const size_t len)
@@ -117,14 +162,15 @@ ws_receive(struct evbuffer *buf, struct evbuffer *output){
 
 
 	const unsigned char* mask_key = data + header_len - 4;
-	debug(LOG_DEBUG, "ws receive data_len %d mask %d head_len %d payload_len\n", 
-		data_len, mask, header_len, payload_len);
+	debug(LOG_DEBUG, "ws receive opcode %d data_len %d mask %d head_len %d payload_len %d\n", 
+		opcode, data_len, mask, header_len, payload_len);
 	for(int i = 0; mask && i < payload_len; i++)
 		data[header_len + i] ^= mask_key[i%4];
 
 
 	if(opcode == 0x01) {
-        // TODO: 
+        const char *msg = (const char *)(data + header_len);
+		process_ws_msg(msg);
     }
 
 	evbuffer_drain(buf, header_len + payload_len);
@@ -138,7 +184,9 @@ ws_request(struct bufferevent* b_ws)
 {
 	struct evbuffer *out = bufferevent_get_output(b_ws);
     t_auth_serv *auth_server = get_auth_server();
-	evbuffer_add_printf(out, "GET %s/%s HTTP/1.1\r\n", auth_server->authserv_path, auth_server->authserv_ws_script_path_fragment);
+	debug (LOG_DEBUG, "ws_request :  is %s\n", 
+		auth_server->authserv_ws_script_path_fragment);
+	evbuffer_add_printf(out, "GET %s HTTP/1.1\r\n", auth_server->authserv_ws_script_path_fragment);
     if (!auth_server->authserv_use_ssl) {
 	    evbuffer_add_printf(out, "Host:%s:%d\r\n",auth_server->authserv_hostname, auth_server->authserv_http_port);
 	} else {
@@ -176,6 +224,13 @@ ws_read_cb(struct bufferevent *b_ws, void *ctx)
         }
 
         upgraded = true;
+
+		// create json data
+		char jdata[128] = {0};
+		snprintf(jdata, 128, "{\"type\":\"connect\",\"gwID\":\"%s\"}", 
+			config_get_config()->gw_id);
+		ws_send(bufferevent_get_output(b_ws), jdata, strlen(jdata));
+		debug(LOG_DEBUG, "send connect data %s\n", jdata);
     } else {
 		ws_receive(input, bufferevent_get_output(b_ws));
 	}