| 126 | } |
| 127 | |
| 128 | static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) |
| 129 | { |
| 130 | if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called |
| 131 | return false; |
| 132 | if (strAuth.substr(0, 6) != "Basic ") |
| 133 | return false; |
| 134 | std::string strUserPass64 = TrimString(strAuth.substr(6)); |
| 135 | std::string strUserPass = DecodeBase64(strUserPass64); |
| 136 | |
| 137 | if (strUserPass.find(':') != std::string::npos) |
| 138 | strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':')); |
| 139 | |
| 140 | //Check if authorized under single-user field |
| 141 | if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { |
| 142 | return true; |
| 143 | } |
| 144 | return multiUserAuthorized(strUserPass); |
| 145 | } |
| 146 | |
| 147 | static bool HTTPReq_JSONRPC(const std::any& context, HTTPRequest* req) |
| 148 | { |
no test coverage detected