| 1374 | } |
| 1375 | |
| 1376 | bool VerifyHttpRequest(const InputMessageBase* msg) { |
| 1377 | Server* server = (Server*)msg->arg(); |
| 1378 | Socket* socket = msg->socket(); |
| 1379 | |
| 1380 | HttpContext* http_request = (HttpContext*)msg; |
| 1381 | const Authenticator* auth = server->options().auth; |
| 1382 | if (NULL == auth) { |
| 1383 | // Fast pass |
| 1384 | return true; |
| 1385 | } |
| 1386 | const Server::MethodProperty* mp = FindMethodPropertyByURI( |
| 1387 | http_request->header().uri().path(), server, NULL); |
| 1388 | if (mp != NULL && mp->is_builtin_service && |
| 1389 | mp->service->GetDescriptor() != BadMethodService::descriptor()) { |
| 1390 | // BuiltinService doesn't need authentication |
| 1391 | // TODO: Fix backdoor that sends BuiltinService at first |
| 1392 | // and then sends other requests without authentication |
| 1393 | return true; |
| 1394 | } |
| 1395 | |
| 1396 | const std::string *authorization |
| 1397 | = http_request->header().GetHeader(common->AUTHORIZATION); |
| 1398 | if (authorization == NULL) { |
| 1399 | SendUnauthorizedResponse(auth->GetUnauthorizedErrorText(), socket, msg); |
| 1400 | return false; |
| 1401 | } |
| 1402 | butil::EndPoint user_addr; |
| 1403 | if (!GetUserAddressFromHeader(http_request->header(), &user_addr)) { |
| 1404 | user_addr = socket->remote_side(); |
| 1405 | } |
| 1406 | if (auth->VerifyCredential(*authorization, user_addr, |
| 1407 | socket->mutable_auth_context()) != 0) { |
| 1408 | SendUnauthorizedResponse(auth->GetUnauthorizedErrorText(), socket, msg); |
| 1409 | return false; |
| 1410 | } |
| 1411 | |
| 1412 | return true; |
| 1413 | } |
| 1414 | |
| 1415 | |
| 1416 | // Defined in baidu_rpc_protocol.cpp |