entd: require a per-entd-invocation session id in every request

callback_server.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "entd/callback_server.h"
 
 #include <base/scoped_ptr.h>
 
 #include "entd/entd.h"
 
 namespace entd {
 
 using std::string;
 
+std::string CallbackServer::session_id_;
+
 namespace {
 // Max 1k request entity
 const int kMaxRequestSize = 1024;
 
 // libevent defines some of these but not all, so we define what we need here
 const int kHttpOk            = 200;
 const int kHttpBadRequest    = 400;
 const int kHttpNotFound      = 404;
 const int kHttpBadMethod     = 405;
 const int kHttpBadEntitySize = 413;
 const int kHttpBadMedia      = 415;
 const int kHttpServerError   = 500;
 
 const uint32_t kDefaultPort  = 5199;  // Atomic weight of Cr, sorta
 const uint32_t kMinPort      = 5000;
 const uint32_t kMaxPort      = 5999;
 
 // Incoming requests must have this content type
 const std::string kContentType = "application/json; charset=UTF-8";
 
-// Default value of request_header_value_
-const std::string kDefaultRequestHeaderValue = "magic";
-
 // Callback functions must have this prefix, so we can avoid dispatching
 // against default properties that aren't actually intended to be callbacks.
 const std::string kCallbackPrefix = "cb:";
 
 // Called by libevent when it accepts an http request.
 void dispatch_OnRequest(struct evhttp_request* request, void* data) {
   CallbackServer* cbs = reinterpret_cast<CallbackServer*>(data);
   cbs->SetBusy(true);
   cbs->OnRequest(request);
   cbs->SetBusy(false);
@@ skipping 53 matching lines @@
   if (cs->IsBusy()) {
     utils::ThrowV8Exception("Can't stop server while busy");
     return v8::Undefined();
   }
 
   cs->Stop();
 
   return v8::Undefined();
 }
 
-// Called by v8 when someone trys to read from callbackServer.requestHeaderValue
-v8::Handle<v8::Value> dispatch_GetRequestHeaderValue(
-    v8::Local<v8::String> name,
-    const v8::AccessorInfo& info) {
-  CallbackServer* cs = CallbackServer::Unwrap(info.Holder());
-  return v8::String::New(cs->request_header_value().c_str());
-}
-
-// Called by v8 when someone trys to assign to callbackServer.requestHeaderValue
-void dispatch_SetRequestHeaderValue(v8::Local<v8::String> name,
-                                    v8::Local<v8::Value> value,
-                                    const v8::AccessorInfo& info) {
-  CallbackServer* cs = CallbackServer::Unwrap(info.Holder());
-  cs->set_request_header_value(*v8::String::Utf8Value(value));
-}
-
 }  // namespace
 
 std::string CallbackServer::required_origin = "";
 
 CallbackServer::CallbackServer(Entd* entd)
     : busy_(false),
       entd_(entd),
-      request_header_value_(kDefaultRequestHeaderValue),
       evhttp_(NULL)
 {}
 
 CallbackServer::~CallbackServer() {
   CleanupTemplate();
   Stop();
 }
 
 // static
 void CallbackServer::SetTemplateBindings(
     v8::Handle<v8::ObjectTemplate> template_object) {
   template_object->Set(v8::String::NewSymbol("start"),
                        v8::FunctionTemplate::New(dispatch_Start));
   template_object->Set(v8::String::NewSymbol("stop"),
                        v8::FunctionTemplate::New(dispatch_Stop));
-  template_object->SetAccessor(v8::String::NewSymbol("requestHeaderValue"),
-                               dispatch_GetRequestHeaderValue,
-                               dispatch_SetRequestHeaderValue);
 }
 
 void CallbackServer::OnRequest(struct evhttp_request* request) {
   const char* uri = evhttp_request_uri(request);
 
   // It might be nicer (certainly more RESTful) if the function were part
   // of the URI, but that would be more parsing which might add to the
   // exploitability of this code.  Instead we only accept requests for
   // "/dispatch", and leave the parsing to v8's native JSON parser.
   if (strcmp("/dispatch", uri) != 0) {
@@ skipping 13 matching lines @@
   // Content type must be json.  We won't be doing any form parsing,
   // multipart or otherwise.
   const char* header = evhttp_find_header(request->input_headers,
                                           "Content-Type");
   if (!header || strcmp(kContentType.c_str(), header) != 0) {
     LOG(ERROR) << "Invalid Content-Type: " << header;
     evhttp_send_error(request, kHttpBadMedia, "Bad Content-Type");
     return;
   }
 
-  // This header must be present, since Chrome's XMLHttpRequest object
-  // won't let you set an unknown header for cross domain XHR.
-  header = evhttp_find_header(request->input_headers, "X-Entd-Request");
-  if (!header || strcmp(request_header_value_.c_str(), header) != 0) {
-    LOG(ERROR) << "Bad or missing X-Entd-Request header";
-    evhttp_send_error(request, kHttpBadRequest, "Bad X-Entd-Request header");
+  // Check the session ID.
+  header = evhttp_find_header(request->input_headers, "X-Entd-Session-Id");
+  if (!header || header != session_id_) {
+    LOG(ERROR) << "Bad or missing X-Entd-Session-Id header: " << header;
+    evhttp_send_error(request, kHttpBadRequest,
+                      "Bad or missing session id header");
     return;
   }
 
   if (!CallbackServer::required_origin.empty()) {
     header = evhttp_find_header(request->input_headers, "Origin");
     if (!header ||
         strcmp(CallbackServer::required_origin.c_str(), header) != 0) {
       LOG(ERROR) << "Bad or missing Origin header: " << header;
       evhttp_send_error(request, kHttpBadRequest,
                         "Bad or missing Origin header");
@@ skipping 143 matching lines @@
   evhttp_ = NULL;
   port_ = 0;
   callbacks_.Dispose();
 }
 
 bool CallbackServer::IsRunning() {
   return evhttp_ != NULL;
 }
 
 }  // namespace entd