Add support for websocket authentication via basic auth

The token should be used as username and the password left empty
2026-02-12 18:59:06 +01:00 · 2018-09-19 14:12:13 -03:00
parent 85fcb34997
commit b089a204d3
1 changed files with 20 additions and 2 deletions
--- a/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt
+++ b/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt
@@ -4,10 +4,13 @@ import io.javalin.Javalin
 import io.javalin.JavalinEvent.SERVER_START_FAILED
 import io.javalin.JavalinEvent.SERVER_STOPPED
 import io.javalin.apibuilder.ApiBuilder.*
+import io.javalin.core.util.ContextUtil
+import io.javalin.core.util.Header
 import org.briarproject.briar.headless.blogs.BlogController
 import org.briarproject.briar.headless.forums.ForumController
 import org.briarproject.briar.headless.messaging.MessagingController
 import java.lang.Runtime.getRuntime
+import java.util.logging.Logger
 import javax.annotation.concurrent.Immutable
 import javax.inject.Inject
 import javax.inject.Singleton
@@ -25,6 +28,8 @@ constructor(
    private val blogController: BlogController
 ) {

+    private val logger: Logger = Logger.getLogger(this.javaClass.name)
+
    fun start(authToken: String, port: Int, debug: Boolean) {
        briarService.start()
        getRuntime().addShutdownHook(Thread(Runnable { briarService.stop() }))
@@ -68,8 +73,21 @@ constructor(
            }
        }
        app.ws("/v1/ws") { ws ->
-            ws.onConnect { session -> webSocketController.sessions.add(session) }
-            ws.onClose { session, _, _ -> webSocketController.sessions.remove(session) }
+            ws.onConnect { session ->
+                val authHeader = session.header(Header.AUTHORIZATION)
+                val token = ContextUtil.getBasicAuthCredentials(authHeader)?.username
+                if (authToken == token) {
+                    logger.info("Adding websocket session with ${session.remoteAddress}")
+                    webSocketController.sessions.add(session)
+                } else {
+                    logger.info("Closing websocket connection with ${session.remoteAddress}")
+                    session.close(1008, "Invalid Authentication Token")
+                }
+            }
+            ws.onClose { session, _, _ ->
+                logger.info("Removing websocket connection with ${session.remoteAddress}")
+                webSocketController.sessions.remove(session)
+            }
        }
    }