added support for HTTP (Basic) authentication

diff --git a/helm/DEVEL/ocaml-http/http_daemon.mli b/helm/DEVEL/ocaml-http/http_daemon.mli
index 3cc176854560b8c38a5f9be638aae2dd2cf4be11..7f1e1bb46015e193a53a538186a1975f795b427d 100644 (file)
--- a/helm/DEVEL/ocaml-http/http_daemon.mli
+++ b/helm/DEVEL/ocaml-http/http_daemon.mli
@@ -86,6 +86,11 @@ val respond_redirect:
   out_channel ->
     unit
 
+  (** respond with a 401 (Unauthorized) response asking for authentication
+  * against given realm (default is the server name) *)
+val respond_unauthorized:
+  ?version: Http_types.version -> ?realm:string -> out_channel -> unit
+
   (** send an "error" response (i.e. 400 <= status < 600), optional body
   argument as per send_redirect, default response status is 400 (bad request),
   only error status are accepted by this function, other values will

diff --git a/helm/DEVEL/ocaml-http/http_request.ml b/helm/DEVEL/ocaml-http/http_request.ml
index 65cba9710d95a00e29fd5f4cea335c441c3f89d6..354546ea2f11b269b6806d3db58955967ab72199 100644 (file)
--- a/helm/DEVEL/ocaml-http/http_request.ml
+++ b/helm/DEVEL/ocaml-http/http_request.ml
@@ -31,6 +31,9 @@ let debug_dump_request path params =
       (String.concat ";"
         (List.map (fun (h,v) -> String.concat "=" [h;v]) params)))
 
+let auth_sep_RE = Pcre.regexp ":"
+let basic_auth_RE = Pcre.regexp "^Basic\\s+"
+
 exception Fallback;;  (* used internally by request class *)
 
 class request ic =
@@ -124,5 +127,17 @@ class request ic =
           sprintf "%s %s %s" method_string self#uri (string_of_version version)
       | None -> sprintf "%s %s" method_string self#uri
 
+    method authorization: auth_info option =
+      try
+        let credentials =
+          Netencoding.Base64.decode
+            (Pcre.replace ~rex:basic_auth_RE (self#header "authorization"))
+        in
+        debug_print ("HTTP Basic auth credentials: " ^ credentials);
+        (match Pcre.split ~rex:auth_sep_RE credentials with
+        | [username; password] -> Some (`Basic (username, password))
+        | l -> raise Exit)
+      with Header_not_found _ | Invalid_argument _ | Exit -> None
+
   end
 

diff --git a/helm/DEVEL/ocaml-http/http_types.ml b/helm/DEVEL/ocaml-http/http_types.ml
index 8840b22e9b3126b8fa5455cd5392b8eec14f2449..bbdd46a133bbcb0ba696eabd4d468b4b5a88d0d7 100644 (file)
--- a/helm/DEVEL/ocaml-http/http_types.ml
+++ b/helm/DEVEL/ocaml-http/http_types.ml
@@ -54,6 +54,12 @@ type tcp_server =
   (in_channel -> out_channel -> unit) ->
     unit
 
+  (** authentication information *)
+type auth_info =
+  [ `Basic of string * string (* username, password *)
+(*   | `Digest of ...  (* TODO digest authentication *) *)
+  ]
+
   (** informational HTTP status, see RFC2616 *)
 type informational_substatus =
   [ `Continue
@@ -187,10 +193,16 @@ exception Invalid_status_line of string
   (** an header you were looking for was not found *)
 exception Header_not_found of string
 
-  (** raisable by callback functions to make main daemon quit, this is the only
+  (** raisable by callbacks to make main daemon quit, this is the only
   'clean' way to make start functions return *)
 exception Quit
 
+  (** raisable by callbacks to force a 401 (unauthorized) HTTP answer.
+  * This exception should be raised _before_ sending any data over given out
+  * channel.
+  * @param realm authentication realm (usually needed to prompt user) *)
+exception Unauthorized of string
+
   (** {2 OO representation of HTTP messages} *)
 
   (** HTTP generic messages. See {! Http_message.message} *)
@@ -269,6 +281,9 @@ class type request = object
       (** @return the list of all parameter received via POST *)
     method params_POST: (string * string) list
 
+      (** @return authorization information, if given by the client *)
+    method authorization: auth_info option
+
   end
 
   (** HTTP responses *)