blob: 46a25d4b4234ea8eca99a7cd3d46d3308e347742 [file] [log] [blame]
Ed Tanousd4b6c662021-03-10 13:29:30 -08001#pragma once
2#include <http_request.hpp>
3#include <http_response.hpp>
4#include <http_utility.hpp>
5
6namespace forward_unauthorized
7{
8
Ed Tanous4f48d5f2021-06-21 08:27:45 -07009static bool hasWebuiRoute = false;
Ed Tanousd4b6c662021-03-10 13:29:30 -080010
11inline void sendUnauthorized(const crow::Request& req, crow::Response& res)
12{
13 // If it's a browser connecting, don't send the HTTP authenticate
14 // header, to avoid possible CSRF attacks with basic auth
15 if (http_helpers::requestPrefersHtml(req))
16 {
17 // If we have a webui installed, redirect to that login page
18 if (hasWebuiRoute)
19 {
20 res.result(boost::beast::http::status::temporary_redirect);
21 res.addHeader("Location",
22 "/#/login?next=" + http_helpers::urlEncode(req.url));
23 }
24 else
25 {
26 // If we don't have a webui installed, just return a lame
27 // unauthorized body
28 res.result(boost::beast::http::status::unauthorized);
29 res.body() = "Unauthorized";
30 }
31 }
32 else
33 {
34 res.result(boost::beast::http::status::unauthorized);
35 // only send the WWW-authenticate header if this isn't a xhr
36 // from the browser. Most scripts, tend to not set a user-agent header.
37 // So key off that to know whether or not we need to suggest basic auth
38 if (req.getHeaderValue("User-Agent").empty())
39 {
40 res.addHeader("WWW-Authenticate", "Basic");
41 }
42 }
43}
44} // namespace forward_unauthorized