#include <iostream>
struct permissions_t
{
bool m_admin_view{ false };
bool m_stats_view{ false };
};
struct identity_t
{
static constexpr int invalid_user = -1;
int m_id{ invalid_user };
permissions_t m_permissions;
};
constexpr int user_guest = 1;
constexpr int user_junior = 2;
constexpr int user_senior = 3;
struct auth_result_t
{
bool m_credentials_provided{ false };
identity_t m_identity;
};
struct per_request_data_t
{
auth_result_t m_auth_result;
};
per_request_data_t >;
per_request_data_factory_t >;
template < typename RESP >
RESP
init_resp( RESP resp )
{
resp.append_header( restinio::http_field::server, "RESTinio sample server /v.0.6" );
resp.append_header_date_field();
return resp;
}
{
auto & ud = req->extra_data();
if( req->header().has_field( restinio::http_field::authorization ) )
{
ud.m_auth_result.m_credentials_provided = true;
restinio::http_field::authorization );
if( result )
{
if( result->username == "junior" && result->password == "1234" )
{
ud.m_auth_result.m_identity = identity_t{
user_junior,
permissions_t{ false, true }
};
}
else if( result->username == "senior" && result->password == "4321" )
{
ud.m_auth_result.m_identity = identity_t{
user_senior,
permissions_t{ true, true }
};
}
else
{
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.append_header(
restinio::http_field::www_authenticate,
R"(Basic realm="Valid Username/Password should be provided", charset="utf-8")" )
.set_body( "Invalid credentials")
.done();
}
}
else
{
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.set_body( "Unable to handle Authorization field")
.done();
}
}
else
{
ud.m_auth_result.m_credentials_provided = false;
ud.m_auth_result.m_identity = identity_t{
user_guest,
permissions_t{ false, false }
};
}
}
{
if( "/admin" == req->header().path() || "/stats" == req->header().path() )
{
const auto & ud = req->extra_data();
if( !ud.m_auth_result.m_credentials_provided )
{
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.append_header(
restinio::http_field::www_authenticate,
R"(Basic realm="Username/Password required", charset="utf-8")" )
.set_body( "Unauthorized access forbidden")
.done();
}
bool has_permission = [&req]( const auto & permissions ) {
if( "/admin" == req->header().path() )
return permissions.m_admin_view;
if( "/stats" == req->header().path() )
return permissions.m_stats_view;
return false;
}( ud.m_auth_result.m_identity.m_permissions );
if( !has_permission )
{
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.set_body( "Access without permissions prohibited")
.done();
}
}
}
auto create_request_handler()
{
auto router = std::make_shared< express_router_t >();
router->http_get(
"/",
[]( const auto & req, const auto & ) {
init_resp( req->create_response() )
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.set_body( "Hello world!")
.done();
} );
router->http_get(
"/json",
[]( const auto & req, const auto & ) {
init_resp( req->create_response() )
.append_header(
restinio::http_field::content_type,
"application/json" )
.set_body( R"-({"message" : "Hello world!"})-")
.done();
} );
router->http_get(
"/html",
[]( const auto & req, const auto & ) {
init_resp( req->create_response() )
.append_header(
restinio::http_field::content_type,
"text/html; charset=utf-8" )
.set_body(
"<html>\r\n"
" <head><title>Hello from RESTinio!</title></head>\r\n"
" <body>\r\n"
" <center><h1>Hello world</h1></center>\r\n"
" </body>\r\n"
"</html>\r\n" )
.done();
} );
router->http_get(
"/stats",
[]( const auto & req, const auto & ) {
init_resp( req->create_response() )
.append_header(
restinio::http_field::content_type,
"text/plain; charset=utf-8" )
.set_body( fmt::format( "Stats data for user #{}",
req->extra_data().m_auth_result.m_identity.m_id ) )
.done();
} );
router->http_get(
"/admin",
[]( const auto & req, const auto & ) {
init_resp( req->create_response() )
.append_header(
restinio::http_field::content_type,
"text/html; charset=utf-8" )
.set_body(
fmt::format(
"<html>\r\n"
" <head><title>Admin panel for user #{}</title></head>\r\n"
" <body>\r\n"
" <center><h1>NOT IMPLEMENTED YET</h1></center>\r\n"
" </body>\r\n"
"</html>\r\n",
req->extra_data().m_auth_result.m_identity.m_id ) )
.done();
} );
return [handler =
std::move(router)](
const auto & req ) {
return (*handler)( req );
};
}
{
using extra_data_factory_t = per_request_data_factory_t;
per_request_data_factory_t >;
};
int main()
{
using namespace std::chrono;
try
{
per_request_data_factory_t >::builder_t chain_builder;
chain_builder.add( credentials_handler );
chain_builder.add( authorization_handler );
chain_builder.add( create_request_handler() );
restinio::on_this_thread<server_traits_t>()
.port( 8080 )
.address( "localhost" )
.request_handler( chain_builder.release() ) );
}
catch( const std::exception & ex )
{
std::cerr << "Error: " << ex.what() << std::endl;
return 1;
}
return 0;
}
Helpers for dealing with basic authentification.
Generic Express.js style router.
A holder of variable-size chain of synchronous handlers.
Stuff related to growable-size chain of request-headers.
RESTINIO_NODISCARD expected_t< params_t, extraction_error_t > try_extract_params(const authorization_value_t &http_field)
Helper function for getting parameters of basic authentification from an already parsed HTTP-field.
generic_express_router_t< Regex_Engine, no_extra_data_factory_t > express_router_t
A type of express-like router for the case when the default extra-data-factory is specified in the se...
RESTINIO_NODISCARD constexpr request_handling_status_t request_not_handled() noexcept
std::shared_ptr< generic_request_t< Extra_Data > > generic_request_handle_t
An alias for shared-pointer to incoming request.
http_status_line_t status_unauthorized()
ostream_logger_t< null_mutex_t > single_threaded_ostream_logger_t
void run(asio_ns::io_context &ioctx, run_on_this_thread_settings_t< Traits > &&settings)
Helper function for running http server until ctrl+c is hit.
request_handling_status_t
Request handling status.
RESTINIO_NODISCARD constexpr request_handling_status_t request_accepted() noexcept
http_status_line_t status_bad_request()
Regex engine implementation for using with standard regex implementation.
Helper functions for parsing values of HTTP-fields.