epee: optionally restrict HTTP service to a configurable user agent

This is intended to catch traffic coming from a web browser, so we avoid issues with a web page sending a transfer RPC to the wallet. Requiring a particular user agent can act as a simple password scheme, while we wait for 0MQ and proper authentication to be merged.
2025-08-05 22:44:13 -04:00 · 2016-09-07 21:38:41 +01:00 · 2016-09-07 21:38:41 +01:00 · eeb2bbc0fc
commit eeb2bbc0fc
parent 68e6678ab7
19 changed files with 60 additions and 18 deletions
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@ -285,7 +285,8 @@ namespace net_utils
 						}	
 						break;
 					}
-					analize_cached_request_header_and_invoke_state(pos);
+					if (!analize_cached_request_header_and_invoke_state(pos))
+						return false;
 					break;
 				}
 			case http_state_retriving_body:
@ -387,8 +388,16 @@ namespace net_utils
 		{
 			LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): failed to anilize request header: " << m_cache);
 			m_state = http_state_error;
+			return false;
 		}

+                if (!m_config.m_required_user_agent.empty() && m_query_info.m_header_info.m_user_agent != m_config.m_required_user_agent)
+                {
+			LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): unexpected user agent: " << m_query_info.m_header_info.m_user_agent);
+			m_state = http_state_error;
+			return false;
+                }
+
 		m_cache.erase(0, pos);

 		std::string req_command_str = m_query_info.m_full_request_str;
@ -473,10 +482,10 @@ namespace net_utils
 		LOG_FRAME("http_stream_filter::parse_cached_header(*)", LOG_LEVEL_3);

 		STATIC_REGEXP_EXPR_1(rexp_mach_field, 
-			"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)"
-			//  12            3         4                5              6                   7                  8      9    
+			"\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)|(User-Agent)"
+			//  12            3         4                5              6                   7                  8      9        10
 			"|([\\w-]+?)) ?: ?((.*?)(\r?\n))[^\t ]",	
-			//10             1112   13 
+			//11             1213   14 
 			boost::regex::icase | boost::regex::normal);

 		boost::smatch		result;
@ -488,8 +497,8 @@ namespace net_utils
 		//lookup all fields and fill well-known fields
 		while( boost::regex_search( it_current_bound, it_end_bound, result, rexp_mach_field, boost::match_default) && result[0].matched) 
 		{
-			const size_t field_val = 12;
-			const size_t field_etc_name = 10;
+			const size_t field_val = 13;
+			const size_t field_etc_name = 11;

 			int i = 2; //start position = 2
 			if(result[i++].matched)//"Connection"
@ -508,6 +517,8 @@ namespace net_utils
 				body_info.m_host = result[field_val];
 			else if(result[i++].matched)//"Cookie"
 				body_info.m_cookie = result[field_val];
+			else if(result[i++].matched)//"User-Agent"
+				body_info.m_user_agent = result[field_val];
 			else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!)
 				body_info.m_etc_fields.push_back(std::pair<std::string, std::string>(result[field_etc_name], result[field_val]));
 			else