Allow modules to override CSRF protection.

Useful for Web APIs and all other kinds of things. API changes: - Added public CHTTPSock::GetURI() method - Added public CModule::ValidateWebRequestCSRFCheck() method - Made CWebSock::GetCSRFCheck() method public so it can be accessed from CModule - Added public CWebSock::ValidateCSRFCheck() method Other changes: - Added a Sample Web API module (modules/samplewebapi.cpp) and a simple web form with no CSRF check. Implements feature request #1180.
2026-03-28 17:42:41 +01:00 · 2016-07-15 18:01:41 +03:00
parent 222ae86fcc
commit a9a7f17910
8 changed files with 111 additions and 3 deletions
--- a/modules/samplewebapi.cpp
+++ b/modules/samplewebapi.cpp
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2004-2016 ZNC, see the NOTICE file for details.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <znc/IRCNetwork.h>
+
+class CSampleWebAPIMod : public CModule {
+  public:
+    MODCONSTRUCTOR(CSampleWebAPIMod) {}
+
+    ~CSampleWebAPIMod() override {}
+
+    bool OnWebRequest(CWebSock& WebSock, const CString& sPageName,
+                      CTemplate& Tmpl) override {
+        if (sPageName != "index") {
+            // only accept requests to index
+            return false;
+        }
+
+        if (WebSock.IsPost()) {
+            // print the text we just recieved
+            CString text = WebSock.GetRawParam("text", true);
+            WebSock.PrintHeader(text.length(), "text/plain; charset=UTF-8");
+            WebSock.Write(text);
+            WebSock.Close(Csock::CLT_AFTERWRITE);
+            return false;
+        }
+
+        return true;
+    }
+
+    bool ValidateWebRequestCSRFCheck(CWebSock& WebSock,
+        const CString& sPageName) override {
+        return true;
+    }
+};
+
+template <>
+void TModInfo<CSampleWebAPIMod>(CModInfo& Info) {
+    Info.AddType(CModInfo::UserModule);
+    Info.SetWikiPage("samplewebapi");
+}
+
+GLOBALMODULEDEFS(CSampleWebAPIMod, "Sample Web API module.")