Add functional demo-preauth.sh

Add css for input types Various fixes for http_microhttpd.c Signed-off-by: Rob White <rob@blue-wave.net>
2026-05-04 03:01:32 -04:00 · 2018-11-25 22:05:27 +00:00
parent b81282d051
commit 8304b5a2ef
3 changed files with 100 additions and 10 deletions
--- a/forward_authentication_service/PreAuth/demo-preauth.sh
+++ b/forward_authentication_service/PreAuth/demo-preauth.sh
@@ -1,4 +1,65 @@
 #!/bin/sh
-cat /etc/nodogsplash/htdocs/splash.html
-echo "<br><b>" $1 "</b><br>"
+query="$1"
+clientip="$(echo $query | awk -F '&' '{print $1;}' | awk -F '=' '{print $2;}')"
+gatewayname="$(echo $query | awk -F '&' '{print $2;}' | awk -F '=' '{print $2;}')"
+requested="$(echo $query | awk -F '&' '{print $3;}' | awk -F '=' '{print $2;}')"
+username="$(echo $query | awk -F '&' '{print $4;}' | awk -F '=' '{print $2;}')"
+emailaddr="$(echo $query | awk -F '&' '{print $5;}' | awk -F '=' '{print $2;}')"
+
+header="
+	<!DOCTYPE html>\n
+	<html>
+	<head>\n
+	<meta http-equiv=\"Cache-Control\" content=\"no-cache, no-store, must-revalidate\">\n
+	<meta http-equiv=\"Pragma\" content=\"no-cache\">\n
+	<meta http-equiv=\"Expires\" content=\"0\">\n
+	<meta charset=\"utf-8\">\n
+	<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n
+	\n
+	<link rel=\"shortcut icon\" href=\"/images/splash.jpg\" type=\"image/x-icon\">\n
+	<link rel=\"stylesheet\" type=\"text/css\" href=\"/splash.css\">\n
+	<title>$gatewayname Hotspot Gateway.</title>\n
+	</head>\n
+	\n
+	<body>\n
+	<med-blue>$gatewayname Hotspot Gateway.</med-blue>\n
+	<hr>
+"
+
+footer="
+	<img src=\"/images/splash.jpg\" alt=\"Splash Page: For access to the Internet.\">\n
+	<hr>
+	<copy-right>Copyright &copy; The Nodogsplash Contributors 2004-2018.<br>This software is released under the GNU GPL license.</copy-right>\n
+	\n
+	</body>\n
+	</html>\n
+"
+
+echo -e $header
+
+if [ -z $username ] || [ -z $emailaddr ]; then
+	echo "<big-red>Welcome!</big-red><italic-black> To access the Internet you must enter your Name and Email Address</italic-black>"
+	echo "<form action=\"/nodogsplash_preauth/\" method=\"get\">"
+	echo "<input type=\"hidden\" name=\"clientip\" value=\"$clientip\"><br>"
+	echo "<input type=\"hidden\" name=\"gatewayname\" value=\"$gatewayname\"><br>"
+	echo "<input type=\"hidden\" name=\"redir\" value=\"$requested\"><br>"
+	echo "<input type=\"text\" name=\"username\" value=\"$username\" autocomplete=\"on\" >:Name<br><br>"
+	echo "<input type=\"email\" name=\"emailaddr\" value=\"$emailaddr\" autocomplete=\"on\" >:Email<br><br>"
+	echo "<input type=\"submit\" value=\"Continue\" >"
+	echo "</form><hr>"
+else
+	tok="$(ndsctl json $clientip | grep token | tr -d \"\"token:,\")"
+	clientmac="$(ndsctl json $clientip | grep mac | tr -d \"\"mac,\" | cut -c 2-)"
+
+	echo "<big-red>Thankyou!</big-red>"
+	echo "<br><italic-black> Your News or Advertising could be here, contact the owners of this Hotspot to find out how!</italic-black>"
+	echo "<form action=\"/nodogsplash_auth/\" method=\"get\">"
+	echo "<input type=\"hidden\" name=\"tok\" value=\"$tok\"><br>"
+	echo "<input type=\"hidden\" name=\"redir\" value=\"$requested\"><br>"
+	echo "<input type=\"submit\" value=\"Continue\" >"
+	echo "</form><hr>"
+	echo "$(date) Username=$username Email Address=$emailaddr mac address=$clientmac" >> /tmp/ndslog.log
+fi
+
+echo -e $footer

--- a/resources/splash.css
+++ b/resources/splash.css
@@ -13,6 +13,19 @@ img {
 	margin-right: 5%;
 }

+input[type=text], input[type=email], input[type=number] {
+	color: black;
+	background: white;
+	margin-left: 0%;
+	margin-right: 5%;
+	text-align: left;
+	font-size: 1.0em;
+	line-height: 2.0em;
+	font-weight: bold;
+	border: 3px;
+	border-style: inset;
+}
+
 input[type=submit] {
 	color: white;
 	background: green;
--- a/src/http_microhttpd.c
+++ b/src/http_microhttpd.c
@@ -278,7 +278,7 @@ get_client_ip(char ip_addr[INET6_ADDRSTRLEN], struct MHD_Connection *connection)
 }

 /**
- * @brief libmicrohttpd_cb called when the client do a request to this server
+ * @brief libmicrohttpd_cb called when the client does a request to this server
 * @param cls unused
 * @param connection - client connection
 * @param url - which url was called
@@ -387,6 +387,7 @@ static int try_to_authenticate(struct MHD_Connection *connection, t_client *clie
 	/* Check for authdir */
 	if (check_authdir_match(url, config->authdir)) {
 		tok = MHD_lookup_connection_value(connection, MHD_GET_ARGUMENT_KIND, "tok");
+		debug(LOG_DEBUG, "client->token=%s tok=%s ", client->token, tok );

 		if (tok && !strcmp(client->token, tok)) {
 			/* Token is valid */
@@ -394,7 +395,7 @@ static int try_to_authenticate(struct MHD_Connection *connection, t_client *clie
 		}
 	}

-
+	debug(LOG_WARNING, "Token is invalid" );

 /*	//TODO: do we need denydir?
 	if (check_authdir_match(url, config->denydir)) {
@@ -492,7 +493,7 @@ static int authenticated(struct MHD_Connection *connection,
 	MHD_get_connection_values(connection, MHD_HEADER_KIND, get_host_value_callback, &host);

 	/* check if this is an late request meaning the user tries to get the internet, but ended up here,
-	 * because the iptables rule came to late */
+	 * because the iptables rule came too late */
 	if (is_foreign_hosts(connection, host)) {
 		/* might happen if the firewall rule isn't yet installed */
 		return send_refresh(connection);
@@ -516,7 +517,19 @@ static int authenticated(struct MHD_Connection *connection,
 		}
 	}

-	/* user doesn't wants the splashpage or tried to auth itself */
+	if (check_authdir_match(url, config->preauthdir)) {
+		if (config->fas_port) {
+			safe_asprintf(&fasurl, "http://%s:%u%s?clientip=%s&gatewayname=%s&status=authenticated",
+				config->fas_remoteip, config->fas_port, config->fas_path, client->ip, config->gw_name);
+			ret = send_redirect_temp(connection, fasurl);
+			free(fasurl);
+			return ret;
+		} else {
+			return show_statuspage(connection, client);
+		}
+	}
+
+	/* user doesn't want the splashpage or tried to auth itself */
 	return serve_file(connection, client, url);
 }

@@ -535,7 +548,7 @@ static int preauthenticated(struct MHD_Connection *connection,
 	const char *redirect_url;
 	char *querystr = NULL;
 	char query_str[512] = {0};
-	char *query = &query_str;
+	char *query = query_str;
 	//char *msg = NULL;
 	char msg[4096] = {0};
 	int rc;
@@ -543,6 +556,7 @@ static int preauthenticated(struct MHD_Connection *connection,
 	int ret;
 	s_config *config = config_get_config();

+	debug(LOG_DEBUG, "url: %s", url);
 	/* Check for preauthdir */
 	if (check_authdir_match(url, config->preauthdir)) {

@@ -551,14 +565,15 @@ static int preauthenticated(struct MHD_Connection *connection,
 		rc = execute_ret(msg, sizeof(msg) - 1, "%s '%s'", config->preauth, query);

 		if (rc != 0) {
+			debug(LOG_WARNING, "Preauth script: %s '%s' - failed to execute", config->preauth, query);
 			return -1;
 		}

 		// serve the script output (in msg)
 		response = MHD_create_response_from_buffer(strlen(msg), (char *)msg, MHD_RESPMEM_MUST_COPY);
-		if (!response) {
-			return send_error(connection, 503);
-		}
+		//if (!response) {
+		//	return send_error(connection, 503);
+		//}

 		MHD_add_response_header(response, "Content-Type", "text/html");
 		ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
@@ -582,6 +597,7 @@ static int preauthenticated(struct MHD_Connection *connection,
 		 * When the client reloads a page when it's authenticated, it should be redirected
 		 * to their origin url
 		 */
+		debug(LOG_DEBUG, "authdir url detected: %s", url);

 		if (config->redirectURL) {
 			redirect_url = config->redirectURL;