ARCHIVE/clio
1
0
Fork 0
mirror of https://github.com/XRPLF/clio.git synced 2026-04-29 15:37:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add admin password check (#847)

Browse Source 
Fixes #846
This commit is contained in:
Sergey Kuznetsov
2023-10-03 17:22:37 +01:00
committed by GitHub
parent e2cc56d25a
commit 0818b6ce5b
22 changed files with 478 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/rpc/Factories.cpp
View File

@@ -53,7 +53,7 @@ make_WsContext(
return Error{{ClioError::rpcINVALID_API_VERSION, apiVersion.error()}};
string const command = commandValue.as_string().c_str();
return web::Context(yc, command, *apiVersion, request, session, tagFactory, range, clientIp);
return web::Context(yc, command, *apiVersion, request, session, tagFactory, range, clientIp, session->isAdmin());
}
Expected<web::Context, Status>
@@ -63,7 +63,8 @@ make_HttpContext(
TagDecoratorFactory const& tagFactory,
data::LedgerRange const& range,
string const& clientIp,
std::reference_wrapper<APIVersionParser const> apiVersionParser)
std::reference_wrapper<APIVersionParser const> apiVersionParser,
bool const isAdmin)
{
if (!request.contains("method"))
return Error{{ClioError::rpcCOMMAND_IS_MISSING}};
@@ -91,7 +92,8 @@ make_HttpContext(
if (!apiVersion)
return Error{{ClioError::rpcINVALID_API_VERSION, apiVersion.error()}};
return web::Context(yc, command, *apiVersion, array.at(0).as_object(), nullptr, tagFactory, range, clientIp);
return web::Context(
yc, command, *apiVersion, array.at(0).as_object(), nullptr, tagFactory, range, clientIp, isAdmin);
}
} // namespace rpc

4
src/rpc/Factories.h
View File

@@ -71,6 +71,7 @@ make_WsContext(
* @param range The ledger range that is available at request time
* @param clientIp The IP address of the connected client
* @param apiVersionParser A parser that is used to parse out the "api_version" field
* @param isAdmin Whether the connection has admin privileges
*/
util::Expected<web::Context, Status>
make_HttpContext(
@@ -79,6 +80,7 @@ make_HttpContext(
util::TagDecoratorFactory const& tagFactory,
data::LedgerRange const& range,
std::string const& clientIp,
std::reference_wrapper<APIVersionParser const> apiVersionParser);
std::reference_wrapper<APIVersionParser const> apiVersionParser,
bool isAdmin);
} // namespace rpc

16
src/rpc/RPCEngine.h
View File

@@ -26,7 +26,6 @@
#include <rpc/RPCHelpers.h>
#include <rpc/common/AnyHandler.h>
#include <rpc/common/Types.h>
#include <rpc/common/impl/AdminVerificationStrategy.h>
#include <rpc/common/impl/ForwardingProxy.h>
#include <util/Taggable.h>
#include <util/config/Config.h>
@@ -60,8 +59,7 @@ namespace rpc {
/**
* @brief The RPC engine that ties all RPC-related functionality together.
*/
template <typename AdminVerificationStrategyType>
class RPCEngineBase
class RPCEngine
{
util::Logger perfLog_{"Performance"};
util::Logger log_{"RPC"};
@@ -76,10 +74,9 @@ class RPCEngineBase
std::shared_ptr<HandlerProvider const> handlerProvider_;
detail::ForwardingProxy<etl::LoadBalancer, Counters, HandlerProvider> forwardingProxy_;
AdminVerificationStrategyType adminVerifier_;
public:
RPCEngineBase(
RPCEngine(
std::shared_ptr<BackendInterface> const& backend,
std::shared_ptr<feed::SubscriptionManager> const& subscriptions,
std::shared_ptr<etl::LoadBalancer> const& balancer,
@@ -98,7 +95,7 @@ public:
{
}
static std::shared_ptr<RPCEngineBase>
static std::shared_ptr<RPCEngine>
make_RPCEngine(
std::shared_ptr<BackendInterface> const& backend,
std::shared_ptr<feed::SubscriptionManager> const& subscriptions,
@@ -108,7 +105,7 @@ public:
Counters& counters,
std::shared_ptr<HandlerProvider const> const& handlerProvider)
{
return std::make_shared<RPCEngineBase>(
return std::make_shared<RPCEngine>(
backend, subscriptions, balancer, dosGuard, workQueue, counters, handlerProvider);
}
@@ -142,8 +139,7 @@ public:
{
LOG(perfLog_.debug()) << ctx.tag() << " start executing rpc `" << ctx.method << '`';
auto const isAdmin = adminVerifier_.isAdmin(ctx.clientIp);
auto const context = Context{ctx.yield, ctx.session, isAdmin, ctx.clientIp, ctx.apiVersion};
auto const context = Context{ctx.yield, ctx.session, ctx.isAdmin, ctx.clientIp, ctx.apiVersion};
auto const v = (*method).process(ctx.params, context);
LOG(perfLog_.debug()) << ctx.tag() << " finish executing rpc `" << ctx.method << '`';
@@ -282,6 +278,4 @@ private:
}
};
using RPCEngine = RPCEngineBase<detail::IPAdminVerificationStrategy>;
} // namespace rpc

6
src/web/Context.h
View File

@@ -45,6 +45,7 @@ struct Context : util::Taggable
std::shared_ptr<web::ConnectionBase> session;
data::LedgerRange range;
std::string clientIp;
bool isAdmin;
/**
* @brief Create a new Context instance.
@@ -57,6 +58,7 @@ struct Context : util::Taggable
* @param tagFactory A factory that is used to generate tags to track requests and connections
* @param range The ledger range that is available at the time of the request
* @param clientIp IP of the peer
* @param isAdmin Whether the peer has admin privileges
*/
Context(
boost::asio::yield_context yield,
@@ -66,7 +68,8 @@ struct Context : util::Taggable
std::shared_ptr<web::ConnectionBase> const& session,
util::TagDecoratorFactory const& tagFactory,
data::LedgerRange const& range,
std::string clientIp)
std::string clientIp,
bool isAdmin)
: Taggable(tagFactory)
, yield(std::move(yield))
, method(std::move(command))
@@ -75,6 +78,7 @@ struct Context : util::Taggable
, session(session)
, range(range)
, clientIp(std::move(clientIp))
, isAdmin(isAdmin)
{
static util::Logger const perfLog{"Performance"};
LOG(perfLog.debug()) << tag() << "new Context created";

13
src/web/HttpSession.h
View File

@@ -47,6 +47,7 @@ public:
*
* @param socket The socket. Ownership is transferred to HttpSession
* @param ip Client's IP address
* @param adminPassword The optional password to verify admin role in requests
* @param tagFactory A factory that is used to generate tags to track requests and sessions
* @param dosGuard The denial of service guard to use
* @param handler The server handler to use
@@ -55,11 +56,18 @@ public:
explicit HttpSession(
tcp::socket&& socket,
std::string const& ip,
std::optional<std::string> adminPassword,
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer buffer)
: detail::HttpBase<HttpSession, HandlerType>(ip, tagFactory, dosGuard, handler, std::move(buffer))
: detail::HttpBase<HttpSession, HandlerType>(
ip,
tagFactory,
std::move(adminPassword),
dosGuard,
handler,
std::move(buffer))
, stream_(std::move(socket))
, tagFactory_(tagFactory)
{
@@ -103,7 +111,8 @@ public:
this->dosGuard_,
this->handler_,
std::move(this->buffer_),
std::move(this->req_))
std::move(this->req_),
ConnectionBase::isAdmin())
->run();
}
};

13
src/web/PlainWsSession.h
View File

@@ -46,6 +46,7 @@ public:
* @param dosGuard The denial of service guard to use
* @param handler The server handler to use
* @param buffer Buffer with initial data received from the peer
* @param isAdmin Whether the connection has admin privileges
*/
explicit PlainWsSession(
boost::asio::ip::tcp::socket&& socket,
@@ -53,10 +54,12 @@ public:
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer&& buffer)
boost::beast::flat_buffer&& buffer,
bool isAdmin)
: detail::WsBase<PlainWsSession, HandlerType>(ip, tagFactory, dosGuard, handler, std::move(buffer))
, ws_(std::move(socket))
{
ConnectionBase::isAdmin_ = isAdmin; // NOLINT(cppcoreguidelines-prefer-member-initializer)
}
~PlainWsSession() override = default;
@@ -87,6 +90,7 @@ class WsUpgrader : public std::enable_shared_from_this<WsUpgrader<HandlerType>>
http::request<http::string_body> req_;
std::string ip_;
std::shared_ptr<HandlerType> const handler_;
bool isAdmin_;
public:
/**
@@ -99,6 +103,7 @@ public:
* @param handler The server handler to use
* @param buffer Buffer with initial data received from the peer. Ownership is transferred
* @param request The request. Ownership is transferred
* @param isAdmin Whether the connection has admin privileges
*/
WsUpgrader(
boost::beast::tcp_stream&& stream,
@@ -107,7 +112,8 @@ public:
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer&& buffer,
http::request<http::string_body> request)
http::request<http::string_body> request,
bool isAdmin)
: http_(std::move(stream))
, buffer_(std::move(buffer))
, tagFactory_(tagFactory)
@@ -115,6 +121,7 @@ public:
, req_(std::move(request))
, ip_(std::move(ip))
, handler_(handler)
, isAdmin_(isAdmin)
{
}
@@ -150,7 +157,7 @@ private:
boost::beast::get_lowest_layer(http_).expires_never();
std::make_shared<PlainWsSession<HandlerType>>(
http_.release_socket(), ip_, tagFactory_, dosGuard_, handler_, std::move(buffer_))
http_.release_socket(), ip_, tagFactory_, dosGuard_, handler_, std::move(buffer_), isAdmin_)
->run(std::move(req_));
}
};

3
src/web/RPCServerHandler.h
View File

@@ -176,7 +176,8 @@ private:
tagFactory_.with(connection->tag()),
*range,
connection->clientIp,
std::cref(apiVersionParser_));
std::cref(apiVersionParser_),
connection->isAdmin());
}();
if (!context)

34
src/web/Server.h
View File

@@ -58,6 +58,7 @@ class Detector : public std::enable_shared_from_this<Detector<PlainSessionType,
std::reference_wrapper<web::DOSGuard> const dosGuard_;
std::shared_ptr<HandlerType> const handler_;
boost::beast::flat_buffer buffer_;
std::optional<std::string> adminPassword_;
public:
/**
@@ -68,18 +69,21 @@ public:
* @param tagFactory A factory that is used to generate tags to track requests and sessions
* @param dosGuard The denial of service guard to use
* @param handler The server handler to use
* @param adminPassword The optional password to verify admin role in requests
*/
Detector(
tcp::socket&& socket,
std::optional<std::reference_wrapper<boost::asio::ssl::context>> ctx,
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler)
std::shared_ptr<HandlerType> const& handler,
std::optional<std::string> adminPassword)
: stream_(std::move(socket))
, ctx_(ctx)
, tagFactory_(std::cref(tagFactory))
, dosGuard_(dosGuard)
, handler_(handler)
, adminPassword_(std::move(adminPassword))
{
}
@@ -134,13 +138,20 @@ public:
return fail(ec, "SSL is not supported by this server");
std::make_shared<SslSessionType<HandlerType>>(
stream_.release_socket(), ip, *ctx_, tagFactory_, dosGuard_, handler_, std::move(buffer_))
stream_.release_socket(),
ip,
adminPassword_,
*ctx_,
tagFactory_,
dosGuard_,
handler_,
std::move(buffer_))
->run();
return;
}
std::make_shared<PlainSessionType<HandlerType>>(
stream_.release_socket(), ip, tagFactory_, dosGuard_, handler_, std::move(buffer_))
stream_.release_socket(), ip, adminPassword_, tagFactory_, dosGuard_, handler_, std::move(buffer_))
->run();
}
};
@@ -166,6 +177,7 @@ class Server : public std::enable_shared_from_this<Server<PlainSessionType, SslS
std::reference_wrapper<web::DOSGuard> dosGuard_;
std::shared_ptr<HandlerType> handler_;
tcp::acceptor acceptor_;
std::optional<std::string> adminPassword_;
public:
/**
@@ -177,6 +189,7 @@ public:
* @param tagFactory A factory that is used to generate tags to track requests and sessions
* @param dosGuard The denial of service guard to use
* @param handler The server handler to use
* @param adminPassword The optional password to verify admin role in requests
*/
Server(
boost::asio::io_context& ioc,
@@ -184,13 +197,15 @@ public:
tcp::endpoint endpoint,
util::TagDecoratorFactory tagFactory,
web::DOSGuard& dosGuard,
std::shared_ptr<HandlerType> const& handler)
std::shared_ptr<HandlerType> const& handler,
std::optional<std::string> adminPassword)
: ioc_(std::ref(ioc))
, ctx_(ctx)
, tagFactory_(tagFactory)
, dosGuard_(std::ref(dosGuard))
, handler_(handler)
, acceptor_(boost::asio::make_strand(ioc))
, adminPassword_(std::move(adminPassword))
{
boost::beast::error_code ec;
@@ -244,7 +259,7 @@ private:
ctx_ ? std::optional<std::reference_wrapper<boost::asio::ssl::context>>{ctx_.value()} : std::nullopt;
std::make_shared<Detector<PlainSessionType, SslSessionType, HandlerType>>(
std::move(socket), ctxRef, std::cref(tagFactory_), dosGuard_, handler_)
std::move(socket), ctxRef, std::cref(tagFactory_), dosGuard_, handler_, adminPassword_)
->run();
}
@@ -282,9 +297,16 @@ make_HttpServer(
auto const serverConfig = config.section("server");
auto const address = boost::asio::ip::make_address(serverConfig.value<std::string>("ip"));
auto const port = serverConfig.value<unsigned short>("port");
auto adminPassword = serverConfig.maybeValue<std::string>("admin_password");
auto server = std::make_shared<HttpServer<HandlerType>>(
ioc, ctx, boost::asio::ip::tcp::endpoint{address, port}, util::TagDecoratorFactory(config), dosGuard, handler);
ioc,
ctx,
boost::asio::ip::tcp::endpoint{address, port},
util::TagDecoratorFactory(config),
dosGuard,
handler,
std::move(adminPassword));
server->run();
return server;

13
src/web/SslHttpSession.h
View File

@@ -47,6 +47,7 @@ public:
*
* @param socket The socket. Ownership is transferred to HttpSession
* @param ip Client's IP address
* @param adminPassword The optional password to verify admin role in requests
* @param ctx The SSL context
* @param tagFactory A factory that is used to generate tags to track requests and sessions
* @param dosGuard The denial of service guard to use
@@ -56,12 +57,19 @@ public:
explicit SslHttpSession(
tcp::socket&& socket,
std::string const& ip,
std::optional<std::string> adminPassword,
boost::asio::ssl::context& ctx,
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer buffer)
: detail::HttpBase<SslHttpSession, HandlerType>(ip, tagFactory, dosGuard, handler, std::move(buffer))
: detail::HttpBase<SslHttpSession, HandlerType>(
ip,
tagFactory,
std::move(adminPassword),
dosGuard,
handler,
std::move(buffer))
, stream_(std::move(socket), ctx)
, tagFactory_(tagFactory)
{
@@ -142,7 +150,8 @@ public:
this->dosGuard_,
this->handler_,
std::move(this->buffer_),
std::move(this->req_))
std::move(this->req_),
ConnectionBase::isAdmin())
->run();
}
};

15
src/web/SslWsSession.h
View File

@@ -21,6 +21,8 @@
#include <web/impl/WsBase.h>
#include <boost/beast/ssl.hpp>
#include <utility>
namespace web {
@@ -46,6 +48,7 @@ public:
* @param dosGuard The denial of service guard to use
* @param handler The server handler to use
* @param buffer Buffer with initial data received from the peer
* @param isAdmin Whether the connection has admin privileges
*/
explicit SslWsSession(
boost::beast::ssl_stream<boost::beast::tcp_stream>&& stream,
@@ -53,10 +56,12 @@ public:
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer&& buffer)
boost::beast::flat_buffer&& buffer,
bool isAdmin)
: detail::WsBase<SslWsSession, HandlerType>(ip, tagFactory, dosGuard, handler, std::move(buffer))
, ws_(std::move(stream))
{
ConnectionBase::isAdmin_ = isAdmin; // NOLINT(cppcoreguidelines-prefer-member-initializer)
}
/** @return The secure websocket stream. */
@@ -85,6 +90,7 @@ class SslWsUpgrader : public std::enable_shared_from_this<SslWsUpgrader<HandlerT
std::reference_wrapper<web::DOSGuard> dosGuard_;
std::shared_ptr<HandlerType> const handler_;
http::request<http::string_body> req_;
bool isAdmin_;
public:
/**
@@ -97,6 +103,7 @@ public:
* @param handler The server handler to use
* @param buffer Buffer with initial data received from the peer. Ownership is transferred
* @param request The request. Ownership is transferred
* @param isAdmin Whether the connection has admin privileges
*/
SslWsUpgrader(
boost::beast::ssl_stream<boost::beast::tcp_stream> stream,
@@ -105,7 +112,8 @@ public:
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer&& buffer,
http::request<http::string_body> request)
http::request<http::string_body> request,
bool isAdmiin)
: https_(std::move(stream))
, buffer_(std::move(buffer))
, ip_(std::move(ip))
@@ -113,6 +121,7 @@ public:
, dosGuard_(dosGuard)
, handler_(handler)
, req_(std::move(request))
, isAdmin_(isAdmiin)
{
}
@@ -153,7 +162,7 @@ private:
boost::beast::get_lowest_layer(https_).expires_never();
std::make_shared<SslWsSession<HandlerType>>(
std::move(https_), ip_, tagFactory_, dosGuard_, handler_, std::move(buffer_))
std::move(https_), ip_, tagFactory_, dosGuard_, handler_, std::move(buffer_), isAdmin_)
->run(std::move(req_));
}
};

54
src/rpc/common/impl/AdminVerificationStrategy.h → src/web/impl/AdminVerificationStrategy.cpp
View File

@@ -17,26 +17,42 @@
*/
//==============================================================================
#pragma once
#include <web/impl/AdminVerificationStrategy.h>
#include <string_view>
namespace web::detail {
namespace rpc::detail {
class IPAdminVerificationStrategy final
bool
IPAdminVerificationStrategy::isAdmin(RequestType const&, std::string_view ip) const
{
public:
/**
* @brief Checks whether request is from a host that is considered authorized as admin.
*
* @param ip The ip addr of the client
* @return true if authorized; false otherwise
*/
static bool
isAdmin(std::string_view ip)
{
return ip == "127.0.0.1";
}
};
return ip == "127.0.0.1";
}
} // namespace rpc::detail
PasswordAdminVerificationStrategy::PasswordAdminVerificationStrategy(std::string password)
: password_(std::move(password))
{
}
bool
PasswordAdminVerificationStrategy::isAdmin(RequestType const& request, std::string_view) const
{
auto it = request.find(boost::beast::http::field::authorization);
if (it == request.end())
{
// No Authorization header
return false;
}
return it->value() == password_;
}
std::unique_ptr<AdminVerificationStrategy>
make_AdminVerificationStrategy(std::optional<std::string> password)
{
if (password.has_value())
{
return std::make_unique<PasswordAdminVerificationStrategy>(std::move(*password));
}
return std::make_unique<IPAdminVerificationStrategy>();
}
} // namespace web::detail

82
src/web/impl/AdminVerificationStrategy.h Normal file
View File

@@ -0,0 +1,82 @@
//------------------------------------------------------------------------------
/*
This file is part of clio: https://github.com/XRPLF/clio
Copyright (c) 2023, the clio developers.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#pragma once
#include <boost/beast/http.hpp>
#include <string>
#include <string_view>
namespace web::detail {
class AdminVerificationStrategy
{
public:
using RequestType = boost::beast::http::request<boost::beast::http::string_body>;
virtual ~AdminVerificationStrategy() = default;
/**
* @brief Checks whether request is from a host that is considered authorized as admin.
*
* @param request The http request from the client
* @param ip The ip addr of the client
* @return true if authorized; false otherwise
*/
virtual bool
isAdmin(RequestType const& request, std::string_view ip) const = 0;
};
class IPAdminVerificationStrategy : public AdminVerificationStrategy
{
public:
/**
* @brief Checks whether request is from a host that is considered authorized as admin
* by checking the ip address.
*
* @param ip The ip addr of the client
* @return true if authorized; false otherwise
*/
bool
isAdmin(RequestType const&, std::string_view ip) const override;
};
class PasswordAdminVerificationStrategy : public AdminVerificationStrategy
{
private:
std::string password_;
public:
PasswordAdminVerificationStrategy(std::string password);
/**
* @brief Checks whether request is from a host that is considered authorized as admin using
* the password (if any) from the request.
*
* @param request The request from a host
* @return true if the password from request matches admin password from config
*/
bool
isAdmin(RequestType const& request, std::string_view) const override;
};
std::unique_ptr<AdminVerificationStrategy>
make_AdminVerificationStrategy(std::optional<std::string> password);
} // namespace web::detail

7
src/web/impl/HttpBase.h
View File

@@ -22,6 +22,7 @@
#include <main/Build.h>
#include <util/log/Logger.h>
#include <web/DOSGuard.h>
#include <web/impl/AdminVerificationStrategy.h>
#include <web/interface/Concepts.h>
#include <web/interface/ConnectionBase.h>
@@ -86,6 +87,7 @@ class HttpBase : public ConnectionBase
std::shared_ptr<void> res_;
SendLambda sender_;
std::unique_ptr<AdminVerificationStrategy> adminVerification_;
protected:
boost::beast::flat_buffer buffer_;
@@ -130,11 +132,13 @@ public:
HttpBase(
std::string const& ip,
std::reference_wrapper<util::TagDecoratorFactory const> tagFactory,
std::optional<std::string> adminPassword,
std::reference_wrapper<web::DOSGuard> dosGuard,
std::shared_ptr<HandlerType> const& handler,
boost::beast::flat_buffer buffer)
: ConnectionBase(tagFactory, ip)
, sender_(*this)
, adminVerification_(make_AdminVerificationStrategy(std::move(adminPassword)))
, buffer_(std::move(buffer))
, dosGuard_(dosGuard)
, handler_(handler)
@@ -178,6 +182,9 @@ public:
if (ec)
return httpFail(ec, "read");
// Update isAdmin property of the connection
ConnectionBase::isAdmin_ = adminVerification_->isAdmin(req_, this->clientIp);
if (boost::beast::websocket::is_upgrade(req_))
{
upgraded = true;

12
src/web/interface/ConnectionBase.h
View File

@@ -41,6 +41,7 @@ protected:
public:
std::string const clientIp;
bool upgraded = false;
bool isAdmin_ = false;
/**
* @brief Create a new connection base.
@@ -85,5 +86,16 @@ public:
{
return ec_ != boost::system::error_code{};
}
/**
* @brief Indicates whether the connection has admin privileges
*
* @return true if the connection is from admin user
*/
[[nodiscard]] bool
isAdmin() const
{
return isAdmin_;
}
};
} // namespace web