You can take the username from Cookie. I suggest storing secret key in sqlite, as well as active user sessions.
Not sure about your fix #1, a redirect should do the job, I don't see the reason to send file. Could you elaborate on why did you add that please? On Mon, Oct 13, 2014 at 6:39 PM, jordi jordi90 <[email protected]> wrote: > Hi Sergey for the example, today I have been trying to adapt my projet > adding the Cookie autentification, I found some problems and some solutions. > > *1* > - The sample provided works, but need about 3 or 4 minutes to make a new > cookie. I changed 2 lines and corrected this: > > In the fuction: > static int check_login_form_submission(struct mg_connection *conn) { > char name[100], password[100], ssid[100], expire[100], expire_epoch[100]; > > mg_get_var(conn, "name", name, sizeof(name)); > mg_get_var(conn, "password", password, sizeof(password)); > > // A real authentication mechanism should be employed here. > // Also, the whole site should be served through HTTPS. > if (strcmp(name, "Joe") == 0 && strcmp(password, "Doe") == 0) { > // Generate expiry date > > time_t t = time(NULL) + 3600; // Valid for 1 hour > snprintf(expire_epoch, sizeof(expire_epoch), "%lu", (unsigned long) t); > strftime(expire, sizeof(expire), "%a, %d %b %Y %H:%M:%S GMT", > gmtime(&t)); > generate_ssid(name, expire_epoch, ssid, sizeof(ssid)); > // Set "session id" cookie, there could be some data encoded in it. > mg_printf(conn, > "HTTP/1.1 302 Moved\r\n" > "Set-Cookie: ssid=%s; expire=\"%s\"; http-only; > HttpOnly;\r\n" > "Location: /\r\n\r\n", > ssid, expire); > //added lines, repacing return MG_TRUE; > > *mg_send_file(conn, "index.html", NULL); return MG_MORE;* > } > return MG_FALSE; > } > > mg_send_file(conn, "index.html", NULL); > return MG_MORE; > > This solves the problem, now I have a doubt. > > *2* > I'm using the code as you provided, (I added a SQL sentence that valids > the user/pass, I'm usiing sqlite3). > > In my project I need to use the username of the loged user in some places, > I'm planing to take it form the Cookie, can I use somehow the username > stored in the cookie, I need it to be secure. > > one Cookie generated content. > admin|1413224604|6415001814204d9aaf0a9ec42d535a18. > > Which would be the correct and safe way? > > Thank you really much, with this I will be one step closer to finish the > project. > > 2014-10-09 12:39 GMT+02:00 jordi jordi90 <[email protected]>: > >> Thanks I really apreciate it!! >> >> 2014-10-09 12:30 GMT+02:00 Sergey Lyubka <[email protected]>: >> >>> >>> https://github.com/cesanta/mongoose/tree/master/examples/cookie_authentication >>> >>> On Wed, Oct 8, 2014 at 10:27 PM, jordi jordi90 <[email protected]> >>> wrote: >>> >>>> Could you put and example pls!! It would be really usefull!! >>>> >>>> 2014-10-08 23:07 GMT+02:00 Sergey Lyubka <[email protected]>: >>>> >>>>> Is restful API going to be used by humans that can actually login, or >>>>> by machines? >>>>> >>>>> Implementing functionality you're talking about is easy: >>>>> for RESTful mutations, check Cookie header for auth info. >>>>> If not present, send redirect to login. >>>>> Login page would send credentials, and server replies with Set-Cookie. >>>>> >>>>> >>>>> On Wed, Oct 8, 2014 at 4:04 PM, Carlos Tangerino < >>>>> [email protected]> wrote: >>>>> >>>>>> Thank you Sergey. >>>>>> The use case is: >>>>>> mongoose server a REST. >>>>>> User can view all the site if he is in a guest mode (no >>>>>> authentication). >>>>>> Once he try to save (post/put/delete) anything, the rest will decide >>>>>> if he can do or not, so maybe showing an error message and redirecting >>>>>> him >>>>>> to the login page. >>>>>> Thanks >>>>>> >>>>>> On Sunday, October 5, 2014 6:28:41 PM UTC+2, Sergey Lyubka wrote: >>>>>>> >>>>>>> chat.c has been removed. You can take a look at the older releases >>>>>>> for the reference: >>>>>>> https://github.com/cesanta/mongoose/blob/5.0/examples/chat.c >>>>>>> >>>>>>> We'll add a separate example for cookie-based auth soon. >>>>>>> >>>>>>> >>>>>>> On Sun, Oct 5, 2014 at 12:08 PM, Carlos Tangerino < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> The doc states >>>>>>>> several ways of implementing authentication on the server side. For >>>>>>>> another, 226 >>>>>>>> <https://github.com/cesanta/mongoose/blob/3a8ae7ac1735652ab1fa66d4ddd46c85b1b7faac/docs/API.md#L226>cookie-based >>>>>>>> way please refer to the examples/chat.c in the source tree. 227 >>>>>>>> <https://github.com/cesanta/mongoose/blob/3a8ae7ac1735652ab1fa66d4ddd46c85b1b7faac/docs/API.md#L227>If >>>>>>>> password is not NULL, entry is added (or modified if already exists). >>>>>>>> I could not find the chat.c file >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> Carlos >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "mongoose-users" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "mongoose-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "mongoose-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "mongoose-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "mongoose-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at http://groups.google.com/group/mongoose-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- > You received this message because you are subscribed to the Google Groups > "mongoose-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/mongoose-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "mongoose-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mongoose-users. For more options, visit https://groups.google.com/d/optout.
