diff options
Diffstat (limited to 'jsonrpc/request.esp')
-rw-r--r-- | jsonrpc/request.esp | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/jsonrpc/request.esp b/jsonrpc/request.esp index 5a1408df62..1cd22a71a8 100644 --- a/jsonrpc/request.esp +++ b/jsonrpc/request.esp @@ -19,6 +19,10 @@ jsonrpc_include("json.esp"); /* Bring in the date class */ jsonrpc_include("jsondate.esp"); +/* Load the authentication script */ +jsonrpc_include("json_auth.esp"); + + /* bring the string functions into the global frame */ string_init(global); @@ -165,22 +169,27 @@ function _jsonValidRequest(req) return false; } - if (req.id == undefined) + if (typeof(req) != "object") { return false; } - if (req.service == undefined) + if (req["id"] == undefined) { return false; } - if (req.method == undefined) + if (req["service"] == undefined) { return false; } - if (req.params == undefined) + if (req["method"] == undefined) + { + return false; + } + + if (req["params"] == undefined) { return false; } @@ -411,7 +420,7 @@ if (jsonrpc_include(servicePath)) * The following completely unreasonable sequence of commands is because: * * (a) ejs evaluates all OR'ed expressions even if an early one is false, and - * bars on the typeof(method) call if method is undefined + * barfs on the typeof(method) call if method is undefined * * (b) ejs does not allow comparing against the string "function"!!! What * the hell is special about that particular string??? @@ -437,6 +446,15 @@ if (! valid) return; } +/* Ensure the logged-in user is allowed to issue the requested method */ +if (! json_authenticate(serviceComponents, method)) +{ + error.setError(jsonrpc.Constant.ErrorCode.PermissionDenied, + "Permission denied"); + error.Send(); + return; +} + /* Most errors from here on out will be Application-generated */ error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application); @@ -456,4 +474,10 @@ var ret = new Object(); ret.result = retval; ret.id = jsonInput.id; sendReply(Json.encode(ret), scriptTransportId); + +/* + * Local Variables: + * mode: c + * End: + */ %> |