removing rmark after success chalanges

tempesta-tech · Sep 11, 2020 · 3a4a0df · 3a4a0df
1 parent 6d5cee6
commit 3a4a0df
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 10 deletions.
diff --git a/tempesta_fw/http_sess.c b/tempesta_fw/http_sess.c
@@ -47,6 +47,7 @@
 #include "hash.h"
 #include "http_msg.h"
 #include "http_sess.h"
+#include "http_sess_conf.h"
 #include "vhost.h"
 #include "filter.h"
 #include "tdb.h"
@@ -174,15 +175,16 @@ tfw_http_redir_mark_prepare(RedirMarkVal *mv, char *buf, unsigned int buf_len,
 }
 
 static int
-tfw_http_sticky_build_redirect(TfwHttpReq *req, StickyVal *sv, RedirMarkVal *mv)
+tfw_http_sticky_build_redirect(TfwHttpReq *req, StickyVal *sv, RedirMarkVal *mv,
+                               bool jsch_allow)
 {
 	unsigned long ts_be64 = cpu_to_be64(sv->ts);
 	TfwStr c_chunks[3], m_chunks[3], r_chunks[5], cookie = { 0 }, rmark = { 0 };
 	TfwHttpResp *resp;
 	char c_buf[sizeof(*sv) * 2], m_buf[sizeof(*mv) * 2];
 	TfwStr body = { 0 };
 	TfwStickyCookie *sticky;
-	int r;
+	int r, code;
 
 	WARN_ON_ONCE(!list_empty(&req->fwd_list));
 	WARN_ON_ONCE(!list_empty(&req->nip_list));
@@ -205,7 +207,7 @@ tfw_http_sticky_build_redirect(TfwHttpReq *req, StickyVal *sv, RedirMarkVal *mv)
 					    sizeof(m_chunks), &rmark);
 
 	sticky = req->vhost->cookie;
-	if (sticky->js_challenge) {
+	if (sticky->js_challenge && jsch_allow) {
 		if (mv) {
 			if (sticky->js_challenge->body.nchunks != 2)
 				return TFW_HTTP_SESS_FAILURE;
@@ -250,11 +252,10 @@ tfw_http_sticky_build_redirect(TfwHttpReq *req, StickyVal *sv, RedirMarkVal *mv)
 		cookie.nchunks++;
 	}
 
+	code = jsch_allow ? sticky->redirect_code: TFW_REDIR_STATUS_CODE_DFLT;
 	r = TFW_MSG_H2(req)
-		? tfw_h2_prep_redirect(resp, sticky->redirect_code, &rmark,
-				       &cookie, &body)
-		: tfw_h1_prep_redirect(resp, sticky->redirect_code, &rmark,
-				       &cookie, &body);
+		? tfw_h2_prep_redirect(resp, code, &rmark, &cookie, &body)
+		: tfw_h1_prep_redirect(resp, code, &rmark, &cookie, &body);
 	if (r) {
 		tfw_http_msg_free((TfwHttpMsg *)resp);
 		return TFW_HTTP_SESS_FAILURE;
@@ -719,7 +720,7 @@ tfw_http_sticky_challenge_start(TfwHttpReq *req, TfwStickyCookie *sticky,
 			return TFW_HTTP_SESS_FAILURE;
 	}
 
-	return tfw_http_sticky_build_redirect(req, sv, mvp);
+	return tfw_http_sticky_build_redirect(req, sv, mvp, true);
 }
 
 /*
@@ -1145,6 +1146,7 @@ tfw_http_sess_obtain(TfwHttpReq *req)
 	TfwStr *c_val = &ctx.cookie_val;
 	TdbRec *rec;
 	TdbGetAllocCtx tdb_ctx = { 0 };
+	TfwStr mark_val = {};
 
 	/*
 	 * If vhost is not known, then request is to be dropped. Don't save the
@@ -1213,6 +1215,9 @@ tfw_http_sess_obtain(TfwHttpReq *req)
 		 */
 		tdb_rec_put(rec);
 
+	if (tfw_http_redir_mark_get(req, &mark_val))
+		return tfw_http_sticky_build_redirect(req, sv, NULL, false);
+
 	return TFW_HTTP_SESS_SUCCESS;
 }
 

diff --git a/tempesta_fw/http_sess_conf.c b/tempesta_fw/http_sess_conf.c
@@ -30,7 +30,6 @@ static TfwVhost *cur_vhost;
 #define STICKY_NAME_DEFAULT	"__tfw"
 
 static const unsigned int tfw_cfg_jsch_code_dflt = 503;
-static const unsigned short tfw_cfg_redirect_st_code_dflt = 302;
 #define TFW_CFG_JS_PATH "/etc/tempesta/js_challenge.html"
 
 void
@@ -116,7 +115,7 @@ tfw_http_sess_cfgop_finish(TfwVhost *vhost, TfwCfgSpec *cs)
 		sticky->enforce = true;
 		sticky->redirect_code = sticky->js_challenge->st_code;
 	} else {
-		sticky->redirect_code = tfw_cfg_redirect_st_code_dflt;
+		sticky->redirect_code = TFW_REDIR_STATUS_CODE_DFLT;
 	}
 
 	cur_vhost = NULL;

diff --git a/tempesta_fw/http_sess_conf.h b/tempesta_fw/http_sess_conf.h
@@ -24,6 +24,8 @@
 #include "cfg.h"
 #include "http_types.h"
 
+#define TFW_REDIR_STATUS_CODE_DFLT 302
+
 extern TfwCfgSpec tfw_http_sess_specs[];
 
 int tfw_http_sess_cfgop_begin(TfwVhost *vhost, TfwCfgSpec *cs, TfwCfgEntry *ce);