check session in json api

This commit is contained in:
Martijn Voncken 2008-07-12 06:49:13 +00:00
parent f2120b1131
commit e6a8123939
1 changed files with 16 additions and 3 deletions

View File

@ -43,12 +43,16 @@ design:
from traceback import format_exc from traceback import format_exc
import web import web
from web import webapi from web import webapi
import page_decorators as deco
from web import cookies, setcookie as w_setcookie
import utils
from deluge.ui.client import sclient,aclient from deluge.ui.client import sclient,aclient
from deluge.log import LOG as log from deluge.log import LOG as log
from deluge import component from deluge import component
from utils import dict_cb from utils import dict_cb
from lib import json from lib import json
class json_rpc: class json_rpc:
""" """
== Full client api == == Full client api ==
@ -59,9 +63,18 @@ class json_rpc:
def GET(self): def GET(self):
print '{"error":"only POST is supported"}' print '{"error":"only POST is supported"}'
#security bug: does not check session!!
def POST(self): def POST(self , name=None):
web.header("Content-Type", "application/x-json") ck = cookies()
if not(ck.has_key("session_id") and ck["session_id"] in utils.SESSIONS):
print """{"error":{
"number":1,
"message":"not authenticated"
"error":"not authenticated"
}
}
"""
return
id = 0 id = 0
try: try:
log.debug("json-data:") log.debug("json-data:")