From 9ab6d084dfa2900107f528fe50a59b381e1d7a6c Mon Sep 17 00:00:00 2001
From: Dmitry Frank <mail@dmitryfrank.com>
Date: Tue, 28 Nov 2017 01:45:13 +0200
Subject: [PATCH] Expose digest auth checking functions

PUBLISHED_FROM=1bfc6e332f56b68eb6155bb729a97a0d8d5a316c
---
 docs/c-api/http.h/intro.md                     |  2 ++
 docs/c-api/http.h/mg_http_is_authorized.md     | 16 ++++++++++++++++
 .../http.h/mg_http_send_digest_auth_request.md | 11 +++++++++++
 mongoose.c                                     | 18 ++++++++----------
 mongoose.h                                     | 17 +++++++++++++++++
 5 files changed, 54 insertions(+), 10 deletions(-)
 create mode 100644 docs/c-api/http.h/mg_http_is_authorized.md
 create mode 100644 docs/c-api/http.h/mg_http_send_digest_auth_request.md

diff --git a/docs/c-api/http.h/intro.md b/docs/c-api/http.h/intro.md
index 8459b6018..283ba7a19 100644
--- a/docs/c-api/http.h/intro.md
+++ b/docs/c-api/http.h/intro.md
@@ -5,6 +5,8 @@ decl_name: "http.h"
 items:
   - { name: mg_connect_ws.md }
   - { name: mg_connect_ws_opt.md }
+  - { name: mg_http_is_authorized.md }
+  - { name: mg_http_send_digest_auth_request.md }
   - { name: mg_printf_websocket_frame.md }
   - { name: mg_send_websocket_frame.md }
   - { name: mg_send_websocket_framev.md }
diff --git a/docs/c-api/http.h/mg_http_is_authorized.md b/docs/c-api/http.h/mg_http_is_authorized.md
new file mode 100644
index 000000000..92e05e2a7
--- /dev/null
+++ b/docs/c-api/http.h/mg_http_is_authorized.md
@@ -0,0 +1,16 @@
+---
+title: "mg_http_is_authorized()"
+decl_name: "mg_http_is_authorized"
+symbol_kind: "func"
+signature: |
+  int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
+                            int is_directory, const char *domain,
+                            const char *passwords_file, int is_global_pass_file);
+---
+
+Checks whether an http request is authorized. `domain` is the authentication
+realm, `passwords_file` is a htdigest file (can be created e.g. with
+`htdigest` utility). If either `domain` or `passwords_file` is NULL, this
+function always returns 1; otherwise checks the authentication in the
+http request and returns 1 only if there is a match; 0 otherwise. 
+
diff --git a/docs/c-api/http.h/mg_http_send_digest_auth_request.md b/docs/c-api/http.h/mg_http_send_digest_auth_request.md
new file mode 100644
index 000000000..77b7f0514
--- /dev/null
+++ b/docs/c-api/http.h/mg_http_send_digest_auth_request.md
@@ -0,0 +1,11 @@
+---
+title: "mg_http_send_digest_auth_request()"
+decl_name: "mg_http_send_digest_auth_request"
+symbol_kind: "func"
+signature: |
+  void mg_http_send_digest_auth_request(struct mg_connection *c,
+                                        const char *domain);
+---
+
+Sends 401 Unauthorized response. 
+
diff --git a/mongoose.c b/mongoose.c
index 76a254963..2f65114c9 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -7363,10 +7363,9 @@ int mg_check_digest_auth(struct mg_str method, struct mg_str uri,
   return 0;
 }
 
-static int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
-                                 int is_directory, const char *domain,
-                                 const char *passwords_file,
-                                 int is_global_pass_file) {
+int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
+                          int is_directory, const char *domain,
+                          const char *passwords_file, int is_global_pass_file) {
   char buf[MG_MAX_PATH];
   const char *p;
   FILE *fp;
@@ -7399,10 +7398,9 @@ static int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
   return authorized;
 }
 #else
-static int mg_http_is_authorized(struct http_message *hm,
-                                 const struct mg_str path, int is_directory,
-                                 const char *domain, const char *passwords_file,
-                                 int is_global_pass_file) {
+int mg_http_is_authorized(struct http_message *hm, const struct mg_str path,
+                          int is_directory, const char *domain,
+                          const char *passwords_file, int is_global_pass_file) {
   (void) hm;
   (void) path;
   (void) is_directory;
@@ -7942,8 +7940,8 @@ MG_INTERNAL int mg_is_not_modified(struct http_message *hm, cs_stat_t *st) {
   }
 }
 
-static void mg_http_send_digest_auth_request(struct mg_connection *c,
-                                             const char *domain) {
+void mg_http_send_digest_auth_request(struct mg_connection *c,
+                                      const char *domain) {
   mg_printf(c,
             "HTTP/1.1 401 Unauthorized\r\n"
             "WWW-Authenticate: Digest qop=\"auth\", "
diff --git a/mongoose.h b/mongoose.h
index e9df3cce7..e112a9400 100644
--- a/mongoose.h
+++ b/mongoose.h
@@ -4541,6 +4541,23 @@ extern void mg_hash_md5_v(size_t num_msgs, const uint8_t *msgs[],
 extern void mg_hash_sha1_v(size_t num_msgs, const uint8_t *msgs[],
                            const size_t *msg_lens, uint8_t *digest);
 
+/*
+ * Checks whether an http request is authorized. `domain` is the authentication
+ * realm, `passwords_file` is a htdigest file (can be created e.g. with
+ * `htdigest` utility). If either `domain` or `passwords_file` is NULL, this
+ * function always returns 1; otherwise checks the authentication in the
+ * http request and returns 1 only if there is a match; 0 otherwise.
+ */
+int mg_http_is_authorized(struct http_message *hm, struct mg_str path,
+                          int is_directory, const char *domain,
+                          const char *passwords_file, int is_global_pass_file);
+
+/*
+ * Sends 401 Unauthorized response.
+ */
+void mg_http_send_digest_auth_request(struct mg_connection *c,
+                                      const char *domain);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
-- 
GitLab