From 8f7f74cf0f297e2b8476fc4c670515f8940580ea Mon Sep 17 00:00:00 2001
From: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Mon, 12 May 2008 19:37:50 +0000
Subject: [PATCH] Add support for blacklists and whitelists, just http password
 auth to go (the most complex part)

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9711 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/m_httpd_acl.cpp | 47 ++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 11 deletions(-)

diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp
index 18270507c..903e83f26 100644
--- a/src/modules/m_httpd_acl.cpp
+++ b/src/modules/m_httpd_acl.cpp
@@ -91,6 +91,15 @@ class ModuleHTTPAccessList : public Module
 		ServerInstance->Modules->Attach(eventlist, this, 2);
 	}
 
+	void BlockAccess(HTTPRequest* http, Event* event)
+	{
+		std::stringstream data("Access to this resource is denied by an access control list. Please contact your IRC administrator.");
+		HTTPDocument response(http->sock, &data, 403);
+		response.headers.SetHeader("X-Powered-By", "m_httpd_acl.so");
+		Request req((char*)&response, (Module*)this, event->GetSource());
+		req.Send();
+	}
+
 	void OnEvent(Event* event)
 	{
 		std::stringstream data("");
@@ -107,27 +116,43 @@ class ModuleHTTPAccessList : public Module
 					if (!this_acl->blacklist.empty())
 					{
 						/* Blacklist */
+						irc::commasepstream sep(this_acl->blacklist);
+						std::string entry;
+
+						while (sep.GetToken(entry))
+						{
+							if (match(http->GetIP(), entry))
+							{
+								BlockAccess(http, event);
+								return;
+							}
+						}
 					}
 					if (!this_acl->whitelist.empty())
 					{
 						/* Whitelist */
+						irc::commasepstream sep(this_acl->whitelist);
+						std::string entry;
+						bool allow_access = false;
+
+						while (sep.GetToken(entry))
+						{
+							if (match(http->GetIP(), entry))
+								allow_access = true;
+						}
+
+						if (!allow_access)
+						{
+							BlockAccess(http, event);
+							return;
+						}
 					}
 					if (!this_acl->password.empty())
 					{
-						/* Password auth */
+						/* Password auth, first look to see if we have a basic authentication header */
 					}
 				}
 			}
-
-			//if ((http->GetURI() == "/stats") || (http->GetURI() == "/stats/"))
-			//{
-				/* Send the document back to m_httpd */
-			//	HTTPDocument response(http->sock, &data, 200);
-			//	response.headers.SetHeader("X-Powered-By", "m_httpd_stats.so");
-			//	response.headers.SetHeader("Content-Type", "text/xml");
-			//	Request req((char*)&response, (Module*)this, event->GetSource());
-			//	req.Send();
-			//}
 		}
 	}
 
-- 
2.39.5