server side Authoricator

server side Authoricator:
file: main.asc

load("N2Authoricator.asc")
application.onAppStart = function()
{
this.authoricator = new N2Authoricator("allowedHTMLdomains.txt","allowedSWFdomains.txt");
}
application.onConnect = function(p_client)
{
this.authoricator.checkClient(p_client) ? this.acceptConnection(p_client) : this.rejectConnection(p_client)
}

N2Authoricator.asc

/*
------------------------------------------
allowedHTMLdomains.txt and allowedSWFdomains.txt
------------------------------------------
# This configuration file can be used to specify the domains which are
# allowed to host an HTML file which can possibly embed a client .swf file
# for Live (out of the box) application. By default, this authentication is
# disabled
#
# - There can be at most one domain entry per line e.g. to add domains
# http://myhost1.com and https://www.abc.myhost2.com the corresponding entries should be:
#
# myhost1.com
# www.abc.myhost2.com
#
# NOTE: There must not be any space character in the line containing a domain entry.
# Such entries are discarded by this application after logging a warning Message .
#
# - Adding an entry for a domain also allows all its subdomains to have file hosting
# permission.
#
# - An Asterisk (*) can be used to allow all domains to successfully authenticate.
#
# - Applicable only for the cases when the html page is accessed through http/https URL.
#
#
# To enable domain name based authentication for HTML file hosts, remove the following *
# and add new entries.
-----------------------------------------
*/

try { var dummy = N2Authoricator; } catch ( e ) {

load("N2StringUtils.asc")

N2Authoricator = function(htmlAuthFile,swfAuthFile)
{
trace("#Authoricator# constructor ");
this.HTMLDomainsAuth = this.SWFDomainsAuth = false
if(htmlAuthFile!=undefined && htmlAuthFile!="")
{
this.HTMLDomainsAuth = true
this.allowedHTMLDomains = this.readValidDomains(htmlAuthFile,"HTMLDomains");
}
if(swfAuthFile!=undefined && swfAuthFile !="")
{
this.SWFDomainsAuth = true
this.allowedSWFDomains = this.readValidDomains(swfAuthFile,"SWFDomains");
}

}

//public
N2Authoricator.prototype.checkClient = function (p_client)
{
trace("## Authoricator pageUrl ## "+ p_client.pageUrl)
trace("## Authoricator referrer ## "+ p_client.referrer)
if(p_client.agent.indexOf("FME")==-1)
{

// Authenticating HTML file's domain for the request :
// Don't call validate() when the request is from localhost
// or HTML Domains Authentication is off.
if ((p_client.ip != "127.0.0.1") && this.HTMLDomainsAuth
&& !this.validate( p_client.pageUrl, this.allowedHTMLDomains ) )
{
trace("unknown pageurl " + p_client.pageUrl + ", rejecting connection");
return false;
}

// Authenticating the SWF file's domain for the request :
// Don't call validate() when the request is from localhost
// or SWF Domains Authentication is off.
if ((p_client.ip != "127.0.0.1") && this.SWFDomainsAuth
&& !this.validate( p_client.referrer, this.allowedSWFDomains ) )
{
trace("unknown referrer " + p_client.referrer + ", rejecting connection");
return false;
}
return true
}
}

// public
N2Authoricator.prototype.isFME = function (p_client)
{

return p_client.agent.indexOf("FME")!= -1

}

//private
N2Authoricator.prototype.validate = function( url, patterns )
{
// Convert to lower case
url = url.toLowerCase();
var domainStartPos = 0; // domain start position in the URL
var domainEndPos = 0; // domain end position in the URL

switch (url.indexOf( "://" ))
{
case 4:
if(url.indexOf( "http://" ) ==0)
domainStartPos = 7;
break;
case 5:
if(url.indexOf( "https://" ) ==0)
domainStartPos = 8;
break;
}
if(domainStartPos == 0)
{
// URL must be HTTP or HTTPS protocol based
return false;
}
domainEndPos = url.indexOf("/", domainStartPos);
if(domainEndPos>0)
{
colonPos = url.indexOf(":", domainStartPos);
if( (colonPos>0) && (domainEndPos > colonPos))
{
// probably URL contains a port number
domainEndPos = colonPos; // truncate the port number in the URL
}
}
for ( var i = 0; i < patterns.length; i++ )
{
var pos = url.lastIndexOf( patterns[i]);
if ( (pos > 0) && (pos < domainEndPos) && (domainEndPos == (pos + patterns[i].length)) )
return true;
}
return false;
}

//private
N2Authoricator.prototype.readValidDomains = function( fileName , domainsType )
{
var domainFile = new File(fileName);
var domainsArray = new Array();
var index = 0;
var lineCount = 0;
var tempLine;
domainFile.open("text", "read");

// Read the file line-by-line and fill the domainsArray
// with valid entries
while (domainFile.isOpen && ! domainFile.eof() )
{

tempLine = domainFile.readln();
lineCount++;
if( !tempLine || tempLine.indexOf("#") == 0)
{
continue;
}
tempLine = N2StringUtils.trim(tempLine)
//tempLine = tempLine.trim();
if(tempLine.indexOf(" ")!=-1)
{
trace("undesired , domain entry ignored. "+fileName+":"+(lineCount+1));
}
else
{
domainsArray[index] = tempLine.toLowerCase();
index++;

if(tempLine == "*")
{
switch (domainsType){

case "HTMLDomains":
trace ("Found wildcard (*) entry: disabling authentication for HTML file domains ") ;
this.HTMLDomainsAuth = false;
break;

case "SWFDomains":
trace ("Found wildcard (*) entry: disabling authentication for SWF file domains ") ;
this.SWFDomainsAuth = false;
break;

default:
// Do nothing
break;
}
}
}
} // End while

// Something is wrong! the domains file must be accessible.
if( !domainFile.isOpen){
trace("Error: could not open '"+fileName+"', rejecting all clients except localhost. ");

}
else
{
domainFile.close();
}

return domainsArray;
}
}

N2StringUtils.asc

try { var dummy = N2StringUtils; } catch ( e ) {

N2StringUtils = function(){}

N2StringUtils.trim = function (str)
{
return str.replace(/^\s*/, "").replace(/\s*$/, "");
}

N2StringUtils.hiliteURLs = function(msg)
{

//+
//escape all <
//-
var escaped = "";
var ltPos = msg.indexOf("<");
while (ltPos != -1) {
escaped = msg.substring(0, ltPos) + "<" + msg.substring(ltPos+1,msg.length);
//trace ("escaped: "+escaped);
msg = escaped;
ltPos = msg.indexOf("<");
}

//+
//escape all >
//-
var escaped = "";
var ltPos = msg.indexOf(">");
while (ltPos != -1) {
escaped = msg.substring(0, ltPos) + ">" + msg.substring(ltPos+1,msg.length);
//trace ("escaped: "+escaped);
msg = escaped;
ltPos = msg.indexOf(">");
}

//+
//highlight urls
//-
var url_begin = msg.indexOf("http:");
if ( url_begin == -1 )
url_begin = msg.indexOf("www.");

if ( url_begin == -1 )
return msg;

var hilited = msg.substring(0, url_begin);
var url_end = msg.indexOf( " ", url_begin );

var urlstr = "";
if ( url_end == -1 )
urlstr = msg.substring(url_begin);
else
urlstr = msg.substring(url_begin, url_end);

var urlref = urlstr;
if ( urlstr.indexOf("www.") == 0 )
urlref = "http://" + urlstr;

var trailer = "";
if ( url_end != -1 )
trailer = this.hiliteURLs( msg.substring(url_end) );

hilited += "" + urlstr + "" + trailer;
//hilited += "" + urlstr + "" + trailer;

return hilited;
}
}

detail here:
http://fmsguru.com/forum/messages.cfm?threadid=4122C516-C410-E2B3-D4A94F0F87E4949F
http://nshen.net/blog/article.asp?id=595

Nhận xét

Bài đăng phổ biến từ blog này

Ký tự viết tắt trong chat & email

Category 5 / 5E & Cat 6 Cabling Tutorial and FAQ's

Ubuntu LAMP Server