Merge pull request #111 from Tsu-ba-me/issues/7-protect-endpoints

Web UI: add login cookie guard to all endpoints included in release

cgi-bin/get_anvils

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_cpu

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_memory

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_networks

@@ -202,6 +202,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_replicated_storage

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_servers

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_shared_storage

@@ -113,6 +113,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/get_status

@@ -31,6 +31,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/set_membership

@@ -166,6 +166,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

cgi-bin/set_power

@@ -125,6 +125,15 @@ if (not $anvil->data->{sys}{database}{connections})
 	$anvil->nice_exit({exit_code => 1});
 }
 
+my $cookie_problem = $anvil->Account->read_cookies();
+
+# Don't do anything data-related if the user is not logged in.
+if ($cookie_problem)
+{
+	$anvil->Log->entry({ source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0307" });
+	$anvil->nice_exit({ exit_code => 1 });
+}
+
 # Read in any CGI variables, if needed.
 $anvil->Get->cgi();
 

share/words.xml

@@ -418,6 +418,7 @@ The attempt to start the servers appears to have failed. The return code '0' was
 		<key name="error_0304">Failed to parse the request body: [#!variable!request_body_string!#]. Reason: [#!variable!json_decode_error!#]</key>
 		<key name="error_0305">Unable to connect to the database, unable to manage a server at this time.</key>
 		<key name="error_0306">Unable to connect to the database, unable to provision a server at this time.</key>
+		<key name="error_0307">Failed to perform requested task(s) because the requester is not authenticated.</key>
 		
 		<!-- Files templates -->
 		<!-- NOTE: Translating these files requires an understanding of which lines are translatable -->