[api] include case where no device key is present in the db

This commit is contained in:
Bart Van Der Meerssche 2011-03-30 09:29:01 +00:00
parent d14866cb97
commit 65b5ac3f41
1 changed files with 16 additions and 10 deletions

View File

@ -90,23 +90,29 @@ is_authorized(ReqData, State) ->
is_auth_POST(ReqData, #state{rrdSensor = Sensor, digest = ClientDigest} = State) -> is_auth_POST(ReqData, #state{rrdSensor = Sensor, digest = ClientDigest} = State) ->
{data, Result} = mysql:execute(pool, device_key, [Sensor]), {data, Result} = mysql:execute(pool, device_key, [Sensor]),
[[Key]] = mysql:get_result_rows(Result),
case mysql:get_result_rows(Result) of
[[Key]] ->
Data = wrq:req_body(ReqData), Data = wrq:req_body(ReqData),
<<X:160/big-unsigned-integer>> = crypto:sha_mac(Key, Data), <<X:160/big-unsigned-integer>> = crypto:sha_mac(Key, Data),
ServerDigest = lists:flatten(io_lib:format("~40.16.0b", [X])), ServerDigest = lists:flatten(io_lib:format("~40.16.0b", [X])),
{case ServerDigest of {case ServerDigest of
ClientDigest -> true; ClientDigest -> true;
_WrongDigest -> "access refused" _WrongDigest -> "Incorrect digest"
end, end,
ReqData, State}. ReqData, State};
_NoKey ->
{"Device key has not been provisioned", ReqData, State}
end.
is_auth_GET(ReqData, #state{rrdSensor = RrdSensor, token = Token} = State) -> is_auth_GET(ReqData, #state{rrdSensor = RrdSensor, token = Token} = State) ->
{data, Result} = mysql:execute(pool, permissions, [RrdSensor, Token]), {data, Result} = mysql:execute(pool, permissions, [RrdSensor, Token]),
{case mysql:get_result_rows(Result) of {case mysql:get_result_rows(Result) of
[[62]] -> true; [[62]] -> true;
_Permission -> "access refused" _Permission -> "Access refused"
end, end,
ReqData, State}. ReqData, State}.