From ed57c00227bd9cd8e81c0ba2cdd3dff2cdbd54a8 Mon Sep 17 00:00:00 2001 From: Claude Code Date: Sun, 17 Aug 2025 21:22:01 -0400 Subject: [PATCH 1/2] add URL parameter authentication support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow authentication via URL parameter as an alternative to HTTP Basic Auth header. This enables authentication in scenarios where headers cannot be easily set. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- src/http.c | 9 +++++++++ src/protocol.c | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/http.c b/src/http.c index eea62afd1..2e7c66f17 100644 --- a/src/http.c +++ b/src/http.c @@ -33,10 +33,19 @@ static int check_auth(struct lws *wsi, struct pss_http *pss) { if(server->credential != NULL) { char buf[256]; + char urlarg_buf[256]; + + // Check for authorization in headers (default option) int len = lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_HTTP_AUTHORIZATION); if (len >= 7 && strstr(buf, "Basic ")) { if (!strcmp(buf + 6, server->credential)) return AUTH_OK; } + + // Check for authorization in URL parameters + if (lws_get_urlarg_by_name(wsi, "authorization", urlarg_buf, sizeof(urlarg_buf)) == 0) { + if (!strcmp(urlarg_buf, server->credential)) return AUTH_OK; + } + return send_unauthorized(wsi, HTTP_STATUS_UNAUTHORIZED, WSI_TOKEN_HTTP_WWW_AUTHENTICATE); } diff --git a/src/protocol.c b/src/protocol.c index 53e65d4dd..15fa8db9d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -187,8 +187,17 @@ static bool check_auth(struct lws *wsi, struct pss_tty *pss) { if (server->credential != NULL) { char buf[256]; + char urlarg_buf[256]; + size_t n = lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_HTTP_AUTHORIZATION); - return n >= 7 && strstr(buf, "Basic ") && !strcmp(buf + 6, server->credential); + if (n >= 7 && strstr(buf, "Basic ") && !strcmp(buf + 6, server->credential)) return true; + + // Check for authorization in URL parameters + if (lws_get_urlarg_by_name(wsi, "authorization", urlarg_buf, sizeof(urlarg_buf)) > 0) { + if (!strcmp(urlarg_buf, server->credential)) return true; + } + + return false; } return true; From 3ea13d27d06f427289b0e1957e2f716c916e079e Mon Sep 17 00:00:00 2001 From: Claude Code Date: Sun, 17 Aug 2025 21:49:57 -0400 Subject: [PATCH 2/2] fix URL parameter auth check condition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Correct the return value check for lws_get_urlarg_by_name to properly detect when the parameter is present. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- src/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http.c b/src/http.c index 2e7c66f17..7e38ed336 100644 --- a/src/http.c +++ b/src/http.c @@ -42,7 +42,7 @@ static int check_auth(struct lws *wsi, struct pss_http *pss) { } // Check for authorization in URL parameters - if (lws_get_urlarg_by_name(wsi, "authorization", urlarg_buf, sizeof(urlarg_buf)) == 0) { + if (lws_get_urlarg_by_name(wsi, "authorization", urlarg_buf, sizeof(urlarg_buf)) > 0) { if (!strcmp(urlarg_buf, server->credential)) return AUTH_OK; }