Merge branch 'master' of github.com:viabtc/viabtc_exchange_server

bloodcurdle · Nov 2, 2017 · 03ee624 · 03ee624
2 parents b8bb19e + f9f96f3
commit 03ee624
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -81,12 +81,19 @@ matchengine
 
 [HTTP Protocl](https://github.com/viabtc/viabtc_exchange_server/wiki/HTTP-Protocol) and [Websocket Protocl](https://github.com/viabtc/viabtc_exchange_server/wiki/WebSocket-Protocol) documents are available in Chinese. Should time permit, we will have it translated into English in the future.
 
+## Websocket authorization
+
+The websocket protocol has an authorization method (`server.auth`) which is used to authorize the websocket connection to subscribe to user specific events (trade and balance events).
+
+To accomodate this method your exchange frontend will need to supply an internal endpoint which takes an authorization token from the HTTP header named `Authorization` and validates that token and returns the user_id.
+
+The internal authorization endpoint is defined by the `auth_url` setting in the config file (`accessws/config.json`).
+
+Example response: `{"code": 0, "message": null, "data": {"user_id": 1}}`
+
 ## Donation
 
 * BTC: 14x3GrEoMLituT6vF2wcEbqMAxCvt2724s
 * BCC: 1364ZurPv8uTgnFr1uqowJDFF15aNFemkf
 * ETH: 0xA2913166AE0689C07fCB5C423559239bB2814b6D
 
-## Paid service
-
-If you need help deploying this system, we can provide paid technical support.
diff --git a/utils/ut_ws_svr.c b/utils/ut_ws_svr.c
@@ -129,8 +129,26 @@ static int on_http_message_complete(http_parser* parser)
     if (upgrade == NULL || strcasecmp(upgrade, "websocket") != 0)
         goto error;
     const char *connection = http_request_get_header(info->request, "Connection");
-    if (connection == NULL || strcasecmp(connection, "Upgrade") != 0)
+    if (connection == NULL)
         goto error;
+    else {
+        bool found_upgrade = false;
+        int count;
+        sds *tokens = sdssplitlen(connection, strlen(connection), ",", 1, &count); 
+        if (tokens == NULL)
+            goto error;
+        for (int i = 0; i < count; i++) {
+            sds token = tokens[i];
+            sdstrim(token, " ");
+            if (strcasecmp(token, "Upgrade") == 0) {
+                found_upgrade = true;
+                break;
+            }
+        }
+        sdsfreesplitres(tokens, count);
+        if (!found_upgrade)
+            goto error;
+    }
     const char *ws_version = http_request_get_header(info->request, "Sec-WebSocket-Version");
     if (ws_version == NULL || strcmp(ws_version, "13") != 0)
         goto error;