forked from TOROnetwork/Chain
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRole.h
90 lines (77 loc) · 2.99 KB
/
Role.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2012, 2013 Ripple Labs Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#ifndef RIPPLE_SERVER_ROLE_H_INCLUDED
#define RIPPLE_SERVER_ROLE_H_INCLUDED
#include <ripple/beast/net/IPEndpoint.h>
#include <ripple/json/json_value.h>
#include <ripple/resource/ResourceManager.h>
#include <ripple/server/Handoff.h>
#include <ripple/server/Port.h>
#include <boost/utility/string_view.hpp>
#include <string>
#include <vector>
namespace ripple {
/** Indicates the level of administrative permission to grant.
* IDENTIFIED role has unlimited resources but cannot perform some
* RPC commands.
* ADMIN role has unlimited resources and is able to perform all RPC
* commands.
*/
enum class Role
{
GUEST,
USER,
IDENTIFIED,
ADMIN,
PROXY,
FORBID
};
/** Return the allowed privilege role.
params must meet the requirements of the JSON-RPC
specification. It must be of type Object, containing the key params
which is an array with at least one object. Inside this object
are the optional keys 'admin_user' and 'admin_password' used to
validate the credentials. If user is non-blank, it's username
passed in the HTTP header by a secure_gateway proxy.
*/
Role
requestRole (Role const& required, Port const& port,
Json::Value const& params, beast::IP::Endpoint const& remoteIp,
boost::string_view const& user);
Resource::Consumer
requestInboundEndpoint (Resource::Manager& manager,
beast::IP::Endpoint const& remoteAddress, Role const& role,
boost::string_view const& user, boost::string_view const& forwardedFor);
/**
* Check if the role entitles the user to unlimited resources.
*/
bool
isUnlimited (Role const& role);
/**
* True if remoteIp is in any of adminIp
*
* @param remoteIp Remote address for which to search.
* @param adminIp List of IP's in which to search.
* @return Whether remoteIp is in adminIp.
*/
bool
ipAllowed (beast::IP::Address const& remoteIp,
std::vector<beast::IP::Address> const& adminIp);
boost::string_view
forwardedFor(http_request_type const& request);
} // ripple
#endif