Add param parser and role check.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-05-28 00:51:25 +02:00 · 2026-04-26 21:10:47 +02:00
parent c8b5bf8f82
commit a7b143f0d8
2 changed files with 39 additions and 7 deletions
--- a/src/usb/lwip/rest_server.c
+++ b/src/usb/lwip/rest_server.c
@@ -695,7 +695,13 @@ void rest_handle_request(rest_conn_t *conn) {
        if (routes[i].path == NULL || routes[i].handler == NULL) {
            continue;
        }
-        if (strcmp(routes[i].path, request->path) != 0) {
+        if (routes[i].param_parser != NULL) {
+            int result = routes[i].param_parser(request->path, routes[i].path, request->params);
+            if (result < 0) {
+                continue;
+            }
+        }
+        else if (strcmp(routes[i].path, request->path) != 0) {
            continue;
        }
        if (!(routes[i].method & request->method)) {
@@ -716,6 +722,10 @@ void rest_handle_request(rest_conn_t *conn) {
                send_json_error(conn, 401, "authentication_required");
                return;
            }
+            if (session->role < routes[i].role) {
+                send_json_error(conn, 403, "insufficient_privileges");
+                return;
+            }
            if (session->last_activity_timestamp + REST_SESSION_TIMEOUT_INACTIVITY_MS < board_millis() || session->created_at + REST_SESSION_TIMEOUT_TOTAL_MS < board_millis()) {
                session->status = REST_SESSION_EXPIRED;
                send_json_error(conn, 401, "session_expired");