/*
** Implementation of /json/timeline/wiki.
**
*/
cson_value * json_timeline_wiki(){
/* This code is 95% the same as json_timeline_ci(), by the way. */
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_array * list = NULL;
int check = 0;
Stmt q = empty_Stmt;
Blob sql = empty_blob;
if( !g.perm.RdWiki && !g.perm.Read ){
json_set_err( FSL_JSON_E_DENIED, "Wiki timeline requires 'o' or 'j' access.");
return NULL;
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "w", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
#if 0
/* only for testing! */
cson_object_set(pay, "timelineSql", cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql))));
#endif
db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/);
blob_reset(&sql);
db_prepare(&q, "SELECT"
" uuid AS uuid,"
" mtime AS timestamp,"
#if 0
" timestampString AS timestampString,"
#endif
" comment AS comment, "
" user AS user,"
" eventType AS eventType"
#if 0
/* can wiki pages have tags? */
" tags AS tags," /*FIXME: split this into
a JSON array*/
" tagId AS tagId,"
#endif
" FROM json_timeline"
" ORDER BY rowid");
list = cson_new_array();
json_stmt_to_array_of_obj(&q, list);
cson_object_set(pay, "timeline", cson_array_value(list));
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
db_finalize(&q);
blob_reset(&sql);
return payV;
}
/*
** Implements the /json/whoami page/command.
*/
cson_value * json_page_whoami(){
cson_value * payload = NULL;
cson_object * obj = NULL;
Stmt q;
if(!g.json.authToken){
/* assume we just logged out. */
db_prepare(&q, "SELECT login, cap FROM user WHERE login='******'");
}
else{
db_prepare(&q, "SELECT login, cap FROM user WHERE uid=%d",
g.userUid);
}
if( db_step(&q)==SQLITE_ROW ){
/* reminder: we don't use g.zLogin because it's 0 for the guest
user and the HTML UI appears to currently allow the name to be
changed (but doing so would break other code). */
char const * str;
payload = cson_value_new_object();
obj = cson_value_get_object(payload);
str = (char const *)sqlite3_column_text(q.pStmt,0);
if( str ){
cson_object_set( obj, "name",
cson_value_new_string(str,strlen(str)) );
}
str = (char const *)sqlite3_column_text(q.pStmt,1);
if( str ){
cson_object_set( obj, "capabilities",
cson_value_new_string(str,strlen(str)) );
}
if( g.json.authToken ){
cson_object_set( obj, "authToken", g.json.authToken );
}
}else{
g.json.resultCode = FSL_JSON_E_RESOURCE_NOT_FOUND;
}
db_finalize(&q);
return payload;
}
/*
** Implementation of the /json/anonymousPassword page.
*/
cson_value * json_page_anon_password(){
cson_value * v = cson_value_new_object();
cson_object * o = cson_value_get_object(v);
unsigned const int seed = captcha_seed();
char const * zCaptcha = captcha_decode(seed);
cson_object_set(o, "seed",
cson_value_new_integer( (cson_int_t)seed )
);
cson_object_set(o, "password",
cson_value_new_string( zCaptcha, strlen(zCaptcha) )
);
return v;
}
/*
** Generates a diff between two versions (zFrom and zTo), using nContext
** content lines in the output. On success, returns a new JSON String
** object. On error it sets g.json's error state and returns NULL.
**
** If fSbs is true (non-0) them side-by-side diffs are used.
**
** If fHtml is true then HTML markup is added to the diff.
*/
cson_value * json_generate_diff(const char *zFrom, const char *zTo,
int nContext, char fSbs,
char fHtml){
int fromid;
int toid;
int outLen;
Blob from = empty_blob, to = empty_blob, out = empty_blob;
cson_value * rc = NULL;
int flags = (DIFF_CONTEXT_MASK & nContext)
| (fSbs ? DIFF_SIDEBYSIDE : 0)
| (fHtml ? DIFF_HTML : 0);
fromid = name_to_typed_rid(zFrom, "*");
if(fromid<=0){
json_set_err(FSL_JSON_E_UNRESOLVED_UUID,
"Could not resolve 'from' ID.");
return NULL;
}
toid = name_to_typed_rid(zTo, "*");
if(toid<=0){
json_set_err(FSL_JSON_E_UNRESOLVED_UUID,
"Could not resolve 'to' ID.");
return NULL;
}
content_get(fromid, &from);
content_get(toid, &to);
blob_zero(&out);
text_diff(&from, &to, &out, 0, flags);
blob_reset(&from);
blob_reset(&to);
outLen = blob_size(&out);
if(outLen>=0){
rc = cson_value_new_string(blob_buffer(&out),
(unsigned int)blob_size(&out));
}
blob_reset(&out);
return rc;
}
/*
** Impl for /json/report/run
**
** Options/arguments:
**
** report=int (CLI: -report # or -r #) is the report number to run.
**
** limit=int (CLI: -limit # or -n #) -n is for compat. with other commands.
**
** format=a|o Specifies result format: a=each row is an arry, o=each
** row is an object. Default=o.
*/
static cson_value * json_report_run(){
int nReport;
Stmt q = empty_Stmt;
cson_object * pay = NULL;
cson_array * tktList = NULL;
char const * zFmt;
char * zTitle = NULL;
Blob sql = empty_blob;
int limit = 0;
cson_value * colNames = NULL;
int i;
if(!g.perm.RdTkt){
json_set_err(FSL_JSON_E_DENIED,
"Requires 'r' privileges.");
return NULL;
}
nReport = json_report_get_number(3);
if(nReport <=0){
json_set_err(FSL_JSON_E_MISSING_ARGS,
"Missing or invalid 'number' (-n) parameter.");
goto error;
}
zFmt = json_find_option_cstr2("format",NULL,"f",3);
if(!zFmt) zFmt = "o";
db_prepare(&q,
"SELECT sqlcode, "
" title"
" FROM reportfmt"
" WHERE rn=%d",
nReport);
if(SQLITE_ROW != db_step(&q)){
json_set_err(FSL_JSON_E_INVALID_ARGS,
"Report number %d not found.",
nReport);
db_finalize(&q);
goto error;
}
limit = json_find_option_int("limit",NULL,"n",-1);
/* Copy over report's SQL...*/
blob_append(&sql, db_column_text(&q,0), -1);
zTitle = mprintf("%s", db_column_text(&q,1));
db_finalize(&q);
db_prepare(&q, "%s", blob_str(&sql));
/** Build the response... */
pay = cson_new_object();
cson_object_set(pay, "report", json_new_int(nReport));
cson_object_set(pay, "title", json_new_string(zTitle));
if(limit>0){
cson_object_set(pay, "limit", json_new_int((limit<0) ? 0 : limit));
}
free(zTitle);
zTitle = NULL;
if(g.perm.TktFmt){
cson_object_set(pay, "sqlcode",
cson_value_new_string(blob_str(&sql),
(unsigned int)blob_size(&sql)));
}
blob_reset(&sql);
colNames = cson_sqlite3_column_names(q.pStmt);
cson_object_set( pay, "columnNames", colNames);
for( i = 0 ; ((limit>0) ?(i < limit) : 1)
&& (SQLITE_ROW == db_step(&q));
++i){
cson_value * row = ('a'==*zFmt)
? cson_sqlite3_row_to_array(q.pStmt)
: cson_sqlite3_row_to_object2(q.pStmt,
cson_value_get_array(colNames));
;
if(row && !tktList){
tktList = cson_new_array();
}
cson_array_append(tktList, row);
}
db_finalize(&q);
cson_object_set(pay, "tickets",
tktList ? cson_array_value(tktList) : cson_value_null());
goto end;
error:
assert(0 != g.json.resultCode);
cson_value_free( cson_object_value(pay) );
pay = NULL;
end:
return pay ? cson_object_value(pay) : NULL;
}
/*
** Implementation of the /json/login page.
**
*/
cson_value * json_page_login(){
char preciseErrors = /* if true, "complete" JSON error codes are used,
else they are "dumbed down" to a generic login
error code.
*/
#if 1
g.json.errorDetailParanoia ? 0 : 1
#else
0
#endif
;
/*
FIXME: we want to check the GET/POST args in this order:
- GET: name, n, password, p
- POST: name, password
but a bug in cgi_parameter() is breaking that, causing PD() to
return the last element of the PATH_INFO instead.
Summary: If we check for P("name") first, then P("n"),
then ONLY a GET param of "name" will match ("n"
is not recognized). If we reverse the order of the
checks then both forms work. Strangely enough, the
"p"/"password" check is not affected by this.
*/
char const * name = cson_value_get_cstr(json_req_payload_get("name"));
char const * pw = NULL;
char const * anonSeed = NULL;
cson_value * payload = NULL;
int uid = 0;
/* reminder to self: Fossil internally (for the sake of /wiki)
interprets paths in the form /foo/bar/baz such that P("name") ==
"bar/baz". This collides with our name/password checking, and
thus we do some rather elaborate name=... checking.
*/
pw = cson_value_get_cstr(json_req_payload_get("password"));
if( !pw ){
pw = PD("p",NULL);
if( !pw ){
pw = PD("password",NULL);
}
}
if(!pw){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOPW
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
if( !name ){
name = PD("n",NULL);
if( !name ){
name = PD("name",NULL);
if( !name ){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NONAME
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
}
}
if(0 == strcmp("anonymous",name)){
/* check captcha/seed values... */
enum { SeedBufLen = 100 /* in some JSON tests i once actually got an
80-digit number.
*/
};
static char seedBuffer[SeedBufLen];
cson_value const * jseed = json_getenv(FossilJsonKeys.anonymousSeed);
seedBuffer[0] = 0;
if( !jseed ){
jseed = json_req_payload_get(FossilJsonKeys.anonymousSeed);
if( !jseed ){
jseed = json_getenv("cs") /* name used by HTML interface */;
}
}
if(jseed){
if( cson_value_is_number(jseed) ){
sprintf(seedBuffer, "%"CSON_INT_T_PFMT, cson_value_get_integer(jseed));
anonSeed = seedBuffer;
}else if( cson_value_is_string(jseed) ){
anonSeed = cson_string_cstr(cson_value_get_string(jseed));
}
}
if(!anonSeed){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOSEED
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
}
#if 0
{
/* only for debugging the PD()-incorrect-result problem */
cson_object * o = NULL;
uid = login_search_uid( name, pw );
payload = cson_value_new_object();
o = cson_value_get_object(payload);
cson_object_set( o, "n", cson_value_new_string(name,strlen(name)));
cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw)));
return payload;
}
#endif
uid = anonSeed
? login_is_valid_anonymous(name, pw, anonSeed)
: login_search_uid(name, pw)
;
if( !uid ){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOTFOUND
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}else{
char * cookie = NULL;
cson_object * po;
char * cap = NULL;
if(anonSeed){
login_set_anon_cookie(NULL, &cookie);
}else{
login_set_user_cookie(name, uid, &cookie);
}
payload = cson_value_new_object();
po = cson_value_get_object(payload);
cson_object_set(po, "authToken", json_new_string(cookie));
free(cookie);
cson_object_set(po, "name", json_new_string(name));
cap = db_text(NULL, "SELECT cap FROM user WHERE login=%Q", name);
cson_object_set(po, "capabilities", cap ? json_new_string(cap) : cson_value_null() );
free(cap);
cson_object_set(po, "loginCookieName", json_new_string( login_cookie_name() ) );
/* TODO: add loginExpiryTime to the payload. To do this properly
we "should" add an ([unsigned] int *) to
login_set_user_cookie() and login_set_anon_cookie(), to which
the expiry time is assigned. (Remember that JSON doesn't do
unsigned int.)
For non-anonymous users we could also simply query the
user.cexpire db field after calling login_set_user_cookie(),
but for anonymous we need to get the time when the cookie is
set because anon does not get a db entry like normal users
do. Anonymous cookies currently have a hard-coded lifetime in
login_set_anon_cookie() (currently 6 hours), which we "should
arguably" change to use the time configured for non-anonymous
users (see login_set_user_cookie() for details).
*/
return payload;
}
}
cson_value * json_artifact_file(cson_object * zParent, int rid){
cson_object * pay = NULL;
Stmt q = empty_Stmt;
cson_array * checkin_arr = NULL;
char contentFormat;
i64 contentSize = -1;
char * parentUuid;
if( ! g.perm.Read ){
json_set_err(FSL_JSON_E_DENIED,
"Requires 'o' privileges.");
return NULL;
}
pay = zParent;
contentFormat = json_artifact_get_content_format_flag();
if( 0 != contentFormat ){
Blob content = empty_blob;
const char *zMime;
char const * zFormat = (contentFormat<1) ? "raw" : "html";
content_get(rid, &content);
zMime = mimetype_from_content(&content);
cson_object_set(zParent, "contentType",
json_new_string(zMime ? zMime : "text/plain"));
if(!zMime){/* text/plain */
if(0 < blob_size(&content)){
if( 0 < contentFormat ){/*HTML-size it*/
Blob html = empty_blob;
wiki_convert(&content, &html, 0);
assert( blob_size(&content) < blob_size(&html) );
blob_swap( &html, &content );
assert( blob_size(&content) > blob_size(&html) );
blob_reset( &html );
}/*else as-is*/
}
cson_object_set(zParent, "content",
cson_value_new_string(blob_str(&content),
(unsigned int)blob_size(&content)));
}/*else binary: ignore*/
contentSize = blob_size(&content);
cson_object_set(zParent, "contentSize", json_new_int(contentSize) );
cson_object_set(zParent, "contentFormat", json_new_string(zFormat) );
blob_reset(&content);
}
contentSize = db_int64(-1, "SELECT size FROM blob WHERE rid=%d", rid);
assert( -1 < contentSize );
cson_object_set(zParent, "size", json_new_int(contentSize) );
parentUuid = db_text(NULL,
"SELECT DISTINCT p.uuid "
"FROM blob p, blob f, mlink m "
"WHERE m.pid=p.rid "
"AND m.fid=f.rid "
"AND f.rid=%d",
rid
);
if(parentUuid){
cson_object_set( zParent, "parent", json_new_string(parentUuid) );
fossil_free(parentUuid);
}
/* Find checkins associated with this file... */
db_prepare(&q,
"SELECT filename.name AS name, "
" (mlink.pid==0) AS isNew,"
" (mlink.fid==0) AS isDel,"
" cast(strftime('%%s',event.mtime) as int) AS timestamp,"
" coalesce(event.ecomment,event.comment) as comment,"
" coalesce(event.euser,event.user) as user,"
#if 0
" a.size AS size," /* same for all checkins. */
#endif
" b.uuid as checkin, "
#if 0
" mlink.mperm as mperm,"
#endif
" coalesce((SELECT value FROM tagxref"
" WHERE tagid=%d AND tagtype>0 AND "
" rid=mlink.mid),'trunk') as branch"
" FROM mlink, filename, event, blob a, blob b"
" WHERE filename.fnid=mlink.fnid"
" AND event.objid=mlink.mid"
" AND a.rid=mlink.fid"
" AND b.rid=mlink.mid"
" AND mlink.fid=%d"
" ORDER BY filename.name, event.mtime",
TAG_BRANCH, rid
);
/* TODO: add a "state" flag for the file in each checkin,
e.g. "modified", "new", "deleted".
*/
checkin_arr = cson_new_array();
cson_object_set(pay, "checkins", cson_array_value(checkin_arr));
while( (SQLITE_ROW==db_step(&q) ) ){
cson_object * row = cson_value_get_object(cson_sqlite3_row_to_object(q.pStmt));
/* FIXME: move this isNew/isDel stuff into an SQL CASE statement. */
char const isNew = cson_value_get_bool(cson_object_get(row,"isNew"));
char const isDel = cson_value_get_bool(cson_object_get(row,"isDel"));
cson_object_set(row, "isNew", NULL);
cson_object_set(row, "isDel", NULL);
cson_object_set(row, "state",
json_new_string(json_artifact_status_to_string(isNew, isDel)));
cson_array_append( checkin_arr, cson_object_value(row) );
}
db_finalize(&q);
return cson_object_value(pay);
}
/*
** Implementation of /json/timeline/ticket.
**
*/
static cson_value * json_timeline_ticket(){
/* This code is 95% the same as json_timeline_ci(), by the way. */
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_value * tmp = NULL;
cson_value * listV = NULL;
cson_array * list = NULL;
int check = 0;
Stmt q = empty_Stmt;
Blob sql = empty_blob;
if( !g.perm.RdTkt && !g.perm.Read ){
json_set_err(FSL_JSON_E_DENIED, "Ticket timeline requires 'o' or 'r' access.");
return NULL;
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "t", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/);
#define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \
json_set_err((cson_rc.AllocError==check) \
? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN, \
"Object property insertion failed."); \
goto error;\
} (void)0
#if 0
/* only for testing! */
tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql)));
SET("timelineSql");
#endif
blob_reset(&sql);
/*
REMINDER/FIXME(?): we have both uuid (the change uuid?) and
ticketUuid (the actual ticket). This is different from the wiki
timeline, where we only have the wiki page uuid.
*/
db_prepare(&q, "SELECT rid AS rid,"
" uuid AS uuid,"
" mtime AS timestamp,"
#if 0
" timestampString AS timestampString,"
#endif
" user AS user,"
" eventType AS eventType,"
" comment AS comment,"
" brief AS briefComment"
" FROM json_timeline"
" ORDER BY rowid");
listV = cson_value_new_array();
list = cson_value_get_array(listV);
tmp = listV;
SET("timeline");
while( (SQLITE_ROW == db_step(&q) )){
/* convert each row into a JSON object...*/
int rc;
int const rid = db_column_int(&q,0);
Manifest * pMan = NULL;
cson_value * rowV;
cson_object * row;
/*printf("rid=%d\n",rid);*/
pMan = manifest_get(rid, CFTYPE_TICKET, 0);
if(!pMan){
/* this might be an attachment? I'm seeing this with
rid 15380, uuid [1292fef05f2472108].
/json/artifact/1292fef05f2472108 returns not-found,
probably because we haven't added artifact/ticket
yet(?).
*/
continue;
}
rowV = cson_sqlite3_row_to_object(q.pStmt);
row = cson_value_get_object(rowV);
if(!row){
manifest_destroy(pMan);
json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED,
"Could not convert at least one timeline result row to JSON." );
continue;
}
/* FIXME: certainly there's a more efficient way for use to get
the ticket UUIDs?
*/
cson_object_set(row,"ticketUuid",json_new_string(pMan->zTicketUuid));
manifest_destroy(pMan);
rc = cson_array_append( list, rowV );
if( 0 != rc ){
cson_value_free(rowV);
g.json.resultCode = (cson_rc.AllocError==rc)
? FSL_JSON_E_ALLOC
: FSL_JSON_E_UNKNOWN;
goto error;
}
}
#undef SET
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
blob_reset(&sql);
db_finalize(&q);
return payV;
}
/*
** Implementation of /json/timeline/ci.
**
** Still a few TODOs (like figuring out how to structure
** inheritance info).
*/
static cson_value * json_timeline_ci(){
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_value * tmp = NULL;
cson_value * listV = NULL;
cson_array * list = NULL;
int check = 0;
char verboseFlag;
Stmt q = empty_Stmt;
char warnRowToJsonFailed = 0;
Blob sql = empty_blob;
if( !g.perm.Hyperlink ){
/* Reminder to self: HTML impl requires 'o' (Read)
rights.
*/
json_set_err( FSL_JSON_E_DENIED, "Check-in timeline requires 'h' access." );
return NULL;
}
verboseFlag = json_find_option_bool("verbose",NULL,"v",0);
if( !verboseFlag ){
verboseFlag = json_find_option_bool("files",NULL,"f",0);
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "ci", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
#define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \
json_set_err((cson_rc.AllocError==check) \
? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN,\
"Object property insertion failed"); \
goto error;\
} (void)0
#if 0
/* only for testing! */
tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql)));
SET("timelineSql");
#endif
db_multi_exec("%s", blob_buffer(&sql)/*safe-for-%s*/);
blob_reset(&sql);
db_prepare(&q, "SELECT "
" rid AS rid"
" FROM json_timeline"
" ORDER BY rowid");
listV = cson_value_new_array();
list = cson_value_get_array(listV);
tmp = listV;
SET("timeline");
while( (SQLITE_ROW == db_step(&q) )){
/* convert each row into a JSON object...*/
int const rid = db_column_int(&q,0);
cson_value * rowV = json_artifact_for_ci(rid, verboseFlag);
cson_object * row = cson_value_get_object(rowV);
if(!row){
if( !warnRowToJsonFailed ){
warnRowToJsonFailed = 1;
json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED,
"Could not convert at least one timeline result row to JSON." );
}
continue;
}
cson_array_append(list, rowV);
}
#undef SET
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
db_finalize(&q);
return payV;
}
