/*
** Implementation of /json/timeline/wiki.
**
*/
cson_value * json_timeline_wiki(){
/* This code is 95% the same as json_timeline_ci(), by the way. */
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_array * list = NULL;
int check = 0;
Stmt q = empty_Stmt;
Blob sql = empty_blob;
if( !g.perm.RdWiki && !g.perm.Read ){
json_set_err( FSL_JSON_E_DENIED, "Wiki timeline requires 'o' or 'j' access.");
return NULL;
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "w", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
#if 0
/* only for testing! */
cson_object_set(pay, "timelineSql", cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql))));
#endif
db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/);
blob_reset(&sql);
db_prepare(&q, "SELECT"
" uuid AS uuid,"
" mtime AS timestamp,"
#if 0
" timestampString AS timestampString,"
#endif
" comment AS comment, "
" user AS user,"
" eventType AS eventType"
#if 0
/* can wiki pages have tags? */
" tags AS tags," /*FIXME: split this into
a JSON array*/
" tagId AS tagId,"
#endif
" FROM json_timeline"
" ORDER BY rowid");
list = cson_new_array();
json_stmt_to_array_of_obj(&q, list);
cson_object_set(pay, "timeline", cson_array_value(list));
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
db_finalize(&q);
blob_reset(&sql);
return payV;
}
/*
** Implementation of the /json/anonymousPassword page.
*/
cson_value * json_page_anon_password(){
cson_value * v = cson_value_new_object();
cson_object * o = cson_value_get_object(v);
unsigned const int seed = captcha_seed();
char const * zCaptcha = captcha_decode(seed);
cson_object_set(o, "seed",
cson_value_new_integer( (cson_int_t)seed )
);
cson_object_set(o, "password",
cson_value_new_string( zCaptcha, strlen(zCaptcha) )
);
return v;
}
/*
** If any files are associated with the given rid, a JSON array
** containing information about them is returned (and is owned by the
** caller). If no files are associated with it then NULL is returned.
**
** flags may optionally be a bitmask of json_get_changed_files flags,
** or 0 for defaults.
*/
cson_value * json_get_changed_files(int rid, int flags){
cson_value * rowsV = NULL;
cson_array * rows = NULL;
Stmt q = empty_Stmt;
db_prepare(&q,
"SELECT (pid==0) AS isnew,"
" (fid==0) AS isdel,"
" (SELECT name FROM filename WHERE fnid=mlink.fnid) AS name,"
" blob.uuid as uuid,"
" (SELECT uuid FROM blob WHERE rid=pid) as parent,"
" blob.size as size"
" FROM mlink, blob"
" WHERE mid=%d AND pid!=fid"
" AND blob.rid=fid AND NOT mlink.isaux"
" ORDER BY name /*sort*/",
rid
);
while( (SQLITE_ROW == db_step(&q)) ){
cson_value * rowV = cson_value_new_object();
cson_object * row = cson_value_get_object(rowV);
int const isNew = db_column_int(&q,0);
int const isDel = db_column_int(&q,1);
char * zDownload = NULL;
if(!rowsV){
rowsV = cson_value_new_array();
rows = cson_value_get_array(rowsV);
}
cson_array_append( rows, rowV );
cson_object_set(row, "name", json_new_string(db_column_text(&q,2)));
cson_object_set(row, "uuid", json_new_string(db_column_text(&q,3)));
if(!isNew && (flags & json_get_changed_files_ELIDE_PARENT)){
cson_object_set(row, "parent", json_new_string(db_column_text(&q,4)));
}
cson_object_set(row, "size", json_new_int(db_column_int(&q,5)));
cson_object_set(row, "state",
json_new_string(json_artifact_status_to_string(isNew,isDel)));
zDownload = mprintf("/raw/%s?name=%s",
/* reminder: g.zBaseURL is of course not set for CLI mode. */
db_column_text(&q,2),
db_column_text(&q,3));
cson_object_set(row, "downloadPath", json_new_string(zDownload));
free(zDownload);
}
db_finalize(&q);
return rowsV;
}
/*
** Implements the /json/whoami page/command.
*/
cson_value * json_page_whoami(){
cson_value * payload = NULL;
cson_object * obj = NULL;
Stmt q;
if(!g.json.authToken){
/* assume we just logged out. */
db_prepare(&q, "SELECT login, cap FROM user WHERE login='******'");
}
else{
db_prepare(&q, "SELECT login, cap FROM user WHERE uid=%d",
g.userUid);
}
if( db_step(&q)==SQLITE_ROW ){
/* reminder: we don't use g.zLogin because it's 0 for the guest
user and the HTML UI appears to currently allow the name to be
changed (but doing so would break other code). */
char const * str;
payload = cson_value_new_object();
obj = cson_value_get_object(payload);
str = (char const *)sqlite3_column_text(q.pStmt,0);
if( str ){
cson_object_set( obj, "name",
cson_value_new_string(str,strlen(str)) );
}
str = (char const *)sqlite3_column_text(q.pStmt,1);
if( str ){
cson_object_set( obj, "capabilities",
cson_value_new_string(str,strlen(str)) );
}
if( g.json.authToken ){
cson_object_set( obj, "authToken", g.json.authToken );
}
}else{
g.json.resultCode = FSL_JSON_E_RESOURCE_NOT_FOUND;
}
db_finalize(&q);
return payload;
}
/*
** Implementation of the /json/login page.
**
*/
cson_value * json_page_login(){
char preciseErrors = /* if true, "complete" JSON error codes are used,
else they are "dumbed down" to a generic login
error code.
*/
#if 1
g.json.errorDetailParanoia ? 0 : 1
#else
0
#endif
;
/*
FIXME: we want to check the GET/POST args in this order:
- GET: name, n, password, p
- POST: name, password
but a bug in cgi_parameter() is breaking that, causing PD() to
return the last element of the PATH_INFO instead.
Summary: If we check for P("name") first, then P("n"),
then ONLY a GET param of "name" will match ("n"
is not recognized). If we reverse the order of the
checks then both forms work. Strangely enough, the
"p"/"password" check is not affected by this.
*/
char const * name = cson_value_get_cstr(json_req_payload_get("name"));
char const * pw = NULL;
char const * anonSeed = NULL;
cson_value * payload = NULL;
int uid = 0;
/* reminder to self: Fossil internally (for the sake of /wiki)
interprets paths in the form /foo/bar/baz such that P("name") ==
"bar/baz". This collides with our name/password checking, and
thus we do some rather elaborate name=... checking.
*/
pw = cson_value_get_cstr(json_req_payload_get("password"));
if( !pw ){
pw = PD("p",NULL);
if( !pw ){
pw = PD("password",NULL);
}
}
if(!pw){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOPW
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
if( !name ){
name = PD("n",NULL);
if( !name ){
name = PD("name",NULL);
if( !name ){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NONAME
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
}
}
if(0 == strcmp("anonymous",name)){
/* check captcha/seed values... */
enum { SeedBufLen = 100 /* in some JSON tests i once actually got an
80-digit number.
*/
};
static char seedBuffer[SeedBufLen];
cson_value const * jseed = json_getenv(FossilJsonKeys.anonymousSeed);
seedBuffer[0] = 0;
if( !jseed ){
jseed = json_req_payload_get(FossilJsonKeys.anonymousSeed);
if( !jseed ){
jseed = json_getenv("cs") /* name used by HTML interface */;
}
}
if(jseed){
if( cson_value_is_number(jseed) ){
sprintf(seedBuffer, "%"CSON_INT_T_PFMT, cson_value_get_integer(jseed));
anonSeed = seedBuffer;
}else if( cson_value_is_string(jseed) ){
anonSeed = cson_string_cstr(cson_value_get_string(jseed));
}
}
if(!anonSeed){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOSEED
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}
}
#if 0
{
/* only for debugging the PD()-incorrect-result problem */
cson_object * o = NULL;
uid = login_search_uid( name, pw );
payload = cson_value_new_object();
o = cson_value_get_object(payload);
cson_object_set( o, "n", cson_value_new_string(name,strlen(name)));
cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw)));
return payload;
}
#endif
uid = anonSeed
? login_is_valid_anonymous(name, pw, anonSeed)
: login_search_uid(name, pw)
;
if( !uid ){
g.json.resultCode = preciseErrors
? FSL_JSON_E_LOGIN_FAILED_NOTFOUND
: FSL_JSON_E_LOGIN_FAILED;
return NULL;
}else{
char * cookie = NULL;
cson_object * po;
char * cap = NULL;
if(anonSeed){
login_set_anon_cookie(NULL, &cookie);
}else{
login_set_user_cookie(name, uid, &cookie);
}
payload = cson_value_new_object();
po = cson_value_get_object(payload);
cson_object_set(po, "authToken", json_new_string(cookie));
free(cookie);
cson_object_set(po, "name", json_new_string(name));
cap = db_text(NULL, "SELECT cap FROM user WHERE login=%Q", name);
cson_object_set(po, "capabilities", cap ? json_new_string(cap) : cson_value_null() );
free(cap);
cson_object_set(po, "loginCookieName", json_new_string( login_cookie_name() ) );
/* TODO: add loginExpiryTime to the payload. To do this properly
we "should" add an ([unsigned] int *) to
login_set_user_cookie() and login_set_anon_cookie(), to which
the expiry time is assigned. (Remember that JSON doesn't do
unsigned int.)
For non-anonymous users we could also simply query the
user.cexpire db field after calling login_set_user_cookie(),
but for anonymous we need to get the time when the cookie is
set because anon does not get a db entry like normal users
do. Anonymous cookies currently have a hard-coded lifetime in
login_set_anon_cookie() (currently 6 hours), which we "should
arguably" change to use the time configured for non-anonymous
users (see login_set_user_cookie() for details).
*/
return payload;
}
}
/*
** Generates an artifact Object for the given rid,
** which must refer to a Checkin.
**
** Returned value is NULL or an Object owned by the caller.
*/
cson_value * json_artifact_for_ci( int rid, char showFiles ){
cson_value * v = NULL;
Stmt q = empty_Stmt;
static cson_value * eventTypeLabel = NULL;
if(!eventTypeLabel){
eventTypeLabel = json_new_string("checkin");
json_gc_add("$EVENT_TYPE_LABEL(commit)", eventTypeLabel);
}
db_prepare(&q,
"SELECT b.uuid, "
" cast(strftime('%%s',e.mtime) as int), "
" strftime('%%s',e.omtime),"
" e.user, "
" e.comment"
" FROM blob b, event e"
" WHERE b.rid=%d"
" AND e.objid=%d",
rid, rid
);
if( db_step(&q)==SQLITE_ROW ){
cson_object * o;
cson_value * tmpV = NULL;
const char *zUuid = db_column_text(&q, 0);
const char *zUser;
const char *zComment;
char * zEUser, * zEComment;
int mtime, omtime;
v = cson_value_new_object();
o = cson_value_get_object(v);
#define SET(K,V) cson_object_set(o,(K), (V))
SET("type", eventTypeLabel );
SET("uuid",json_new_string(zUuid));
SET("isLeaf", cson_value_new_bool(is_a_leaf(rid)));
mtime = db_column_int(&q,1);
SET("timestamp",json_new_int(mtime));
omtime = db_column_int(&q,2);
if(omtime && (omtime!=mtime)){
SET("originTime",json_new_int(omtime));
}
zUser = db_column_text(&q,3);
zEUser = db_text(0,
"SELECT value FROM tagxref WHERE tagid=%d AND rid=%d",
TAG_USER, rid);
if(zEUser){
SET("user", json_new_string(zEUser));
if(0!=strcmp(zEUser,zUser)){
SET("originUser",json_new_string(zUser));
}
free(zEUser);
}else{
SET("user",json_new_string(zUser));
}
zComment = db_column_text(&q,4);
zEComment = db_text(0,
"SELECT value FROM tagxref WHERE tagid=%d AND rid=%d",
TAG_COMMENT, rid);
if(zEComment){
SET("comment",json_new_string(zEComment));
if(0 != strcmp(zEComment,zComment)){
SET("originComment", json_new_string(zComment));
}
free(zEComment);
}else{
SET("comment",json_new_string(zComment));
}
tmpV = json_parent_uuids_for_ci(rid);
if(tmpV){
SET("parents", tmpV);
}
tmpV = json_tags_for_checkin_rid(rid,0);
if(tmpV){
SET("tags",tmpV);
}
if( showFiles ){
tmpV = json_get_changed_files(rid, 1);
if(tmpV){
SET("files",tmpV);
}
}
#undef SET
}
db_finalize(&q);
return v;
}
/*
** Implementation of /json/timeline/ticket.
**
*/
static cson_value * json_timeline_ticket(){
/* This code is 95% the same as json_timeline_ci(), by the way. */
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_value * tmp = NULL;
cson_value * listV = NULL;
cson_array * list = NULL;
int check = 0;
Stmt q = empty_Stmt;
Blob sql = empty_blob;
if( !g.perm.RdTkt && !g.perm.Read ){
json_set_err(FSL_JSON_E_DENIED, "Ticket timeline requires 'o' or 'r' access.");
return NULL;
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "t", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/);
#define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \
json_set_err((cson_rc.AllocError==check) \
? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN, \
"Object property insertion failed."); \
goto error;\
} (void)0
#if 0
/* only for testing! */
tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql)));
SET("timelineSql");
#endif
blob_reset(&sql);
/*
REMINDER/FIXME(?): we have both uuid (the change uuid?) and
ticketUuid (the actual ticket). This is different from the wiki
timeline, where we only have the wiki page uuid.
*/
db_prepare(&q, "SELECT rid AS rid,"
" uuid AS uuid,"
" mtime AS timestamp,"
#if 0
" timestampString AS timestampString,"
#endif
" user AS user,"
" eventType AS eventType,"
" comment AS comment,"
" brief AS briefComment"
" FROM json_timeline"
" ORDER BY rowid");
listV = cson_value_new_array();
list = cson_value_get_array(listV);
tmp = listV;
SET("timeline");
while( (SQLITE_ROW == db_step(&q) )){
/* convert each row into a JSON object...*/
int rc;
int const rid = db_column_int(&q,0);
Manifest * pMan = NULL;
cson_value * rowV;
cson_object * row;
/*printf("rid=%d\n",rid);*/
pMan = manifest_get(rid, CFTYPE_TICKET, 0);
if(!pMan){
/* this might be an attachment? I'm seeing this with
rid 15380, uuid [1292fef05f2472108].
/json/artifact/1292fef05f2472108 returns not-found,
probably because we haven't added artifact/ticket
yet(?).
*/
continue;
}
rowV = cson_sqlite3_row_to_object(q.pStmt);
row = cson_value_get_object(rowV);
if(!row){
manifest_destroy(pMan);
json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED,
"Could not convert at least one timeline result row to JSON." );
continue;
}
/* FIXME: certainly there's a more efficient way for use to get
the ticket UUIDs?
*/
cson_object_set(row,"ticketUuid",json_new_string(pMan->zTicketUuid));
manifest_destroy(pMan);
rc = cson_array_append( list, rowV );
if( 0 != rc ){
cson_value_free(rowV);
g.json.resultCode = (cson_rc.AllocError==rc)
? FSL_JSON_E_ALLOC
: FSL_JSON_E_UNKNOWN;
goto error;
}
}
#undef SET
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
blob_reset(&sql);
db_finalize(&q);
return payV;
}
/*
** Implementation of /json/timeline/ci.
**
** Still a few TODOs (like figuring out how to structure
** inheritance info).
*/
static cson_value * json_timeline_ci(){
cson_value * payV = NULL;
cson_object * pay = NULL;
cson_value * tmp = NULL;
cson_value * listV = NULL;
cson_array * list = NULL;
int check = 0;
char verboseFlag;
Stmt q = empty_Stmt;
char warnRowToJsonFailed = 0;
Blob sql = empty_blob;
if( !g.perm.Hyperlink ){
/* Reminder to self: HTML impl requires 'o' (Read)
rights.
*/
json_set_err( FSL_JSON_E_DENIED, "Check-in timeline requires 'h' access." );
return NULL;
}
verboseFlag = json_find_option_bool("verbose",NULL,"v",0);
if( !verboseFlag ){
verboseFlag = json_find_option_bool("files",NULL,"f",0);
}
payV = cson_value_new_object();
pay = cson_value_get_object(payV);
check = json_timeline_setup_sql( "ci", &sql, pay );
if(check){
json_set_err(check, "Query initialization failed.");
goto error;
}
#define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \
json_set_err((cson_rc.AllocError==check) \
? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN,\
"Object property insertion failed"); \
goto error;\
} (void)0
#if 0
/* only for testing! */
tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql)));
SET("timelineSql");
#endif
db_multi_exec("%s", blob_buffer(&sql)/*safe-for-%s*/);
blob_reset(&sql);
db_prepare(&q, "SELECT "
" rid AS rid"
" FROM json_timeline"
" ORDER BY rowid");
listV = cson_value_new_array();
list = cson_value_get_array(listV);
tmp = listV;
SET("timeline");
while( (SQLITE_ROW == db_step(&q) )){
/* convert each row into a JSON object...*/
int const rid = db_column_int(&q,0);
cson_value * rowV = json_artifact_for_ci(rid, verboseFlag);
cson_object * row = cson_value_get_object(rowV);
if(!row){
if( !warnRowToJsonFailed ){
warnRowToJsonFailed = 1;
json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED,
"Could not convert at least one timeline result row to JSON." );
}
continue;
}
cson_array_append(list, rowV);
}
#undef SET
goto ok;
error:
assert( 0 != g.json.resultCode );
cson_value_free(payV);
payV = NULL;
ok:
db_finalize(&q);
return payV;
}
