/* ** Implementation of /json/timeline/wiki. ** */ cson_value * json_timeline_wiki(){ /* This code is 95% the same as json_timeline_ci(), by the way. */ cson_value * payV = NULL; cson_object * pay = NULL; cson_array * list = NULL; int check = 0; Stmt q = empty_Stmt; Blob sql = empty_blob; if( !g.perm.RdWiki && !g.perm.Read ){ json_set_err( FSL_JSON_E_DENIED, "Wiki timeline requires 'o' or 'j' access."); return NULL; } payV = cson_value_new_object(); pay = cson_value_get_object(payV); check = json_timeline_setup_sql( "w", &sql, pay ); if(check){ json_set_err(check, "Query initialization failed."); goto error; } #if 0 /* only for testing! */ cson_object_set(pay, "timelineSql", cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql)))); #endif db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/); blob_reset(&sql); db_prepare(&q, "SELECT" " uuid AS uuid," " mtime AS timestamp," #if 0 " timestampString AS timestampString," #endif " comment AS comment, " " user AS user," " eventType AS eventType" #if 0 /* can wiki pages have tags? */ " tags AS tags," /*FIXME: split this into a JSON array*/ " tagId AS tagId," #endif " FROM json_timeline" " ORDER BY rowid"); list = cson_new_array(); json_stmt_to_array_of_obj(&q, list); cson_object_set(pay, "timeline", cson_array_value(list)); goto ok; error: assert( 0 != g.json.resultCode ); cson_value_free(payV); payV = NULL; ok: db_finalize(&q); blob_reset(&sql); return payV; }
/* ** Implements the /json/whoami page/command. */ cson_value * json_page_whoami(){ cson_value * payload = NULL; cson_object * obj = NULL; Stmt q; if(!g.json.authToken){ /* assume we just logged out. */ db_prepare(&q, "SELECT login, cap FROM user WHERE login='******'"); } else{ db_prepare(&q, "SELECT login, cap FROM user WHERE uid=%d", g.userUid); } if( db_step(&q)==SQLITE_ROW ){ /* reminder: we don't use g.zLogin because it's 0 for the guest user and the HTML UI appears to currently allow the name to be changed (but doing so would break other code). */ char const * str; payload = cson_value_new_object(); obj = cson_value_get_object(payload); str = (char const *)sqlite3_column_text(q.pStmt,0); if( str ){ cson_object_set( obj, "name", cson_value_new_string(str,strlen(str)) ); } str = (char const *)sqlite3_column_text(q.pStmt,1); if( str ){ cson_object_set( obj, "capabilities", cson_value_new_string(str,strlen(str)) ); } if( g.json.authToken ){ cson_object_set( obj, "authToken", g.json.authToken ); } }else{ g.json.resultCode = FSL_JSON_E_RESOURCE_NOT_FOUND; } db_finalize(&q); return payload; }
/* ** Implementation of the /json/anonymousPassword page. */ cson_value * json_page_anon_password(){ cson_value * v = cson_value_new_object(); cson_object * o = cson_value_get_object(v); unsigned const int seed = captcha_seed(); char const * zCaptcha = captcha_decode(seed); cson_object_set(o, "seed", cson_value_new_integer( (cson_int_t)seed ) ); cson_object_set(o, "password", cson_value_new_string( zCaptcha, strlen(zCaptcha) ) ); return v; }
/* ** Generates a diff between two versions (zFrom and zTo), using nContext ** content lines in the output. On success, returns a new JSON String ** object. On error it sets g.json's error state and returns NULL. ** ** If fSbs is true (non-0) them side-by-side diffs are used. ** ** If fHtml is true then HTML markup is added to the diff. */ cson_value * json_generate_diff(const char *zFrom, const char *zTo, int nContext, char fSbs, char fHtml){ int fromid; int toid; int outLen; Blob from = empty_blob, to = empty_blob, out = empty_blob; cson_value * rc = NULL; int flags = (DIFF_CONTEXT_MASK & nContext) | (fSbs ? DIFF_SIDEBYSIDE : 0) | (fHtml ? DIFF_HTML : 0); fromid = name_to_typed_rid(zFrom, "*"); if(fromid<=0){ json_set_err(FSL_JSON_E_UNRESOLVED_UUID, "Could not resolve 'from' ID."); return NULL; } toid = name_to_typed_rid(zTo, "*"); if(toid<=0){ json_set_err(FSL_JSON_E_UNRESOLVED_UUID, "Could not resolve 'to' ID."); return NULL; } content_get(fromid, &from); content_get(toid, &to); blob_zero(&out); text_diff(&from, &to, &out, 0, flags); blob_reset(&from); blob_reset(&to); outLen = blob_size(&out); if(outLen>=0){ rc = cson_value_new_string(blob_buffer(&out), (unsigned int)blob_size(&out)); } blob_reset(&out); return rc; }
/* ** Impl for /json/report/run ** ** Options/arguments: ** ** report=int (CLI: -report # or -r #) is the report number to run. ** ** limit=int (CLI: -limit # or -n #) -n is for compat. with other commands. ** ** format=a|o Specifies result format: a=each row is an arry, o=each ** row is an object. Default=o. */ static cson_value * json_report_run(){ int nReport; Stmt q = empty_Stmt; cson_object * pay = NULL; cson_array * tktList = NULL; char const * zFmt; char * zTitle = NULL; Blob sql = empty_blob; int limit = 0; cson_value * colNames = NULL; int i; if(!g.perm.RdTkt){ json_set_err(FSL_JSON_E_DENIED, "Requires 'r' privileges."); return NULL; } nReport = json_report_get_number(3); if(nReport <=0){ json_set_err(FSL_JSON_E_MISSING_ARGS, "Missing or invalid 'number' (-n) parameter."); goto error; } zFmt = json_find_option_cstr2("format",NULL,"f",3); if(!zFmt) zFmt = "o"; db_prepare(&q, "SELECT sqlcode, " " title" " FROM reportfmt" " WHERE rn=%d", nReport); if(SQLITE_ROW != db_step(&q)){ json_set_err(FSL_JSON_E_INVALID_ARGS, "Report number %d not found.", nReport); db_finalize(&q); goto error; } limit = json_find_option_int("limit",NULL,"n",-1); /* Copy over report's SQL...*/ blob_append(&sql, db_column_text(&q,0), -1); zTitle = mprintf("%s", db_column_text(&q,1)); db_finalize(&q); db_prepare(&q, "%s", blob_str(&sql)); /** Build the response... */ pay = cson_new_object(); cson_object_set(pay, "report", json_new_int(nReport)); cson_object_set(pay, "title", json_new_string(zTitle)); if(limit>0){ cson_object_set(pay, "limit", json_new_int((limit<0) ? 0 : limit)); } free(zTitle); zTitle = NULL; if(g.perm.TktFmt){ cson_object_set(pay, "sqlcode", cson_value_new_string(blob_str(&sql), (unsigned int)blob_size(&sql))); } blob_reset(&sql); colNames = cson_sqlite3_column_names(q.pStmt); cson_object_set( pay, "columnNames", colNames); for( i = 0 ; ((limit>0) ?(i < limit) : 1) && (SQLITE_ROW == db_step(&q)); ++i){ cson_value * row = ('a'==*zFmt) ? cson_sqlite3_row_to_array(q.pStmt) : cson_sqlite3_row_to_object2(q.pStmt, cson_value_get_array(colNames)); ; if(row && !tktList){ tktList = cson_new_array(); } cson_array_append(tktList, row); } db_finalize(&q); cson_object_set(pay, "tickets", tktList ? cson_array_value(tktList) : cson_value_null()); goto end; error: assert(0 != g.json.resultCode); cson_value_free( cson_object_value(pay) ); pay = NULL; end: return pay ? cson_object_value(pay) : NULL; }
/* ** Implementation of the /json/login page. ** */ cson_value * json_page_login(){ char preciseErrors = /* if true, "complete" JSON error codes are used, else they are "dumbed down" to a generic login error code. */ #if 1 g.json.errorDetailParanoia ? 0 : 1 #else 0 #endif ; /* FIXME: we want to check the GET/POST args in this order: - GET: name, n, password, p - POST: name, password but a bug in cgi_parameter() is breaking that, causing PD() to return the last element of the PATH_INFO instead. Summary: If we check for P("name") first, then P("n"), then ONLY a GET param of "name" will match ("n" is not recognized). If we reverse the order of the checks then both forms work. Strangely enough, the "p"/"password" check is not affected by this. */ char const * name = cson_value_get_cstr(json_req_payload_get("name")); char const * pw = NULL; char const * anonSeed = NULL; cson_value * payload = NULL; int uid = 0; /* reminder to self: Fossil internally (for the sake of /wiki) interprets paths in the form /foo/bar/baz such that P("name") == "bar/baz". This collides with our name/password checking, and thus we do some rather elaborate name=... checking. */ pw = cson_value_get_cstr(json_req_payload_get("password")); if( !pw ){ pw = PD("p",NULL); if( !pw ){ pw = PD("password",NULL); } } if(!pw){ g.json.resultCode = preciseErrors ? FSL_JSON_E_LOGIN_FAILED_NOPW : FSL_JSON_E_LOGIN_FAILED; return NULL; } if( !name ){ name = PD("n",NULL); if( !name ){ name = PD("name",NULL); if( !name ){ g.json.resultCode = preciseErrors ? FSL_JSON_E_LOGIN_FAILED_NONAME : FSL_JSON_E_LOGIN_FAILED; return NULL; } } } if(0 == strcmp("anonymous",name)){ /* check captcha/seed values... */ enum { SeedBufLen = 100 /* in some JSON tests i once actually got an 80-digit number. */ }; static char seedBuffer[SeedBufLen]; cson_value const * jseed = json_getenv(FossilJsonKeys.anonymousSeed); seedBuffer[0] = 0; if( !jseed ){ jseed = json_req_payload_get(FossilJsonKeys.anonymousSeed); if( !jseed ){ jseed = json_getenv("cs") /* name used by HTML interface */; } } if(jseed){ if( cson_value_is_number(jseed) ){ sprintf(seedBuffer, "%"CSON_INT_T_PFMT, cson_value_get_integer(jseed)); anonSeed = seedBuffer; }else if( cson_value_is_string(jseed) ){ anonSeed = cson_string_cstr(cson_value_get_string(jseed)); } } if(!anonSeed){ g.json.resultCode = preciseErrors ? FSL_JSON_E_LOGIN_FAILED_NOSEED : FSL_JSON_E_LOGIN_FAILED; return NULL; } } #if 0 { /* only for debugging the PD()-incorrect-result problem */ cson_object * o = NULL; uid = login_search_uid( name, pw ); payload = cson_value_new_object(); o = cson_value_get_object(payload); cson_object_set( o, "n", cson_value_new_string(name,strlen(name))); cson_object_set( o, "p", cson_value_new_string(pw,strlen(pw))); return payload; } #endif uid = anonSeed ? login_is_valid_anonymous(name, pw, anonSeed) : login_search_uid(name, pw) ; if( !uid ){ g.json.resultCode = preciseErrors ? FSL_JSON_E_LOGIN_FAILED_NOTFOUND : FSL_JSON_E_LOGIN_FAILED; return NULL; }else{ char * cookie = NULL; cson_object * po; char * cap = NULL; if(anonSeed){ login_set_anon_cookie(NULL, &cookie); }else{ login_set_user_cookie(name, uid, &cookie); } payload = cson_value_new_object(); po = cson_value_get_object(payload); cson_object_set(po, "authToken", json_new_string(cookie)); free(cookie); cson_object_set(po, "name", json_new_string(name)); cap = db_text(NULL, "SELECT cap FROM user WHERE login=%Q", name); cson_object_set(po, "capabilities", cap ? json_new_string(cap) : cson_value_null() ); free(cap); cson_object_set(po, "loginCookieName", json_new_string( login_cookie_name() ) ); /* TODO: add loginExpiryTime to the payload. To do this properly we "should" add an ([unsigned] int *) to login_set_user_cookie() and login_set_anon_cookie(), to which the expiry time is assigned. (Remember that JSON doesn't do unsigned int.) For non-anonymous users we could also simply query the user.cexpire db field after calling login_set_user_cookie(), but for anonymous we need to get the time when the cookie is set because anon does not get a db entry like normal users do. Anonymous cookies currently have a hard-coded lifetime in login_set_anon_cookie() (currently 6 hours), which we "should arguably" change to use the time configured for non-anonymous users (see login_set_user_cookie() for details). */ return payload; } }
cson_value * json_artifact_file(cson_object * zParent, int rid){ cson_object * pay = NULL; Stmt q = empty_Stmt; cson_array * checkin_arr = NULL; char contentFormat; i64 contentSize = -1; char * parentUuid; if( ! g.perm.Read ){ json_set_err(FSL_JSON_E_DENIED, "Requires 'o' privileges."); return NULL; } pay = zParent; contentFormat = json_artifact_get_content_format_flag(); if( 0 != contentFormat ){ Blob content = empty_blob; const char *zMime; char const * zFormat = (contentFormat<1) ? "raw" : "html"; content_get(rid, &content); zMime = mimetype_from_content(&content); cson_object_set(zParent, "contentType", json_new_string(zMime ? zMime : "text/plain")); if(!zMime){/* text/plain */ if(0 < blob_size(&content)){ if( 0 < contentFormat ){/*HTML-size it*/ Blob html = empty_blob; wiki_convert(&content, &html, 0); assert( blob_size(&content) < blob_size(&html) ); blob_swap( &html, &content ); assert( blob_size(&content) > blob_size(&html) ); blob_reset( &html ); }/*else as-is*/ } cson_object_set(zParent, "content", cson_value_new_string(blob_str(&content), (unsigned int)blob_size(&content))); }/*else binary: ignore*/ contentSize = blob_size(&content); cson_object_set(zParent, "contentSize", json_new_int(contentSize) ); cson_object_set(zParent, "contentFormat", json_new_string(zFormat) ); blob_reset(&content); } contentSize = db_int64(-1, "SELECT size FROM blob WHERE rid=%d", rid); assert( -1 < contentSize ); cson_object_set(zParent, "size", json_new_int(contentSize) ); parentUuid = db_text(NULL, "SELECT DISTINCT p.uuid " "FROM blob p, blob f, mlink m " "WHERE m.pid=p.rid " "AND m.fid=f.rid " "AND f.rid=%d", rid ); if(parentUuid){ cson_object_set( zParent, "parent", json_new_string(parentUuid) ); fossil_free(parentUuid); } /* Find checkins associated with this file... */ db_prepare(&q, "SELECT filename.name AS name, " " (mlink.pid==0) AS isNew," " (mlink.fid==0) AS isDel," " cast(strftime('%%s',event.mtime) as int) AS timestamp," " coalesce(event.ecomment,event.comment) as comment," " coalesce(event.euser,event.user) as user," #if 0 " a.size AS size," /* same for all checkins. */ #endif " b.uuid as checkin, " #if 0 " mlink.mperm as mperm," #endif " coalesce((SELECT value FROM tagxref" " WHERE tagid=%d AND tagtype>0 AND " " rid=mlink.mid),'trunk') as branch" " FROM mlink, filename, event, blob a, blob b" " WHERE filename.fnid=mlink.fnid" " AND event.objid=mlink.mid" " AND a.rid=mlink.fid" " AND b.rid=mlink.mid" " AND mlink.fid=%d" " ORDER BY filename.name, event.mtime", TAG_BRANCH, rid ); /* TODO: add a "state" flag for the file in each checkin, e.g. "modified", "new", "deleted". */ checkin_arr = cson_new_array(); cson_object_set(pay, "checkins", cson_array_value(checkin_arr)); while( (SQLITE_ROW==db_step(&q) ) ){ cson_object * row = cson_value_get_object(cson_sqlite3_row_to_object(q.pStmt)); /* FIXME: move this isNew/isDel stuff into an SQL CASE statement. */ char const isNew = cson_value_get_bool(cson_object_get(row,"isNew")); char const isDel = cson_value_get_bool(cson_object_get(row,"isDel")); cson_object_set(row, "isNew", NULL); cson_object_set(row, "isDel", NULL); cson_object_set(row, "state", json_new_string(json_artifact_status_to_string(isNew, isDel))); cson_array_append( checkin_arr, cson_object_value(row) ); } db_finalize(&q); return cson_object_value(pay); }
/* ** Implementation of /json/timeline/ticket. ** */ static cson_value * json_timeline_ticket(){ /* This code is 95% the same as json_timeline_ci(), by the way. */ cson_value * payV = NULL; cson_object * pay = NULL; cson_value * tmp = NULL; cson_value * listV = NULL; cson_array * list = NULL; int check = 0; Stmt q = empty_Stmt; Blob sql = empty_blob; if( !g.perm.RdTkt && !g.perm.Read ){ json_set_err(FSL_JSON_E_DENIED, "Ticket timeline requires 'o' or 'r' access."); return NULL; } payV = cson_value_new_object(); pay = cson_value_get_object(payV); check = json_timeline_setup_sql( "t", &sql, pay ); if(check){ json_set_err(check, "Query initialization failed."); goto error; } db_multi_exec("%s", blob_buffer(&sql) /*safe-for-%s*/); #define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \ json_set_err((cson_rc.AllocError==check) \ ? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN, \ "Object property insertion failed."); \ goto error;\ } (void)0 #if 0 /* only for testing! */ tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql))); SET("timelineSql"); #endif blob_reset(&sql); /* REMINDER/FIXME(?): we have both uuid (the change uuid?) and ticketUuid (the actual ticket). This is different from the wiki timeline, where we only have the wiki page uuid. */ db_prepare(&q, "SELECT rid AS rid," " uuid AS uuid," " mtime AS timestamp," #if 0 " timestampString AS timestampString," #endif " user AS user," " eventType AS eventType," " comment AS comment," " brief AS briefComment" " FROM json_timeline" " ORDER BY rowid"); listV = cson_value_new_array(); list = cson_value_get_array(listV); tmp = listV; SET("timeline"); while( (SQLITE_ROW == db_step(&q) )){ /* convert each row into a JSON object...*/ int rc; int const rid = db_column_int(&q,0); Manifest * pMan = NULL; cson_value * rowV; cson_object * row; /*printf("rid=%d\n",rid);*/ pMan = manifest_get(rid, CFTYPE_TICKET, 0); if(!pMan){ /* this might be an attachment? I'm seeing this with rid 15380, uuid [1292fef05f2472108]. /json/artifact/1292fef05f2472108 returns not-found, probably because we haven't added artifact/ticket yet(?). */ continue; } rowV = cson_sqlite3_row_to_object(q.pStmt); row = cson_value_get_object(rowV); if(!row){ manifest_destroy(pMan); json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, "Could not convert at least one timeline result row to JSON." ); continue; } /* FIXME: certainly there's a more efficient way for use to get the ticket UUIDs? */ cson_object_set(row,"ticketUuid",json_new_string(pMan->zTicketUuid)); manifest_destroy(pMan); rc = cson_array_append( list, rowV ); if( 0 != rc ){ cson_value_free(rowV); g.json.resultCode = (cson_rc.AllocError==rc) ? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN; goto error; } } #undef SET goto ok; error: assert( 0 != g.json.resultCode ); cson_value_free(payV); payV = NULL; ok: blob_reset(&sql); db_finalize(&q); return payV; }
/* ** Implementation of /json/timeline/ci. ** ** Still a few TODOs (like figuring out how to structure ** inheritance info). */ static cson_value * json_timeline_ci(){ cson_value * payV = NULL; cson_object * pay = NULL; cson_value * tmp = NULL; cson_value * listV = NULL; cson_array * list = NULL; int check = 0; char verboseFlag; Stmt q = empty_Stmt; char warnRowToJsonFailed = 0; Blob sql = empty_blob; if( !g.perm.Hyperlink ){ /* Reminder to self: HTML impl requires 'o' (Read) rights. */ json_set_err( FSL_JSON_E_DENIED, "Check-in timeline requires 'h' access." ); return NULL; } verboseFlag = json_find_option_bool("verbose",NULL,"v",0); if( !verboseFlag ){ verboseFlag = json_find_option_bool("files",NULL,"f",0); } payV = cson_value_new_object(); pay = cson_value_get_object(payV); check = json_timeline_setup_sql( "ci", &sql, pay ); if(check){ json_set_err(check, "Query initialization failed."); goto error; } #define SET(K) if(0!=(check=cson_object_set(pay,K,tmp))){ \ json_set_err((cson_rc.AllocError==check) \ ? FSL_JSON_E_ALLOC : FSL_JSON_E_UNKNOWN,\ "Object property insertion failed"); \ goto error;\ } (void)0 #if 0 /* only for testing! */ tmp = cson_value_new_string(blob_buffer(&sql),strlen(blob_buffer(&sql))); SET("timelineSql"); #endif db_multi_exec("%s", blob_buffer(&sql)/*safe-for-%s*/); blob_reset(&sql); db_prepare(&q, "SELECT " " rid AS rid" " FROM json_timeline" " ORDER BY rowid"); listV = cson_value_new_array(); list = cson_value_get_array(listV); tmp = listV; SET("timeline"); while( (SQLITE_ROW == db_step(&q) )){ /* convert each row into a JSON object...*/ int const rid = db_column_int(&q,0); cson_value * rowV = json_artifact_for_ci(rid, verboseFlag); cson_object * row = cson_value_get_object(rowV); if(!row){ if( !warnRowToJsonFailed ){ warnRowToJsonFailed = 1; json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, "Could not convert at least one timeline result row to JSON." ); } continue; } cson_array_append(list, rowV); } #undef SET goto ok; error: assert( 0 != g.json.resultCode ); cson_value_free(payV); payV = NULL; ok: db_finalize(&q); return payV; }